diff options
| author | Lorry <lorry@roadtrain.codethink.co.uk> | 2012-07-23 11:07:21 +0100 |
|---|---|---|
| committer | Lorry <lorry@roadtrain.codethink.co.uk> | 2012-07-23 11:07:21 +0100 |
| commit | 7e99712021a572e6ca85ff8454d3b322bfbeaa6e (patch) | |
| tree | 6577e57ca2aab59b4b6ed8f21dfdbe349c028e49 /xtests | |
| download | linux-pam-7e99712021a572e6ca85ff8454d3b322bfbeaa6e.tar.gz | |
Tarball conversion
Diffstat (limited to 'xtests')
80 files changed, 3999 insertions, 0 deletions
diff --git a/xtests/Makefile.am b/xtests/Makefile.am new file mode 100644 index 0000000..498a9fc --- /dev/null +++ b/xtests/Makefile.am @@ -0,0 +1,53 @@ +# +# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de> +# + +AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \ + -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include +AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \ + -L$(top_builddir)/libpam_misc -lpam_misc + +CLEANFILES = *~ $(XTESTS) + +EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ + tst-pam_dispatch5.pamd \ + tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \ + tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \ + tst-pam_unix4.pamd \ + tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \ + tst-pam_unix4.sh \ + access.conf tst-pam_access1.pamd tst-pam_access1.sh \ + tst-pam_access2.pamd tst-pam_access2.sh \ + tst-pam_access3.pamd tst-pam_access3.sh \ + tst-pam_access4.pamd tst-pam_access4.sh \ + limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \ + tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ + group.conf tst-pam_group1.pamd tst-pam_group1.sh \ + tst-pam_authfail.pamd tst-pam_authsucceed.pamd \ + tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \ + tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \ + tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ + tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \ + tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ + tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ + tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \ + tst-pam_time1.pamd time.conf + +XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ + tst-pam_cracklib1 tst-pam_cracklib2 \ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ + tst-pam_pwhistory1 tst-pam_time1 + +NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 + + +EXTRA_PROGRAMS = $(XTESTS) + +xtests: $(XTESTS) run-xtests.sh + "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS} diff --git a/xtests/Makefile.in b/xtests/Makefile.in new file mode 100644 index 0000000..b7d1dbe --- /dev/null +++ b/xtests/Makefile.in @@ -0,0 +1,717 @@ +# Makefile.in generated by automake 1.10.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# +# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de> +# +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +EXTRA_PROGRAMS = $(am__EXEEXT_1) +subdir = xtests +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ + $(top_srcdir)/m4/japhar_grep_cflags.m4 \ + $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ + $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ + $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ + $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ + $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ + $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/pkg.m4 \ + $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +am__EXEEXT_1 = tst-pam_dispatch1$(EXEEXT) tst-pam_dispatch2$(EXEEXT) \ + tst-pam_dispatch3$(EXEEXT) tst-pam_dispatch4$(EXEEXT) \ + tst-pam_dispatch5$(EXEEXT) tst-pam_cracklib1$(EXEEXT) \ + tst-pam_cracklib2$(EXEEXT) tst-pam_unix1$(EXEEXT) \ + tst-pam_unix2$(EXEEXT) tst-pam_unix3$(EXEEXT) \ + tst-pam_unix4$(EXEEXT) tst-pam_access1$(EXEEXT) \ + tst-pam_access2$(EXEEXT) tst-pam_access3$(EXEEXT) \ + tst-pam_access4$(EXEEXT) tst-pam_limits1$(EXEEXT) \ + tst-pam_succeed_if1$(EXEEXT) tst-pam_group1$(EXEEXT) \ + tst-pam_authfail$(EXEEXT) tst-pam_authsucceed$(EXEEXT) \ + tst-pam_pwhistory1$(EXEEXT) tst-pam_time1$(EXEEXT) +tst_pam_access1_SOURCES = tst-pam_access1.c +tst_pam_access1_OBJECTS = tst-pam_access1.$(OBJEXT) +tst_pam_access1_LDADD = $(LDADD) +tst_pam_access2_SOURCES = tst-pam_access2.c +tst_pam_access2_OBJECTS = tst-pam_access2.$(OBJEXT) +tst_pam_access2_LDADD = $(LDADD) +tst_pam_access3_SOURCES = tst-pam_access3.c +tst_pam_access3_OBJECTS = tst-pam_access3.$(OBJEXT) +tst_pam_access3_LDADD = $(LDADD) +tst_pam_access4_SOURCES = tst-pam_access4.c +tst_pam_access4_OBJECTS = tst-pam_access4.$(OBJEXT) +tst_pam_access4_LDADD = $(LDADD) +tst_pam_authfail_SOURCES = tst-pam_authfail.c +tst_pam_authfail_OBJECTS = tst-pam_authfail.$(OBJEXT) +tst_pam_authfail_LDADD = $(LDADD) +tst_pam_authsucceed_SOURCES = tst-pam_authsucceed.c +tst_pam_authsucceed_OBJECTS = tst-pam_authsucceed.$(OBJEXT) +tst_pam_authsucceed_LDADD = $(LDADD) +tst_pam_cracklib1_SOURCES = tst-pam_cracklib1.c +tst_pam_cracklib1_OBJECTS = tst-pam_cracklib1.$(OBJEXT) +tst_pam_cracklib1_LDADD = $(LDADD) +tst_pam_cracklib2_SOURCES = tst-pam_cracklib2.c +tst_pam_cracklib2_OBJECTS = tst-pam_cracklib2.$(OBJEXT) +tst_pam_cracklib2_LDADD = $(LDADD) +tst_pam_dispatch1_SOURCES = tst-pam_dispatch1.c +tst_pam_dispatch1_OBJECTS = tst-pam_dispatch1.$(OBJEXT) +tst_pam_dispatch1_LDADD = $(LDADD) +tst_pam_dispatch2_SOURCES = tst-pam_dispatch2.c +tst_pam_dispatch2_OBJECTS = tst-pam_dispatch2.$(OBJEXT) +tst_pam_dispatch2_LDADD = $(LDADD) +tst_pam_dispatch3_SOURCES = tst-pam_dispatch3.c +tst_pam_dispatch3_OBJECTS = tst-pam_dispatch3.$(OBJEXT) +tst_pam_dispatch3_LDADD = $(LDADD) +tst_pam_dispatch4_SOURCES = tst-pam_dispatch4.c +tst_pam_dispatch4_OBJECTS = tst-pam_dispatch4.$(OBJEXT) +tst_pam_dispatch4_LDADD = $(LDADD) +tst_pam_dispatch5_SOURCES = tst-pam_dispatch5.c +tst_pam_dispatch5_OBJECTS = tst-pam_dispatch5.$(OBJEXT) +tst_pam_dispatch5_LDADD = $(LDADD) +tst_pam_group1_SOURCES = tst-pam_group1.c +tst_pam_group1_OBJECTS = tst-pam_group1.$(OBJEXT) +tst_pam_group1_LDADD = $(LDADD) +tst_pam_limits1_SOURCES = tst-pam_limits1.c +tst_pam_limits1_OBJECTS = tst-pam_limits1.$(OBJEXT) +tst_pam_limits1_LDADD = $(LDADD) +tst_pam_pwhistory1_SOURCES = tst-pam_pwhistory1.c +tst_pam_pwhistory1_OBJECTS = tst-pam_pwhistory1.$(OBJEXT) +tst_pam_pwhistory1_LDADD = $(LDADD) +tst_pam_succeed_if1_SOURCES = tst-pam_succeed_if1.c +tst_pam_succeed_if1_OBJECTS = tst-pam_succeed_if1.$(OBJEXT) +tst_pam_succeed_if1_LDADD = $(LDADD) +tst_pam_time1_SOURCES = tst-pam_time1.c +tst_pam_time1_OBJECTS = tst-pam_time1.$(OBJEXT) +tst_pam_time1_LDADD = $(LDADD) +tst_pam_unix1_SOURCES = tst-pam_unix1.c +tst_pam_unix1_OBJECTS = tst-pam_unix1.$(OBJEXT) +tst_pam_unix1_LDADD = $(LDADD) +tst_pam_unix2_SOURCES = tst-pam_unix2.c +tst_pam_unix2_OBJECTS = tst-pam_unix2.$(OBJEXT) +tst_pam_unix2_LDADD = $(LDADD) +tst_pam_unix3_SOURCES = tst-pam_unix3.c +tst_pam_unix3_OBJECTS = tst-pam_unix3.$(OBJEXT) +tst_pam_unix3_LDADD = $(LDADD) +tst_pam_unix4_SOURCES = tst-pam_unix4.c +tst_pam_unix4_OBJECTS = tst-pam_unix4.$(OBJEXT) +tst_pam_unix4_LDADD = $(LDADD) +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \ + tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \ + tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \ + tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \ + tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \ + tst-pam_pwhistory1.c tst-pam_succeed_if1.c tst-pam_time1.c \ + tst-pam_unix1.c tst-pam_unix2.c tst-pam_unix3.c \ + tst-pam_unix4.c +DIST_SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \ + tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \ + tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \ + tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \ + tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \ + tst-pam_pwhistory1.c tst-pam_succeed_if1.c tst-pam_time1.c \ + tst-pam_unix1.c tst-pam_unix2.c tst-pam_unix3.c \ + tst-pam_unix4.c +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BROWSER = @BROWSER@ +BUILD_CFLAGS = @BUILD_CFLAGS@ +BUILD_LDFLAGS = @BUILD_LDFLAGS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CC_FOR_BUILD = @CC_FOR_BUILD@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FO2PDF = @FO2PDF@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GREP = @GREP@ +HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBAUDIT = @LIBAUDIT@ +LIBCRACK = @LIBCRACK@ +LIBCRYPT = @LIBCRYPT@ +LIBDB = @LIBDB@ +LIBDL = @LIBDL@ +LIBICONV = @LIBICONV@ +LIBINTL = @LIBINTL@ +LIBOBJS = @LIBOBJS@ +LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ +LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ +LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ +LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ +LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ +LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ +LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ +LIBS = @LIBS@ +LIBSELINUX = @LIBSELINUX@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NIS_CFLAGS = @NIS_CFLAGS@ +NIS_LIBS = @NIS_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +POSUB = @POSUB@ +RANLIB = @RANLIB@ +SCONFIGDIR = @SCONFIGDIR@ +SECUREDIR = @SECUREDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +USE_NLS = @USE_NLS@ +VERSION = @VERSION@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +XMLCATALOG = @XMLCATALOG@ +XMLLINT = @XMLLINT@ +XML_CATALOG_FILE = @XML_CATALOG_FILE@ +XSLTPROC = @XSLTPROC@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libc_cv_fpie = @libc_cv_fpie@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libtirpc_CFLAGS = @libtirpc_CFLAGS@ +libtirpc_LIBS = @libtirpc_LIBS@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pam_cv_ld_O1 = @pam_cv_ld_O1@ +pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ +pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ +pam_xauth_path = @pam_xauth_path@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \ + -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include + +AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \ + -L$(top_builddir)/libpam_misc -lpam_misc + +CLEANFILES = *~ $(XTESTS) +EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ + tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ + tst-pam_dispatch5.pamd \ + tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \ + tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \ + tst-pam_unix4.pamd \ + tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \ + tst-pam_unix4.sh \ + access.conf tst-pam_access1.pamd tst-pam_access1.sh \ + tst-pam_access2.pamd tst-pam_access2.sh \ + tst-pam_access3.pamd tst-pam_access3.sh \ + tst-pam_access4.pamd tst-pam_access4.sh \ + limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \ + tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ + group.conf tst-pam_group1.pamd tst-pam_group1.sh \ + tst-pam_authfail.pamd tst-pam_authsucceed.pamd \ + tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \ + tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \ + tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ + tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \ + tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \ + tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \ + tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \ + tst-pam_time1.pamd time.conf + +XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ + tst-pam_cracklib1 tst-pam_cracklib2 \ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \ + tst-pam_pwhistory1 tst-pam_time1 + +NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1 + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu xtests/Makefile'; \ + cd $(top_srcdir) && \ + $(AUTOMAKE) --gnu xtests/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +tst-pam_access1$(EXEEXT): $(tst_pam_access1_OBJECTS) $(tst_pam_access1_DEPENDENCIES) + @rm -f tst-pam_access1$(EXEEXT) + $(LINK) $(tst_pam_access1_OBJECTS) $(tst_pam_access1_LDADD) $(LIBS) +tst-pam_access2$(EXEEXT): $(tst_pam_access2_OBJECTS) $(tst_pam_access2_DEPENDENCIES) + @rm -f tst-pam_access2$(EXEEXT) + $(LINK) $(tst_pam_access2_OBJECTS) $(tst_pam_access2_LDADD) $(LIBS) +tst-pam_access3$(EXEEXT): $(tst_pam_access3_OBJECTS) $(tst_pam_access3_DEPENDENCIES) + @rm -f tst-pam_access3$(EXEEXT) + $(LINK) $(tst_pam_access3_OBJECTS) $(tst_pam_access3_LDADD) $(LIBS) +tst-pam_access4$(EXEEXT): $(tst_pam_access4_OBJECTS) $(tst_pam_access4_DEPENDENCIES) + @rm -f tst-pam_access4$(EXEEXT) + $(LINK) $(tst_pam_access4_OBJECTS) $(tst_pam_access4_LDADD) $(LIBS) +tst-pam_authfail$(EXEEXT): $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_DEPENDENCIES) + @rm -f tst-pam_authfail$(EXEEXT) + $(LINK) $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_LDADD) $(LIBS) +tst-pam_authsucceed$(EXEEXT): $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_DEPENDENCIES) + @rm -f tst-pam_authsucceed$(EXEEXT) + $(LINK) $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_LDADD) $(LIBS) +tst-pam_cracklib1$(EXEEXT): $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_DEPENDENCIES) + @rm -f tst-pam_cracklib1$(EXEEXT) + $(LINK) $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_LDADD) $(LIBS) +tst-pam_cracklib2$(EXEEXT): $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_DEPENDENCIES) + @rm -f tst-pam_cracklib2$(EXEEXT) + $(LINK) $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_LDADD) $(LIBS) +tst-pam_dispatch1$(EXEEXT): $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_DEPENDENCIES) + @rm -f tst-pam_dispatch1$(EXEEXT) + $(LINK) $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_LDADD) $(LIBS) +tst-pam_dispatch2$(EXEEXT): $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_DEPENDENCIES) + @rm -f tst-pam_dispatch2$(EXEEXT) + $(LINK) $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_LDADD) $(LIBS) +tst-pam_dispatch3$(EXEEXT): $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_DEPENDENCIES) + @rm -f tst-pam_dispatch3$(EXEEXT) + $(LINK) $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_LDADD) $(LIBS) +tst-pam_dispatch4$(EXEEXT): $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_DEPENDENCIES) + @rm -f tst-pam_dispatch4$(EXEEXT) + $(LINK) $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_LDADD) $(LIBS) +tst-pam_dispatch5$(EXEEXT): $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_DEPENDENCIES) + @rm -f tst-pam_dispatch5$(EXEEXT) + $(LINK) $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_LDADD) $(LIBS) +tst-pam_group1$(EXEEXT): $(tst_pam_group1_OBJECTS) $(tst_pam_group1_DEPENDENCIES) + @rm -f tst-pam_group1$(EXEEXT) + $(LINK) $(tst_pam_group1_OBJECTS) $(tst_pam_group1_LDADD) $(LIBS) +tst-pam_limits1$(EXEEXT): $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_DEPENDENCIES) + @rm -f tst-pam_limits1$(EXEEXT) + $(LINK) $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_LDADD) $(LIBS) +tst-pam_pwhistory1$(EXEEXT): $(tst_pam_pwhistory1_OBJECTS) $(tst_pam_pwhistory1_DEPENDENCIES) + @rm -f tst-pam_pwhistory1$(EXEEXT) + $(LINK) $(tst_pam_pwhistory1_OBJECTS) $(tst_pam_pwhistory1_LDADD) $(LIBS) +tst-pam_succeed_if1$(EXEEXT): $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_DEPENDENCIES) + @rm -f tst-pam_succeed_if1$(EXEEXT) + $(LINK) $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_LDADD) $(LIBS) +tst-pam_time1$(EXEEXT): $(tst_pam_time1_OBJECTS) $(tst_pam_time1_DEPENDENCIES) + @rm -f tst-pam_time1$(EXEEXT) + $(LINK) $(tst_pam_time1_OBJECTS) $(tst_pam_time1_LDADD) $(LIBS) +tst-pam_unix1$(EXEEXT): $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_DEPENDENCIES) + @rm -f tst-pam_unix1$(EXEEXT) + $(LINK) $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_LDADD) $(LIBS) +tst-pam_unix2$(EXEEXT): $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_DEPENDENCIES) + @rm -f tst-pam_unix2$(EXEEXT) + $(LINK) $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_LDADD) $(LIBS) +tst-pam_unix3$(EXEEXT): $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_DEPENDENCIES) + @rm -f tst-pam_unix3$(EXEEXT) + $(LINK) $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_LDADD) $(LIBS) +tst-pam_unix4$(EXEEXT): $(tst_pam_unix4_OBJECTS) $(tst_pam_unix4_DEPENDENCIES) + @rm -f tst-pam_unix4$(EXEEXT) + $(LINK) $(tst_pam_unix4_OBJECTS) $(tst_pam_unix4_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access3.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access4.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authfail.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authsucceed.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch3.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch4.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch5.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_group1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_limits1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_pwhistory1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_succeed_if1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_time1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix3.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix4.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$tags $$unique; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$tags$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$tags $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) $$here + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + fi; \ + cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-exec-am: + +install-html: install-html-am + +install-info: install-info-am + +install-man: + +install-pdf: install-pdf-am + +install-ps: install-ps-am + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool ctags distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags uninstall uninstall-am + + +xtests: $(XTESTS) run-xtests.sh + "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS} +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/xtests/access.conf b/xtests/access.conf new file mode 100644 index 0000000..25462dd --- /dev/null +++ b/xtests/access.conf @@ -0,0 +1,3 @@ + +-:ALL EXCEPT (tstpamaccess) tstpamaccess3 :LOCAL +-:ALL:127.0.0.1 diff --git a/xtests/group.conf b/xtests/group.conf new file mode 100644 index 0000000..04fe3ef --- /dev/null +++ b/xtests/group.conf @@ -0,0 +1,3 @@ + +tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrpg + diff --git a/xtests/limits.conf b/xtests/limits.conf new file mode 100644 index 0000000..41a3ea3 --- /dev/null +++ b/xtests/limits.conf @@ -0,0 +1,2 @@ +* soft nice 19 +* hard nice -20 diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh new file mode 100755 index 0000000..3a89057 --- /dev/null +++ b/xtests/run-xtests.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +SRCDIR=$1 +shift 1 +[ -z "${SRCDIR}" ] && SRCDIR='.' + +if test `id -u` -ne 0 ; then + echo "You need to be root to run the tests" + exit 1 +fi + +XTESTS="$@" + +failed=0 +pass=0 +skiped=0 +all=0 + +mkdir -p /etc/security +for config in access.conf group.conf time.conf limits.conf ; do + cp /etc/security/$config /etc/security/$config-pam-xtests + install -m 644 "${SRCDIR}"/$config /etc/security/$config +done +mv /etc/security/opasswd /etc/security/opasswd-pam-xtests + +for testname in $XTESTS ; do + for cfg in "${SRCDIR}"/$testname*.pamd ; do + install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd) + done + if test -f "${SRCDIR}"/$testname.sh ; then + test -x "${SRCDIR}"/$testname.sh || chmod 755 "${SRCDIR}"/$testname.sh + "${SRCDIR}"/$testname.sh > /dev/null + else + ./$testname > /dev/null + fi + RETVAL=$? + if test $RETVAL -eq 77 ; then + echo "SKIP: $testname" + skiped=`expr $skiped + 1` + elif test $RETVAL -ne 0 ; then + echo "FAIL: $testname" + failed=`expr $failed + 1` + else + echo "PASS: $testname" + pass=`expr $pass + 1` + fi + all=`expr $all + 1` + rm -f /etc/pam.d/$testname* +done +mv /etc/security/access.conf-pam-xtests /etc/security/access.conf +mv /etc/security/group.conf-pam-xtests /etc/security/group.conf +mv /etc/security/time.conf-pam-xtests /etc/security/time.conf +mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf +mv /etc/security/opasswd-pam-xtests /etc/security/opasswd +if test "$failed" -ne 0; then + echo "===================" + echo "$failed of $all tests failed" + echo "$skiped tests not run" + echo "===================" + exit 1 +else + echo "==================" + echo "$all tests passed" + echo "$skiped tests not run" + echo "==================" +fi +exit 0 diff --git a/xtests/time.conf b/xtests/time.conf new file mode 100644 index 0000000..518124c --- /dev/null +++ b/xtests/time.conf @@ -0,0 +1,2 @@ +*;*;you|me;!Al0000-2400 +*;*;x|y;!Al0000-2400 diff --git a/xtests/tst-pam_access1.c b/xtests/tst-pam_access1.c new file mode 100644 index 0000000..1571129 --- /dev/null +++ b/xtests/tst-pam_access1.c @@ -0,0 +1,132 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in access.conf: + -:ALL EXCEPT (tstpamaccess):LOCAL + + User is member of group tstpamaccess, pam_authenticate should pass. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + const char *user="tstpamaccess1"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_access1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access1: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_access1.pamd b/xtests/tst-pam_access1.pamd new file mode 100644 index 0000000..f47ec34 --- /dev/null +++ b/xtests/tst-pam_access1.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_access.so nodefgroup +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/xtests/tst-pam_access1.sh b/xtests/tst-pam_access1.sh new file mode 100755 index 0000000..180d256 --- /dev/null +++ b/xtests/tst-pam_access1.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/sbin/groupadd tstpamaccess +/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess1 +./tst-pam_access1 +RET=$? +/usr/sbin/userdel -r tstpamaccess1 2> /dev/null +/usr/sbin/groupdel tstpamaccess 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_access2.c b/xtests/tst-pam_access2.c new file mode 100644 index 0000000..293d72a --- /dev/null +++ b/xtests/tst-pam_access2.c @@ -0,0 +1,132 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in access.conf: + -:ALL EXCEPT (tstpamaccess):LOCAL + + User is not member of group tstpamaccess, pam_authenticate should fail. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + const char *user="tstpamaccess2"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_access2", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access2: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access2: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_access2: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access2: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_access2.pamd b/xtests/tst-pam_access2.pamd new file mode 100644 index 0000000..f47ec34 --- /dev/null +++ b/xtests/tst-pam_access2.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_access.so nodefgroup +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/xtests/tst-pam_access2.sh b/xtests/tst-pam_access2.sh new file mode 100755 index 0000000..0a30275 --- /dev/null +++ b/xtests/tst-pam_access2.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/sbin/groupadd tstpamaccess +/usr/sbin/useradd -p '!!' tstpamaccess2 +./tst-pam_access2 +RET=$? +/usr/sbin/userdel -r tstpamaccess2 2> /dev/null +/usr/sbin/groupdel tstpamaccess 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_access3.c b/xtests/tst-pam_access3.c new file mode 100644 index 0000000..817ce93 --- /dev/null +++ b/xtests/tst-pam_access3.c @@ -0,0 +1,132 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in access.conf: + -:ALL EXCEPT tstpamaccess3 :LOCAL + + pam_authenticate should pass for user tstpamaccess3 +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + const char *user="tstpamaccess3"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_access3", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access3: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_access3.pamd b/xtests/tst-pam_access3.pamd new file mode 100644 index 0000000..f47ec34 --- /dev/null +++ b/xtests/tst-pam_access3.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_access.so nodefgroup +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/xtests/tst-pam_access3.sh b/xtests/tst-pam_access3.sh new file mode 100755 index 0000000..348e0c3 --- /dev/null +++ b/xtests/tst-pam_access3.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamaccess3 +./tst-pam_access3 +RET=$? +/usr/sbin/userdel -r tstpamaccess3 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_access4.c b/xtests/tst-pam_access4.c new file mode 100644 index 0000000..115217f --- /dev/null +++ b/xtests/tst-pam_access4.c @@ -0,0 +1,170 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following lines in access.conf: + -:ALL EXCEPT tstpamaccess3 :LOCAL + -:ALL:127.0.0.1 + + pam_authenticate should fail for /dev/tty1, pass for www.example.com, + and fail again for localhost +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + const char *user="tstpamaccess4"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_access4", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access4: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access4-1: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_access4-1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_RHOST, "www.example.com"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access4-2: pam_set_item(PAM_RHOST) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access4-2: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_RHOST, "localhost"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access4-3: pam_set_item(PAM_RHOST) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_access4-3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access4: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_access4.pamd b/xtests/tst-pam_access4.pamd new file mode 100644 index 0000000..f47ec34 --- /dev/null +++ b/xtests/tst-pam_access4.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_access.so nodefgroup +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/xtests/tst-pam_access4.sh b/xtests/tst-pam_access4.sh new file mode 100755 index 0000000..61e7b44 --- /dev/null +++ b/xtests/tst-pam_access4.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamaccess4 +./tst-pam_access4 +RET=$? +/usr/sbin/userdel -r tstpamaccess4 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_assemble_line1.pamd b/xtests/tst-pam_assemble_line1.pamd new file mode 100644 index 0000000..431b3ba --- /dev/null +++ b/xtests/tst-pam_assemble_line1.pamd @@ -0,0 +1,8 @@ +#%PAM-1.0 +# Test that _pam_assemble_line() does not crash with long lines. +# printf '%511s\\\n%511s\\\n%511s\\\n%511s\\\n' + \ + \ + \ + \ +auth required pam_deny.so diff --git a/xtests/tst-pam_assemble_line1.sh b/xtests/tst-pam_assemble_line1.sh new file mode 100755 index 0000000..248d47e --- /dev/null +++ b/xtests/tst-pam_assemble_line1.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authfail tst-pam_assemble_line1 diff --git a/xtests/tst-pam_authfail.c b/xtests/tst-pam_authfail.c new file mode 100644 index 0000000..afdbd6a --- /dev/null +++ b/xtests/tst-pam_authfail.c @@ -0,0 +1,96 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that auth stack fails. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + const char *stack="tst-pam_authfail"; + int retval; + int debug = 0; + + if (argc > 2) { + stack = argv[2]; + } + + if (argc > 1) { + if (strcmp (argv[1], "-d") == 0) + debug = 1; + else + stack = argv[1]; + } + + + retval = pam_start(stack, user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval == PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_authfail.pamd b/xtests/tst-pam_authfail.pamd new file mode 100644 index 0000000..8ff1a40 --- /dev/null +++ b/xtests/tst-pam_authfail.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# test that successful sufficient module cannot affect stack +# after failed required module +auth required pam_debug.so auth=perm_denied +auth sufficient pam_debug.so auth=success diff --git a/xtests/tst-pam_authsucceed.c b/xtests/tst-pam_authsucceed.c new file mode 100644 index 0000000..8666f3f --- /dev/null +++ b/xtests/tst-pam_authsucceed.c @@ -0,0 +1,96 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that auth stack succeeds. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + const char *stack="tst-pam_authsucceed"; + int retval; + int debug = 0; + + if (argc > 2) { + stack = argv[2]; + } + + if (argc > 1) { + if (strcmp (argv[1], "-d") == 0) + debug = 1; + else + stack = argv[1]; + } + + + retval = pam_start(stack, user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_authsucceed.pamd b/xtests/tst-pam_authsucceed.pamd new file mode 100644 index 0000000..abaa1ef --- /dev/null +++ b/xtests/tst-pam_authsucceed.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# test that failed sufficient module cannot affect stack +# with following successful required module +auth sufficient pam_debug.so auth=auth_err +auth required pam_debug.so auth=success diff --git a/xtests/tst-pam_cracklib1.c b/xtests/tst-pam_cracklib1.c new file mode 100644 index 0000000..1a219c8 --- /dev/null +++ b/xtests/tst-pam_cracklib1.c @@ -0,0 +1,135 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + static int calls = 0; + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + /* first call get a password, second one NULL */ + if (calls) + reply[count].resp = NULL; + else + { + ++calls; + reply[count].resp = strdup ("Kindergarten"); + } + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that pam_cracklib does not seg.fault on empty passwords. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="root"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_cracklib1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib1: pam_start returned %d\n", retval); + return 1; + } + + /* Try one, first input is correct, second is NULL */ + retval = pam_chauthtok (pamh, 0); + if (retval != PAM_AUTHTOK_ERR) + { + if (debug) + fprintf (stderr, "cracklib1-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + /* Try two, second input is NULL */ + retval = pam_chauthtok (pamh, 0); + if (retval != PAM_AUTHTOK_ERR) + { + if (debug) + fprintf (stderr, "cracklib1-2: pam_chauthtok returned %d\n", retval); + return 1; + } + + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_cracklib1.pamd b/xtests/tst-pam_cracklib1.pamd new file mode 100644 index 0000000..41a9188 --- /dev/null +++ b/xtests/tst-pam_cracklib1.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +password required pam_cracklib.so diff --git a/xtests/tst-pam_cracklib2.c b/xtests/tst-pam_cracklib2.c new file mode 100644 index 0000000..84b4ef6 --- /dev/null +++ b/xtests/tst-pam_cracklib2.c @@ -0,0 +1,143 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* This test case checks + Patch 1688777: pam_cracklib support for minimum character classes */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <security/pam_appl.h> + +int debug = 0; + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + static int calls = 0; + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + if (debug) + fprintf(stderr,"Query: %s\n", (*msgm)[count].msg); + reply[count].resp_retcode = 0; + /* first tow calls get a correct password, second a too + easy one. */ + if (calls > 1) + reply[count].resp = strdup ("too easy"); + else + { + ++calls; + reply[count].resp = strdup ("1a9C*8dK"); + } + if (debug) + fprintf(stderr,"Response: %s\n", reply[count].resp); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="root"; + int retval; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_cracklib2", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib2: pam_start returned %d\n", retval); + return 1; + } + + /* Try one, first input is correct */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib2-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + /* Try two, second input is wrong */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + if (retval != PAM_AUTHTOK_ERR) + { + if (debug) + fprintf (stderr, "cracklib2-2: pam_chauthtok returned %d\n", retval); + return 1; + } + + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "cracklib2: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_cracklib2.pamd b/xtests/tst-pam_cracklib2.pamd new file mode 100644 index 0000000..5915aec --- /dev/null +++ b/xtests/tst-pam_cracklib2.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +password required pam_cracklib.so minclass=4 diff --git a/xtests/tst-pam_dispatch1.c b/xtests/tst-pam_dispatch1.c new file mode 100644 index 0000000..404c011 --- /dev/null +++ b/xtests/tst-pam_dispatch1.c @@ -0,0 +1,99 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + +static int debug = 0; + +/* + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859 + + This stack should not return PAM_IGNORE to the application: + auth [default=bad] pam_debug.so auth=ignore +*/ +static int +test1 (void) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + + retval = pam_start("tst-pam_dispatch1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "test1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + + +int main(int argc, char *argv[]) +{ + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + if (test1 ()) + return 1; + + return 0; +} diff --git a/xtests/tst-pam_dispatch1.pamd b/xtests/tst-pam_dispatch1.pamd new file mode 100644 index 0000000..9bfc87c --- /dev/null +++ b/xtests/tst-pam_dispatch1.pamd @@ -0,0 +1,3 @@ +# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859 +# This stack should not return PAM_IGNORE to the application: +auth [default=bad] pam_debug.so auth=ignore diff --git a/xtests/tst-pam_dispatch2.c b/xtests/tst-pam_dispatch2.c new file mode 100644 index 0000000..5c63f5b --- /dev/null +++ b/xtests/tst-pam_dispatch2.c @@ -0,0 +1,98 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <strings.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + +static int debug = 0; + +/* + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859 + + This stack should not return PAM_IGNORE to the application: + auth [default=die] pam_debug.so auth=ignore +*/ +static int +test2 (void) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + + retval = pam_start("tst-pam_dispatch2", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test2: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "test2: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test2: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + +int main(int argc, char *argv[]) +{ + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + if (test2 ()) + return 1; + + return 0; +} diff --git a/xtests/tst-pam_dispatch2.pamd b/xtests/tst-pam_dispatch2.pamd new file mode 100644 index 0000000..79f5260 --- /dev/null +++ b/xtests/tst-pam_dispatch2.pamd @@ -0,0 +1,3 @@ +# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859 +# This stack should not return PAM_IGNORE to the application: +auth [default=die] pam_debug.so auth=ignore diff --git a/xtests/tst-pam_dispatch3.c b/xtests/tst-pam_dispatch3.c new file mode 100644 index 0000000..d44e488 --- /dev/null +++ b/xtests/tst-pam_dispatch3.c @@ -0,0 +1,87 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_dispatch3", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_dispatch3.pamd b/xtests/tst-pam_dispatch3.pamd new file mode 100644 index 0000000..8172c5f --- /dev/null +++ b/xtests/tst-pam_dispatch3.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth optional pam_debug.so auth=auth_err +auth sufficient pam_debug.so auth=success +auth required pam_debug.so auth=perm_denied +account required pam_debug.so acct=acct_expired + diff --git a/xtests/tst-pam_dispatch4.c b/xtests/tst-pam_dispatch4.c new file mode 100644 index 0000000..a4db8a8 --- /dev/null +++ b/xtests/tst-pam_dispatch4.c @@ -0,0 +1,94 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that jumps are processed correctly. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_dispatch4", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch4: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch4: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_acct_mgmt (pamh, 0); + if (retval == PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch4: pam_acct_mgmt returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test4: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_dispatch4.pamd b/xtests/tst-pam_dispatch4.pamd new file mode 100644 index 0000000..ac995ad --- /dev/null +++ b/xtests/tst-pam_dispatch4.pamd @@ -0,0 +1,8 @@ +#%PAM-1.0 +# We jump to end of the stack with previous pam_permit.so, should pass +auth required pam_permit.so +auth [success=1 default=ignore] pam_debug.so auth=success +auth required pam_deny.so +# We jump to end of the stack without any module in OK state, should fail +account [success=1 default=ignore] pam_debug.so account=success +account required pam_deny.so diff --git a/xtests/tst-pam_dispatch5.c b/xtests/tst-pam_dispatch5.c new file mode 100644 index 0000000..f1197b3 --- /dev/null +++ b/xtests/tst-pam_dispatch5.c @@ -0,0 +1,86 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* jump after the end of the stack and make sure we don't seg.fault. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_dispatch5", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_dispatch5.pamd b/xtests/tst-pam_dispatch5.pamd new file mode 100644 index 0000000..ea781f7 --- /dev/null +++ b/xtests/tst-pam_dispatch5.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +# Jump after the end of the stack +auth [success=2 default=bad] pam_permit.so +auth required pam_deny.so diff --git a/xtests/tst-pam_group1.c b/xtests/tst-pam_group1.c new file mode 100644 index 0000000..e5e5ae1 --- /dev/null +++ b/xtests/tst-pam_group1.c @@ -0,0 +1,209 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in group.conf: + + tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrpg + + + pam_group should add group tstpamgrpg to user tstpamgrp, but not + to tstpamgrp2. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <grp.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <security/pam_appl.h> + +#define GROUP_BLK 10 +#define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK) + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +static int debug = 0; + +static int +run_test (const char *user, gid_t groupid, int needit) +{ + pam_handle_t *pamh = NULL; + int retval; + int no_grps; + + retval = pam_start("tst-pam_group1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_group1: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_setcred returned %d\n", retval); + return 1; + } + + + no_grps = getgroups(0, NULL); /* find the current number of groups */ + if (no_grps > 0) + { + int i, found; + gid_t *grps = calloc (blk_size (no_grps), sizeof(gid_t)); + + if (getgroups(no_grps, grps) < 0) + { + if (debug) + fprintf (stderr, "pam_group1: getroups returned error: %m\n"); + pam_end (pamh, PAM_SYSTEM_ERR); + return 1; + } + + found = 0; + for (i = 0; i < no_grps; ++i) + { +#if 0 + if (debug) + fprintf (stderr, "gid[%d]=%d\n", i, grps[i]); +#endif + if (grps[i] == groupid) + found = 1; + } + if ((needit && found) || (!needit && !found)) + { + /* everything is ok */ + } + else + { + pam_end (pamh, PAM_SYSTEM_ERR); + if (debug) + fprintf (stderr, + "pam_group1: unexpected result for %s: needit=%d, found=%d\n", + user, needit, found); + return 1; + } + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + +int +main(int argc, char *argv[]) +{ + struct group *grp; + gid_t grpid; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + grp = getgrnam ("tstpamgrpg"); + if (grp == NULL) + return 1; + grpid = grp->gr_gid; + + if (run_test ("root", grpid, 0) != 0 || + run_test ("tstpamgrp2", grpid, 0) != 0 || + run_test ("tstpamgrp", grpid, 1) != 0) + return 1; + + return 0; +} diff --git a/xtests/tst-pam_group1.pamd b/xtests/tst-pam_group1.pamd new file mode 100644 index 0000000..d78f3a6 --- /dev/null +++ b/xtests/tst-pam_group1.pamd @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_group.so +auth required pam_permit.so +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/xtests/tst-pam_group1.sh b/xtests/tst-pam_group1.sh new file mode 100755 index 0000000..b76377f --- /dev/null +++ b/xtests/tst-pam_group1.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +/usr/sbin/groupadd tstpamgrpg +/usr/sbin/useradd -p '!!' tstpamgrp +/usr/sbin/useradd -p '!!' tstpamgrp2 +./tst-pam_group1 +RET=$? +/usr/sbin/userdel -r tstpamgrp 2> /dev/null +/usr/sbin/userdel -r tstpamgrp2 2> /dev/null +/usr/sbin/groupdel tstpamgrpg 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_limits1.c b/xtests/tst-pam_limits1.c new file mode 100644 index 0000000..d895240 --- /dev/null +++ b/xtests/tst-pam_limits1.c @@ -0,0 +1,156 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in limits.conf: + * soft nice 19 + * hard nice -20 + + getrlimit should return soft=1 and hard=40. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/time.h> +#include <sys/resource.h> + +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + const char *user="tstpamlimits"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + +#ifdef RLIMIT_NICE + retval = pam_start("tst-pam_limits1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_limits1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_limits1: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_open_session (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_limits1: pam_open_session returned %d\n", + retval); + return 1; + } + + struct rlimit rlim; + + getrlimit (RLIMIT_NICE, &rlim); + + if (rlim.rlim_cur != 1 && rlim.rlim_max != 40) + { + if (debug) + fprintf (stderr, "pam_limits1: getrlimit failed, soft=%u, hard=%u\n", + (unsigned int) rlim.rlim_cur, (unsigned int) rlim.rlim_max); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_limits1: pam_end returned %d\n", retval); + return 1; + } + return 0; +#else + if (debug) + fprintf (stderr, "pam_limits1: RLIMIT_NICE does not exist)\n"); + + return 77; +#endif +} diff --git a/xtests/tst-pam_limits1.pamd b/xtests/tst-pam_limits1.pamd new file mode 100644 index 0000000..206ef1f --- /dev/null +++ b/xtests/tst-pam_limits1.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_permit.so +account required pam_permit.so +password required pam_permit.so +session required pam_limits.so + diff --git a/xtests/tst-pam_limits1.sh b/xtests/tst-pam_limits1.sh new file mode 100755 index 0000000..4faa822 --- /dev/null +++ b/xtests/tst-pam_limits1.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamlimits +./tst-pam_limits1 +RET=$? +/usr/sbin/userdel -r tstpamlimits 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_pwhistory1.c b/xtests/tst-pam_pwhistory1.c new file mode 100644 index 0000000..5c3246f --- /dev/null +++ b/xtests/tst-pam_pwhistory1.c @@ -0,0 +1,169 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check remember handling + * Change ten times the password + * Try the ten passwords again, should always be rejected + * Try a new password, should succeed + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +static int in_test; + +static const char *passwords[] = { + "pamhistory01", "pamhistory02", "pamhistory03", + "pamhistory04", "pamhistory05", "pamhistory06", + "pamhistory07", "pamhistory08", "pamhistory09", + "pamhistory10", + "pamhistory01", "pamhistory02", "pamhistory03", + "pamhistory04", "pamhistory05", "pamhistory06", + "pamhistory07", "pamhistory08", "pamhistory09", + "pamhistory10", + "pamhistory11", + "pamhistory01", "pamhistory02", "pamhistory03", + "pamhistory04", "pamhistory05", "pamhistory06", + "pamhistory07", "pamhistory08", "pamhistory09", + "pamhistory10"}; + +static int debug; + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + if (debug) + fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style, + msgm[0]->msg); + + if (msgm[0]->msg_style != 1) + return PAM_SUCCESS; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup (passwords[in_test]); + if (debug) + fprintf (stderr, "send password %s\n", reply[count].resp); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpampwhistory"; + int retval; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + for (in_test = 0; + in_test < (int)(sizeof (passwords)/sizeof (char *)); in_test++) + { + + retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pwhistory1-%d: pam_start returned %d\n", + in_test, retval); + return 1; + } + + retval = pam_chauthtok (pamh, 0); + if (in_test < 10 || in_test == 20) + { + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", + in_test, retval); + return 1; + } + } + else if (in_test < 20) + { + if (retval != PAM_MAXTRIES) + { + if (debug) + fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n", + in_test, retval); + return 1; + } + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval); + return 1; + } + } + + return 0; +} diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd new file mode 100644 index 0000000..e096cc4 --- /dev/null +++ b/xtests/tst-pam_pwhistory1.pamd @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_permit.so +account required pam_permit.so +password required pam_pwhistory.so remember=10 retry=1 +password required pam_unix.so use_authtok md5 +session required pam_permit.so + diff --git a/xtests/tst-pam_pwhistory1.sh b/xtests/tst-pam_pwhistory1.sh new file mode 100644 index 0000000..ddb3b8b --- /dev/null +++ b/xtests/tst-pam_pwhistory1.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +/usr/sbin/useradd tstpampwhistory +./tst-pam_pwhistory1 +RET=$? +/usr/sbin/userdel -r tstpampwhistory 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_substack1.pamd b/xtests/tst-pam_substack1.pamd new file mode 100644 index 0000000..6eab233 --- /dev/null +++ b/xtests/tst-pam_substack1.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Even if the substack succeeds with sufficient +# the whole stack should fail. +auth substack tst-pam_substack1a +auth required pam_debug.so auth=auth_err diff --git a/xtests/tst-pam_substack1.sh b/xtests/tst-pam_substack1.sh new file mode 100755 index 0000000..5260175 --- /dev/null +++ b/xtests/tst-pam_substack1.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authfail tst-pam_substack1 diff --git a/xtests/tst-pam_substack1a.pamd b/xtests/tst-pam_substack1a.pamd new file mode 100644 index 0000000..51c8c8f --- /dev/null +++ b/xtests/tst-pam_substack1a.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth sufficient pam_debug.so auth=success diff --git a/xtests/tst-pam_substack2.pamd b/xtests/tst-pam_substack2.pamd new file mode 100644 index 0000000..618e298 --- /dev/null +++ b/xtests/tst-pam_substack2.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +# Even if the substack fails with requisite +# the whole stack should succeed. +auth substack tst-pam_substack2a +auth [success=reset] pam_permit.so +auth required pam_debug.so auth=success diff --git a/xtests/tst-pam_substack2.sh b/xtests/tst-pam_substack2.sh new file mode 100755 index 0000000..c02f597 --- /dev/null +++ b/xtests/tst-pam_substack2.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack2 diff --git a/xtests/tst-pam_substack2a.pamd b/xtests/tst-pam_substack2a.pamd new file mode 100644 index 0000000..db85354 --- /dev/null +++ b/xtests/tst-pam_substack2a.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth requisite pam_debug.so auth=auth_err diff --git a/xtests/tst-pam_substack3.pamd b/xtests/tst-pam_substack3.pamd new file mode 100644 index 0000000..4fc6016 --- /dev/null +++ b/xtests/tst-pam_substack3.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Reset in the substack resets to state as of it was +# in the beginning of substack evaluation +auth required pam_permit.so +auth substack tst-pam_substack3a diff --git a/xtests/tst-pam_substack3.sh b/xtests/tst-pam_substack3.sh new file mode 100755 index 0000000..0e572aa --- /dev/null +++ b/xtests/tst-pam_substack3.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack3 diff --git a/xtests/tst-pam_substack3a.pamd b/xtests/tst-pam_substack3a.pamd new file mode 100644 index 0000000..a2ae915 --- /dev/null +++ b/xtests/tst-pam_substack3a.pamd @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth required pam_debug.so auth=auth_err +auth [success=reset] pam_permit.so diff --git a/xtests/tst-pam_substack4.pamd b/xtests/tst-pam_substack4.pamd new file mode 100644 index 0000000..f0017c7 --- /dev/null +++ b/xtests/tst-pam_substack4.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Substack is counted as one module in jumps +auth [success=1] pam_permit.so +auth substack tst-pam_substack4a +auth required pam_permit.so diff --git a/xtests/tst-pam_substack4.sh b/xtests/tst-pam_substack4.sh new file mode 100755 index 0000000..a3ef08a --- /dev/null +++ b/xtests/tst-pam_substack4.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack4 diff --git a/xtests/tst-pam_substack4a.pamd b/xtests/tst-pam_substack4a.pamd new file mode 100644 index 0000000..3b91c1b --- /dev/null +++ b/xtests/tst-pam_substack4a.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth required pam_debug.so auth=auth_err +auth required pam_debug.so auth=auth_err +auth required pam_debug.so auth=auth_err diff --git a/xtests/tst-pam_substack5.pamd b/xtests/tst-pam_substack5.pamd new file mode 100644 index 0000000..04f07ae --- /dev/null +++ b/xtests/tst-pam_substack5.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +# Requisite terminates substack +auth required pam_permit.so +auth substack tst-pam_substack5a diff --git a/xtests/tst-pam_substack5.sh b/xtests/tst-pam_substack5.sh new file mode 100755 index 0000000..e2714fd --- /dev/null +++ b/xtests/tst-pam_substack5.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authfail tst-pam_substack5 diff --git a/xtests/tst-pam_substack5a.pamd b/xtests/tst-pam_substack5a.pamd new file mode 100644 index 0000000..a6850f4 --- /dev/null +++ b/xtests/tst-pam_substack5a.pamd @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth requisite pam_debug.so auth=auth_err +auth [success=reset] pam_permit.so diff --git a/xtests/tst-pam_succeed_if1.c b/xtests/tst-pam_succeed_if1.c new file mode 100644 index 0000000..c018774 --- /dev/null +++ b/xtests/tst-pam_succeed_if1.c @@ -0,0 +1,138 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in PAM config file: + + auth required pam_succeed_if.so user in tstpamtest:pamtest + + User is pamtest or tstpamtest, both should succeed. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +static int debug = 0; + +static int +test_with_user (const char *user) +{ + pam_handle_t *pamh = NULL; + int retval; + + retval = pam_start("tst-pam_succeed_if1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_succeed_if1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_authenticate(%s) returned %d\n", + user, retval); + return 1; + } + + retval = pam_end (pamh, retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + +int +main(int argc, char *argv[]) +{ + const char *user1 = "tstpamtest"; + const char *user2 = "pamtest"; + int retval; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = test_with_user (user1); + if (retval == 0) + retval = test_with_user (user2); + + return retval; +} diff --git a/xtests/tst-pam_succeed_if1.pamd b/xtests/tst-pam_succeed_if1.pamd new file mode 100644 index 0000000..f9cbd5a --- /dev/null +++ b/xtests/tst-pam_succeed_if1.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth required pam_succeed_if.so user in tstpamtest:pamtest diff --git a/xtests/tst-pam_succeed_if1.sh b/xtests/tst-pam_succeed_if1.sh new file mode 100755 index 0000000..a643b2e --- /dev/null +++ b/xtests/tst-pam_succeed_if1.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamtest +/usr/sbin/useradd -p '!!' pamtest +./tst-pam_succeed_if1 +RET=$? +/usr/sbin/userdel -r tstpamtest 2> /dev/null +/usr/sbin/userdel -r pamtest 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_time1.c b/xtests/tst-pam_time1.c new file mode 100644 index 0000000..9fc0669 --- /dev/null +++ b/xtests/tst-pam_time1.c @@ -0,0 +1,114 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following lines in time.conf: + *;*;you|me;!Al0000-2400 + *;*;x|y;!Al0000-2400 + + User 'x' should not be able to login. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + + +struct test_t { + const char *user; + int retval; +}; + +static struct test_t tests[] = { + {"xy", 0}, + {"yx", 0}, + {"you",6}, + {"me", 6}, + {"x", 6}, + {"y", 6}, +}; + +static int num_tests = sizeof (tests) / sizeof (struct test_t); + +static struct pam_conv conv = { + NULL, NULL +}; + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh = NULL; + int retval; + int debug = 0; + int i; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + for (i = 0; i < num_tests; i++) + { + retval = pam_start("tst-pam_time1", tests[i].user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_time1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_acct_mgmt (pamh, 0); + if (retval != tests[i].retval) + { + if (debug) + fprintf (stderr, + "pam_time1: pam_acct_mgmt(%s) returned wrong value, %d, expected %d\n", + tests[i].user, retval, tests[i].retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_time1: pam_end returned %d\n", retval); + return 1; + } + } + return 0; +} diff --git a/xtests/tst-pam_time1.pamd b/xtests/tst-pam_time1.pamd new file mode 100644 index 0000000..c4cd6c7 --- /dev/null +++ b/xtests/tst-pam_time1.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required pam_permit.so +account required pam_time.so +password required pam_permit.so +session required pam_permit.so diff --git a/xtests/tst-pam_unix1.c b/xtests/tst-pam_unix1.c new file mode 100644 index 0000000..5ee2408 --- /dev/null +++ b/xtests/tst-pam_unix1.c @@ -0,0 +1,122 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Test case: '!!' as password should not allow login + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_unix1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_unix1: pam_start returned %d\n", retval); + return 1; + } + + /* !! as password should not allow login */ + retval = pam_authenticate (pamh, 0); + if (retval != PAM_AUTH_ERR) + { + if (debug) + fprintf (stderr, "pam_unix1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_unix1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix1.pamd b/xtests/tst-pam_unix1.pamd new file mode 100644 index 0000000..1a2990c --- /dev/null +++ b/xtests/tst-pam_unix1.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so + diff --git a/xtests/tst-pam_unix1.sh b/xtests/tst-pam_unix1.sh new file mode 100755 index 0000000..f75bd84 --- /dev/null +++ b/xtests/tst-pam_unix1.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamunix +./tst-pam_unix1 +RET=$? +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_unix2.c b/xtests/tst-pam_unix2.c new file mode 100644 index 0000000..65a75f3 --- /dev/null +++ b/xtests/tst-pam_unix2.c @@ -0,0 +1,154 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check crypt handling + * First use exact password, 8 characters (13 characters crypt) + * Second use longer password, 9 characters + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +static int in_test; + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + /* first call get a password, second one a too long one */ + if (in_test == 1) + reply[count].resp = strdup ("pamunix0"); + else if (in_test == 2) + reply[count].resp = strdup ("pamunix01"); + else + reply[count].resp = strdup ("pamunix1"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_unix2", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix2: pam_start returned %d\n", retval); + return 1; + } + + /* Try one, first input is correct, second is NULL */ + in_test = 1; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix2-1: pam_authenticate returned %d\n", retval); + return 1; + } + + /* Try two, second input is too long */ + in_test = 2; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix2-2: pam_authenticate returned %d\n", retval); + return 1; + } + + /* Third try, third input is wrong */ + in_test = 3; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_AUTH_ERR) + { + if (debug) + fprintf (stderr, "unix2-3: pam_authenticate returned %d\n", retval); + return 1; + } + + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix2: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix2.pamd b/xtests/tst-pam_unix2.pamd new file mode 100644 index 0000000..1a2990c --- /dev/null +++ b/xtests/tst-pam_unix2.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so + diff --git a/xtests/tst-pam_unix2.sh b/xtests/tst-pam_unix2.sh new file mode 100755 index 0000000..7093155 --- /dev/null +++ b/xtests/tst-pam_unix2.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# pamunix0 = 0aXKZztA.d1KY +/usr/sbin/useradd -p 0aXKZztA.d1KY tstpamunix +./tst-pam_unix2 +RET=$? +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_unix3.c b/xtests/tst-pam_unix3.c new file mode 100644 index 0000000..50a9458 --- /dev/null +++ b/xtests/tst-pam_unix3.c @@ -0,0 +1,155 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check bigcrypt handling + * First use exact password, 9 characters (24 characters crypt) + * Second use shorter password, 8 characters + * Third use wrong password, 9 characters + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> + +static int in_test; + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + /* first call get a password, second one a too short one */ + if (in_test == 1) + reply[count].resp = strdup ("pamunix01"); + else if (in_test == 2) + reply[count].resp = strdup ("pamunix0"); + else + reply[count].resp = strdup ("pamunix11"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_unix3", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix3: pam_start returned %d\n", retval); + return 1; + } + + /* Try one, first input is correct, second is NULL */ + in_test = 1; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix3-1: pam_authenticate returned %d\n", retval); + return 1; + } + + /* Try two, second input is too short */ + in_test = 2; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_AUTH_ERR) + { + if (debug) + fprintf (stderr, "unix3-2: pam_authenticate returned %d\n", retval); + return 1; + } + + /* Third try, third input is wrong */ + in_test = 3; + retval = pam_authenticate (pamh, 0); + if (retval != PAM_AUTH_ERR) + { + if (debug) + fprintf (stderr, "unix3-3: pam_authenticate returned %d\n", retval); + return 1; + } + + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix3.pamd b/xtests/tst-pam_unix3.pamd new file mode 100644 index 0000000..1a2990c --- /dev/null +++ b/xtests/tst-pam_unix3.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so +session required pam_unix.so + diff --git a/xtests/tst-pam_unix3.sh b/xtests/tst-pam_unix3.sh new file mode 100755 index 0000000..ef4a07c --- /dev/null +++ b/xtests/tst-pam_unix3.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU +/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +./tst-pam_unix3 +RET=$? +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET diff --git a/xtests/tst-pam_unix4.c b/xtests/tst-pam_unix4.c new file mode 100644 index 0000000..1ba0a40 --- /dev/null +++ b/xtests/tst-pam_unix4.c @@ -0,0 +1,154 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Check password change minimum days handling. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <security/pam_appl.h> +#include <sys/types.h> +#include <pwd.h> +#include <unistd.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + static int respnum = 0; + static const char *resps[] = { "pamunix01", "TsTPAM01MAP", "TsTPAM01MAP" }; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Answer with appropriate response from the above array. */ + for (count = 0; count < num_msg; ++count) + { + if (msgm[count]->msg_style == PAM_PROMPT_ECHO_OFF) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup (resps[respnum % 3]); + ++respnum; + } + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + + +/* Check that errors of optional modules are ignored and that + required modules after a sufficient one are not executed. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="tstpamunix"; + int retval; + int debug = 0; + int fail; + struct passwd *pwd; + + if (argc < 2 || (*argv[1] != 'f' && + *argv[1] != 'p')) + { + fprintf (stderr, "Need fail or pass argument.\n"); + return 2; + } + + fail = *argv[1] == 'f'; + + if (argc > 2 && strcmp (argv[2], "-d") == 0) + debug = 1; + + pwd = getpwnam (user); + + if (pwd == NULL) + { + if (debug) + fprintf (stderr, "unix4: Missing tstpamunix user.\n"); + return 2; + } + + /* we must switch the real (not effective) user so the restrictions + are enforced */ + setreuid (pwd->pw_uid, -1); + + retval = pam_start("tst-pam_unix4", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_chauthtok (pamh, 0); + if ((!fail && retval != PAM_SUCCESS) || (fail && retval == PAM_SUCCESS)) + { + if (debug) + fprintf (stderr, "unix4-1: pam_chauthtok returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "unix4: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/xtests/tst-pam_unix4.pamd b/xtests/tst-pam_unix4.pamd new file mode 100644 index 0000000..4dc414f --- /dev/null +++ b/xtests/tst-pam_unix4.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_unix.so +account required pam_unix.so +password required pam_unix.so debug +session required pam_unix.so + diff --git a/xtests/tst-pam_unix4.sh b/xtests/tst-pam_unix4.sh new file mode 100755 index 0000000..787c2f9 --- /dev/null +++ b/xtests/tst-pam_unix4.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU +/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +# this run must successfully change the password +./tst-pam_unix4 pass +RET=$? +/usr/sbin/usermod -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix +/usr/bin/chage -m 10000 tstpamunix +# this run must fail to change the password +./tst-pam_unix4 fail || RET=$? + +/usr/sbin/userdel -r tstpamunix 2> /dev/null +exit $RET |