APAR IT46430 (#673)

* APAR IT4643

* Address review comments

authservice/mqsimpleauth/src/mqAdminPassword

@@ -1 +1 @@
-fred:$2y$05$3Fp9
+passw0rd

authservice/mqsimpleauth/src/simpleauth.c

@@ -31,9 +31,9 @@ int simpleauth_authenticate_user(char *user, char *password)
   if (simpleauth_valid_user(user))
   {
     char *pwd = getSecretForUser(user);
-    if(pwd != NULL)
-    {
-      int pwdCheck = strncmp(pwd, password, strlen(password));
+    if (pwd != NULL)
+    {     
+      int pwdCheck = strcmp(pwd, password);
       if (pwdCheck == 0)
       {
         log_debugf("Correct password supplied. user=%s", user);
@@ -44,7 +44,7 @@ int simpleauth_authenticate_user(char *user, char *password)
         log_debugf("Incorrect password supplied. user=%s", user);
         result = SIMPLEAUTH_INVALID_PASSWORD;
       }
-      pwd = NULL;
+      free(pwd);
     }
     else
     {
@@ -80,12 +80,17 @@ char *getSecretForUser(char *user)
     }
     else
     {
-      char* pwdFromEnv = getenv("MQ_APP_PASSWORD");
-      if (pwdFromEnv != NULL)
+      char* envValue = getenv("MQ_APP_PASSWORD");
+      if (envValue != NULL)
       {
         log_infof("Environment variable MQ_APP_PASSWORD is deprecated, use secrets to set the passwords");
+        char* pwdFromEnv = strdup(envValue);
+        return pwdFromEnv;
+      }
+      else
+      {
+        return NULL;
       }
-      return pwdFromEnv;
     }
   } else if (0 == strcmp(user, ADMIN_USER_NAME))
   {
@@ -96,12 +101,18 @@ char *getSecretForUser(char *user)
       }
       else
       {
-        char* pwdFromEnv =  getenv("MQ_ADMIN_PASSWORD");
-        if (pwdFromEnv != NULL)
+        char* envValue =  getenv("MQ_ADMIN_PASSWORD");
+        if (envValue != NULL)
         {
           log_infof("Environment variable MQ_ADMIN_PASSWORD is deprecated, use secrets to set the passwords");
+          // Get the value of environment variable and store it as a copy to free up the memory
+          char* pwdFromEnv = strdup(envValue);
+          return pwdFromEnv;
+        }
+        else 
+        {
+          return NULL;
         }
-        return pwdFromEnv;
       }
   }
   else
@@ -117,7 +128,10 @@ char *readSecret(char* secret)
   if (fp)
   {
     char *pwd = malloc(line_size);
-    fgets(pwd, line_size, fp);
+    char *result = fgets(pwd, line_size, fp);
+    if (result == NULL)
+      return NULL;
+
     fclose(fp);
     return pwd;
   }

authservice/mqsimpleauth/src/simpleauth_test.c

@@ -45,8 +45,8 @@ void test_read_secret_ok()
 {
   test_start();
   char *pwd = readSecret("./src/mqAdminPassword");
-  char *password = "fred:$2y$05$3Fp9";
-  if (0 == strncmp(pwd, password, strlen(password)))
+  char *password = "passw0rd";
+  if (0 == strcmp(pwd, password))
     test_pass();
   else
     test_fail(__func__);
@@ -120,6 +120,49 @@ void test_simpleauth_authenticate_user_admin_ok()
   test_pass();
 }
 
+void test_simpleauth_authenticate_user_app_invalidpwd()
+{
+  test_start();
+  char *password[] = {"passw0r", "pass", "passw0rd1", "NULL", "","password123"};
+  setenv("MQ_APP_PASSWORD", "passw0rd", 1);
+
+  for(int i=0; i< (sizeof(password)/sizeof(password[0])); ++i)
+  {
+    int rc = simpleauth_authenticate_user("app", password[i]);
+    printf("%s: Validating app user with password set to %s and rc is %d\n", __func__,password[i], rc);
+    if (rc != SIMPLEAUTH_INVALID_PASSWORD)
+       test_fail(__func__);   
+  }
+  test_pass();  
+}
+
+void test_simpleauth_authenticate_user_admin_invalidpwd()
+{
+  test_start();
+  char *password[] = {"passw0r", "pass", "passw0rd1", "NULL", "","password123"};
+  setenv("MQ_ADMIN_PASSWORD", "passw0rd", 1);
+
+  for(int i=0; i< (sizeof(password)/sizeof(password[0])); ++i)
+  {
+    int rc = simpleauth_authenticate_user("admin", password[i]);
+    printf("%s: validating admin user with password set to %s and rc is %d\n", __func__,password[i], rc);
+    if (rc != SIMPLEAUTH_INVALID_PASSWORD)
+       test_fail(__func__);   
+  }
+  test_pass();  
+}
+
+void test_simpleauth_authenticate_user_admin_with_null_pwd()
+{
+  test_start();
+  setenv("MQ_ADMIN_PASSWORD", "", 1);
+  int rc = simpleauth_authenticate_user("admin", "passw0rd");
+  printf("%s: admin - %d\n", __func__, rc);
+  if (rc == SIMPLEAUTH_VALID)
+    test_fail(__func__);
+  test_pass();
+}
+
 void test_simpleauth_authenticate_user_admin_invalidpassword()
 {
   test_start();
@@ -131,6 +174,17 @@ void test_simpleauth_authenticate_user_admin_invalidpassword()
   test_pass();
 }
 
+void test_simpleauth_authenticate_user_admin_invalishortdpassword()
+{
+  test_start();
+  setenv("MQ_ADMIN_PASSWORD", "password", 1);
+  int rc = simpleauth_authenticate_user("admin", "pass");
+  printf("%s: admin - %d\n", __func__, rc);
+  if (rc != SIMPLEAUTH_INVALID_PASSWORD)
+    test_fail(__func__);
+  test_pass();
+}
+
 
 // ----------------------------------------------------------------------------
 // Multi-threaded test
@@ -220,15 +274,18 @@ int main()
   // Turn on debugging for the tests
   setenv("DEBUG", "true", true);
   log_init("simpleauth_test.log");
-
   test_read_secret_ok();
+  test_simpleauth_authenticate_user_admin_invalidpwd();
+  test_simpleauth_authenticate_user_app_invalidpwd();
   test_simpleauth_valid_user_app_valid();
   test_simpleauth_valid_user_admin_valid();
   test_simpleauth_valid_user_george_invalid();
   test_simpleauth_authenticate_user_fred_unknown();
   test_simpleauth_authenticate_user_app_ok();
+  test_simpleauth_authenticate_user_admin_with_null_pwd();
   test_simpleauth_authenticate_user_admin_ok();
   test_simpleauth_authenticate_user_admin_invalidpassword();
+  test_simpleauth_authenticate_user_admin_invalishortdpassword();
 
   log_close();