summaryrefslogtreecommitdiff
path: root/xtests
diff options
context:
space:
mode:
authorThorsten Kukuk <kukuk@thkukuk.de>2008-10-10 06:53:45 +0000
committerThorsten Kukuk <kukuk@thkukuk.de>2008-10-10 06:53:45 +0000
commitdad5bd7c146a842e11da19c5715db117d62f5677 (patch)
treea3277beddc06762a8d826d162f19787b09614a35 /xtests
parent6f78c8845614136df2f96f33ef918ed9bfb8e9f8 (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de> * configure.in: add modules/pam_pwhistory/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. * doc/sag/pam_pwhistory.xml: New. * libpam/pam_static_modules.h: Add pam_pwhistory data. * modules/Makefile.am: Add pam_pwhistory directory. * modules/pam_pwhistory/Makefile.am: New. * modules/pam_pwhistory/README.xml: New. * modules/pam_pwhistory/opasswd.c: New. * modules/pam_pwhistory/opasswd.h: New. * modules/pam_pwhistory/pam_pwhistory.8.xml: New. * modules/pam_pwhistory/pam_pwhistory.c: New. * modules/pam_pwhistory/tst-pam_pwhistory: New. * xtests/Makefile.am: New. * xtests/run-xtests.sh: New. * xtests/tst-pam_pwhistory1.c: New. * xtests/tst-pam_pwhistory1.pamd: New. * xtests/tst-pam_pwhistory1.sh: New. * po/POTFILES.in: Add modules/pam_pwhistory/. * po/de.po: Update translations.
Diffstat (limited to 'xtests')
-rw-r--r--xtests/.cvsignore1
-rw-r--r--xtests/Makefile.am6
-rwxr-xr-xxtests/run-xtests.sh3
-rw-r--r--xtests/tst-pam_pwhistory1.c169
-rw-r--r--xtests/tst-pam_pwhistory1.pamd7
-rw-r--r--xtests/tst-pam_pwhistory1.sh7
6 files changed, 191 insertions, 2 deletions
diff --git a/xtests/.cvsignore b/xtests/.cvsignore
index 530ce890..cc96e8c7 100644
--- a/xtests/.cvsignore
+++ b/xtests/.cvsignore
@@ -21,3 +21,4 @@ tst-pam_succeed_if1
tst-pam_group1
tst-pam_authfail
tst-pam_authsucceed
+tst-pam_pwhistory1
diff --git a/xtests/Makefile.am b/xtests/Makefile.am
index 30a923aa..620c61d1 100644
--- a/xtests/Makefile.am
+++ b/xtests/Makefile.am
@@ -28,7 +28,8 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \
tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \
tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
- tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \
+ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh
XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
tst-pam_dispatch4 tst-pam_dispatch5 \
@@ -36,7 +37,8 @@ XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \
tst-pam_access1 tst-pam_access2 tst-pam_access3 \
tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
- tst-pam_group1 tst-pam_authfail tst-pam_authsucceed
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \
+ tst-pam_pwhistory1
NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
index 4e981858..b06685da 100755
--- a/xtests/run-xtests.sh
+++ b/xtests/run-xtests.sh
@@ -23,6 +23,8 @@ cp /etc/security/group.conf /etc/security/group.conf-pam-xtests
install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf
cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests
install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf
+mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
+
for testname in $XTESTS ; do
for cfg in "${SRCDIR}"/$testname*.pamd ; do
install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd)
@@ -49,6 +51,7 @@ done
mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
+mv /etc/security/opasswd-pam-xtests /etc/security/opasswd
if test "$failed" -ne 0; then
echo "==================="
echo "$failed of $all tests failed"
diff --git a/xtests/tst-pam_pwhistory1.c b/xtests/tst-pam_pwhistory1.c
new file mode 100644
index 00000000..5c3246fa
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.c
@@ -0,0 +1,169 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check remember handling
+ * Change ten times the password
+ * Try the ten passwords again, should always be rejected
+ * Try a new password, should succeed
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+static const char *passwords[] = {
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10",
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10",
+ "pamhistory11",
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10"};
+
+static int debug;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ if (debug)
+ fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style,
+ msgm[0]->msg);
+
+ if (msgm[0]->msg_style != 1)
+ return PAM_SUCCESS;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup (passwords[in_test]);
+ if (debug)
+ fprintf (stderr, "send password %s\n", reply[count].resp);
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpampwhistory";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ for (in_test = 0;
+ in_test < (int)(sizeof (passwords)/sizeof (char *)); in_test++)
+ {
+
+ retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_start returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+
+ retval = pam_chauthtok (pamh, 0);
+ if (in_test < 10 || in_test == 20)
+ {
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+ }
+ else if (in_test < 20)
+ {
+ if (retval != PAM_MAXTRIES)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ }
+
+ return 0;
+}
diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd
new file mode 100644
index 00000000..b03098fa
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.pamd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_pwhistory.so remember=10 retry=1 debug
+password required pam_unix.so use_authtok md5
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_pwhistory1.sh b/xtests/tst-pam_pwhistory1.sh
new file mode 100644
index 00000000..ddb3b8b1
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd tstpampwhistory
+./tst-pam_pwhistory1
+RET=$?
+/usr/sbin/userdel -r tstpampwhistory 2> /dev/null
+exit $RET