diff options
Diffstat (limited to 'Linux-PAM/xtests')
42 files changed, 413 insertions, 40 deletions
diff --git a/Linux-PAM/xtests/Makefile.am b/Linux-PAM/xtests/Makefile.am index b32ba76b..62e32643 100644 --- a/Linux-PAM/xtests/Makefile.am +++ b/Linux-PAM/xtests/Makefile.am @@ -11,6 +11,7 @@ CLEANFILES = *~ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \ + tst-pam_dispatch5.pamd \ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \ @@ -20,16 +21,27 @@ EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \ tst-pam_access4.pamd tst-pam_access4.sh \ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \ tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \ - group.conf tst-pam_group1.pamd tst-pam_group1.sh + group.conf tst-pam_group1.pamd tst-pam_group1.sh \ + tst-pam_authfail.pamd tst-pam_authsucceed.pamd \ + tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \ + tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \ + tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \ + tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \ + tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \ - tst-pam_dispatch4 tst-pam_cracklib1 tst-pam_cracklib2 \ + tst-pam_dispatch4 tst-pam_dispatch5 \ + tst-pam_cracklib1 tst-pam_cracklib2 \ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \ tst-pam_access1 tst-pam_access2 tst-pam_access3 \ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \ - tst-pam_group1 + tst-pam_group1 tst-pam_authfail tst-pam_authsucceed + +NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \ + tst-pam_substack4 tst-pam_substack5 + noinst_PROGRAMS = $(XTESTS) xtests: $(XTESTS) run-xtests.sh - "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} + "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS} diff --git a/Linux-PAM/xtests/group.conf b/Linux-PAM/xtests/group.conf index bcfe3755..04fe3ef7 100644 --- a/Linux-PAM/xtests/group.conf +++ b/Linux-PAM/xtests/group.conf @@ -1,3 +1,3 @@ -tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrp +tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrpg diff --git a/Linux-PAM/xtests/run-xtests.sh b/Linux-PAM/xtests/run-xtests.sh index 53dbdf06..4e981858 100755 --- a/Linux-PAM/xtests/run-xtests.sh +++ b/Linux-PAM/xtests/run-xtests.sh @@ -24,7 +24,9 @@ install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf for testname in $XTESTS ; do - install -m 644 "${SRCDIR}"/$testname.pamd /etc/pam.d/$testname + for cfg in "${SRCDIR}"/$testname*.pamd ; do + install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd) + done if test -x "${SRCDIR}"/$testname.sh ; then "${SRCDIR}"/$testname.sh > /dev/null else @@ -42,7 +44,7 @@ for testname in $XTESTS ; do pass=`expr $pass + 1` fi all=`expr $all + 1` - rm -f /etc/pam.d/$testname + rm -f /etc/pam.d/$testname* done mv /etc/security/access.conf-pam-xtests /etc/security/access.conf mv /etc/security/group.conf-pam-xtests /etc/security/group.conf diff --git a/Linux-PAM/xtests/tst-pam_access1.c b/Linux-PAM/xtests/tst-pam_access1.c index 06b65f0c..15711297 100644 --- a/Linux-PAM/xtests/tst-pam_access1.c +++ b/Linux-PAM/xtests/tst-pam_access1.c @@ -45,6 +45,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> @@ -87,7 +88,7 @@ int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; - const char *user="tstpamaccess"; + const char *user="tstpamaccess1"; int retval; int debug = 0; diff --git a/Linux-PAM/xtests/tst-pam_access1.sh b/Linux-PAM/xtests/tst-pam_access1.sh index 48d8cb3e..180d2563 100755 --- a/Linux-PAM/xtests/tst-pam_access1.sh +++ b/Linux-PAM/xtests/tst-pam_access1.sh @@ -1,9 +1,9 @@ #!/bin/bash -/usr/sbin/groupadd -p '!!' tstpamaccess -/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess +/usr/sbin/groupadd tstpamaccess +/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess1 ./tst-pam_access1 RET=$? -/usr/sbin/userdel -r tstpamaccess 2> /dev/null +/usr/sbin/userdel -r tstpamaccess1 2> /dev/null /usr/sbin/groupdel tstpamaccess 2> /dev/null exit $RET diff --git a/Linux-PAM/xtests/tst-pam_access2.c b/Linux-PAM/xtests/tst-pam_access2.c index 194d07d7..293d72ab 100644 --- a/Linux-PAM/xtests/tst-pam_access2.c +++ b/Linux-PAM/xtests/tst-pam_access2.c @@ -45,6 +45,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> @@ -87,7 +88,7 @@ int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; - const char *user="tstpamaccess"; + const char *user="tstpamaccess2"; int retval; int debug = 0; diff --git a/Linux-PAM/xtests/tst-pam_access2.sh b/Linux-PAM/xtests/tst-pam_access2.sh index c1b3c992..0a302759 100755 --- a/Linux-PAM/xtests/tst-pam_access2.sh +++ b/Linux-PAM/xtests/tst-pam_access2.sh @@ -1,9 +1,9 @@ #!/bin/bash -/usr/sbin/groupadd -p '!!' tstpamaccess -/usr/sbin/useradd -p '!!' tstpamaccess +/usr/sbin/groupadd tstpamaccess +/usr/sbin/useradd -p '!!' tstpamaccess2 ./tst-pam_access2 RET=$? -/usr/sbin/userdel -r tstpamaccess 2> /dev/null +/usr/sbin/userdel -r tstpamaccess2 2> /dev/null /usr/sbin/groupdel tstpamaccess 2> /dev/null exit $RET diff --git a/Linux-PAM/xtests/tst-pam_access3.c b/Linux-PAM/xtests/tst-pam_access3.c index cd989bb3..817ce930 100644 --- a/Linux-PAM/xtests/tst-pam_access3.c +++ b/Linux-PAM/xtests/tst-pam_access3.c @@ -45,6 +45,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> diff --git a/Linux-PAM/xtests/tst-pam_access4.c b/Linux-PAM/xtests/tst-pam_access4.c index 1e53a364..2b887a4d 100644 --- a/Linux-PAM/xtests/tst-pam_access4.c +++ b/Linux-PAM/xtests/tst-pam_access4.c @@ -45,6 +45,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> @@ -87,7 +88,7 @@ int main(int argc, char *argv[]) { pam_handle_t *pamh = NULL; - const char *user="tstpamaccess"; + const char *user="tstpamaccess4"; int retval; int debug = 0; diff --git a/Linux-PAM/xtests/tst-pam_access4.sh b/Linux-PAM/xtests/tst-pam_access4.sh index 58bf260d..61e7b448 100755 --- a/Linux-PAM/xtests/tst-pam_access4.sh +++ b/Linux-PAM/xtests/tst-pam_access4.sh @@ -1,7 +1,7 @@ #!/bin/bash -/usr/sbin/useradd -p '!!' tstpamaccess +/usr/sbin/useradd -p '!!' tstpamaccess4 ./tst-pam_access4 RET=$? -/usr/sbin/userdel -r tstpamaccess 2> /dev/null +/usr/sbin/userdel -r tstpamaccess4 2> /dev/null exit $RET diff --git a/Linux-PAM/xtests/tst-pam_authfail.c b/Linux-PAM/xtests/tst-pam_authfail.c new file mode 100644 index 00000000..afdbd6a4 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_authfail.c @@ -0,0 +1,96 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that auth stack fails. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + const char *stack="tst-pam_authfail"; + int retval; + int debug = 0; + + if (argc > 2) { + stack = argv[2]; + } + + if (argc > 1) { + if (strcmp (argv[1], "-d") == 0) + debug = 1; + else + stack = argv[1]; + } + + + retval = pam_start(stack, user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval == PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/Linux-PAM/xtests/tst-pam_authfail.pamd b/Linux-PAM/xtests/tst-pam_authfail.pamd new file mode 100644 index 00000000..8ff1a40f --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_authfail.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# test that successful sufficient module cannot affect stack +# after failed required module +auth required pam_debug.so auth=perm_denied +auth sufficient pam_debug.so auth=success diff --git a/Linux-PAM/xtests/tst-pam_authsucceed.c b/Linux-PAM/xtests/tst-pam_authsucceed.c new file mode 100644 index 00000000..8666f3f7 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_authsucceed.c @@ -0,0 +1,96 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* Check that auth stack succeeds. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + const char *stack="tst-pam_authsucceed"; + int retval; + int debug = 0; + + if (argc > 2) { + stack = argv[2]; + } + + if (argc > 1) { + if (strcmp (argv[1], "-d") == 0) + debug = 1; + else + stack = argv[1]; + } + + + retval = pam_start(stack, user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate(pamh, 0); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end(pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "test3: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/Linux-PAM/xtests/tst-pam_authsucceed.pamd b/Linux-PAM/xtests/tst-pam_authsucceed.pamd new file mode 100644 index 00000000..abaa1eff --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_authsucceed.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# test that failed sufficient module cannot affect stack +# with following successful required module +auth sufficient pam_debug.so auth=auth_err +auth required pam_debug.so auth=success diff --git a/Linux-PAM/xtests/tst-pam_cracklib1.c b/Linux-PAM/xtests/tst-pam_cracklib1.c index 1600df97..b0e52051 100644 --- a/Linux-PAM/xtests/tst-pam_cracklib1.c +++ b/Linux-PAM/xtests/tst-pam_cracklib1.c @@ -36,6 +36,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> diff --git a/Linux-PAM/xtests/tst-pam_cracklib2.c b/Linux-PAM/xtests/tst-pam_cracklib2.c index 49166a4e..84b4ef64 100644 --- a/Linux-PAM/xtests/tst-pam_cracklib2.c +++ b/Linux-PAM/xtests/tst-pam_cracklib2.c @@ -39,14 +39,17 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <unistd.h> #include <string.h> #include <security/pam_appl.h> +int debug = 0; + /* A conversation function which uses an internally-stored value for the responses. */ static int -fake_conv (int num_msg, const struct pam_message **msgm UNUSED, +fake_conv (int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr UNUSED) { static int calls = 0; @@ -65,6 +68,8 @@ fake_conv (int num_msg, const struct pam_message **msgm UNUSED, /* Each prompt elicits the same response. */ for (count = 0; count < num_msg; ++count) { + if (debug) + fprintf(stderr,"Query: %s\n", (*msgm)[count].msg); reply[count].resp_retcode = 0; /* first tow calls get a correct password, second a too easy one. */ @@ -75,6 +80,8 @@ fake_conv (int num_msg, const struct pam_message **msgm UNUSED, ++calls; reply[count].resp = strdup ("1a9C*8dK"); } + if (debug) + fprintf(stderr,"Response: %s\n", reply[count].resp); } /* Set the pointers in the response structure and return. */ @@ -94,10 +101,6 @@ main(int argc, char *argv[]) pam_handle_t *pamh=NULL; const char *user="root"; int retval; - int debug = 0; - - /* Simulate passwd call by normal user */ - setuid (65534); if (argc > 1 && strcmp (argv[1], "-d") == 0) debug = 1; @@ -110,8 +113,8 @@ main(int argc, char *argv[]) return 1; } - /* Try one, first input is correct, second is NULL */ - retval = pam_chauthtok (pamh, 0); + /* Try one, first input is correct */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (retval != PAM_SUCCESS) { if (debug) @@ -119,8 +122,8 @@ main(int argc, char *argv[]) return 1; } - /* Try two, second input is NULL */ - retval = pam_chauthtok (pamh, 0); + /* Try two, second input is wrong */ + retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); if (retval != PAM_AUTHTOK_ERR) { if (debug) diff --git a/Linux-PAM/xtests/tst-pam_dispatch4.c b/Linux-PAM/xtests/tst-pam_dispatch4.c index 12bc362a..a4db8a88 100644 --- a/Linux-PAM/xtests/tst-pam_dispatch4.c +++ b/Linux-PAM/xtests/tst-pam_dispatch4.c @@ -46,8 +46,7 @@ static struct pam_conv conv = { }; -/* Check that errors of optional modules are ignored and that - required modules after a sufficient one are not executed. */ +/* Check that jumps are processed correctly. */ int main(int argc, char *argv[]) @@ -64,7 +63,7 @@ main(int argc, char *argv[]) if (retval != PAM_SUCCESS) { if (debug) - fprintf (stderr, "test4: pam_start returned %d\n", retval); + fprintf (stderr, "pam_dispatch4: pam_start returned %d\n", retval); return 1; } @@ -72,7 +71,7 @@ main(int argc, char *argv[]) if (retval != PAM_SUCCESS) { if (debug) - fprintf (stderr, "test4: pam_authenticate returned %d\n", retval); + fprintf (stderr, "pam_dispatch4: pam_authenticate returned %d\n", retval); return 1; } @@ -80,7 +79,7 @@ main(int argc, char *argv[]) if (retval == PAM_SUCCESS) { if (debug) - fprintf (stderr, "test4: pam_authenticate returned %d\n", retval); + fprintf (stderr, "pam_dispatch4: pam_acct_mgmt returned %d\n", retval); return 1; } diff --git a/Linux-PAM/xtests/tst-pam_dispatch4.pamd b/Linux-PAM/xtests/tst-pam_dispatch4.pamd index 7c08372b..ac995add 100644 --- a/Linux-PAM/xtests/tst-pam_dispatch4.pamd +++ b/Linux-PAM/xtests/tst-pam_dispatch4.pamd @@ -1,8 +1,8 @@ #%PAM-1.0 -# We jump to pam_permit.so, should pass +# We jump to end of the stack with previous pam_permit.so, should pass +auth required pam_permit.so auth [success=1 default=ignore] pam_debug.so auth=success auth required pam_deny.so -auth required pam_permit.so -# We jump to a non-existing slot, fail, but don't seg.fault +# We jump to end of the stack without any module in OK state, should fail account [success=1 default=ignore] pam_debug.so account=success account required pam_deny.so diff --git a/Linux-PAM/xtests/tst-pam_dispatch5.c b/Linux-PAM/xtests/tst-pam_dispatch5.c new file mode 100644 index 00000000..f1197b38 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_dispatch5.c @@ -0,0 +1,86 @@ +/* + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +static struct pam_conv conv = { + misc_conv, + NULL +}; + + +/* jump after the end of the stack and make sure we don't seg.fault. */ + +int +main(int argc, char *argv[]) +{ + pam_handle_t *pamh=NULL; + const char *user="nobody"; + int retval; + int debug = 0; + + if (argc > 1 && strcmp (argv[1], "-d") == 0) + debug = 1; + + retval = pam_start("tst-pam_dispatch5", user, &conv, &pamh); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_start returned %d\n", retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_authenticate returned %d\n", retval); + return 1; + } + + retval = pam_end (pamh,retval); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, "pam_dispatch5: pam_end returned %d\n", retval); + return 1; + } + return 0; +} diff --git a/Linux-PAM/xtests/tst-pam_dispatch5.pamd b/Linux-PAM/xtests/tst-pam_dispatch5.pamd new file mode 100644 index 00000000..ea781f77 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_dispatch5.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +# Jump after the end of the stack +auth [success=2 default=bad] pam_permit.so +auth required pam_deny.so diff --git a/Linux-PAM/xtests/tst-pam_group1.c b/Linux-PAM/xtests/tst-pam_group1.c index e4e3ca48..ca0c2ac9 100644 --- a/Linux-PAM/xtests/tst-pam_group1.c +++ b/Linux-PAM/xtests/tst-pam_group1.c @@ -36,10 +36,10 @@ Check the following line in group.conf: - tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrp + tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrpg - pam_group should add group tstpamgrp to user tstpamgrp, but not + pam_group should add group tstpamgrpg to user tstpamgrp, but not to tstpamgrp2. */ @@ -49,6 +49,7 @@ #include <grp.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> @@ -193,7 +194,7 @@ main(int argc, char *argv[]) if (argc > 1 && strcmp (argv[1], "-d") == 0) debug = 1; - grp = getgrnam ("tstpamgrp"); + grp = getgrnam ("tstpamgrpg"); if (grp == NULL) return 1; grpid = grp->gr_gid; diff --git a/Linux-PAM/xtests/tst-pam_group1.sh b/Linux-PAM/xtests/tst-pam_group1.sh index 2d38a6ad..b76377f5 100755 --- a/Linux-PAM/xtests/tst-pam_group1.sh +++ b/Linux-PAM/xtests/tst-pam_group1.sh @@ -1,11 +1,11 @@ #!/bin/bash -/usr/sbin/groupadd -p '!!' tstpamgrp +/usr/sbin/groupadd tstpamgrpg /usr/sbin/useradd -p '!!' tstpamgrp /usr/sbin/useradd -p '!!' tstpamgrp2 ./tst-pam_group1 RET=$? /usr/sbin/userdel -r tstpamgrp 2> /dev/null /usr/sbin/userdel -r tstpamgrp2 2> /dev/null -/usr/sbin/groupdel tstpamgrp 2> /dev/null +/usr/sbin/groupdel tstpamgrpg 2> /dev/null exit $RET diff --git a/Linux-PAM/xtests/tst-pam_limits1.c b/Linux-PAM/xtests/tst-pam_limits1.c index ed3d3679..d8952400 100644 --- a/Linux-PAM/xtests/tst-pam_limits1.c +++ b/Linux-PAM/xtests/tst-pam_limits1.c @@ -46,6 +46,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <sys/time.h> #include <sys/resource.h> diff --git a/Linux-PAM/xtests/tst-pam_substack1.pamd b/Linux-PAM/xtests/tst-pam_substack1.pamd new file mode 100644 index 00000000..6eab233e --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack1.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Even if the substack succeeds with sufficient +# the whole stack should fail. +auth substack tst-pam_substack1a +auth required pam_debug.so auth=auth_err diff --git a/Linux-PAM/xtests/tst-pam_substack1.sh b/Linux-PAM/xtests/tst-pam_substack1.sh new file mode 100755 index 00000000..52601755 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack1.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authfail tst-pam_substack1 diff --git a/Linux-PAM/xtests/tst-pam_substack1a.pamd b/Linux-PAM/xtests/tst-pam_substack1a.pamd new file mode 100644 index 00000000..51c8c8fd --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack1a.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth sufficient pam_debug.so auth=success diff --git a/Linux-PAM/xtests/tst-pam_substack2.pamd b/Linux-PAM/xtests/tst-pam_substack2.pamd new file mode 100644 index 00000000..618e2986 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack2.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +# Even if the substack fails with requisite +# the whole stack should succeed. +auth substack tst-pam_substack2a +auth [success=reset] pam_permit.so +auth required pam_debug.so auth=success diff --git a/Linux-PAM/xtests/tst-pam_substack2.sh b/Linux-PAM/xtests/tst-pam_substack2.sh new file mode 100755 index 00000000..c02f597e --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack2.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack2 diff --git a/Linux-PAM/xtests/tst-pam_substack2a.pamd b/Linux-PAM/xtests/tst-pam_substack2a.pamd new file mode 100644 index 00000000..db853542 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack2a.pamd @@ -0,0 +1,2 @@ +#%PAM-1.0 +auth requisite pam_debug.so auth=auth_err diff --git a/Linux-PAM/xtests/tst-pam_substack3.pamd b/Linux-PAM/xtests/tst-pam_substack3.pamd new file mode 100644 index 00000000..4fc6016c --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack3.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Reset in the substack resets to state as of it was +# in the beginning of substack evaluation +auth required pam_permit.so +auth substack tst-pam_substack3a diff --git a/Linux-PAM/xtests/tst-pam_substack3.sh b/Linux-PAM/xtests/tst-pam_substack3.sh new file mode 100755 index 00000000..0e572aae --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack3.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack3 diff --git a/Linux-PAM/xtests/tst-pam_substack3a.pamd b/Linux-PAM/xtests/tst-pam_substack3a.pamd new file mode 100644 index 00000000..a2ae915c --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack3a.pamd @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth required pam_debug.so auth=auth_err +auth [success=reset] pam_permit.so diff --git a/Linux-PAM/xtests/tst-pam_substack4.pamd b/Linux-PAM/xtests/tst-pam_substack4.pamd new file mode 100644 index 00000000..f0017c75 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack4.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +# Substack is counted as one module in jumps +auth [success=1] pam_permit.so +auth substack tst-pam_substack4a +auth required pam_permit.so diff --git a/Linux-PAM/xtests/tst-pam_substack4.sh b/Linux-PAM/xtests/tst-pam_substack4.sh new file mode 100755 index 00000000..a3ef08a7 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack4.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authsucceed tst-pam_substack4 diff --git a/Linux-PAM/xtests/tst-pam_substack4a.pamd b/Linux-PAM/xtests/tst-pam_substack4a.pamd new file mode 100644 index 00000000..3b91c1ba --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack4a.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth required pam_debug.so auth=auth_err +auth required pam_debug.so auth=auth_err +auth required pam_debug.so auth=auth_err diff --git a/Linux-PAM/xtests/tst-pam_substack5.pamd b/Linux-PAM/xtests/tst-pam_substack5.pamd new file mode 100644 index 00000000..04f07aeb --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack5.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +# Requisite terminates substack +auth required pam_permit.so +auth substack tst-pam_substack5a diff --git a/Linux-PAM/xtests/tst-pam_substack5.sh b/Linux-PAM/xtests/tst-pam_substack5.sh new file mode 100755 index 00000000..e2714fda --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack5.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +exec ./tst-pam_authfail tst-pam_substack5 diff --git a/Linux-PAM/xtests/tst-pam_substack5a.pamd b/Linux-PAM/xtests/tst-pam_substack5a.pamd new file mode 100644 index 00000000..a6850f40 --- /dev/null +++ b/Linux-PAM/xtests/tst-pam_substack5a.pamd @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth requisite pam_debug.so auth=auth_err +auth [success=reset] pam_permit.so diff --git a/Linux-PAM/xtests/tst-pam_succeed_if1.c b/Linux-PAM/xtests/tst-pam_succeed_if1.c index 24f42302..c0187743 100644 --- a/Linux-PAM/xtests/tst-pam_succeed_if1.c +++ b/Linux-PAM/xtests/tst-pam_succeed_if1.c @@ -46,6 +46,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> diff --git a/Linux-PAM/xtests/tst-pam_unix1.c b/Linux-PAM/xtests/tst-pam_unix1.c index 7b884997..5ee24082 100644 --- a/Linux-PAM/xtests/tst-pam_unix1.c +++ b/Linux-PAM/xtests/tst-pam_unix1.c @@ -40,6 +40,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> diff --git a/Linux-PAM/xtests/tst-pam_unix2.c b/Linux-PAM/xtests/tst-pam_unix2.c index bf6cd8e7..65a75f3e 100644 --- a/Linux-PAM/xtests/tst-pam_unix2.c +++ b/Linux-PAM/xtests/tst-pam_unix2.c @@ -42,6 +42,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> diff --git a/Linux-PAM/xtests/tst-pam_unix3.c b/Linux-PAM/xtests/tst-pam_unix3.c index bd5ffca4..50a94587 100644 --- a/Linux-PAM/xtests/tst-pam_unix3.c +++ b/Linux-PAM/xtests/tst-pam_unix3.c @@ -43,6 +43,7 @@ #endif #include <stdio.h> +#include <stdlib.h> #include <string.h> #include <security/pam_appl.h> |