From patchwork Mon Jan 29 13:58:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3599 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:10:b0:550:f63e:f504 with SMTP id rm16csp1431048mab; Mon, 29 Jan 2024 05:58:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IHIyPEXzmq9kLVowF+6XQXeduuQ4qCeMRzj9S+sTnX25AGNTU+hCxLlYjDJ23lvHT+xhvQc X-Received: by 2002:a17:90a:8b89:b0:291:465:db9e with SMTP id z9-20020a17090a8b8900b002910465db9emr6485445pjn.1.1706536734581; Mon, 29 Jan 2024 05:58:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1706536734; cv=none; d=google.com; s=arc-20160816; b=nJfqmIuP91Cksx5BBztE+I9LG8vSjXp3xhmQ6M5pseA9H+7SGUUNwDb8Q0ax/o0rZg +sSfNsgVVNlD49zaM5ZWbWd1tQig7gwuXcFK47HD19bXkoneDd8d4olXHMWvdcpOh+38 grSgTtlzfPLqEhz25w1m5Z+Ckyt3FVXULXZk4QV6lpNQ9W3OwJMmnafO59rjA1ade/6p +C4NYmAnAHzPhgRS/vfKxdw8eSXV+VhdkUvgSKSabgsPC8NHOsQIz+kLF8SVpsWR5uS0 RqXXXbiZ8pa2VagUO6iYPIkL+sOmF8w6qDc4G0GIl5JH6wkOGZ5xi2smocMi1VjL4HSj 5G9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=tMJ2q8JOr4HicfDL/TWvsiEHY3Y7PdF4rtf/keuAyH0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=awhIR4jEI7VkoLYO9IP15tilOhMUjeUH+27ntThsCzvn5MPfHFU+TpLjj+8h9p6o5F m26VGBdZLaGaYDLgTlxalkB1EpWd/1kexSn3BkB1VYRpakKNemct7yB3cK7H86idY5GI oe87iUoI7en9XfPE/6iZnkS7LiL9U5s8MxYXdh3aEY1HdgzF5LbGdf6VwHOE0LAym/SH 46Hx3lw8m8ZCLvghVEPJ+9OzCqx6mAKUMzlF1OrcdqXfqXEgxdIdkTxoOQc+cem3tgZU 8SoQjrTaNvnlXne/6bxymumGxQB3lVTTXCn98r08aI6upiz1RZqkcLoWAFp8aFpXJobx gJGA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=d8gTxLb1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="W/U8a+2v"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id px16-20020a17090b271000b002959bb91521si255606pjb.40.2024.01.29.05.58.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 29 Jan 2024 05:58:54 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=d8gTxLb1; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="W/U8a+2v"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rUS9e-0002fL-HX; Mon, 29 Jan 2024 13:58:31 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rUS9c-0002fE-Lj for openvpn-devel@lists.sourceforge.net; Mon, 29 Jan 2024 13:58:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=u5qISU5nHP2Zq9yQ4D0x50Sc3EkOXJn8YqQi2diR6r8=; b=d8gTxLb1tidnQpfoY5JQGQTNYx zaPI5TnX9BVAngB2ZXYef6RcaClUNR/itpDz35g4iyC8b6o3HtIeqN1PCKKKrq+fp6ZmcByhmCDnd SiuIrhnxs3Vgm8UcHkhahi3gCJoqi0wInhylOHObQBXKRg+3GFVbXoPwIKSti49OBCM4=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=u5qISU5nHP2Zq9yQ4D0x50Sc3EkOXJn8YqQi2diR6r8=; b=W/U8a+2v2PD5osbjeLv1fVpqXC xQzdHcKvUtHQvareEt6ml3CH43wFRrmCqKN3KUXOrXWRjiqliK33wZUaZWjCH9S0w1DOdXegxNDy6 aT1dPxEZLi6XIbF2mnfTRReE2pzR1b/o2Yti/6kIZ5XT1WPlBrsx5+SINBLxlnk5n/bU=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rUS9b-0003VE-IT for openvpn-devel@lists.sourceforge.net; Mon, 29 Jan 2024 13:58:29 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 40TDwG81028952 for ; Mon, 29 Jan 2024 14:58:16 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 40TDwF3f028951 for openvpn-devel@lists.sourceforge.net; Mon, 29 Jan 2024 14:58:15 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 29 Jan 2024 14:58:15 +0100 Message-ID: <20240129135815.28942-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rUS9b-0003VE-IT Subject: [Openvpn-devel] [PATCH v7] test_user_pass: add basic tests for static/dynamic challenges X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1789433462880755756?= X-GMAIL-MSGID: =?utf-8?q?1789433462880755756?= From: Frank Lichtenheld Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475 This mail reflects revision 7 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe diff --git a/tests/unit_tests/openvpn/test_user_pass.c b/tests/unit_tests/openvpn/test_user_pass.c index d6e5650..743a006 100644 --- a/tests/unit_tests/openvpn/test_user_pass.c +++ b/tests/unit_tests/openvpn/test_user_pass.c @@ -364,6 +364,63 @@ } #endif /* ifndef _MSC_VER */ +#ifdef ENABLE_MANAGEMENT +static void +test_get_user_pass_dynamic_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "CRV1:R,E:Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l:Y3Ix:Please enter token PIN"; + unsigned int flags = GET_USER_PASS_DYNAMIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cr1"); + assert_string_equal(up.password, "CRV1::Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l::challenge_response"); +} + +static void +test_get_user_pass_static_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "Please enter token PIN"; + unsigned int flags = GET_USER_PASS_STATIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Username:"); + will_return(query_user_exec_builtin, "cuser"); + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:"); + will_return(query_user_exec_builtin, "cpassword"); + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cuser"); + /* SCRV1:cpassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:Y3Bhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); + + reset_user_pass(&up); + + flags |= GET_USER_PASS_INLINE_CREDS; + + /*FIXME: query_user_exec() called even though nothing queued */ + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, "iuser\nipassword", "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "iuser"); + /* SCRV1:ipassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:aXBhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); +} +#endif /* ENABLE_MANAGEMENT */ + const struct CMUnitTest user_pass_tests[] = { cmocka_unit_test(test_get_user_pass_defined), cmocka_unit_test(test_get_user_pass_needok), @@ -375,6 +432,10 @@ cmocka_unit_test(test_get_user_pass_authfile_stdin_assertions), cmocka_unit_test(test_get_user_pass_authfile_file_assertions), #endif +#ifdef ENABLE_MANAGEMENT + cmocka_unit_test(test_get_user_pass_dynamic_challenge), + cmocka_unit_test(test_get_user_pass_static_challenge), +#endif /* ENABLE_MANAGEMENT */ }; int