diff options
author | Frank Lichtenheld | 2024-02-07 18:12:39 +0100 |
---|---|---|
committer | Gert Doering | 2024-02-08 09:04:36 +0100 |
commit | ca122f990c76090ba90159812e89049810710bfe (patch) | |
tree | 9863a55ec36b19abe56361c3f959b191c38b557e /tests | |
parent | 62676935d738f74908845ca96819a36a8c0c230e (diff) | |
download | openvpn-ca122f990c76090ba90159812e89049810710bfe.zip openvpn-ca122f990c76090ba90159812e89049810710bfe.tar.gz |
test_user_pass: add basic tests for static/dynamic challenges
Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20240207171239.86730-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28191.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/unit_tests/openvpn/test_user_pass.c | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/unit_tests/openvpn/test_user_pass.c b/tests/unit_tests/openvpn/test_user_pass.c index bd4eb1f..5d3f9b6 100644 --- a/tests/unit_tests/openvpn/test_user_pass.c +++ b/tests/unit_tests/openvpn/test_user_pass.c @@ -267,12 +267,73 @@ test_get_user_pass_authfile_file(void **state) assert_string_equal(up.password, "fuser"); } +#ifdef ENABLE_MANAGEMENT +static void +test_get_user_pass_dynamic_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "CRV1:R,E:Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l:Y3Ix:Please enter token PIN"; + unsigned int flags = GET_USER_PASS_DYNAMIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cr1"); + assert_string_equal(up.password, "CRV1::Om01u7Fh4LrGBS7uh0SWmzwabUiGiW6l::challenge_response"); +} + +static void +test_get_user_pass_static_challenge(void **state) +{ + struct user_pass up = { 0 }; + reset_user_pass(&up); + const char *challenge = "Please enter token PIN"; + unsigned int flags = GET_USER_PASS_STATIC_CHALLENGE; + + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Username:"); + will_return(query_user_exec_builtin, "cuser"); + expect_string(query_user_exec_builtin, query_user[i].prompt, "Enter UT Password:"); + will_return(query_user_exec_builtin, "cpassword"); + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, NULL, "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "cuser"); + /* SCRV1:cpassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:Y3Bhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); + + reset_user_pass(&up); + + flags |= GET_USER_PASS_INLINE_CREDS; + + /*FIXME: query_user_exec() called even though nothing queued */ + will_return(query_user_exec_builtin, true); + expect_string(query_user_exec_builtin, query_user[i].prompt, "CHALLENGE: Please enter token PIN"); + will_return(query_user_exec_builtin, "challenge_response"); + will_return(query_user_exec_builtin, true); + assert_true(get_user_pass_cr(&up, "iuser\nipassword", "UT", flags, challenge)); + assert_true(up.defined); + assert_string_equal(up.username, "iuser"); + /* SCRV1:ipassword:challenge_response but base64-encoded */ + assert_string_equal(up.password, "SCRV1:aXBhc3N3b3Jk:Y2hhbGxlbmdlX3Jlc3BvbnNl"); +} +#endif /* ENABLE_MANAGEMENT */ + const struct CMUnitTest user_pass_tests[] = { cmocka_unit_test(test_get_user_pass_defined), cmocka_unit_test(test_get_user_pass_needok), cmocka_unit_test(test_get_user_pass_inline_creds), cmocka_unit_test(test_get_user_pass_authfile_stdin), cmocka_unit_test(test_get_user_pass_authfile_file), +#ifdef ENABLE_MANAGEMENT + cmocka_unit_test(test_get_user_pass_dynamic_challenge), + cmocka_unit_test(test_get_user_pass_static_challenge), +#endif /* ENABLE_MANAGEMENT */ }; int |