Bandie/pam_panic
Bandie/pam_panic
1
0
Fork 0
Code Issues 5 Pull Requests Releases Wiki Activity

Merge pull request #49 from Bandie/master

Browse Source 
Test suits with dirty autoconf
This commit is contained in:
Jordy Dickinson 2018-05-16 18:25:51 -04:00 committed by GitHub
commit 49d73da3ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 224 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -18,3 +18,4 @@ Makefile
Makefile.in Makefile.in
src/pam_panic_pw/pam_panic_pw src/pam_panic_pw/pam_panic_pw
stamp-h1 stamp-h1
test/test

2
.travis.yml
View File

@ -1,3 +1,3 @@
language: C language: C
sudo: enabled sudo: enabled
script: autoreconf -i && ./configure && make script: sudo apt install libcunit1 libcunit1-dev && autoreconf -i && ./configure && make && make test

5
Makefile.am
View File

@ -3,3 +3,8 @@ ACLOCAL_AMFLAGS = -I m4
AM_CPPFLAGS = -I src AM_CPPFLAGS = -I src
SUBDIRS = src/pam_panic src/pam_panic_pw SUBDIRS = src/pam_panic src/pam_panic_pw
.PHONY: all test clean
test:
make -C test

3
configure.ac
View File

@ -4,7 +4,7 @@ AC_INIT(
[https://github.com/pampanic/pam_panic/issues], [https://github.com/pampanic/pam_panic/issues],
[pam_panic]) [pam_panic])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
AM_INIT_AUTOMAKE([-Wall]) AM_INIT_AUTOMAKE([-Wall subdir-objects])
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADER([src/config.h]) AC_CONFIG_HEADER([src/config.h])
@ -55,6 +55,7 @@ AC_CONFIG_FILES([
src/pam_panic/man/Makefile src/pam_panic/man/Makefile
src/pam_panic_pw/Makefile src/pam_panic_pw/Makefile
src/pam_panic_pw/man/Makefile src/pam_panic_pw/man/Makefile
test/Makefile
]) ])
AC_OUTPUT AC_OUTPUT

2
src/pam_panic/man/Makefile.am
View File

@ -7,7 +7,7 @@ nobase_dist_cant_believe_its_not_man_DATA = \
fr/man8/pam_panic.8.gz fr/man8/pam_panic.8.gz
%.gz: % %.gz: %
{ sldr=$$(echo "$(securelibdir)" | $(SED) 's/\//\\\//g') ; bdr=$$(echo "$(bindir)" | $(SED) 's/\//\\\//g') ; $(SED) "s/__PAMPANICSO__/$$sldr\/pam_panic\\\\\&.so/; s/__PAMPANICPW__/$$bdr\/pam_panic\\\\\&.so/" $< >$<.tmp ; } { sldr=$$(echo "$(securelibdir)" | $(SED) 's/\//\\\//g') ; bdr=$$(echo "$(bindir)" | $(SED) 's/\//\\\//g') ; $(SED) "s/__PAMPANICSO__/$$sldr\/pam_panic\\\\\&.so/; s/__PAMPANICPW__/$$bdr\/pam_panic_pw/" $< >$<.tmp ; }
gzip -c $<.tmp >$@ gzip -c $<.tmp >$@

14
src/pam_panic/pam_panic_authdevice.c
View File

@ -17,6 +17,7 @@ LICENSE : GNU-GPLv3
int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
#ifndef TEST
int8_t counter = 0; int8_t counter = 0;
while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){ while(access(allowed, F_OK) == -1 && access(rejected, F_OK) == -1){
pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK); pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, ASK);
@ -25,12 +26,25 @@ int authDevice(pam_handle_t *pamh, char *allowed, char *rejected, char *serious_
return (PAM_MAXTRIES); return (PAM_MAXTRIES);
} }
} }
#endif
if(access(allowed, F_OK) != -1) if(access(allowed, F_OK) != -1)
#ifndef TEST
return (PAM_SUCCESS); return (PAM_SUCCESS);
#else
return 0;
#endif
if(access(rejected, F_OK) != -1) if(access(rejected, F_OK) != -1)
#ifndef TEST
return reject(serious_dev, bSerious, bReboot, bPoweroff); return reject(serious_dev, bSerious, bReboot, bPoweroff);
#else
return 99;
#endif
#ifndef TEST
return (PAM_MAXTRIES); return (PAM_MAXTRIES);
#else
return 1;
#endif
} }

11
src/pam_panic/pam_panic_password.c
View File

@ -18,17 +18,21 @@ LICENSE : GNU-GPLv3
#include "pam_panic_password.h" #include "pam_panic_password.h"
#include "pam_panic_reject.h" #include "pam_panic_reject.h"
#define MSG_NOFILE "ALERT for password option: No password file detected."
#define MSG_ERROPEN "ERROR: Couldn't open password file."
#define MSG_CORRUPT "CRITICAL: Password file is corrupt!"
int readPassword(pam_handle_t *pamh, char pw[2][99]){ int readPassword(pam_handle_t *pamh, char pw[2][99]){
// Open file // Open file
if(access(PPASSFILE, F_OK) == -1){ if(access(PPASSFILE, F_OK) == -1){
pam_syslog(pamh, LOG_ALERT, "ALERT for password option: No password file detected."); pam_syslog(pamh, LOG_ALERT, MSG_NOFILE);
return 2; return 2;
} }
FILE *f = fopen(PPASSFILE, "r"); FILE *f = fopen(PPASSFILE, "r");
if(f == NULL){ if(f == NULL){
pam_syslog(pamh, LOG_ALERT, "ERROR: Couldn't open file."); pam_syslog(pamh, LOG_ALERT, MSG_ERROPEN);
return 1; return 1;
} }
@ -40,7 +44,7 @@ int readPassword(pam_handle_t *pamh, char pw[2][99]){
fclose(f); fclose(f);
if(nread != 198){ if(nread != 198){
pam_syslog(pamh, LOG_CRIT, "CRITICAL: Password file is corrupt!"); pam_syslog(pamh, LOG_CRIT, MSG_CORRUPT);
return 3; return 3;
} }
@ -103,5 +107,6 @@ int authPassword(pam_handle_t *pamh, char *serious_dev, int8_t bSerious, int8_t
if(!strcmp(pwpanic, pw[1])){ if(!strcmp(pwpanic, pw[1])){
return reject(serious_dev, bSerious, bReboot, bPoweroff); return reject(serious_dev, bSerious, bReboot, bPoweroff);
} }
return (PAM_AUTH_ERR); return (PAM_AUTH_ERR);
} }

23
src/pam_panic/pam_panic_reject.c
View File

@ -8,13 +8,18 @@ LICENSE : GNU-GPLv3
#include <stdint.h> #include <stdint.h>
#include <unistd.h> #include <unistd.h>
#include <security/pam_ext.h> #ifdef TEST
#include <stdio.h>
#else
#include <security/pam_ext.h>
#endif
#include <sys/wait.h> #include <sys/wait.h>
#include "config.h" #include "config.h"
#include "pam_panic_reject.h" #include "pam_panic_reject.h"
int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){ int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff){
if(bSerious){ if(bSerious){
#ifndef TEST
int ser_stat; int ser_stat;
int yes[2]; int yes[2];
pipe(yes); pipe(yes);
@ -23,6 +28,7 @@ int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff)
dup2(yes[0], 0); dup2(yes[0], 0);
execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL); execlp(CRYPTSETUP, CRYPTSETUP, "luksErase", serious_dev, NULL);
}else { }else {
close(yes[0]); close(yes[0]);
write(yes[1], "YES\n", 4); write(yes[1], "YES\n", 4);
@ -30,13 +36,28 @@ int reject(char *serious_dev, int8_t bSerious, int8_t bReboot, int8_t bPoweroff)
wait(&ser_stat); wait(&ser_stat);
} }
#else
return 0;
#endif
} }
if(bReboot) if(bReboot)
#ifndef TEST
execlp(REBOOT, REBOOT, NULL); execlp(REBOOT, REBOOT, NULL);
#else
return 1;
#endif
if(bPoweroff) if(bPoweroff)
#ifndef TEST
execlp(POWEROFF, POWEROFF, NULL); execlp(POWEROFF, POWEROFF, NULL);
#else
return 2;
#endif
#ifndef TEST
return (PAM_MAXTRIES); return (PAM_MAXTRIES);
#else
return 3;
#endif
} }

8
test/Makefile.am Normal file
View File

@ -0,0 +1,8 @@
CFLAGS += -DTEST
bin_PROGRAMS = test
test_SOURCES = ../src/pam_panic/pam_panic_authdevice.c ../src/pam_panic/pam_panic_reject.c test.c
test_LDFLAGS = -lpam -lcunit
all:
@printf "Running test...\n"
./test

136
test/test.c Normal file
View File

@ -0,0 +1,136 @@
/*
FILENAME : test.c
DESCRIPTION : Test suites with CUnit for pam_panic
AUTHOR : Bandie
DATE : 2018-05-11T04:13:51+02:00
LICENSE : GNU-GPLv3
*/
#include <stdint.h>
#include <unistd.h>
#include <security/pam_modules.h>
#include "../src/pam_panic/pam_panic_authdevice.h"
#include "../src/pam_panic/pam_panic_reject.h"
#include <CUnit/Basic.h>
#define STATE_GOOD 0
#define STATE_BAD 99
#define STATE_NA 1
#define STATE_REJ_SER 0
#define STATE_REJ_REB 1
#define STATE_REJ_POW 2
#define STATE_REJ_NA 3
#define GOODUUID "./good"
#define BADUUID "./bad"
char* gU = GOODUUID;
char* bU = BADUUID;
int init_suite(void) {
return 0;
}
int clean_suite(void) {
return 0;
}
// pam_panic_authdevice tests
void test_authDeviceGood(void) {
FILE *f = fopen(gU, "w");
fclose(f);
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_GOOD);
unlink(gU);
}
void test_authDeviceBad(void) {
FILE *f = fopen(bU, "w");
fclose(f);
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_BAD);
unlink(bU);
}
void test_authDeviceNA(void) {
int ret = authDevice(NULL, gU, bU, NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_NA);
}
// pam_panic_reject tests
void test_rejectSerious(void) {
int ret = reject(NULL, 1, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_SER);
}
void test_rejectReboot(void) {
int ret = reject(NULL, 0, 1, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_REB);
}
void test_rejectPoweroff(void) {
int ret = reject(NULL, 0, 0, 1);
CU_ASSERT_EQUAL(ret, STATE_REJ_POW);
}
void test_rejectNA(void) {
int ret = reject(NULL, 0, 0, 0);
CU_ASSERT_EQUAL(ret, STATE_REJ_NA);
}
int main(void) {
// no stdout buffering
//setbuf(stdout, NULL);
// init CUnit test registry
CU_pSuite pSuiteDevice = NULL;
CU_pSuite pSuiteReject = NULL;
if (CUE_SUCCESS != CU_initialize_registry())
return CU_get_error();
// Make suits
pSuiteDevice = CU_add_suite("Suite pam_panic_authdevice", init_suite, clean_suite);
pSuiteReject = CU_add_suite("Suite pam_panic_reject", init_suite, clean_suite);
if (pSuiteDevice == NULL
|| pSuiteReject == NULL) {
CU_cleanup_registry();
return CU_get_error();
}
// adding tests to all suits
// SuiteDevice
if ( (NULL == CU_add_test(pSuiteDevice, "Authenticate with good device?", test_authDeviceGood))
|| (NULL == CU_add_test(pSuiteDevice, "Authenticate with bad device?", test_authDeviceBad))
|| (NULL == CU_add_test(pSuiteDevice, "Authenticate with no device?", test_authDeviceNA))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Serious?", test_rejectSerious))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Reboot?", test_rejectReboot))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Poweroff?", test_rejectPoweroff))
|| (NULL == CU_add_test(pSuiteReject, "Reject: Nothing?", test_rejectNA))
) {
CU_cleanup_registry();
return CU_get_error();
}
/* Run all tests */
CU_basic_set_mode(CU_BRM_VERBOSE);
CU_basic_run_tests();
int fail = CU_get_number_of_failures();
CU_cleanup_registry();
if(fail)
return 1;
return CU_get_error();
}