diff options
Diffstat (limited to 'Linux-PAM/xtests')
| -rw-r--r-- | Linux-PAM/xtests/Makefile.am | 7 | ||||
| -rw-r--r-- | Linux-PAM/xtests/Makefile.in | 120 | ||||
| -rw-r--r-- | Linux-PAM/xtests/group.conf | 3 | ||||
| -rwxr-xr-x | Linux-PAM/xtests/run-xtests.sh | 14 | ||||
| -rw-r--r-- | Linux-PAM/xtests/tst-pam_group1.c | 207 | ||||
| -rw-r--r-- | Linux-PAM/xtests/tst-pam_group1.pamd | 7 | ||||
| -rwxr-xr-x | Linux-PAM/xtests/tst-pam_group1.sh | 11 | ||||
| -rw-r--r-- | Linux-PAM/xtests/tst-pam_limits1.c | 7 | ||||
| -rw-r--r-- | Linux-PAM/xtests/tst-pam_succeed_if1.c | 137 | ||||
| -rw-r--r-- | Linux-PAM/xtests/tst-pam_succeed_if1.pamd | 2 | ||||
| -rwxr-xr-x | Linux-PAM/xtests/tst-pam_succeed_if1.sh | 9 |
11 files changed, 512 insertions, 12 deletions
diff --git a/Linux-PAM/xtests/Makefile.am b/Linux-PAM/xtests/Makefile.am index f2e48c5e..b32ba76b 100644 --- a/Linux-PAM/xtests/Makefile.am +++ b/Linux-PAM/xtests/Makefile.am @@ -18,13 +18,16 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ tst-pam_access2.pamd tst-pam_access2.sh \ tst-pam_access3.pamd tst-pam_access3.sh \ tst-pam_access4.pamd tst-pam_access4.sh \ - limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh + limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \ + tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ + group.conf tst-pam_group1.pamd tst-pam_group1.sh XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ tst-pam_dispatch4 tst-pam_cracklib1 tst-pam_cracklib2 \ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ tst-pam_access1 tst-pam_access2 tst-pam_access3 \ - tst-pam_access4 tst-pam_limits1 + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 noinst_PROGRAMS = $(XTESTS) diff --git a/Linux-PAM/xtests/Makefile.in b/Linux-PAM/xtests/Makefile.in index 46bea8e5..8019b1aa 100644 --- a/Linux-PAM/xtests/Makefile.in +++ b/Linux-PAM/xtests/Makefile.in @@ -56,11 +56,31 @@ CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = am__EXEEXT_1 = tst-pam_dispatch1$(EXEEXT) tst-pam_dispatch2$(EXEEXT) \ tst-pam_dispatch3$(EXEEXT) tst-pam_dispatch4$(EXEEXT) \ - tst-pam_cracklib1$(EXEEXT) + tst-pam_cracklib1$(EXEEXT) tst-pam_cracklib2$(EXEEXT) \ + tst-pam_unix1$(EXEEXT) tst-pam_unix2$(EXEEXT) \ + tst-pam_unix3$(EXEEXT) tst-pam_access1$(EXEEXT) \ + tst-pam_access2$(EXEEXT) tst-pam_access3$(EXEEXT) \ + tst-pam_access4$(EXEEXT) tst-pam_limits1$(EXEEXT) \ + tst-pam_succeed_if1$(EXEEXT) tst-pam_group1$(EXEEXT) PROGRAMS = $(noinst_PROGRAMS) +tst_pam_access1_SOURCES = tst-pam_access1.c +tst_pam_access1_OBJECTS = tst-pam_access1.$(OBJEXT) +tst_pam_access1_LDADD = $(LDADD) +tst_pam_access2_SOURCES = tst-pam_access2.c +tst_pam_access2_OBJECTS = tst-pam_access2.$(OBJEXT) +tst_pam_access2_LDADD = $(LDADD) +tst_pam_access3_SOURCES = tst-pam_access3.c +tst_pam_access3_OBJECTS = tst-pam_access3.$(OBJEXT) +tst_pam_access3_LDADD = $(LDADD) +tst_pam_access4_SOURCES = tst-pam_access4.c +tst_pam_access4_OBJECTS = tst-pam_access4.$(OBJEXT) +tst_pam_access4_LDADD = $(LDADD) tst_pam_cracklib1_SOURCES = tst-pam_cracklib1.c tst_pam_cracklib1_OBJECTS = tst-pam_cracklib1.$(OBJEXT) tst_pam_cracklib1_LDADD = $(LDADD) +tst_pam_cracklib2_SOURCES = tst-pam_cracklib2.c +tst_pam_cracklib2_OBJECTS = tst-pam_cracklib2.$(OBJEXT) +tst_pam_cracklib2_LDADD = $(LDADD) tst_pam_dispatch1_SOURCES = tst-pam_dispatch1.c tst_pam_dispatch1_OBJECTS = tst-pam_dispatch1.$(OBJEXT) tst_pam_dispatch1_LDADD = $(LDADD) @@ -73,6 +93,24 @@ tst_pam_dispatch3_LDADD = $(LDADD) tst_pam_dispatch4_SOURCES = tst-pam_dispatch4.c tst_pam_dispatch4_OBJECTS = tst-pam_dispatch4.$(OBJEXT) tst_pam_dispatch4_LDADD = $(LDADD) +tst_pam_group1_SOURCES = tst-pam_group1.c +tst_pam_group1_OBJECTS = tst-pam_group1.$(OBJEXT) +tst_pam_group1_LDADD = $(LDADD) +tst_pam_limits1_SOURCES = tst-pam_limits1.c +tst_pam_limits1_OBJECTS = tst-pam_limits1.$(OBJEXT) +tst_pam_limits1_LDADD = $(LDADD) +tst_pam_succeed_if1_SOURCES = tst-pam_succeed_if1.c +tst_pam_succeed_if1_OBJECTS = tst-pam_succeed_if1.$(OBJEXT) +tst_pam_succeed_if1_LDADD = $(LDADD) +tst_pam_unix1_SOURCES = tst-pam_unix1.c +tst_pam_unix1_OBJECTS = tst-pam_unix1.$(OBJEXT) +tst_pam_unix1_LDADD = $(LDADD) +tst_pam_unix2_SOURCES = tst-pam_unix2.c +tst_pam_unix2_OBJECTS = tst-pam_unix2.$(OBJEXT) +tst_pam_unix2_LDADD = $(LDADD) +tst_pam_unix3_SOURCES = tst-pam_unix3.c +tst_pam_unix3_OBJECTS = tst-pam_unix3.$(OBJEXT) +tst_pam_unix3_LDADD = $(LDADD) DEFAULT_INCLUDES = -I. -I$(top_builddir)@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles @@ -85,10 +123,18 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = tst-pam_cracklib1.c tst-pam_dispatch1.c tst-pam_dispatch2.c \ - tst-pam_dispatch3.c tst-pam_dispatch4.c -DIST_SOURCES = tst-pam_cracklib1.c tst-pam_dispatch1.c \ - tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c +SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \ + tst-pam_access4.c tst-pam_cracklib1.c tst-pam_cracklib2.c \ + tst-pam_dispatch1.c tst-pam_dispatch2.c tst-pam_dispatch3.c \ + tst-pam_dispatch4.c tst-pam_group1.c tst-pam_limits1.c \ + tst-pam_succeed_if1.c tst-pam_unix1.c tst-pam_unix2.c \ + tst-pam_unix3.c +DIST_SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \ + tst-pam_access4.c tst-pam_cracklib1.c tst-pam_cracklib2.c \ + tst-pam_dispatch1.c tst-pam_dispatch2.c tst-pam_dispatch3.c \ + tst-pam_dispatch4.c tst-pam_group1.c tst-pam_limits1.c \ + tst-pam_succeed_if1.c tst-pam_unix1.c tst-pam_unix2.c \ + tst-pam_unix3.c ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -179,6 +225,7 @@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ @@ -257,10 +304,23 @@ AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \ CLEANFILES = *~ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ - tst-pam_cracklib1.pamd + tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \ + tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \ + tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \ + access.conf tst-pam_access1.pamd tst-pam_access1.sh \ + tst-pam_access2.pamd tst-pam_access2.sh \ + tst-pam_access3.pamd tst-pam_access3.sh \ + tst-pam_access4.pamd tst-pam_access4.sh \ + limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \ + tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ + group.conf tst-pam_group1.pamd tst-pam_group1.sh XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_dispatch4 tst-pam_cracklib1 + tst-pam_dispatch4 tst-pam_cracklib1 tst-pam_cracklib2 \ + tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ + tst-pam_access1 tst-pam_access2 tst-pam_access3 \ + tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ + tst-pam_group1 all: all-am @@ -302,9 +362,24 @@ clean-noinstPROGRAMS: echo " rm -f $$p $$f"; \ rm -f $$p $$f ; \ done +tst-pam_access1$(EXEEXT): $(tst_pam_access1_OBJECTS) $(tst_pam_access1_DEPENDENCIES) + @rm -f tst-pam_access1$(EXEEXT) + $(LINK) $(tst_pam_access1_OBJECTS) $(tst_pam_access1_LDADD) $(LIBS) +tst-pam_access2$(EXEEXT): $(tst_pam_access2_OBJECTS) $(tst_pam_access2_DEPENDENCIES) + @rm -f tst-pam_access2$(EXEEXT) + $(LINK) $(tst_pam_access2_OBJECTS) $(tst_pam_access2_LDADD) $(LIBS) +tst-pam_access3$(EXEEXT): $(tst_pam_access3_OBJECTS) $(tst_pam_access3_DEPENDENCIES) + @rm -f tst-pam_access3$(EXEEXT) + $(LINK) $(tst_pam_access3_OBJECTS) $(tst_pam_access3_LDADD) $(LIBS) +tst-pam_access4$(EXEEXT): $(tst_pam_access4_OBJECTS) $(tst_pam_access4_DEPENDENCIES) + @rm -f tst-pam_access4$(EXEEXT) + $(LINK) $(tst_pam_access4_OBJECTS) $(tst_pam_access4_LDADD) $(LIBS) tst-pam_cracklib1$(EXEEXT): $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_DEPENDENCIES) @rm -f tst-pam_cracklib1$(EXEEXT) $(LINK) $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_LDADD) $(LIBS) +tst-pam_cracklib2$(EXEEXT): $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_DEPENDENCIES) + @rm -f tst-pam_cracklib2$(EXEEXT) + $(LINK) $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_LDADD) $(LIBS) tst-pam_dispatch1$(EXEEXT): $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_DEPENDENCIES) @rm -f tst-pam_dispatch1$(EXEEXT) $(LINK) $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_LDADD) $(LIBS) @@ -317,6 +392,24 @@ tst-pam_dispatch3$(EXEEXT): $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_DEP tst-pam_dispatch4$(EXEEXT): $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_DEPENDENCIES) @rm -f tst-pam_dispatch4$(EXEEXT) $(LINK) $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_LDADD) $(LIBS) +tst-pam_group1$(EXEEXT): $(tst_pam_group1_OBJECTS) $(tst_pam_group1_DEPENDENCIES) + @rm -f tst-pam_group1$(EXEEXT) + $(LINK) $(tst_pam_group1_OBJECTS) $(tst_pam_group1_LDADD) $(LIBS) +tst-pam_limits1$(EXEEXT): $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_DEPENDENCIES) + @rm -f tst-pam_limits1$(EXEEXT) + $(LINK) $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_LDADD) $(LIBS) +tst-pam_succeed_if1$(EXEEXT): $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_DEPENDENCIES) + @rm -f tst-pam_succeed_if1$(EXEEXT) + $(LINK) $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_LDADD) $(LIBS) +tst-pam_unix1$(EXEEXT): $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_DEPENDENCIES) + @rm -f tst-pam_unix1$(EXEEXT) + $(LINK) $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_LDADD) $(LIBS) +tst-pam_unix2$(EXEEXT): $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_DEPENDENCIES) + @rm -f tst-pam_unix2$(EXEEXT) + $(LINK) $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_LDADD) $(LIBS) +tst-pam_unix3$(EXEEXT): $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_DEPENDENCIES) + @rm -f tst-pam_unix3$(EXEEXT) + $(LINK) $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -324,11 +417,22 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access3.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access4.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib2.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch1.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch2.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch3.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch4.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_group1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_limits1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_succeed_if1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix2.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix3.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -536,7 +640,7 @@ uninstall-am: xtests: $(XTESTS) run-xtests.sh - $(srcdir)/run-xtests.sh + "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/Linux-PAM/xtests/group.conf b/Linux-PAM/xtests/group.conf new file mode 100644 index 00000000..bcfe3755 --- /dev/null +++ b/Linux-PAM/xtests/group.conf @@ -0,0 +1,3 @@ + +tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrp + diff --git a/Linux-PAM/xtests/run-xtests.sh b/Linux-PAM/xtests/run-xtests.sh index 76daba22..53dbdf06 100755 --- a/Linux-PAM/xtests/run-xtests.sh +++ b/Linux-PAM/xtests/run-xtests.sh @@ -13,11 +13,14 @@ XTESTS="$@" failed=0 pass=0 +skiped=0 all=0 mkdir -p /etc/security cp /etc/security/access.conf /etc/security/access.conf-pam-xtests install -m 644 "${SRCDIR}"/access.conf /etc/security/access.conf +cp /etc/security/group.conf /etc/security/group.conf-pam-xtests +install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf for testname in $XTESTS ; do @@ -27,7 +30,11 @@ for testname in $XTESTS ; do else ./$testname > /dev/null fi - if test $? -ne 0 ; then + RETVAL=$? + if test $RETVAL -eq 77 ; then + echo "SKIP: $testname" + skiped=`expr $skiped + 1` + elif test $RETVAL -ne 0 ; then echo "FAIL: $testname" failed=`expr $failed + 1` else @@ -38,15 +45,18 @@ for testname in $XTESTS ; do rm -f /etc/pam.d/$testname done mv /etc/security/access.conf-pam-xtests /etc/security/access.conf +mv /etc/security/group.conf-pam-xtests /etc/security/group.conf mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf if test "$failed" -ne 0; then echo "===================" echo "$failed of $all tests failed" + echo "$skiped tests not run" echo "===================" exit 1 else echo "==================" - echo "All $all tests passed" + echo "$all tests passed" + echo "$skiped tests not run" echo "==================" fi exit 0 diff --git a/Linux-PAM/xtests/tst-pam_group1.c b/Linux-PAM/xtests/tst-pam_group1.c new file mode 100644 index 00000000..e4e3ca48 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_group1.c @@ -0,0 +1,207 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in group.conf: + + tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrp + + + pam_group should add group tstpamgrp to user tstpamgrp, but not + to tstpamgrp2. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <grp.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <security/pam_appl.h> + +#define GROUP_BLK 10 +#define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK) + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +static int debug = 0; + +static int +run_test (const char *user, gid_t groupid, int needit) +{ + pam_handle_t *pamh = NULL; + int retval; + + retval = pam_start("tst-pam_group1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_group1: pam_set_item(PAM_TTY) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_setcred returned %d\n", retval); + return 1; + } + + + int no_grps = getgroups(0, NULL); /* find the current number of groups */ + if (no_grps > 0) + { + int i, found; + gid_t *grps = calloc (blk_size (no_grps), sizeof(gid_t)); + + if (getgroups(no_grps, grps) < 0) + { + if (debug) + fprintf (stderr, "pam_group1: getroups returned error: %m\n"); + pam_end (pamh, PAM_SYSTEM_ERR); + return 1; + } + + found = 0; + for (i = 0; i < no_grps; ++i) + { +#if 0 + if (debug) + fprintf (stderr, "gid[%d]=%d\n", i, grps[i]); +#endif + if (grps[i] == groupid) + found = 1; + } + if ((needit && found) || (!needit && !found)) + { + /* everything is ok */ + } + else + { + pam_end (pamh, PAM_SYSTEM_ERR); + if (debug) + fprintf (stderr, + "pam_group1: unexpected result for %s: needit=%d, found=%d\n", + user, needit, found); + return 1; + } + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_group1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + +int +main(int argc, char *argv[]) +{ + struct group *grp; + gid_t grpid; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + grp = getgrnam ("tstpamgrp"); + if (grp == NULL) + return 1; + grpid = grp->gr_gid; + + if (run_test ("root", grpid, 0) != 0 || + run_test ("tstpamgrp2", grpid, 0) != 0 || + run_test ("tstpamgrp", grpid, 1) != 0) + return 1; + + return 0; +} diff --git a/Linux-PAM/xtests/tst-pam_group1.pamd b/Linux-PAM/xtests/tst-pam_group1.pamd new file mode 100644 index 00000000..d78f3a6c --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_group1.pamd @@ -0,0 +1,7 @@ +#%PAM-1.0 +auth required pam_group.so +auth required pam_permit.so +account required pam_permit.so +password required pam_permit.so +session required pam_permit.so + diff --git a/Linux-PAM/xtests/tst-pam_group1.sh b/Linux-PAM/xtests/tst-pam_group1.sh new file mode 100755 index 00000000..2d38a6ad --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_group1.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +/usr/sbin/groupadd -p '!!' tstpamgrp +/usr/sbin/useradd -p '!!' tstpamgrp +/usr/sbin/useradd -p '!!' tstpamgrp2 +./tst-pam_group1 +RET=$? +/usr/sbin/userdel -r tstpamgrp 2> /dev/null +/usr/sbin/userdel -r tstpamgrp2 2> /dev/null +/usr/sbin/groupdel tstpamgrp 2> /dev/null +exit $RET diff --git a/Linux-PAM/xtests/tst-pam_limits1.c b/Linux-PAM/xtests/tst-pam_limits1.c index cf025d3d..ed3d3679 100644 --- a/Linux-PAM/xtests/tst-pam_limits1.c +++ b/Linux-PAM/xtests/tst-pam_limits1.c @@ -98,6 +98,7 @@ main(int argc, char *argv[]) if (argc > 1 && strcmp (argv[1], "-d") == 0) debug = 1; +#ifdef RLIMIT_NICE retval = pam_start("tst-pam_limits1", user, &conv, &pamh); if (retval != PAM_SUCCESS) { @@ -145,4 +146,10 @@ main(int argc, char *argv[]) return 1; } return 0; +#else + if (debug) + fprintf (stderr, "pam_limits1: RLIMIT_NICE does not exist)\n"); + + return 77; +#endif } diff --git a/Linux-PAM/xtests/tst-pam_succeed_if1.c b/Linux-PAM/xtests/tst-pam_succeed_if1.c new file mode 100644 index 00000000..24f42302 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_succeed_if1.c @@ -0,0 +1,137 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + test case: + + Check the following line in PAM config file: + + auth required pam_succeed_if.so user in tstpamtest:pamtest + + User is pamtest or tstpamtest, both should succeed. +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> + +/* A conversation function which uses an internally-stored value for + the responses. */ +static int +fake_conv (int num_msg, const struct pam_message **msgm UNUSED, + struct pam_response **response, void *appdata_ptr UNUSED) +{ + struct pam_response *reply; + int count; + + /* Sanity test. */ + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* Allocate memory for the responses. */ + reply = calloc (num_msg, sizeof (struct pam_response)); + if (reply == NULL) + return PAM_CONV_ERR; + + /* Each prompt elicits the same response. */ + for (count = 0; count < num_msg; ++count) + { + reply[count].resp_retcode = 0; + reply[count].resp = strdup ("!!"); + } + + /* Set the pointers in the response structure and return. */ + *response = reply; + return PAM_SUCCESS; +} + +static struct pam_conv conv = { + fake_conv, + NULL +}; + +static int debug = 0; + +static int +test_with_user (const char *user) +{ + pam_handle_t *pamh = NULL; + int retval; + + retval = pam_start("tst-pam_succeed_if1", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_succeed_if1: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_authenticate(%s) returned %d\n", + user, retval); + return 1; + } + + retval = pam_end (pamh, retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_access1: pam_end returned %d\n", retval); + return 1; + } + return 0; +} + +int +main(int argc, char *argv[]) +{ + const char *user1 = "tstpamtest"; + const char *user2 = "pamtest"; + int retval; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = test_with_user (user1); + if (retval == 0) + retval = test_with_user (user2); + + return retval; +} diff --git a/Linux-PAM/xtests/tst-pam_succeed_if1.pamd b/Linux-PAM/xtests/tst-pam_succeed_if1.pamd new file mode 100644 index 00000000..f9cbd5a7 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_succeed_if1.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth required pam_succeed_if.so user in tstpamtest:pamtest diff --git a/Linux-PAM/xtests/tst-pam_succeed_if1.sh b/Linux-PAM/xtests/tst-pam_succeed_if1.sh new file mode 100755 index 00000000..a643b2e8 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_succeed_if1.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +/usr/sbin/useradd -p '!!' tstpamtest +/usr/sbin/useradd -p '!!' pamtest +./tst-pam_succeed_if1 +RET=$? +/usr/sbin/userdel -r tstpamtest 2> /dev/null +/usr/sbin/userdel -r pamtest 2> /dev/null +exit $RET |