From patchwork Fri Dec 8 16:29:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "flichtenheld (Code Review)" X-Patchwork-Id: 3511 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7300:8d12:b0:fc:24ac:f0cb with SMTP id i18csp3710022dys; Fri, 8 Dec 2023 08:30:59 -0800 (PST) X-Google-Smtp-Source: AGHT+IEZKqmV4WBHzPCscTcymqHue+KUq1pL6ALAuftRG+8B0tpRm9+ti5zRppjdeOL340ER7zd6 X-Received: by 2002:a17:90b:3909:b0:286:f169:79f1 with SMTP id ob9-20020a17090b390900b00286f16979f1mr614397pjb.2.1702053058632; Fri, 08 Dec 2023 08:30:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702053058; cv=none; d=google.com; s=arc-20160816; b=F8i2Vm1jPv1EH4Fmqx4Go2ettV6hahGvZ4StvyqAXuHvkqm3TZLgVxr0BiXYSnSNVB hpAcah2M27G2rTk22f82l5Xi5KAHIeZ+5wDgF5ZDdgKwAyRQE91RP5uQ7KhUmxfHfXDe J2t1PTOSxp9rQMoGS7stwgwY+lQ/RBEKVMTZGPkapqa0Oxa4wPEM8fpJ6wMp1TdKoLqe V5HgMdjmHQM6kkMUKaXZrIW8S4P+G5VqXGlP5e0BbpRjNEVn5rpM7RRq+3/rqNZwRbCm BivblANFpjL7u6qi2rlU+NvnD+JaN/mfnX/nlvlpQtGrfL+t/PQZqq8PcXtutqWA6AFe NkFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=gXYbCNErNspC7L+SiPF2fPzTGPK197RQQpaevWZViCs=; fh=GFP4qDxgyJ2WEPo/oeLZg3Mj4NqvY1j2nTvTt7psNwg=; b=SWy9OCAYILLAp/SNfZRTJISsKrF2XdROOQfficWqNOrO0F+Ga6+Re1BY6ifl7TZ5lg 0+OnZ5LRc4NV7acz2qYsoRfYbsr3s0dfQ45tmbEXfoXHf57IbSuX14wYI6mh3NH6R/fk njmURxhN2TcQquHj/mLHNUxC2PHIh8Sh0Kf7k3V1xzclhIKDLIGIotPBvzpYwkOW/cbv jsjaUaUCWQKEeca0DDxWJxktF34k6uq32olypWuBz6qbfA6GtzR8q7ZUtLIMc8ykqnoN P1oq+w7MQzKQ/xBL4cfKDssEB04keqWFS7Mtguxig/tWujgcNpGM21OF1DqkqkWYvs+K HuLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SBTsPyRY; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DqwV4BPQ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=G1KyLQ8+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id na8-20020a17090b4c0800b002747da1ef66si1919195pjb.53.2023.12.08.08.30.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Dec 2023 08:30:58 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=SBTsPyRY; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=DqwV4BPQ; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=G1KyLQ8+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rBdjq-0001N1-TY; Fri, 08 Dec 2023 16:30:07 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rBdjm-0001Mt-G9 for openvpn-devel@lists.sourceforge.net; Fri, 08 Dec 2023 16:30:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=LLjwMV39wdw09WNlT4M9vC3EUiKSFcXROvMeCva7pHk=; b=SBTsPyRYZ7VNCuk82T2kIpbeR2 tMAMyMoIrifQ8ShvRKFlitBaTUo4J1nDyNzAzp+KxOEOo0XH8a8gseiysLv/hQ2Jm+AqiWzUkTRur sQOL39meKzoxygnSxsmKiBd8FD2sObNDnjfLW8LOHmBxchxoVmz38qyO6kjfairqGfx0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=LLjwMV39wdw09WNlT4M9vC3EUiKSFcXROvMeCva7pHk=; b=D qwV4BPQWmB3jKN9Ypr75wynKs4wYZ5ZIlhHQLZG13gvuve7SmKvcLfJnxaKqNVHuvaKLmznhIbn1u 2t1I21oAUz67lnGiQmaZCW5tuqLsa9IqCFdbYLeZ/vAmWJKBGbpYKRlLG6em69UT+aqEdDvgKKdqk E1FbbLPuhH06SJdM=; Received: from mail-wr1-f49.google.com ([209.85.221.49]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rBdjl-0007lX-1m for openvpn-devel@lists.sourceforge.net; Fri, 08 Dec 2023 16:30:02 +0000 Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-33340c50af9so2309872f8f.3 for ; Fri, 08 Dec 2023 08:30:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1702052994; x=1702657794; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=LLjwMV39wdw09WNlT4M9vC3EUiKSFcXROvMeCva7pHk=; b=G1KyLQ8+HNuxLPLjISTvI/2unOnXXYAC+pk46/0lTzc9KpAzxptf1SiQ9aelvF+vxN JBbiTL6bOSOJOhWTb4iKVq8EJB4HYf0jgxdIHuaznCu+nS7pFWpCtJX6XbnCGfhcN2w4 FFZ0WgrBbYr6ZrUJFZF2BZgObBaBJGBfXsXaJuPvAgsvkVxELVW7eeYQcqY+QpJ2Rgnp m9FcQfmYhNsVNC/Rmgs206dEMiQHjTJNstmdifWcrsIQfyEzEGySqRm59LC7tFBcTPEK 7kca1ASZa1euLifbxRbYhRUuD9B8MSXqfZ3jJO+TwNvU257+fS0jzMI1qLZrNgQjzwSl GiaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702052994; x=1702657794; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LLjwMV39wdw09WNlT4M9vC3EUiKSFcXROvMeCva7pHk=; b=eRUCMfBSwBlVf9URn3hzoIk6xqHSjf41j+MHNHiz4+oAnpcu8sBHIJG5Zu7BVR6S3C 8VGsj9DUJ8bRzDbEvPlVaDXcbdx1tXpdq9PEr7obF+aVwNSi2NW438ev75YwV+WxivPv GbwQoVZ8pc7is26eNJJj2ceAEF9cna2hIU8o4cJCmPVk29IdZRJTEkIUJTvmbKBMGOQo jzBRC680LnJFvq31vNkpmV9vNjGsZ8nnTDTIKyprF78zY0lkgYWmzy4/pZYW2Jq3skoJ WwGgRLMTjY27if37zTp9kuoey0aYfu8iIY1wlrCYS5EV+j/perWJOaTXLtGNH9WQo/7e mRbw== X-Gm-Message-State: AOJu0Yy/WJFffcvsG+yiXX08+2HGH7UCV29bD2kzVVBezoed2zEzveRX vUdI1XccLn2kjHrUcEep7FaHI0Cq9DQLx3bIlDM= X-Received: by 2002:a5d:457b:0:b0:327:e073:d5fe with SMTP id a27-20020a5d457b000000b00327e073d5femr117393wrc.38.1702052994512; Fri, 08 Dec 2023 08:29:54 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id q3-20020adffec3000000b0033363342041sm2365025wrs.23.2023.12.08.08.29.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Dec 2023 08:29:54 -0800 (PST) From: "flichtenheld (Code Review)" X-Google-Original-From: "flichtenheld (Code Review)" X-Gerrit-PatchSet: 1 Date: Fri, 8 Dec 2023 16:29:53 +0000 To: plaisthos Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a X-Gerrit-Change-Number: 475 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: ed02742cab33b9ce7b23c9e58e1c3c836f560169 References: Message-ID: MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.221.49 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.221.49 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.0 T_SCC_BODY_TEXT_LINE No description available. 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML X-Headers-End: 1rBdjl-0007lX-1m Subject: [Openvpn-devel] [M] Change in openvpn[master]: test_user_pass: add basic tests for static/dynamic challenges X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: frank@lichtenheld.com, arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1784731988221589810?= X-GMAIL-MSGID: =?utf-8?q?1784731988221589810?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/475?usp=email to review the following change. Change subject: test_user_pass: add basic tests for static/dynamic challenges ...................................................................... test_user_pass: add basic tests for static/dynamic challenges Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld --- M tests/unit_tests/openvpn/test_user_pass.c 1 file changed, 61 insertions(+), 0 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/75/475/1 diff --git a/tests/unit_tests/openvpn/test_user_pass.c b/tests/unit_tests/openvpn/test_user_pass.c index 600ec80..d006ab4 100644 --- a/tests/unit_tests/openvpn/test_user_pass.c +++ b/tests/unit_tests/openvpn/test_user_pass.c @@ -337,12 +337,73 @@ expect_assert_failure(get_user_pass_cr(&up, authfile, "UT", flags, NULL)); } +#ifdef ENABLE_MANAGEMENT +static void +test_get_user_pass_dynamic_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "CRV1:R,E:Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l:Y3Ix:Please enter token PIN"; + unsigned int flags = GET_USER_PASS_DYNAMIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cr1"); + assert_string_equal(up.password, "CRV1::Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l::challenge_response"); +} + +static void +test_get_user_pass_static_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "Please enter token PIN"; + unsigned int flags = GET_USER_PASS_STATIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Username:"); + will_return(query_user_exec_builtin, "cuser"); + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:"); + will_return(query_user_exec_builtin, "cpassword"); + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cuser"); + /* SCRV1:cpassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:Y3Bhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); + + reset_user_pass(&up); + + flags |= GET_USER_PASS_INLINE_CREDS; + + /*FIXME: query_user_exec() called even though nothing queued */ + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, "iuser\nipassword", "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "iuser"); + /* SCRV1:ipassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:aXBhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); +} +#endif /* ENABLE_MANAGEMENT */ + const struct CMUnitTest user_pass_tests[] = { cmocka_unit_test(test_get_user_pass_defined), cmocka_unit_test(test_get_user_pass_needok), cmocka_unit_test(test_get_user_pass_inline_creds), cmocka_unit_test(test_get_user_pass_authfile_stdin), cmocka_unit_test(test_get_user_pass_authfile_file), +#ifdef ENABLE_MANAGEMENT + cmocka_unit_test(test_get_user_pass_dynamic_challenge), + cmocka_unit_test(test_get_user_pass_static_challenge), +#endif /* ENABLE_MANAGEMENT */ }; int