Add tests for multiply PAM info prompts and two factor authentication

11 files changed, 141 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 328d8596..1912ff68 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -40,8 +40,10 @@ TESTS = \
 	test-login-gobject-manual \
 	test-login-gobject-manual-previous-session \
 	test-login-gobject-no-password \
+	test-login-gobject-two-factor \
 	test-login-gobject-new-authtok \
 	test-login-gobject-info-prompt \
+	test-login-gobject-multi-info-prompt \
 	test-login-gobject-pick-session \
 	test-login-gobject-previous-session \
 	test-login-gobject-wrong-password \
@@ -57,8 +59,10 @@ TESTS = \
 	test-login-python-manual \
 	test-login-python-manual-previous-session \
 	test-login-python-no-password \
+	test-login-python-two-factor \
 	test-login-python-new-authtok \
 	test-login-python-info-prompt \
+	test-login-python-multi-info-prompt \
 	test-login-python-previous-session \
 	test-login-python-wrong-password \
 	test-login-python-invalid-user \
@@ -109,8 +113,10 @@ TESTS += \
 	test-login-qt-manual \
 	test-login-qt-manual-previous-session \
 	test-login-qt-no-password \
+	test-login-qt-two-factor \
 	test-login-qt-new-authtok \
 	test-login-qt-info-prompt \
+	test-login-qt-multi-info-prompt \
 	test-login-qt-previous-session \
 	test-login-qt-wrong-password \
 	test-login-qt-invalid-user \
@@ -172,10 +178,12 @@ EXTRA_DIST = \
 	scripts/login-logout.conf \
 	scripts/login-manual.conf \
 	scripts/login-manual-previous-session.conf \
+	scripts/login-multi-info-prompt.conf \
 	scripts/login-new-authtok.conf \
 	scripts/login-no-password.conf \
 	scripts/login-pick-session.conf \
 	scripts/login-previous-session.conf \
+	scripts/login-two-factor.conf \
 	scripts/login-session-crash.conf \
 	scripts/login-wrong-password.conf \
 	scripts/login-xserver-crash.conf \
diff --git a/tests/scripts/login-multi-info-prompt.conf b/tests/scripts/login-multi-info-prompt.conf
new file mode 100644
index 00000000..1baf5eeb
--- /dev/null
+++ b/tests/scripts/login-multi-info-prompt.conf
@@ -0,0 +1,40 @@
+#
+# Check multiple PAM informational messages on login are passed to a greeter
+#
+
+[LightDM]
+minimum-display-number=50
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Log into account and see an informational prompt
+#?*GREETER :50 AUTHENTICATE USERNAME=multi-info-prompt
+#?GREETER :50 SHOW-MESSAGE TEXT="Welcome to LightDM"
+#?GREETER :50 SHOW-MESSAGE TEXT="This is an error"
+#?GREETER :50 SHOW-MESSAGE TEXT="You should have seen three messages"
+#?GREETER :50 SHOW-PROMPT TEXT="Password:"
+
+# Respond with password and check response is correctly handled
+#?*GREETER :50 RESPOND TEXT="password"
+#?GREETER :50 AUTHENTICATION-COMPLETE USERNAME=multi-info-prompt AUTHENTICATED=TRUE
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
diff --git a/tests/scripts/login-two-factor.conf b/tests/scripts/login-two-factor.conf
new file mode 100644
index 00000000..04791dde
--- /dev/null
+++ b/tests/scripts/login-two-factor.conf
@@ -0,0 +1,37 @@
+#
+# Check can login with two factor
+#
+
+[LightDM]
+minimum-display-number=50
+
+#?RUNNER DAEMON-START
+
+# X server starts
+#?XSERVER :50 START
+#?XSERVER :50 INDICATE-READY
+
+# LightDM connects to X server
+#?XSERVER :50 ACCEPT-CONNECT
+
+# Greeter starts
+#?GREETER :50 START
+#?XSERVER :50 ACCEPT-CONNECT
+#?GREETER :50 CONNECT-XSERVER
+#?GREETER :50 CONNECT-TO-DAEMON
+#?GREETER :50 CONNECTED-TO-DAEMON
+
+# Log into account with a password
+#?*GREETER :50 AUTHENTICATE USERNAME=two-factor
+#?GREETER :50 SHOW-PROMPT TEXT="Password:"
+#?*GREETER :50 RESPOND TEXT="password"
+#?GREETER :50 SHOW-PROMPT TEXT="OTP:"
+#?*GREETER :50 RESPOND TEXT="otp"
+#?GREETER :50 AUTHENTICATION-COMPLETE USERNAME=two-factor AUTHENTICATED=TRUE
+
+# Cleanup
+#?*STOP-DAEMON
+# Don't know what order they will terminate
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?(GREETER :50 TERMINATE SIGNAL=15|XSERVER :50 TERMINATE SIGNAL=15)
+#?RUNNER DAEMON-EXIT STATUS=0
diff --git a/tests/src/libsystem.c b/tests/src/libsystem.c
index c2968733..ca3cd66d 100644
--- a/tests/src/libsystem.c
+++ b/tests/src/libsystem.c
@@ -335,7 +335,7 @@ pam_authenticate (pam_handle_t *pamh, int flags)
         struct pam_message **msg;
         struct pam_response *resp = NULL;
 
-        msg = malloc (sizeof (struct pam_message *) * 2);
+        msg = malloc (sizeof (struct pam_message *) * 5);
         if (strcmp (pamh->user, "info-prompt") == 0)
         {
             msg[n_messages] = malloc (sizeof (struct pam_message));
@@ -343,6 +343,21 @@ pam_authenticate (pam_handle_t *pamh, int flags)
             msg[n_messages]->msg = "Welcome to LightDM";
             n_messages++;
         }
+        if (strcmp (pamh->user, "multi-info-prompt") == 0)
+        {
+            msg[n_messages] = malloc (sizeof (struct pam_message));
+            msg[n_messages]->msg_style = PAM_TEXT_INFO;
+            msg[n_messages]->msg = "Welcome to LightDM";
+            n_messages++;
+            msg[n_messages] = malloc (sizeof (struct pam_message));
+            msg[n_messages]->msg_style = PAM_ERROR_MSG;
+            msg[n_messages]->msg = "This is an error";
+            n_messages++;
+            msg[n_messages] = malloc (sizeof (struct pam_message));
+            msg[n_messages]->msg_style = PAM_TEXT_INFO;
+            msg[n_messages]->msg = "You should have seen three messages";
+            n_messages++;
+        }
         msg[n_messages] = malloc (sizeof (struct pam_message));
         msg[n_messages]->msg_style = PAM_PROMPT_ECHO_OFF;
         msg[n_messages]->msg = "Password:";
@@ -371,6 +386,30 @@ pam_authenticate (pam_handle_t *pamh, int flags)
                 free (resp[i].resp);
         }
         free (resp);
+
+        /* Do two factor authentication */
+        if (password_matches && strcmp (pamh->user, "two-factor") == 0)
+        {
+            msg = malloc (sizeof (struct pam_message *) * 1);
+            msg[0] = malloc (sizeof (struct pam_message));
+            msg[0]->msg_style = PAM_PROMPT_ECHO_ON;
+            msg[0]->msg = "OTP:";
+            resp = NULL;
+            result = pamh->conversation.conv (1, (const struct pam_message **) msg, &resp, pamh->conversation.appdata_ptr);
+            free (msg[0]);
+            free (msg);
+
+            if (resp == NULL)
+                return PAM_CONV_ERR;
+            if (resp[0].resp == NULL)
+            {
+                free (resp);
+                return PAM_CONV_ERR;
+            }
+            password_matches = strcmp (resp[0].resp, "otp") == 0;
+            free (resp[0].resp);
+            free (resp);
+        }
     }
 
     /* Special user has home directory created on login */
diff --git a/tests/src/test-runner.c b/tests/src/test-runner.c
index a2061bf7..36473349 100644
--- a/tests/src/test-runner.c
+++ b/tests/src/test-runner.c
@@ -1368,6 +1368,10 @@ main (int argc, char **argv)
         {"crash-authenticate", "",       TRUE,  "Crash Auth User",    NULL,  NULL, NULL,          NULL,          1020},
         /* This account shows an informational prompt on login */
         {"info-prompt",      "password", TRUE,  "Info Prompt",        NULL,  NULL, NULL,          NULL,          1021},
+        /* This account shows multiple informational prompts on login */
+        {"multi-info-prompt","password", TRUE,  "Multi Info Prompt",  NULL,  NULL, NULL,          NULL,          1022},
+        /* This account uses two factor authentication */
+        {"two-factor",       "password", TRUE,  "Two Factor",         NULL,  NULL, NULL,          NULL,          1023},
         {NULL,               NULL,       FALSE, NULL,                 NULL,  NULL, NULL,          NULL,             0}
     };
     passwd_data = g_string_new ("");
diff --git a/tests/test-login-gobject-multi-info-prompt b/tests/test-login-gobject-multi-info-prompt
new file mode 100755
index 00000000..ebd43431
--- /dev/null
+++ b/tests/test-login-gobject-multi-info-prompt
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-multi-info-prompt test-gobject-greeter
diff --git a/tests/test-login-gobject-two-factor b/tests/test-login-gobject-two-factor
new file mode 100755
index 00000000..b054f917
--- /dev/null
+++ b/tests/test-login-gobject-two-factor
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-two-factor test-gobject-greeter
diff --git a/tests/test-login-python-multi-info-prompt b/tests/test-login-python-multi-info-prompt
new file mode 100755
index 00000000..69fc0e62
--- /dev/null
+++ b/tests/test-login-python-multi-info-prompt
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-multi-info-prompt test-python-greeter
diff --git a/tests/test-login-python-two-factor b/tests/test-login-python-two-factor
new file mode 100755
index 00000000..b337b783
--- /dev/null
+++ b/tests/test-login-python-two-factor
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-two-factor test-python-greeter
diff --git a/tests/test-login-qt-multi-info-prompt b/tests/test-login-qt-multi-info-prompt
new file mode 100755
index 00000000..3bd4120e
--- /dev/null
+++ b/tests/test-login-qt-multi-info-prompt
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-multi-info-prompt test-qt-greeter
diff --git a/tests/test-login-qt-two-factor b/tests/test-login-qt-two-factor
new file mode 100755
index 00000000..04612915
--- /dev/null
+++ b/tests/test-login-qt-two-factor
@@ -0,0 +1,2 @@
+#!/bin/sh
+./src/dbus-env ./src/test-runner login-two-factor test-qt-greeter