From patchwork Wed Feb  7 17:12:39 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Frank Lichtenheld <frank@lichtenheld.com>
X-Patchwork-Id: 3605
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:e883:b0:554:adf7:68e6 with SMTP id
 oz3csp1307894mab;
        Wed, 7 Feb 2024 09:13:27 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCVafIZaz5bgSjZemadB1XEKahgOB5dpOoS270F1dTK0oxk94lN3iOi6vbJGlU6L95fRxWAVt8yiFpfxqXHtSVQSpeZGZm4=
X-Google-Smtp-Source: 
 AGHT+IH5iyrWL9DhmjQOhgrBsLq4erRnqCK4b6uWtKayrFCtCo0mPHamdTkarh1rbceS4Yy2QVX2
X-Received: by 2002:a05:6e02:b28:b0:363:c39d:f96c with SMTP id
 e8-20020a056e020b2800b00363c39df96cmr7934657ilu.1.1707326007139;
        Wed, 07 Feb 2024 09:13:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1707326007; cv=none;
        d=google.com; s=arc-20160816;
        b=h8/PR6c0A2uucJj6dY8cT95UE2dFJbehuFFByyweopHRNji/TJfoZ6sxKIh4y9MM11
         GRYC8iVvD11p6PiqG36M4a1uvtmeM9PW4qtqg0ALKhhcDbfEpTiNhSaj1k5VCh52xfgp
         oG4CGZ4lPy1EmWq5iiCoNLa1/uinprdDbuuDZdao+XoXl8eYyel0oblyqgsn/ZIOH70u
         mbyt1j3NsnUv+8TFRbKL0r98BPDf4AoSBdlUG0ZeE0tW7R7ic3VJFKou9Ltei7+YzAj1
         7iwsUxJnHNIS/AS6htnK9qrIml6RS+LLUEz+/yCaWL67lojy1DgS8wABNTVf3adgNe6o
         zOjQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:content-transfer-encoding:cc:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=89GOriqve3R5pPNnetXAGB+y1fOCeF1NVUUFD/Fgn9c=;
        fh=eOoEurm2vK45b60PVCT9BqucLG7LOtiCPbrsJTJVYRE=;
        b=eMmZ2o08qAeynZlYhT07rTwKwNEISB85ynTOKgOMpOZlhdHi2IIslwzlGKjzJC2fwC
         vbK0tEo5C7BgIAA/aIwTGtftq8EKjEhsR6AN4/azgRchRyHynPRb1KV0YOA7Gh1nFFHQ
         SBpwFu1Oe6ykSqjmHCgUFchhKe8DMMIm36WhxCrLS7eDIAA+GMRzid6wywXlrNhrDNeb
         oxTMsXIukFRWDex+qip4Y/vzyYiZ5HQOIuGGFl4ndqfRjunFxjuNM3qDFq+DjFXtyDzs
         3R9fxlNG94B8HNwYbA5qGSZXbRgWBLyKJ5THllRwfypcg9lX3nRT6kMSz+YuQ2NX1HGJ
         LrlQ==;
        darn=openvpn.net
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fBDQAGyD;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=SDvfk9E8;
       dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
 header.s=MBO0001 header.b=0X+LWpc3;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
X-Forwarded-Encrypted: i=1;
 AJvYcCVK+S8DUt+DtvW6iNj3A7mDG3VPOv27X9z0wi4l/wXagrNX7aXdrk7O+rN+shGGzxm4jbk8MdF5IFn7W9KnHKXb5N7g3M5GC90bYE0paMf1Dc6yzpPVfIswykjbFnO5cjBu3/89VOZZ3kzywYtO2MRSByOyQ4g=
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 z1-20020a63ac41000000b005d8bec0e88asi2002245pgn.560.2024.02.07.09.13.26
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 07 Feb 2024 09:13:27 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=fBDQAGyD;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=SDvfk9E8;
       dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
 header.s=MBO0001 header.b=0X+LWpc3;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com)
	by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1rXlTq-0003AJ-1N;
	Wed, 07 Feb 2024 17:13:02 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
 by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <frank@lichtenheld.com>) id 1rXlTn-00039v-SN
 for openvpn-devel@lists.sourceforge.net;
 Wed, 07 Feb 2024 17:13:01 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=uM2gsw+RBAPqKepXNpFS55gX3yLx8JKkYVgWkkj4lTQ=; b=fBDQAGyDvA6suFQwhgk8zobSbI
 GjNATzEp0/9qBE7d3sWLXeb72efZVpxoHGWHKmWoJVYkDU80GIc31z+T7zkf+/vLbpH7vGqLq7nun
 +f3JVeSW0Vi7yE+t03Spwh3uKk0DY9t29DZ0d/ZpV4zpj8SuVOGN2KMXxdXj0fDiBiNY=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
 Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=uM2gsw+RBAPqKepXNpFS55gX3yLx8JKkYVgWkkj4lTQ=; b=SDvfk9E825pZqVViYSkcCp+/Wi
 E69juiftl8xorS8Qj74crxv+UfiSwpJvYKWWxfRFo7ndVnX3kGvnFpKG06C3op4r3bT8hslcbtExw
 4OmA2HHX5FCwdYpkuHB3BbJV1jX5aZWRanPep7mboNFU3HEA0DT2SKJWMLNdczyC1Eno=;
Received: from mout-p-201.mailbox.org ([80.241.56.171])
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1rXlTj-0004P6-ML for openvpn-devel@lists.sourceforge.net;
 Wed, 07 Feb 2024 17:13:00 +0000
Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4TVRWZ01dWz9scD;
 Wed,  7 Feb 2024 18:12:42 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com;
 s=MBO0001; t=1707325962;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=uM2gsw+RBAPqKepXNpFS55gX3yLx8JKkYVgWkkj4lTQ=;
 b=0X+LWpc3js9NruJMsvLMFzmneeLoZgqOPxgVVDxU2IerJ39yCRJpDLxW6PXolM3dEnlcez
 cOJpsTkj1s0M8+2HiRyWBd41CeGtrp3i2gGXqcLEIcV8avAPArTVpLWSweId3KhfzCmngJ
 LlU/iZoRNDVZJ2rjFPkwAW74VNZHg/prg/D9b+qcs9+p7mXkmGmwLfopdWUKktm5bWkKCD
 CfSaoP4ttlapkZK/EEIpFM06EBWJD2/bMlE9qTS50eRV2TOeHICcrjkVGX4GUHd3cJNhK6
 4kRZCA0y1WVvflcCG3tEsBWUPd3Sz//tkXhTEJQ7d06R/jqgOGd4ntswKJ0cjQ==
From: Frank Lichtenheld <frank@lichtenheld.com>
To: openvpn-devel@lists.sourceforge.net
Date: Wed,  7 Feb 2024 18:12:39 +0100
Message-Id: <20240207171239.86730-1-frank@lichtenheld.com>
In-Reply-To: 
 <gerrit.1702052980000.I8b5570f6314e917f92dce072279efe415d79b22a@gerrit.openvpn.net>
References: 
 <gerrit.1702052980000.I8b5570f6314e917f92dce072279efe415d79b22a@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
 running on the system "util-spamd-1.v13.lw.sourceforge.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a
 Signed-off-by:
 Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe
 <arne-openvpn@rfc2549.org>
 --- This change was reviewed on Gerrit and approved by at least one
 developer.
 I request to merge it to master.
 Content analysis details:   (-0.9 points, 6.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [80.241.56.171 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
 valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Headers-End: 1rXlTj-0004P6-ML
Subject: [Openvpn-devel] [PATCH v8] test_user_pass: add basic tests for
 static/dynamic challenges
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Cc: Arne Schwabe <arne-openvpn@rfc2549.org>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1789433462880755756?=
X-GMAIL-MSGID: =?utf-8?q?1790261075071406483?=

Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475
This mail reflects revision 8 of this Change.
Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

diff --git a/tests/unit_tests/openvpn/test_user_pass.c b/tests/unit_tests/openvpn/test_user_pass.c
index bd4eb1f..5d3f9b6 100644
--- a/tests/unit_tests/openvpn/test_user_pass.c
+++ b/tests/unit_tests/openvpn/test_user_pass.c
@@ -267,12 +267,73 @@
     assert_string_equal(up.password, "fuser");
 }
 
+#ifdef ENABLE_MANAGEMENT
+static void
+test_get_user_pass_dynamic_challenge(void **state)
+{
+    struct user_pass up = { 0 };
+    reset_user_pass(&up);
+    const char *challenge = "CRV1:R,E:Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l:Y3Ix:Please enter token PIN";
+    unsigned int flags = GET_USER_PASS_DYNAMIC_CHALLENGE;
+
+    expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN");
+    will_return(query_user_exec_builtin, "challenge_response");
+    will_return(query_user_exec_builtin, true);
+    assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge));
+    assert_true(up.defined);
+    assert_string_equal(up.username, "cr1");
+    assert_string_equal(up.password, "CRV1::Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l::challenge_response");
+}
+
+static void
+test_get_user_pass_static_challenge(void **state)
+{
+    struct user_pass up = { 0 };
+    reset_user_pass(&up);
+    const char *challenge = "Please enter token PIN";
+    unsigned int flags = GET_USER_PASS_STATIC_CHALLENGE;
+
+    expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Username:");
+    will_return(query_user_exec_builtin, "cuser");
+    expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:");
+    will_return(query_user_exec_builtin, "cpassword");
+    will_return(query_user_exec_builtin, true);
+    expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN");
+    will_return(query_user_exec_builtin, "challenge_response");
+    will_return(query_user_exec_builtin, true);
+    assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge));
+    assert_true(up.defined);
+    assert_string_equal(up.username, "cuser");
+    /* SCRV1:cpassword:challenge_response but base64-encoded */
+    assert_string_equal(up.password, "SCRV1:Y3Bhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl");
+
+    reset_user_pass(&up);
+
+    flags |= GET_USER_PASS_INLINE_CREDS;
+
+    /*FIXME: query_user_exec() called even though nothing queued */
+    will_return(query_user_exec_builtin, true);
+    expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN");
+    will_return(query_user_exec_builtin, "challenge_response");
+    will_return(query_user_exec_builtin, true);
+    assert_true(get_user_pass_cr(&up, "iuser\nipassword", "UT", flags, challenge));
+    assert_true(up.defined);
+    assert_string_equal(up.username, "iuser");
+    /* SCRV1:ipassword:challenge_response but base64-encoded */
+    assert_string_equal(up.password, "SCRV1:aXBhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl");
+}
+#endif /* ENABLE_MANAGEMENT */
+
 const struct CMUnitTest user_pass_tests[] = {
     cmocka_unit_test(test_get_user_pass_defined),
     cmocka_unit_test(test_get_user_pass_needok),
     cmocka_unit_test(test_get_user_pass_inline_creds),
     cmocka_unit_test(test_get_user_pass_authfile_stdin),
     cmocka_unit_test(test_get_user_pass_authfile_file),
+#ifdef ENABLE_MANAGEMENT
+    cmocka_unit_test(test_get_user_pass_dynamic_challenge),
+    cmocka_unit_test(test_get_user_pass_static_challenge),
+#endif /* ENABLE_MANAGEMENT */
 };
 
 int