OSX/authd/tests/authdtests.m

   1 //
   2 //  authdtests.m
   3 //
   4 //
   5
   6 #import <Security/Authorization.h>
   7 #import <Security/AuthorizationDB.h>
   8 #import <Security/AuthorizationTagsPriv.h>
   9 #import <Foundation/Foundation.h>
  10 #import "authd/debugging.h"
  11 #import "authdtestlist.h"
  12
  13 void runRaft(NSString *arguments);
  14 int authd_03_uiauthorization(int argc, char *const *argv);
  15
  16 #define AuthorizationFreeItemSetNull(IS) { AuthorizationItemSet *_is = (IS); \
  17 if (_is) { (IS) = NULL; AuthorizationFreeItemSet(_is); } }
  18
  19 #define SAMPLE_RIGHT "com.apple.security.syntheticinput"
  20 #define SAMPLE_SHARED_RIGHT "system.preferences"
  21
  22 #define CORRECT_UNAME "bats"
  23 #define CORRECT_PWD "bats"
  24 #define INCORRECT_UNAME "fs;lgp-984-25opsdakflasdg"
  25 #define INCORRECT_PWD "654sa65gsqihr6hhsfd'lbo[0q2,m23-odasdf"
  26
  27 #define SA_TIMEOUT (20)
  28
  29 #define RAFT_FILL @"target.processes()[\"SecurityAgent\"].mainWindow().textFields()[\"User Name:\"].click();keyboard.typeString_withModifiersMask_(\"a\", (kUIACommandKeyMask));keyboard.typeVirtualKey_(117);keyboard.typeString_(\"%s\");target.processes()[\"SecurityAgent\"].mainWindow().textFields()[\"Password:\"].click();keyboard.typeString_withModifiersMask_(\"a\", (kUIACommandKeyMask));keyboard.typeVirtualKey_(117);keyboard.typeString_(\"%s\");target.processes()[\"SecurityAgent\"].mainWindow().buttons()[\"OK\"].click();quit();"
  30
  31 #define RAFT_CANCEL @"target.processes()[\"SecurityAgent\"].mainWindow().buttons()[\"Cancel\"].click();quit();"
  32
  33 AuthorizationItem validCredentials[] = {
  34         {AGENT_USERNAME, strlen(CORRECT_UNAME), (void *)CORRECT_UNAME, 0},
  35         {AGENT_PASSWORD, strlen(CORRECT_PWD), (void *)CORRECT_PWD,0}
  36 };
  37
  38 AuthorizationItem invalidCredentials[] = {
  39         {AGENT_USERNAME, strlen(INCORRECT_UNAME), (void *)INCORRECT_UNAME, 0},
  40         {AGENT_PASSWORD, strlen(INCORRECT_PWD), (void *)INCORRECT_PWD,0}
  41 };
  42
  43 void runRaft(NSString *arguments)
  44 {
  45     NSTask *task = [[NSTask alloc] init];
  46     [task setLaunchPath:@"/usr/local/bin/raft"];
  47     [task setArguments:@[ @"-b", @"-o", arguments]];
  48     [task launch];
  49     [task waitUntilExit];
  50 }
  51
  52 int authd_01_authorizationdb(int argc, char *const *argv)
  53 {
  54         plan_tests(2);
  55
  56         CFDictionaryRef outDict = NULL;
  57         OSStatus status = AuthorizationRightGet(SAMPLE_RIGHT, &outDict);
  58         ok(status == errAuthorizationSuccess, "AuthorizationRightGet existing right");
  59         CFReleaseNull(outDict);
  60
  61         status = AuthorizationRightGet("non-existing-right", &outDict);
  62         ok(status == errAuthorizationDenied, "AuthorizationRightGet non-existing right");
  63
  64         return 0;
  65 }
  66
  67 int authd_02_basicauthorization(int argc, char *const *argv)
  68 {
  69         plan_tests(5);
  70
  71         AuthorizationRef authorizationRef;
  72
  73         OSStatus status = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authorizationRef);
  74         ok(status == errAuthorizationSuccess, "AuthorizationRef create");
  75
  76         AuthorizationItem myItems = {SAMPLE_RIGHT, 0, NULL, 0};
  77         AuthorizationRights myRights = {1, &myItems};
  78         AuthorizationRights *authorizedRights = NULL;
  79         AuthorizationEnvironment environment = {sizeof(validCredentials)/sizeof(AuthorizationItem), validCredentials};
  80         status = AuthorizationCopyRights(authorizationRef, &myRights, &environment, kAuthorizationFlagDefaults, &authorizedRights);
  81         ok(status == errAuthorizationDenied, "Standard authorization without kAuthorizationFlagExtendRights");
  82         AuthorizationFreeItemSetNull(authorizedRights);
  83
  84         status = AuthorizationCopyRights(authorizationRef, &myRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights, &authorizedRights);
  85         ok(status == errAuthorizationInteractionNotAllowed, "Authorization fail with UI not allowed");
  86         AuthorizationFreeItemSetNull(authorizedRights);
  87
  88         status = AuthorizationCopyRights(authorizationRef, &myRights, &environment, kAuthorizationFlagExtendRights, &authorizedRights);
  89         ok(status == errAuthorizationSuccess, "Standard authorization");
  90         AuthorizationFreeItemSetNull(authorizedRights);
  91
  92         AuthorizationItem extendedItems = {SAMPLE_SHARED_RIGHT, 0, NULL, 0};
  93         AuthorizationRights extendedRights = {1, &extendedItems};
  94
  95         status = AuthorizationCopyRights(authorizationRef, &extendedRights, &environment, kAuthorizationFlagExtendRights, &authorizedRights);
  96         ok(status == errAuthorizationSuccess, "Extending authorization rights");
  97         AuthorizationFreeItemSetNull(authorizedRights);
  98
  99         AuthorizationFree(authorizationRef, kAuthorizationFlagDestroyRights);
 100         return 0;
 101 }
 102
 103 int authd_03_uiauthorization(int argc, char *const *argv)
 104 {
 105         plan_tests(3);
 106
 107         AuthorizationRef authorizationRef;
 108
 109         OSStatus status = AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &authorizationRef);
 110         ok(status == errAuthorizationSuccess, "AuthorizationRef create");
 111
 112         AuthorizationItem myItems = {SAMPLE_RIGHT, 0, NULL, 0};
 113         AuthorizationRights myRights = {1, &myItems};
 114
 115         NSString *raftFillValid = [NSString stringWithFormat:RAFT_FILL, CORRECT_UNAME, CORRECT_PWD];
 116
 117         dispatch_semaphore_t sem = dispatch_semaphore_create(0);
 118         /*
 119         AuthorizationAsyncCallback internalBlock = ^(OSStatus err, AuthorizationRights *blockAuthorizedRights) {
 120                 AuthorizationFreeItemSetNull(blockAuthorizedRights);
 121                 ok(err == errAuthorizationInternal, "Async authorization interal error");
 122                 dispatch_semaphore_signal(sem);
 123         };
 124         AuthorizationAsyncCallback denyBlock = ^(OSStatus err, AuthorizationRights *blockAuthorizedRights) {
 125                 AuthorizationFreeItemSetNull(blockAuthorizedRights);
 126                 ok(err == errAuthorizationDenied, "Async authorization denial");
 127                 dispatch_semaphore_signal(sem);
 128         };*/
 129         AuthorizationAsyncCallback allowBlock = ^(OSStatus err, AuthorizationRights *blockAuthorizedRights) {
 130                 AuthorizationFreeItemSetNull(blockAuthorizedRights);
 131                 ok(err == errAuthorizationSuccess, "Async authorization");
 132                 dispatch_semaphore_signal(sem);
 133         };
 134         AuthorizationAsyncCallback cancelBlock = ^(OSStatus err, AuthorizationRights *blockAuthorizedRights) {
 135                 AuthorizationFreeItemSetNull(blockAuthorizedRights);
 136                 ok(err == errAuthorizationCanceled, "Async authorization cancel");
 137                 dispatch_semaphore_signal(sem);
 138         };
 139         AuthorizationCopyRightsAsync(authorizationRef, &myRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, cancelBlock);
 140         sleep(3); // give some time to SecurityAgent to appear
 141     runRaft(RAFT_CANCEL);
 142     if (dispatch_semaphore_wait(sem, SA_TIMEOUT * NSEC_PER_SEC) != 0) {
 143         fail("Async authorization cancel");
 144     }
 145         AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults);
 146
 147         AuthorizationCopyRightsAsync(authorizationRef, &myRights, kAuthorizationEmptyEnvironment, kAuthorizationFlagExtendRights | kAuthorizationFlagInteractionAllowed, allowBlock);
 148     sleep(3); // give some time to SecurityAgent to appear
 149     runRaft(raftFillValid);
 150     if (dispatch_semaphore_wait(sem, SA_TIMEOUT * NSEC_PER_SEC) != 0) {
 151         fail("Async authorization");
 152     }   AuthorizationFree(authorizationRef, kAuthorizationFlagDefaults);
 153
 154         return 0;
 155 }