Blame - tests/test_pam.c - github/CESNET/libnetconf2

blob: bb90604bdc2c41b301b733fd0b30cea4dcd7149b [file] [log] [blame]

roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	1	/**
				2	* @file test_pam.c
				3	* @author Roman Janota <xjanot04@fit.vutbr.cz>
				4	* @brief libnetconf2 SSH Keyboard Interactive auth using PAM test
				5	*
				6	* @copyright
				7	* Copyright (c) 2023 CESNET, z.s.p.o.
				8	*
				9	* This source code is licensed under BSD 3-Clause License (the "License").
				10	* You may not use this file except in compliance with the License.
				11	* You may obtain a copy of the License at
				12	*
				13	* https://opensource.org/licenses/BSD-3-Clause
				14	*/
				15
				16	#define _GNU_SOURCE
				17
				18	#include <errno.h>
				19	#include <pthread.h>
				20	#include <setjmp.h>
				21	#include <stdarg.h>
				22	#include <stdio.h>
				23	#include <stdlib.h>
				24	#include <string.h>
				25
				26	#include <security/pam_appl.h>
				27
				28	#include <cmocka.h>
				29
roman	abe6990	2024-08-13 14:43:49 +0200	[diff] [blame]	30	#include "ln2_test.h"
roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	31	#include "tests/config.h"
				32
				33	#define NC_ACCEPT_TIMEOUT 2000
				34	#define NC_PS_POLL_TIMEOUT 2000
				35
				36	struct ly_ctx *ctx;
				37
				38	struct test_state {
				39	pthread_barrier_t barrier;
				40	};
				41
roman	abe6990	2024-08-13 14:43:49 +0200	[diff] [blame]	42	int TEST_PORT = 10050;
				43	const char *TEST_PORT_STR = "10050";
				44
roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	45	/* mock pam_start to just call pam_start_confdir instead */
				46	int __real_pam_start(const char service_name, const char user, const struct pam_conv pam_conversation, pam_handle_t *pamh);
				47	int
				48	__wrap_pam_start(const char service_name, const char user, const struct pam_conv pam_conversation, pam_handle_t *pamh)
				49	{
				50	return pam_start_confdir(service_name, user, pam_conversation, BUILD_DIR "/tests", pamh);
				51	}
				52
				53	static void *
				54	server_thread(void *arg)
				55	{
				56	int ret;
				57	NC_MSG_TYPE msgtype;
				58	struct nc_session *session;
				59	struct nc_pollsession *ps;
				60	struct test_state *state = arg;
				61
				62	ps = nc_ps_new();
				63	assert_non_null(ps);
				64
				65	/* accept a session and add it to the poll session structure */
				66	pthread_barrier_wait(&state->barrier);
				67	msgtype = nc_accept(NC_ACCEPT_TIMEOUT, ctx, &session);
				68	assert_int_equal(msgtype, NC_MSG_HELLO);
				69
				70	ret = nc_ps_add_session(ps, session);
				71	assert_int_equal(ret, 0);
				72
				73	do {
				74	ret = nc_ps_poll(ps, NC_PS_POLL_TIMEOUT, NULL);
				75	assert_int_equal(ret & NC_PSPOLL_RPC, NC_PSPOLL_RPC);
				76	} while (!(ret & NC_PSPOLL_SESSION_TERM));
				77
				78	nc_ps_clear(ps, 1, NULL);
				79	nc_ps_free(ps);
				80	return NULL;
				81	}
				82
				83	static char *
				84	auth_interactive(const char UNUSED(auth_name), const char UNUSED(instruction),
				85	const char prompt, int UNUSED(echo), void UNUSED(priv))
				86	{
				87	/* send the replies to keyboard-interactive authentication */
				88	if (strstr(prompt, "backwards")) {
				89	return strdup("tset");
				90	} else if (strstr(prompt, "1+1")) {
				91	return strdup("2");
				92	} else {
				93	return NULL;
				94	}
				95	}
				96
				97	static void *
				98	client_thread(void *arg)
				99	{
				100	int ret;
				101	struct nc_session *session = NULL;
				102	struct test_state *state = arg;
				103
				104	/* skip all hostkey and known_hosts checks */
				105	nc_client_ssh_set_knownhosts_mode(NC_SSH_KNOWNHOSTS_SKIP);
				106
				107	ret = nc_client_set_schema_searchpath(MODULES_DIR);
				108	assert_int_equal(ret, 0);
				109
				110	ret = nc_client_ssh_set_username("test");
				111	assert_int_equal(ret, 0);
				112
				113	/* set keyboard-interactive authentication callback */
				114	nc_client_ssh_set_auth_interactive_clb(auth_interactive, NULL);
				115
				116	pthread_barrier_wait(&state->barrier);
Jan Kundrát	f8d9e8d	2024-04-08 12:13:02 +0200	[diff] [blame]	117	session = nc_connect_ssh("127.0.0.1", TEST_PORT, NULL);
roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	118	assert_non_null(session);
				119
				120	nc_session_free(session, NULL);
				121	return NULL;
				122	}
				123
				124	static void
				125	test_nc_pam(void **state)
				126	{
				127	int ret, i;
				128	pthread_t tids[2];
				129
				130	assert_non_null(state);
				131
				132	ret = pthread_create(&tids[0], NULL, client_thread, *state);
				133	assert_int_equal(ret, 0);
				134	ret = pthread_create(&tids[1], NULL, server_thread, *state);
				135	assert_int_equal(ret, 0);
				136
				137	for (i = 0; i < 2; i++) {
				138	pthread_join(tids[i], NULL);
				139	}
				140	}
				141
				142	static int
				143	setup_f(void **state)
				144	{
				145	int ret;
				146	struct lyd_node *tree = NULL;
				147	struct test_state *test_state;
				148
				149	nc_verbosity(NC_VERB_VERBOSE);
				150
				151	/* init barrier */
				152	test_state = malloc(sizeof *test_state);
				153	assert_non_null(test_state);
				154
				155	ret = pthread_barrier_init(&test_state->barrier, NULL, 2);
				156	assert_int_equal(ret, 0);
				157
				158	*state = test_state;
				159
				160	ret = ly_ctx_new(MODULES_DIR, 0, &ctx);
				161	assert_int_equal(ret, 0);
				162
				163	ret = nc_server_init_ctx(&ctx);
				164	assert_int_equal(ret, 0);
				165
				166	ret = nc_server_config_load_modules(&ctx);
				167	assert_int_equal(ret, 0);
				168
roman	d8973d1	2024-04-25 14:57:18 +0200	[diff] [blame]	169	ret = nc_server_config_add_address_port(ctx, "endpt", NC_TI_SSH, "127.0.0.1", TEST_PORT, &tree);
roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	170	assert_int_equal(ret, 0);
				171
				172	ret = nc_server_config_add_ssh_hostkey(ctx, "endpt", "hostkey", TESTS_DIR "/data/key_ecdsa", NULL, &tree);
				173	assert_int_equal(ret, 0);
				174
				175	ret = nc_server_config_add_ssh_user_interactive(ctx, "endpt", "test", &tree);
				176	assert_int_equal(ret, 0);
				177
				178	ret = nc_server_ssh_set_pam_conf_filename("netconf.conf");
				179	assert_int_equal(ret, 0);
				180
				181	/* configure the server based on the data */
				182	ret = nc_server_config_setup_data(tree);
				183	assert_int_equal(ret, 0);
				184
				185	ret = nc_server_init();
				186	assert_int_equal(ret, 0);
				187
				188	/* initialize client */
				189	ret = nc_client_init();
				190	assert_int_equal(ret, 0);
				191
				192	lyd_free_all(tree);
				193
				194	return 0;
				195	}
				196
				197	static int
				198	teardown_f(void **state)
				199	{
				200	int ret = 0;
				201	struct test_state *test_state;
				202
				203	assert_non_null(state);
				204	test_state = *state;
				205
				206	ret = pthread_barrier_destroy(&test_state->barrier);
				207	assert_int_equal(ret, 0);
				208
				209	free(*state);
				210	nc_client_destroy();
				211	nc_server_destroy();
				212	ly_ctx_destroy(ctx);
				213
				214	return 0;
				215	}
				216
				217	int
				218	main(void)
				219	{
				220	const struct CMUnitTest tests[] = {
				221	cmocka_unit_test_setup_teardown(test_nc_pam, setup_f, teardown_f)
				222	};
				223
roman	abe6990	2024-08-13 14:43:49 +0200	[diff] [blame]	224	/* try to get ports from the environment, otherwise use the default */
				225	if (ln2_glob_test_get_ports(1, &TEST_PORT, &TEST_PORT_STR)) {
				226	return 1;
				227	}
				228
roman	7d13668	2023-12-14 10:43:36 +0100	[diff] [blame]	229	setenv("CMOCKA_TEST_ABORT", "1", 1);
				230	return cmocka_run_group_tests(tests, NULL, NULL);
				231	}