1 1.1 christos /*- 2 1.1 christos * Copyright (c) 2015-2017 Dag-Erling Smrgrav 3 1.1 christos * All rights reserved. 4 1.1 christos * 5 1.1 christos * Redistribution and use in source and binary forms, with or without 6 1.1 christos * modification, are permitted provided that the following conditions 7 1.1 christos * are met: 8 1.1 christos * 1. Redistributions of source code must retain the above copyright 9 1.1 christos * notice, this list of conditions and the following disclaimer. 10 1.1 christos * 2. Redistributions in binary form must reproduce the above copyright 11 1.1 christos * notice, this list of conditions and the following disclaimer in the 12 1.1 christos * documentation and/or other materials provided with the distribution. 13 1.1 christos * 3. The name of the author may not be used to endorse or promote 14 1.1 christos * products derived from this software without specific prior written 15 1.1 christos * permission. 16 1.1 christos * 17 1.1 christos * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 1.1 christos * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 1.1 christos * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 1.1 christos * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 1.1 christos * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 1.1 christos * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 1.1 christos * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 1.1 christos * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 1.1 christos * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 1.1 christos * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 1.1 christos * SUCH DAMAGE. 28 1.1 christos */ 29 1.1 christos 30 1.1 christos #ifdef HAVE_CONFIG_H 31 1.1 christos # include "config.h" 32 1.1 christos #endif 33 1.1 christos 34 1.1 christos #include <err.h> 35 1.1 christos #include <stdint.h> 36 1.1 christos #include <stdio.h> 37 1.1 christos #include <stdlib.h> 38 1.1 christos #include <string.h> 39 1.1 christos #include <unistd.h> 40 1.1 christos 41 1.1 christos #include <cryb/test.h> 42 1.1 christos 43 1.1 christos #include <security/pam_appl.h> 44 1.1 christos #include <security/openpam.h> 45 1.1 christos 46 1.1 christos #include "openpam_impl.h" 47 1.1 christos #include "t_pam_conv.h" 48 1.1 christos 49 1.1 christos #define T_FUNC(n, d) \ 50 1.1 christos static const char *t_ ## n ## _desc = d; \ 51 1.1 christos static int t_ ## n ## _func(OPENPAM_UNUSED(char **desc), \ 52 1.1 christos OPENPAM_UNUSED(void *arg)) 53 1.1 christos 54 1.1 christos #define T(n) \ 55 1.1 christos t_add_test(&t_ ## n ## _func, NULL, "%s", t_ ## n ## _desc) 56 1.1 christos 57 1.1 christos const char *pam_return_so; 58 1.1 christos 59 1.1 christos T_FUNC(empty_policy, "empty policy") 60 1.1 christos { 61 1.1 christos struct t_pam_conv_script script; 62 1.1 christos struct pam_conv pamc; 63 1.1 christos struct t_file *tf; 64 1.1 christos pam_handle_t *pamh; 65 1.1 christos int pam_err, ret; 66 1.1 christos 67 1.1 christos memset(&script, 0, sizeof script); 68 1.1 christos pamc.conv = &t_pam_conv; 69 1.1 christos pamc.appdata_ptr = &script; 70 1.1 christos tf = t_fopen(NULL); 71 1.1 christos t_fprintf(tf, "# empty policy\n"); 72 1.1 christos pam_err = pam_start(tf->name, "test", &pamc, &pamh); 73 1.1 christos if (pam_err != PAM_SUCCESS) { 74 1.1 christos t_printv("pam_start() returned %d\n", pam_err); 75 1.1 christos return (0); 76 1.1 christos } 77 1.1 christos /* 78 1.1 christos * Note: openpam_dispatch() currently returns PAM_SYSTEM_ERR when 79 1.1 christos * the chain is empty, it should possibly return PAM_SERVICE_ERR 80 1.1 christos * instead. 81 1.1 christos */ 82 1.1 christos pam_err = pam_authenticate(pamh, 0); 83 1.1 christos t_printv("pam_authenticate() returned %d\n", pam_err); 84 1.1 christos ret = (pam_err == PAM_SYSTEM_ERR); 85 1.1 christos pam_err = pam_setcred(pamh, 0); 86 1.1 christos t_printv("pam_setcred() returned %d\n", pam_err); 87 1.1 christos ret &= (pam_err == PAM_SYSTEM_ERR); 88 1.1 christos pam_err = pam_acct_mgmt(pamh, 0); 89 1.1 christos t_printv("pam_acct_mgmt() returned %d\n", pam_err); 90 1.1 christos ret &= (pam_err == PAM_SYSTEM_ERR); 91 1.1 christos pam_err = pam_chauthtok(pamh, 0); 92 1.1 christos t_printv("pam_chauthtok() returned %d\n", pam_err); 93 1.1 christos ret &= (pam_err == PAM_SYSTEM_ERR); 94 1.1 christos pam_err = pam_open_session(pamh, 0); 95 1.1 christos t_printv("pam_open_session() returned %d\n", pam_err); 96 1.1 christos ret &= (pam_err == PAM_SYSTEM_ERR); 97 1.1 christos pam_err = pam_close_session(pamh, 0); 98 1.1 christos t_printv("pam_close_session() returned %d\n", pam_err); 99 1.1 christos ret &= (pam_err == PAM_SYSTEM_ERR); 100 1.1 christos pam_end(pamh, pam_err); 101 1.1 christos t_fclose(tf); 102 1.1 christos return (ret); 103 1.1 christos } 104 1.1 christos 105 1.1 christos static struct t_pam_return_case { 106 1.1 christos int facility; 107 1.1 christos int primitive; 108 1.1 christos int flags; 109 1.1 christos struct { 110 1.1 christos int ctlflag; 111 1.1 christos int modret; 112 1.1 christos } mod[2]; 113 1.1 christos int result; 114 1.1 christos } t_pam_return_cases[] = { 115 1.1 christos { 116 1.1 christos PAM_AUTH, PAM_SM_AUTHENTICATE, 0, 117 1.1 christos { 118 1.1 christos { PAM_REQUIRED, PAM_SUCCESS }, 119 1.1 christos { PAM_REQUIRED, PAM_SUCCESS }, 120 1.1 christos }, 121 1.1 christos PAM_SUCCESS, 122 1.1 christos }, 123 1.1 christos }; 124 1.1 christos 125 1.1 christos T_FUNC(mod_return, "module return value") 126 1.1 christos { 127 1.1 christos struct t_pam_return_case *tc; 128 1.1 christos struct t_pam_conv_script script; 129 1.1 christos struct pam_conv pamc; 130 1.1 christos struct t_file *tf; 131 1.1 christos pam_handle_t *pamh; 132 1.1 christos unsigned int i, j, n; 133 1.1 christos int pam_err; 134 1.1 christos 135 1.1 christos memset(&script, 0, sizeof script); 136 1.1 christos pamc.conv = &t_pam_conv; 137 1.1 christos pamc.appdata_ptr = &script; 138 1.1 christos n = sizeof t_pam_return_cases / sizeof t_pam_return_cases[0]; 139 1.1 christos for (i = 0; i < n; ++i) { 140 1.1 christos tc = &t_pam_return_cases[i]; 141 1.1 christos tf = t_fopen(NULL); 142 1.1 christos for (j = 0; j < 2; ++j) { 143 1.1 christos t_fprintf(tf, "%s %s %s error=%s\n", 144 1.1 christos pam_facility_name[tc->facility], 145 1.1 christos pam_control_flag_name[tc->mod[j].ctlflag], 146 1.1 christos pam_return_so, 147 1.1 christos pam_err_name[tc->mod[j].modret]); 148 1.1 christos } 149 1.1 christos pam_err = pam_start(tf->name, "test", &pamc, &pamh); 150 1.1 christos if (pam_err != PAM_SUCCESS) { 151 1.1 christos t_printv("pam_start() returned %d\n", pam_err); 152 1.1 christos t_fclose(tf); 153 1.1 christos continue; 154 1.1 christos } 155 1.1 christos switch (tc->primitive) { 156 1.1 christos case PAM_SM_AUTHENTICATE: 157 1.1 christos pam_err = pam_authenticate(pamh, tc->flags); 158 1.1 christos break; 159 1.1 christos case PAM_SM_SETCRED: 160 1.1 christos pam_err = pam_setcred(pamh, tc->flags); 161 1.1 christos break; 162 1.1 christos case PAM_SM_ACCT_MGMT: 163 1.1 christos pam_err = pam_acct_mgmt(pamh, tc->flags); 164 1.1 christos break; 165 1.1 christos case PAM_SM_OPEN_SESSION: 166 1.1 christos pam_err = pam_open_session(pamh, tc->flags); 167 1.1 christos break; 168 1.1 christos case PAM_SM_CLOSE_SESSION: 169 1.1 christos pam_err = pam_close_session(pamh, tc->flags); 170 1.1 christos break; 171 1.1 christos case PAM_SM_CHAUTHTOK: 172 1.1 christos pam_err = pam_chauthtok(pamh, tc->flags); 173 1.1 christos break; 174 1.1 christos } 175 1.1 christos t_printv("%s returned %d\n", 176 1.1 christos pam_func_name[tc->primitive], pam_err); 177 1.1 christos pam_end(pamh, pam_err); 178 1.1 christos t_printv("here\n"); 179 1.1 christos t_fclose(tf); 180 1.1 christos } 181 1.1 christos return (1); 182 1.1 christos } 183 1.1 christos 184 1.1 christos 185 1.1 christos /*************************************************************************** 187 1.1 christos * Boilerplate 188 1.1 christos */ 189 1.1 christos 190 1.1 christos static int 191 1.1 christos t_prepare(int argc, char *argv[]) 192 1.1 christos { 193 1.1 christos 194 1.1 christos (void)argc; 195 1.1 christos (void)argv; 196 1.1 christos 197 1.1 christos if ((pam_return_so = getenv("PAM_RETURN_SO")) == NULL) { 198 1.1 christos t_printv("define PAM_RETURN_SO before running these tests\n"); 199 1.1 christos return (0); 200 1.1 christos } 201 1.1 christos 202 1.1 christos openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0); 203 1.1 christos openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0); 204 1.1 christos openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0); 205 1.1 christos openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0); 206 1.1 christos openpam_set_feature(OPENPAM_FALLBACK_TO_OTHER, 0); 207 1.1 christos 208 1.1 christos T(empty_policy); 209 1.1 christos T(mod_return); 210 1.1 christos 211 1.1 christos return (0); 212 1.1 christos } 213 1.1 christos 214 1.1 christos int 215 1.1 christos main(int argc, char *argv[]) 216 1.1 christos { 217 1.1 christos 218 1.1 christos t_main(t_prepare, NULL, argc, argv); 219 } 220
Indexes created Tue May 19 00:24:48 UTC 2026