diff --git a/.gitignore b/.gitignore index 2a7ea9f..2f76fcb 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ Makefile Makefile.in src/pam_panic_pw/pam_panic_pw stamp-h1 +test/test diff --git a/Makefile.am b/Makefile.am index 0a8be1f..0547c75 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3,3 +3,8 @@ ACLOCAL_AMFLAGS = -I m4 AM_CPPFLAGS = -I src SUBDIRS = src/pam_panic src/pam_panic_pw + +.PHONY: all test clean + +test: + make -C test diff --git a/configure.ac b/configure.ac index a0d3fcb..78a1d71 100644 --- a/configure.ac +++ b/configure.ac @@ -55,6 +55,7 @@ AC_CONFIG_FILES([ src/pam_panic/man/Makefile src/pam_panic_pw/Makefile src/pam_panic_pw/man/Makefile + test/Makefile ]) AC_OUTPUT diff --git a/src/pam_panic/pam_panic_authdevice.c b/src/pam_panic/pam_panic_authdevice.c index 2cd3abb..2a014db 100644 --- a/src/pam_panic/pam_panic_authdevice.c +++ b/src/pam_panic/pam_panic_authdevice.c @@ -8,8 +8,10 @@ LICENSE : GNU-GPLv3 #include #include -#include -#include +#ifndef TEST + #include + #include +#endif #include #include "pam_panic_reject.h" @@ -17,20 +19,34 @@ LICENSE : GNU-GPLv3 int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ - int8_t counter = 0; - while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){ - pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK); - if(++counter >= 3){ - pam_syslog(pamh, LOG_NOTICE, "Couldn't identify any keys. 3 tries."); - return (PAM_MAXTRIES); + #ifndef TEST + int8_t counter = 0; + while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){ + pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK); + if(++counter >= 3){ + pam_syslog(pamh, LOG_NOTICE, "Couldn't identify any keys. 3 tries."); + return (PAM_MAXTRIES); + } } - } + #endif if(access(allowed, F_OK) != -1) - return (PAM_SUCCESS); + #ifndef TEST + return (PAM_SUCCESS); + #else + return 0; + #endif if(access(rejected, F_OK) != -1) - return reject(serious_dev, bSerious, bReboot, bPoweroff); + #ifndef TEST + return reject(serious_dev, bSerious, bReboot, bPoweroff); + #else + return 99; + #endif - return (PAM_MAXTRIES); + #ifndef TEST + return (PAM_MAXTRIES); + #else + return 1; + #endif } diff --git a/src/pam_panic/pam_panic_password.c b/src/pam_panic/pam_panic_password.c index d9656fc..2b7414e 100644 --- a/src/pam_panic/pam_panic_password.c +++ b/src/pam_panic/pam_panic_password.c @@ -18,17 +18,21 @@ LICENSE : GNU-GPLv3 #include "pam_panic_password.h" #include "pam_panic_reject.h" +#define MSG_NOFILE "ALERT for password option: No password file detected." +#define MSG_ERROPEN "ERROR: Couldn't open password file." +#define MSG_CORRUPT "CRITICAL: Password file is corrupt!" + int readPassword(pam_handle_t *pamh, char pw[2][99]){ // Open file if(access(PPASSFILE, F_OK) == -1){ - pam_syslog(pamh, LOG_ALERT, "ALERT for password option: No password file detected."); + pam_syslog(pamh, LOG_ALERT, MSG_NOFILE); return 2; } FILE *f = fopen(PPASSFILE, "r"); if(f == NULL){ - pam_syslog(pamh, LOG_ALERT, "ERROR: Couldn't open file."); + pam_syslog(pamh, LOG_ALERT, MSG_ERROPEN); return 1; } @@ -40,7 +44,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){ fclose(f); if(nread != 198){ - pam_syslog(pamh, LOG_CRIT, "CRITICAL: Password file is corrupt!"); + pam_syslog(pamh, LOG_CRIT, MSG_CORRUPT); return 3; } @@ -103,5 +107,6 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t if(!strcmp(pwpanic, pw[1])){ return reject(serious_dev, bSerious, bReboot, bPoweroff); } + return (PAM_AUTH_ERR); } diff --git a/src/pam_panic/pam_panic_reject.c b/src/pam_panic/pam_panic_reject.c index 59c093d..44ef9e3 100644 --- a/src/pam_panic/pam_panic_reject.c +++ b/src/pam_panic/pam_panic_reject.c @@ -8,35 +8,56 @@ LICENSE : GNU-GPLv3 #include #include -#include +#ifdef TEST + #include +#else + #include +#endif #include #include "config.h" #include "pam_panic_reject.h" int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ if(bSerious){ - int ser_stat; - int yes[2]; - pipe(yes); - if(fork() == 0){ - close(yes[1]); - dup2(yes[0], 0); + #ifndef TEST + int ser_stat; + int yes[2]; + pipe(yes); + if(fork() == 0){ + close(yes[1]); + dup2(yes[0], 0); - execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL); - }else { - close(yes[0]); - write(yes[1], "YES\n", 4); - close(yes[1]); + execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL); + + }else { + close(yes[0]); + write(yes[1], "YES\n", 4); + close(yes[1]); - wait(&ser_stat); - } + wait(&ser_stat); + } + #else + return 0; + #endif } if(bReboot) - execlp(REBOOT, REBOOT, NULL); + #ifndef TEST + execlp(REBOOT, REBOOT, NULL); + #else + return 1; + #endif if(bPoweroff) - execlp(POWEROFF, POWEROFF, NULL); + #ifndef TEST + execlp(POWEROFF, POWEROFF, NULL); + #else + return 2; + #endif - return (PAM_MAXTRIES); + #ifndef TEST + return (PAM_MAXTRIES); + #else + return 3; + #endif } diff --git a/test/Makefile.am b/test/Makefile.am new file mode 100644 index 0000000..704c182 --- /dev/null +++ b/test/Makefile.am @@ -0,0 +1,8 @@ +bin_PROGRAMS = test +test_SOURCES = test.h ../src/pam_panic/pam_panic_authdevice.c ../src/pam_panic/pam_panic_reject.c test.c +test_LDFLAGS = -lpam -lcunit + +all: + @printf "Running test...\n" + ./test + @printf "OK!\n" diff --git a/test/test.c b/test/test.c new file mode 100644 index 0000000..fd941f3 --- /dev/null +++ b/test/test.c @@ -0,0 +1,117 @@ +#include +#include +#include +#include "../src/pam_panic/pam_panic_authdevice.h" +#include "../src/pam_panic/pam_panic_reject.h" +#include + + +#define STATE_GOOD 0 +#define STATE_BAD 99 +#define STATE_NA 1 + +#define STATE_REJ_SER 0 +#define STATE_REJ_REB 1 +#define STATE_REJ_POW 2 +#define STATE_REJ_NA 3 + +#define GOODUUID "./good" +#define BADUUID "./bad" + +char* gU = GOODUUID; +char* bU = BADUUID; + +int init_suite(void) { + return 0; +} + +int clean_suite(void) { + return 0; +} + + +// pam_panic_authdevice tests +void test_authDeviceGood(void) { + FILE *f = fopen(gU, "w"); + fclose(f); + + int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0); + CU_ASSERT_EQUAL(ret, STATE_GOOD); + unlink(gU); +} + +void test_authDeviceBad(void) { + FILE *f = fopen(bU, "w"); + fclose(f); + + int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0); + CU_ASSERT_EQUAL(ret, STATE_BAD); + unlink(bU); +} + +void test_authDeviceNA(void) { + int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0); + CU_ASSERT_EQUAL(ret, STATE_NA); +} + + +// pam_panic_reject tests +void test_rejectSerious(void) { + int ret = reject(NULL, 1, 0, 0); + CU_ASSERT_EQUAL(ret, STATE_REJ_SER); +} + +void test_rejectReboot(void) { + int ret = reject(NULL, 0, 1, 0); + CU_ASSERT_EQUAL(ret, STATE_REJ_REB); +} + +void test_rejectPoweroff(void) { + int ret = reject(NULL, 0, 0, 1); + CU_ASSERT_EQUAL(ret, STATE_REJ_POW); +} + +void test_rejectNA(void) { + int ret = reject(NULL, 0, 0, 0); + CU_ASSERT_EQUAL(ret, STATE_REJ_NA); +} + + + +int main(void) { + + // no stdout buffering + setbuf(stdout, NULL); + + // init CUnit test registry + CU_pSuite pSuiteDevice = NULL; + CU_pSuite pSuiteReject = NULL; + if (CUE_SUCCESS != CU_initialize_registry()) + return CU_get_error(); + + // Make suits + pSuiteDevice = CU_add_suite("Suite pam_panic_authdevice", init_suite, clean_suite); + pSuiteReject = CU_add_suite("Suite pam_panic_reject", init_suite, clean_suite); + if (pSuiteDevice == NULL + || pSuiteReject == NULL) { + CU_cleanup_registry(); + return CU_get_error(); + } + + // adding tests to all suits + // SuiteDevice + if ( (NULL == CU_add_test(pSuiteDevice, "Authenticate with good device?", test_authDeviceGood)) + || (NULL == CU_add_test(pSuiteDevice, "Authenticate with bad device?", test_authDeviceBad)) + || (NULL == CU_add_test(pSuiteDevice, "Authenticate with no device?", test_authDeviceNA)) + || (NULL == CU_add_test(pSuiteReject, "Reject: Serious?", test_rejectSerious)) + || (NULL == CU_add_test(pSuiteReject, "Reject: Reboot?", test_rejectReboot)) + || (NULL == CU_add_test(pSuiteReject, "Reject: Poweroff?", test_rejectPoweroff)) + || (NULL == CU_add_test(pSuiteReject, "Reject: Nothing?", test_rejectNA)) + ) { + CU_cleanup_registry(); + return CU_get_error(); + } + + return 0; +} + diff --git a/test/test.h b/test/test.h new file mode 100644 index 0000000..9fca16e --- /dev/null +++ b/test/test.h @@ -0,0 +1 @@ +#define TEST