summaryrefslogtreecommitdiff
path: root/xtests
diff options
context:
space:
mode:
Diffstat (limited to 'xtests')
-rw-r--r--xtests/Makefile.am48
-rw-r--r--xtests/Makefile.in684
-rw-r--r--xtests/access.conf2
-rw-r--r--xtests/group.conf3
-rw-r--r--xtests/limits.conf2
-rwxr-xr-xxtests/run-xtests.sh64
-rw-r--r--xtests/tst-pam_access1.c132
-rw-r--r--xtests/tst-pam_access1.pamd6
-rwxr-xr-xxtests/tst-pam_access1.sh9
-rw-r--r--xtests/tst-pam_access2.c132
-rw-r--r--xtests/tst-pam_access2.pamd6
-rwxr-xr-xxtests/tst-pam_access2.sh9
-rw-r--r--xtests/tst-pam_access3.c132
-rw-r--r--xtests/tst-pam_access3.pamd6
-rwxr-xr-xxtests/tst-pam_access3.sh7
-rw-r--r--xtests/tst-pam_access4.c150
-rw-r--r--xtests/tst-pam_access4.pamd6
-rwxr-xr-xxtests/tst-pam_access4.sh7
-rw-r--r--xtests/tst-pam_assemble_line1.pamd8
-rwxr-xr-xxtests/tst-pam_assemble_line1.sh3
-rw-r--r--xtests/tst-pam_authfail.c96
-rw-r--r--xtests/tst-pam_authfail.pamd5
-rw-r--r--xtests/tst-pam_authsucceed.c96
-rw-r--r--xtests/tst-pam_authsucceed.pamd5
-rw-r--r--xtests/tst-pam_cracklib1.c135
-rw-r--r--xtests/tst-pam_cracklib1.pamd2
-rw-r--r--xtests/tst-pam_cracklib2.c143
-rw-r--r--xtests/tst-pam_cracklib2.pamd2
-rw-r--r--xtests/tst-pam_dispatch1.c99
-rw-r--r--xtests/tst-pam_dispatch1.pamd3
-rw-r--r--xtests/tst-pam_dispatch2.c98
-rw-r--r--xtests/tst-pam_dispatch2.pamd3
-rw-r--r--xtests/tst-pam_dispatch3.c87
-rw-r--r--xtests/tst-pam_dispatch3.pamd6
-rw-r--r--xtests/tst-pam_dispatch4.c94
-rw-r--r--xtests/tst-pam_dispatch4.pamd8
-rw-r--r--xtests/tst-pam_dispatch5.c86
-rw-r--r--xtests/tst-pam_dispatch5.pamd4
-rw-r--r--xtests/tst-pam_group1.c208
-rw-r--r--xtests/tst-pam_group1.pamd7
-rwxr-xr-xxtests/tst-pam_group1.sh11
-rw-r--r--xtests/tst-pam_limits1.c156
-rw-r--r--xtests/tst-pam_limits1.pamd6
-rwxr-xr-xxtests/tst-pam_limits1.sh7
-rw-r--r--xtests/tst-pam_substack1.pamd5
-rwxr-xr-xxtests/tst-pam_substack1.sh3
-rw-r--r--xtests/tst-pam_substack1a.pamd2
-rw-r--r--xtests/tst-pam_substack2.pamd6
-rwxr-xr-xxtests/tst-pam_substack2.sh3
-rw-r--r--xtests/tst-pam_substack2a.pamd2
-rw-r--r--xtests/tst-pam_substack3.pamd5
-rwxr-xr-xxtests/tst-pam_substack3.sh3
-rw-r--r--xtests/tst-pam_substack3a.pamd3
-rw-r--r--xtests/tst-pam_substack4.pamd5
-rwxr-xr-xxtests/tst-pam_substack4.sh3
-rw-r--r--xtests/tst-pam_substack4a.pamd4
-rw-r--r--xtests/tst-pam_substack5.pamd4
-rwxr-xr-xxtests/tst-pam_substack5.sh3
-rw-r--r--xtests/tst-pam_substack5a.pamd3
-rw-r--r--xtests/tst-pam_succeed_if1.c138
-rw-r--r--xtests/tst-pam_succeed_if1.pamd2
-rwxr-xr-xxtests/tst-pam_succeed_if1.sh9
-rw-r--r--xtests/tst-pam_unix1.c122
-rw-r--r--xtests/tst-pam_unix1.pamd6
-rwxr-xr-xxtests/tst-pam_unix1.sh7
-rw-r--r--xtests/tst-pam_unix2.c154
-rw-r--r--xtests/tst-pam_unix2.pamd6
-rwxr-xr-xxtests/tst-pam_unix2.sh8
-rw-r--r--xtests/tst-pam_unix3.c155
-rw-r--r--xtests/tst-pam_unix3.pamd6
-rwxr-xr-xxtests/tst-pam_unix3.sh8
71 files changed, 3458 insertions, 0 deletions
diff --git a/xtests/Makefile.am b/xtests/Makefile.am
new file mode 100644
index 00000000..30a923aa
--- /dev/null
+++ b/xtests/Makefile.am
@@ -0,0 +1,48 @@
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
+ -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
+AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+ -L$(top_builddir)/libpam_misc -lpam_misc
+
+CLEANFILES = *~
+
+EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+ tst-pam_dispatch5.pamd \
+ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \
+ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \
+ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \
+ access.conf tst-pam_access1.pamd tst-pam_access1.sh \
+ tst-pam_access2.pamd tst-pam_access2.sh \
+ tst-pam_access3.pamd tst-pam_access3.sh \
+ tst-pam_access4.pamd tst-pam_access4.sh \
+ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \
+ tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \
+ group.conf tst-pam_group1.pamd tst-pam_group1.sh \
+ tst-pam_authfail.pamd tst-pam_authsucceed.pamd \
+ tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \
+ tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \
+ tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \
+ tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \
+ tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh
+
+XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_dispatch4 tst-pam_dispatch5 \
+ tst-pam_cracklib1 tst-pam_cracklib2 \
+ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed
+
+NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
+ tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
+
+
+noinst_PROGRAMS = $(XTESTS)
+
+xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
diff --git a/xtests/Makefile.in b/xtests/Makefile.in
new file mode 100644
index 00000000..66a10700
--- /dev/null
+++ b/xtests/Makefile.in
@@ -0,0 +1,684 @@
+# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+noinst_PROGRAMS = $(am__EXEEXT_1)
+subdir = xtests
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libprelude.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+am__EXEEXT_1 = tst-pam_dispatch1$(EXEEXT) tst-pam_dispatch2$(EXEEXT) \
+ tst-pam_dispatch3$(EXEEXT) tst-pam_dispatch4$(EXEEXT) \
+ tst-pam_dispatch5$(EXEEXT) tst-pam_cracklib1$(EXEEXT) \
+ tst-pam_cracklib2$(EXEEXT) tst-pam_unix1$(EXEEXT) \
+ tst-pam_unix2$(EXEEXT) tst-pam_unix3$(EXEEXT) \
+ tst-pam_access1$(EXEEXT) tst-pam_access2$(EXEEXT) \
+ tst-pam_access3$(EXEEXT) tst-pam_access4$(EXEEXT) \
+ tst-pam_limits1$(EXEEXT) tst-pam_succeed_if1$(EXEEXT) \
+ tst-pam_group1$(EXEEXT) tst-pam_authfail$(EXEEXT) \
+ tst-pam_authsucceed$(EXEEXT)
+PROGRAMS = $(noinst_PROGRAMS)
+tst_pam_access1_SOURCES = tst-pam_access1.c
+tst_pam_access1_OBJECTS = tst-pam_access1.$(OBJEXT)
+tst_pam_access1_LDADD = $(LDADD)
+tst_pam_access2_SOURCES = tst-pam_access2.c
+tst_pam_access2_OBJECTS = tst-pam_access2.$(OBJEXT)
+tst_pam_access2_LDADD = $(LDADD)
+tst_pam_access3_SOURCES = tst-pam_access3.c
+tst_pam_access3_OBJECTS = tst-pam_access3.$(OBJEXT)
+tst_pam_access3_LDADD = $(LDADD)
+tst_pam_access4_SOURCES = tst-pam_access4.c
+tst_pam_access4_OBJECTS = tst-pam_access4.$(OBJEXT)
+tst_pam_access4_LDADD = $(LDADD)
+tst_pam_authfail_SOURCES = tst-pam_authfail.c
+tst_pam_authfail_OBJECTS = tst-pam_authfail.$(OBJEXT)
+tst_pam_authfail_LDADD = $(LDADD)
+tst_pam_authsucceed_SOURCES = tst-pam_authsucceed.c
+tst_pam_authsucceed_OBJECTS = tst-pam_authsucceed.$(OBJEXT)
+tst_pam_authsucceed_LDADD = $(LDADD)
+tst_pam_cracklib1_SOURCES = tst-pam_cracklib1.c
+tst_pam_cracklib1_OBJECTS = tst-pam_cracklib1.$(OBJEXT)
+tst_pam_cracklib1_LDADD = $(LDADD)
+tst_pam_cracklib2_SOURCES = tst-pam_cracklib2.c
+tst_pam_cracklib2_OBJECTS = tst-pam_cracklib2.$(OBJEXT)
+tst_pam_cracklib2_LDADD = $(LDADD)
+tst_pam_dispatch1_SOURCES = tst-pam_dispatch1.c
+tst_pam_dispatch1_OBJECTS = tst-pam_dispatch1.$(OBJEXT)
+tst_pam_dispatch1_LDADD = $(LDADD)
+tst_pam_dispatch2_SOURCES = tst-pam_dispatch2.c
+tst_pam_dispatch2_OBJECTS = tst-pam_dispatch2.$(OBJEXT)
+tst_pam_dispatch2_LDADD = $(LDADD)
+tst_pam_dispatch3_SOURCES = tst-pam_dispatch3.c
+tst_pam_dispatch3_OBJECTS = tst-pam_dispatch3.$(OBJEXT)
+tst_pam_dispatch3_LDADD = $(LDADD)
+tst_pam_dispatch4_SOURCES = tst-pam_dispatch4.c
+tst_pam_dispatch4_OBJECTS = tst-pam_dispatch4.$(OBJEXT)
+tst_pam_dispatch4_LDADD = $(LDADD)
+tst_pam_dispatch5_SOURCES = tst-pam_dispatch5.c
+tst_pam_dispatch5_OBJECTS = tst-pam_dispatch5.$(OBJEXT)
+tst_pam_dispatch5_LDADD = $(LDADD)
+tst_pam_group1_SOURCES = tst-pam_group1.c
+tst_pam_group1_OBJECTS = tst-pam_group1.$(OBJEXT)
+tst_pam_group1_LDADD = $(LDADD)
+tst_pam_limits1_SOURCES = tst-pam_limits1.c
+tst_pam_limits1_OBJECTS = tst-pam_limits1.$(OBJEXT)
+tst_pam_limits1_LDADD = $(LDADD)
+tst_pam_succeed_if1_SOURCES = tst-pam_succeed_if1.c
+tst_pam_succeed_if1_OBJECTS = tst-pam_succeed_if1.$(OBJEXT)
+tst_pam_succeed_if1_LDADD = $(LDADD)
+tst_pam_unix1_SOURCES = tst-pam_unix1.c
+tst_pam_unix1_OBJECTS = tst-pam_unix1.$(OBJEXT)
+tst_pam_unix1_LDADD = $(LDADD)
+tst_pam_unix2_SOURCES = tst-pam_unix2.c
+tst_pam_unix2_OBJECTS = tst-pam_unix2.$(OBJEXT)
+tst_pam_unix2_LDADD = $(LDADD)
+tst_pam_unix3_SOURCES = tst-pam_unix3.c
+tst_pam_unix3_OBJECTS = tst-pam_unix3.$(OBJEXT)
+tst_pam_unix3_LDADD = $(LDADD)
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \
+ tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \
+ tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \
+ tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \
+ tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \
+ tst-pam_succeed_if1.c tst-pam_unix1.c tst-pam_unix2.c \
+ tst-pam_unix3.c
+DIST_SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \
+ tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \
+ tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \
+ tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \
+ tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \
+ tst-pam_succeed_if1.c tst-pam_unix1.c tst-pam_unix2.c \
+ tst-pam_unix3.c
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+ECHO = @ECHO@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+F77 = @F77@
+FFLAGS = @FFLAGS@
+FO2PDF = @FO2PDF@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NMEDIT = @NMEDIT@
+OBJEXT = @OBJEXT@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_READ_BOTH_CONFS = @PAM_READ_BOTH_CONFS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WITH_DEBUG = @WITH_DEBUG@
+WITH_PAMLOCKING = @WITH_PAMLOCKING@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_F77 = @ac_ct_F77@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
+ -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
+
+AM_LDFLAGS = -L$(top_builddir)/libpam -lpam \
+ -L$(top_builddir)/libpam_misc -lpam_misc
+
+CLEANFILES = *~
+EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+ tst-pam_dispatch5.pamd \
+ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \
+ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \
+ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \
+ access.conf tst-pam_access1.pamd tst-pam_access1.sh \
+ tst-pam_access2.pamd tst-pam_access2.sh \
+ tst-pam_access3.pamd tst-pam_access3.sh \
+ tst-pam_access4.pamd tst-pam_access4.sh \
+ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \
+ tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \
+ group.conf tst-pam_group1.pamd tst-pam_group1.sh \
+ tst-pam_authfail.pamd tst-pam_authsucceed.pamd \
+ tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \
+ tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \
+ tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \
+ tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \
+ tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh
+
+XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_dispatch4 tst-pam_dispatch5 \
+ tst-pam_cracklib1 tst-pam_cracklib2 \
+ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed
+
+NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
+ tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu xtests/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu xtests/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+tst-pam_access1$(EXEEXT): $(tst_pam_access1_OBJECTS) $(tst_pam_access1_DEPENDENCIES)
+ @rm -f tst-pam_access1$(EXEEXT)
+ $(LINK) $(tst_pam_access1_OBJECTS) $(tst_pam_access1_LDADD) $(LIBS)
+tst-pam_access2$(EXEEXT): $(tst_pam_access2_OBJECTS) $(tst_pam_access2_DEPENDENCIES)
+ @rm -f tst-pam_access2$(EXEEXT)
+ $(LINK) $(tst_pam_access2_OBJECTS) $(tst_pam_access2_LDADD) $(LIBS)
+tst-pam_access3$(EXEEXT): $(tst_pam_access3_OBJECTS) $(tst_pam_access3_DEPENDENCIES)
+ @rm -f tst-pam_access3$(EXEEXT)
+ $(LINK) $(tst_pam_access3_OBJECTS) $(tst_pam_access3_LDADD) $(LIBS)
+tst-pam_access4$(EXEEXT): $(tst_pam_access4_OBJECTS) $(tst_pam_access4_DEPENDENCIES)
+ @rm -f tst-pam_access4$(EXEEXT)
+ $(LINK) $(tst_pam_access4_OBJECTS) $(tst_pam_access4_LDADD) $(LIBS)
+tst-pam_authfail$(EXEEXT): $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_DEPENDENCIES)
+ @rm -f tst-pam_authfail$(EXEEXT)
+ $(LINK) $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_LDADD) $(LIBS)
+tst-pam_authsucceed$(EXEEXT): $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_DEPENDENCIES)
+ @rm -f tst-pam_authsucceed$(EXEEXT)
+ $(LINK) $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_LDADD) $(LIBS)
+tst-pam_cracklib1$(EXEEXT): $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_DEPENDENCIES)
+ @rm -f tst-pam_cracklib1$(EXEEXT)
+ $(LINK) $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_LDADD) $(LIBS)
+tst-pam_cracklib2$(EXEEXT): $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_DEPENDENCIES)
+ @rm -f tst-pam_cracklib2$(EXEEXT)
+ $(LINK) $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_LDADD) $(LIBS)
+tst-pam_dispatch1$(EXEEXT): $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_DEPENDENCIES)
+ @rm -f tst-pam_dispatch1$(EXEEXT)
+ $(LINK) $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_LDADD) $(LIBS)
+tst-pam_dispatch2$(EXEEXT): $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_DEPENDENCIES)
+ @rm -f tst-pam_dispatch2$(EXEEXT)
+ $(LINK) $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_LDADD) $(LIBS)
+tst-pam_dispatch3$(EXEEXT): $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_DEPENDENCIES)
+ @rm -f tst-pam_dispatch3$(EXEEXT)
+ $(LINK) $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_LDADD) $(LIBS)
+tst-pam_dispatch4$(EXEEXT): $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_DEPENDENCIES)
+ @rm -f tst-pam_dispatch4$(EXEEXT)
+ $(LINK) $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_LDADD) $(LIBS)
+tst-pam_dispatch5$(EXEEXT): $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_DEPENDENCIES)
+ @rm -f tst-pam_dispatch5$(EXEEXT)
+ $(LINK) $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_LDADD) $(LIBS)
+tst-pam_group1$(EXEEXT): $(tst_pam_group1_OBJECTS) $(tst_pam_group1_DEPENDENCIES)
+ @rm -f tst-pam_group1$(EXEEXT)
+ $(LINK) $(tst_pam_group1_OBJECTS) $(tst_pam_group1_LDADD) $(LIBS)
+tst-pam_limits1$(EXEEXT): $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_DEPENDENCIES)
+ @rm -f tst-pam_limits1$(EXEEXT)
+ $(LINK) $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_LDADD) $(LIBS)
+tst-pam_succeed_if1$(EXEEXT): $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_DEPENDENCIES)
+ @rm -f tst-pam_succeed_if1$(EXEEXT)
+ $(LINK) $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_LDADD) $(LIBS)
+tst-pam_unix1$(EXEEXT): $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_DEPENDENCIES)
+ @rm -f tst-pam_unix1$(EXEEXT)
+ $(LINK) $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_LDADD) $(LIBS)
+tst-pam_unix2$(EXEEXT): $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_DEPENDENCIES)
+ @rm -f tst-pam_unix2$(EXEEXT)
+ $(LINK) $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_LDADD) $(LIBS)
+tst-pam_unix3$(EXEEXT): $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_DEPENDENCIES)
+ @rm -f tst-pam_unix3$(EXEEXT)
+ $(LINK) $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access4.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authfail.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authsucceed.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch4.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch5.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_group1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_limits1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_succeed_if1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix3.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstPROGRAMS ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/xtests/access.conf b/xtests/access.conf
new file mode 100644
index 00000000..8088ec61
--- /dev/null
+++ b/xtests/access.conf
@@ -0,0 +1,2 @@
+
+-:ALL EXCEPT (tstpamaccess) tstpamaccess3 :LOCAL
diff --git a/xtests/group.conf b/xtests/group.conf
new file mode 100644
index 00000000..04fe3ef7
--- /dev/null
+++ b/xtests/group.conf
@@ -0,0 +1,3 @@
+
+tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrpg
+
diff --git a/xtests/limits.conf b/xtests/limits.conf
new file mode 100644
index 00000000..41a3ea3c
--- /dev/null
+++ b/xtests/limits.conf
@@ -0,0 +1,2 @@
+* soft nice 19
+* hard nice -20
diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
new file mode 100755
index 00000000..4e981858
--- /dev/null
+++ b/xtests/run-xtests.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+SRCDIR=$1
+shift 1
+[ -z "${SRCDIR}" ] && SRCDIR='.'
+
+if test `id -u` -ne 0 ; then
+ echo "You need to be root to run the tests"
+ exit 1
+fi
+
+XTESTS="$@"
+
+failed=0
+pass=0
+skiped=0
+all=0
+
+mkdir -p /etc/security
+cp /etc/security/access.conf /etc/security/access.conf-pam-xtests
+install -m 644 "${SRCDIR}"/access.conf /etc/security/access.conf
+cp /etc/security/group.conf /etc/security/group.conf-pam-xtests
+install -m 644 "${SRCDIR}"/group.conf /etc/security/group.conf
+cp /etc/security/limits.conf /etc/security/limits.conf-pam-xtests
+install -m 644 "${SRCDIR}"/limits.conf /etc/security/limits.conf
+for testname in $XTESTS ; do
+ for cfg in "${SRCDIR}"/$testname*.pamd ; do
+ install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd)
+ done
+ if test -x "${SRCDIR}"/$testname.sh ; then
+ "${SRCDIR}"/$testname.sh > /dev/null
+ else
+ ./$testname > /dev/null
+ fi
+ RETVAL=$?
+ if test $RETVAL -eq 77 ; then
+ echo "SKIP: $testname"
+ skiped=`expr $skiped + 1`
+ elif test $RETVAL -ne 0 ; then
+ echo "FAIL: $testname"
+ failed=`expr $failed + 1`
+ else
+ echo "PASS: $testname"
+ pass=`expr $pass + 1`
+ fi
+ all=`expr $all + 1`
+ rm -f /etc/pam.d/$testname*
+done
+mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
+mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
+mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
+if test "$failed" -ne 0; then
+ echo "==================="
+ echo "$failed of $all tests failed"
+ echo "$skiped tests not run"
+ echo "==================="
+ exit 1
+else
+ echo "=================="
+ echo "$all tests passed"
+ echo "$skiped tests not run"
+ echo "=================="
+fi
+exit 0
diff --git a/xtests/tst-pam_access1.c b/xtests/tst-pam_access1.c
new file mode 100644
index 00000000..15711297
--- /dev/null
+++ b/xtests/tst-pam_access1.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is member of group tstpamaccess, pam_authenticate should pass.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess1";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access1.pamd b/xtests/tst-pam_access1.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/xtests/tst-pam_access1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_access1.sh b/xtests/tst-pam_access1.sh
new file mode 100755
index 00000000..180d2563
--- /dev/null
+++ b/xtests/tst-pam_access1.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/sbin/groupadd tstpamaccess
+/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess1
+./tst-pam_access1
+RET=$?
+/usr/sbin/userdel -r tstpamaccess1 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access2.c b/xtests/tst-pam_access2.c
new file mode 100644
index 00000000..293d72ab
--- /dev/null
+++ b/xtests/tst-pam_access2.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is not member of group tstpamaccess, pam_authenticate should fail.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess2";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access2: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access2.pamd b/xtests/tst-pam_access2.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/xtests/tst-pam_access2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_access2.sh b/xtests/tst-pam_access2.sh
new file mode 100755
index 00000000..0a302759
--- /dev/null
+++ b/xtests/tst-pam_access2.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/sbin/groupadd tstpamaccess
+/usr/sbin/useradd -p '!!' tstpamaccess2
+./tst-pam_access2
+RET=$?
+/usr/sbin/userdel -r tstpamaccess2 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access3.c b/xtests/tst-pam_access3.c
new file mode 100644
index 00000000..817ce930
--- /dev/null
+++ b/xtests/tst-pam_access3.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+
+ pam_authenticate should pass for user tstpamaccess3
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess3";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access3: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access3.pamd b/xtests/tst-pam_access3.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/xtests/tst-pam_access3.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_access3.sh b/xtests/tst-pam_access3.sh
new file mode 100755
index 00000000..348e0c3c
--- /dev/null
+++ b/xtests/tst-pam_access3.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamaccess3
+./tst-pam_access3
+RET=$?
+/usr/sbin/userdel -r tstpamaccess3 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access4.c b/xtests/tst-pam_access4.c
new file mode 100644
index 00000000..2b887a4d
--- /dev/null
+++ b/xtests/tst-pam_access4.c
@@ -0,0 +1,150 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+
+ pam_authenticate should fail for /dev/tty1 and pass for www.example.com
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess4";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "www.example.com");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-2: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access4.pamd b/xtests/tst-pam_access4.pamd
new file mode 100644
index 00000000..f47ec34f
--- /dev/null
+++ b/xtests/tst-pam_access4.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_access4.sh b/xtests/tst-pam_access4.sh
new file mode 100755
index 00000000..61e7b448
--- /dev/null
+++ b/xtests/tst-pam_access4.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamaccess4
+./tst-pam_access4
+RET=$?
+/usr/sbin/userdel -r tstpamaccess4 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_assemble_line1.pamd b/xtests/tst-pam_assemble_line1.pamd
new file mode 100644
index 00000000..431b3ba1
--- /dev/null
+++ b/xtests/tst-pam_assemble_line1.pamd
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# Test that _pam_assemble_line() does not crash with long lines.
+# printf '%511s\\\n%511s\\\n%511s\\\n%511s\\\n'
+ \
+ \
+ \
+ \
+auth required pam_deny.so
diff --git a/xtests/tst-pam_assemble_line1.sh b/xtests/tst-pam_assemble_line1.sh
new file mode 100755
index 00000000..248d47ec
--- /dev/null
+++ b/xtests/tst-pam_assemble_line1.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authfail tst-pam_assemble_line1
diff --git a/xtests/tst-pam_authfail.c b/xtests/tst-pam_authfail.c
new file mode 100644
index 00000000..afdbd6a4
--- /dev/null
+++ b/xtests/tst-pam_authfail.c
@@ -0,0 +1,96 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that auth stack fails. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ const char *stack="tst-pam_authfail";
+ int retval;
+ int debug = 0;
+
+ if (argc > 2) {
+ stack = argv[2];
+ }
+
+ if (argc > 1) {
+ if (strcmp (argv[1], "-d") == 0)
+ debug = 1;
+ else
+ stack = argv[1];
+ }
+
+
+ retval = pam_start(stack, user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval == PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_authfail.pamd b/xtests/tst-pam_authfail.pamd
new file mode 100644
index 00000000..8ff1a40f
--- /dev/null
+++ b/xtests/tst-pam_authfail.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# test that successful sufficient module cannot affect stack
+# after failed required module
+auth required pam_debug.so auth=perm_denied
+auth sufficient pam_debug.so auth=success
diff --git a/xtests/tst-pam_authsucceed.c b/xtests/tst-pam_authsucceed.c
new file mode 100644
index 00000000..8666f3f7
--- /dev/null
+++ b/xtests/tst-pam_authsucceed.c
@@ -0,0 +1,96 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that auth stack succeeds. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ const char *stack="tst-pam_authsucceed";
+ int retval;
+ int debug = 0;
+
+ if (argc > 2) {
+ stack = argv[2];
+ }
+
+ if (argc > 1) {
+ if (strcmp (argv[1], "-d") == 0)
+ debug = 1;
+ else
+ stack = argv[1];
+ }
+
+
+ retval = pam_start(stack, user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_authsucceed.pamd b/xtests/tst-pam_authsucceed.pamd
new file mode 100644
index 00000000..abaa1eff
--- /dev/null
+++ b/xtests/tst-pam_authsucceed.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# test that failed sufficient module cannot affect stack
+# with following successful required module
+auth sufficient pam_debug.so auth=auth_err
+auth required pam_debug.so auth=success
diff --git a/xtests/tst-pam_cracklib1.c b/xtests/tst-pam_cracklib1.c
new file mode 100644
index 00000000..b0e52051
--- /dev/null
+++ b/xtests/tst-pam_cracklib1.c
@@ -0,0 +1,135 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ static int calls = 0;
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one NULL */
+ if (calls)
+ reply[count].resp = NULL;
+ else
+ {
+ ++calls;
+ reply[count].resp = strdup ("Kindergarten");
+ }
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that pam_cracklib does not seg.fault on empty passwords. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="root";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_cracklib1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_AUTHTOK_RECOVERY_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_AUTHTOK_RECOVERY_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1-2: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_cracklib1.pamd b/xtests/tst-pam_cracklib1.pamd
new file mode 100644
index 00000000..41a9188d
--- /dev/null
+++ b/xtests/tst-pam_cracklib1.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password required pam_cracklib.so
diff --git a/xtests/tst-pam_cracklib2.c b/xtests/tst-pam_cracklib2.c
new file mode 100644
index 00000000..84b4ef64
--- /dev/null
+++ b/xtests/tst-pam_cracklib2.c
@@ -0,0 +1,143 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This test case checks
+ Patch 1688777: pam_cracklib support for minimum character classes */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+int debug = 0;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ static int calls = 0;
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ if (debug)
+ fprintf(stderr,"Query: %s\n", (*msgm)[count].msg);
+ reply[count].resp_retcode = 0;
+ /* first tow calls get a correct password, second a too
+ easy one. */
+ if (calls > 1)
+ reply[count].resp = strdup ("too easy");
+ else
+ {
+ ++calls;
+ reply[count].resp = strdup ("1a9C*8dK");
+ }
+ if (debug)
+ fprintf(stderr,"Response: %s\n", reply[count].resp);
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="root";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_cracklib2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is wrong */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (retval != PAM_AUTHTOK_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-2: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_cracklib2.pamd b/xtests/tst-pam_cracklib2.pamd
new file mode 100644
index 00000000..5915aecd
--- /dev/null
+++ b/xtests/tst-pam_cracklib2.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password required pam_cracklib.so minclass=4
diff --git a/xtests/tst-pam_dispatch1.c b/xtests/tst-pam_dispatch1.c
new file mode 100644
index 00000000..404c0119
--- /dev/null
+++ b/xtests/tst-pam_dispatch1.c
@@ -0,0 +1,99 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+static int debug = 0;
+
+/*
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+
+ This stack should not return PAM_IGNORE to the application:
+ auth [default=bad] pam_debug.so auth=ignore
+*/
+static int
+test1 (void)
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+
+ retval = pam_start("tst-pam_dispatch1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+
+int main(int argc, char *argv[])
+{
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ if (test1 ())
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch1.pamd b/xtests/tst-pam_dispatch1.pamd
new file mode 100644
index 00000000..9bfc87c5
--- /dev/null
+++ b/xtests/tst-pam_dispatch1.pamd
@@ -0,0 +1,3 @@
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+# This stack should not return PAM_IGNORE to the application:
+auth [default=bad] pam_debug.so auth=ignore
diff --git a/xtests/tst-pam_dispatch2.c b/xtests/tst-pam_dispatch2.c
new file mode 100644
index 00000000..5c63f5b3
--- /dev/null
+++ b/xtests/tst-pam_dispatch2.c
@@ -0,0 +1,98 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <strings.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+static int debug = 0;
+
+/*
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+
+ This stack should not return PAM_IGNORE to the application:
+ auth [default=die] pam_debug.so auth=ignore
+*/
+static int
+test2 (void)
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+
+ retval = pam_start("tst-pam_dispatch2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ if (test2 ())
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch2.pamd b/xtests/tst-pam_dispatch2.pamd
new file mode 100644
index 00000000..79f52609
--- /dev/null
+++ b/xtests/tst-pam_dispatch2.pamd
@@ -0,0 +1,3 @@
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+# This stack should not return PAM_IGNORE to the application:
+auth [default=die] pam_debug.so auth=ignore
diff --git a/xtests/tst-pam_dispatch3.c b/xtests/tst-pam_dispatch3.c
new file mode 100644
index 00000000..d44e4880
--- /dev/null
+++ b/xtests/tst-pam_dispatch3.c
@@ -0,0 +1,87 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch3.pamd b/xtests/tst-pam_dispatch3.pamd
new file mode 100644
index 00000000..8172c5f2
--- /dev/null
+++ b/xtests/tst-pam_dispatch3.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth optional pam_debug.so auth=auth_err
+auth sufficient pam_debug.so auth=success
+auth required pam_debug.so auth=perm_denied
+account required pam_debug.so acct=acct_expired
+
diff --git a/xtests/tst-pam_dispatch4.c b/xtests/tst-pam_dispatch4.c
new file mode 100644
index 00000000..a4db8a88
--- /dev/null
+++ b/xtests/tst-pam_dispatch4.c
@@ -0,0 +1,94 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that jumps are processed correctly. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_acct_mgmt returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch4.pamd b/xtests/tst-pam_dispatch4.pamd
new file mode 100644
index 00000000..ac995add
--- /dev/null
+++ b/xtests/tst-pam_dispatch4.pamd
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# We jump to end of the stack with previous pam_permit.so, should pass
+auth required pam_permit.so
+auth [success=1 default=ignore] pam_debug.so auth=success
+auth required pam_deny.so
+# We jump to end of the stack without any module in OK state, should fail
+account [success=1 default=ignore] pam_debug.so account=success
+account required pam_deny.so
diff --git a/xtests/tst-pam_dispatch5.c b/xtests/tst-pam_dispatch5.c
new file mode 100644
index 00000000..f1197b38
--- /dev/null
+++ b/xtests/tst-pam_dispatch5.c
@@ -0,0 +1,86 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* jump after the end of the stack and make sure we don't seg.fault. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch5", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch5.pamd b/xtests/tst-pam_dispatch5.pamd
new file mode 100644
index 00000000..ea781f77
--- /dev/null
+++ b/xtests/tst-pam_dispatch5.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+# Jump after the end of the stack
+auth [success=2 default=bad] pam_permit.so
+auth required pam_deny.so
diff --git a/xtests/tst-pam_group1.c b/xtests/tst-pam_group1.c
new file mode 100644
index 00000000..ca0c2ac9
--- /dev/null
+++ b/xtests/tst-pam_group1.c
@@ -0,0 +1,208 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in group.conf:
+
+ tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrpg
+
+
+ pam_group should add group tstpamgrpg to user tstpamgrp, but not
+ to tstpamgrp2.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <grp.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
+#define GROUP_BLK 10
+#define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK)
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+static int debug = 0;
+
+static int
+run_test (const char *user, gid_t groupid, int needit)
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+
+ retval = pam_start("tst-pam_group1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_setcred returned %d\n", retval);
+ return 1;
+ }
+
+
+ int no_grps = getgroups(0, NULL); /* find the current number of groups */
+ if (no_grps > 0)
+ {
+ int i, found;
+ gid_t *grps = calloc (blk_size (no_grps), sizeof(gid_t));
+
+ if (getgroups(no_grps, grps) < 0)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: getroups returned error: %m\n");
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ return 1;
+ }
+
+ found = 0;
+ for (i = 0; i < no_grps; ++i)
+ {
+#if 0
+ if (debug)
+ fprintf (stderr, "gid[%d]=%d\n", i, grps[i]);
+#endif
+ if (grps[i] == groupid)
+ found = 1;
+ }
+ if ((needit && found) || (!needit && !found))
+ {
+ /* everything is ok */
+ }
+ else
+ {
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: unexpected result for %s: needit=%d, found=%d\n",
+ user, needit, found);
+ return 1;
+ }
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ struct group *grp;
+ gid_t grpid;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ grp = getgrnam ("tstpamgrpg");
+ if (grp == NULL)
+ return 1;
+ grpid = grp->gr_gid;
+
+ if (run_test ("root", grpid, 0) != 0 ||
+ run_test ("tstpamgrp2", grpid, 0) != 0 ||
+ run_test ("tstpamgrp", grpid, 1) != 0)
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_group1.pamd b/xtests/tst-pam_group1.pamd
new file mode 100644
index 00000000..d78f3a6c
--- /dev/null
+++ b/xtests/tst-pam_group1.pamd
@@ -0,0 +1,7 @@
+#%PAM-1.0
+auth required pam_group.so
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
+
diff --git a/xtests/tst-pam_group1.sh b/xtests/tst-pam_group1.sh
new file mode 100755
index 00000000..b76377f5
--- /dev/null
+++ b/xtests/tst-pam_group1.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+/usr/sbin/groupadd tstpamgrpg
+/usr/sbin/useradd -p '!!' tstpamgrp
+/usr/sbin/useradd -p '!!' tstpamgrp2
+./tst-pam_group1
+RET=$?
+/usr/sbin/userdel -r tstpamgrp 2> /dev/null
+/usr/sbin/userdel -r tstpamgrp2 2> /dev/null
+/usr/sbin/groupdel tstpamgrpg 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_limits1.c b/xtests/tst-pam_limits1.c
new file mode 100644
index 00000000..d8952400
--- /dev/null
+++ b/xtests/tst-pam_limits1.c
@@ -0,0 +1,156 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in limits.conf:
+ * soft nice 19
+ * hard nice -20
+
+ getrlimit should return soft=1 and hard=40.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamlimits";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+#ifdef RLIMIT_NICE
+ retval = pam_start("tst-pam_limits1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_limits1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_open_session returned %d\n",
+ retval);
+ return 1;
+ }
+
+ struct rlimit rlim;
+
+ getrlimit (RLIMIT_NICE, &rlim);
+
+ if (rlim.rlim_cur != 1 && rlim.rlim_max != 40)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: getrlimit failed, soft=%u, hard=%u\n",
+ (unsigned int) rlim.rlim_cur, (unsigned int) rlim.rlim_max);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+#else
+ if (debug)
+ fprintf (stderr, "pam_limits1: RLIMIT_NICE does not exist)\n");
+
+ return 77;
+#endif
+}
diff --git a/xtests/tst-pam_limits1.pamd b/xtests/tst-pam_limits1.pamd
new file mode 100644
index 00000000..206ef1f7
--- /dev/null
+++ b/xtests/tst-pam_limits1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_permit.so
+session required pam_limits.so
+
diff --git a/xtests/tst-pam_limits1.sh b/xtests/tst-pam_limits1.sh
new file mode 100755
index 00000000..4faa8223
--- /dev/null
+++ b/xtests/tst-pam_limits1.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamlimits
+./tst-pam_limits1
+RET=$?
+/usr/sbin/userdel -r tstpamlimits 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_substack1.pamd b/xtests/tst-pam_substack1.pamd
new file mode 100644
index 00000000..6eab233e
--- /dev/null
+++ b/xtests/tst-pam_substack1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Even if the substack succeeds with sufficient
+# the whole stack should fail.
+auth substack tst-pam_substack1a
+auth required pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack1.sh b/xtests/tst-pam_substack1.sh
new file mode 100755
index 00000000..52601755
--- /dev/null
+++ b/xtests/tst-pam_substack1.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authfail tst-pam_substack1
diff --git a/xtests/tst-pam_substack1a.pamd b/xtests/tst-pam_substack1a.pamd
new file mode 100644
index 00000000..51c8c8fd
--- /dev/null
+++ b/xtests/tst-pam_substack1a.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth sufficient pam_debug.so auth=success
diff --git a/xtests/tst-pam_substack2.pamd b/xtests/tst-pam_substack2.pamd
new file mode 100644
index 00000000..618e2986
--- /dev/null
+++ b/xtests/tst-pam_substack2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+# Even if the substack fails with requisite
+# the whole stack should succeed.
+auth substack tst-pam_substack2a
+auth [success=reset] pam_permit.so
+auth required pam_debug.so auth=success
diff --git a/xtests/tst-pam_substack2.sh b/xtests/tst-pam_substack2.sh
new file mode 100755
index 00000000..c02f597e
--- /dev/null
+++ b/xtests/tst-pam_substack2.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authsucceed tst-pam_substack2
diff --git a/xtests/tst-pam_substack2a.pamd b/xtests/tst-pam_substack2a.pamd
new file mode 100644
index 00000000..db853542
--- /dev/null
+++ b/xtests/tst-pam_substack2a.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth requisite pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack3.pamd b/xtests/tst-pam_substack3.pamd
new file mode 100644
index 00000000..4fc6016c
--- /dev/null
+++ b/xtests/tst-pam_substack3.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Reset in the substack resets to state as of it was
+# in the beginning of substack evaluation
+auth required pam_permit.so
+auth substack tst-pam_substack3a
diff --git a/xtests/tst-pam_substack3.sh b/xtests/tst-pam_substack3.sh
new file mode 100755
index 00000000..0e572aae
--- /dev/null
+++ b/xtests/tst-pam_substack3.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authsucceed tst-pam_substack3
diff --git a/xtests/tst-pam_substack3a.pamd b/xtests/tst-pam_substack3a.pamd
new file mode 100644
index 00000000..a2ae915c
--- /dev/null
+++ b/xtests/tst-pam_substack3a.pamd
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth required pam_debug.so auth=auth_err
+auth [success=reset] pam_permit.so
diff --git a/xtests/tst-pam_substack4.pamd b/xtests/tst-pam_substack4.pamd
new file mode 100644
index 00000000..f0017c75
--- /dev/null
+++ b/xtests/tst-pam_substack4.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Substack is counted as one module in jumps
+auth [success=1] pam_permit.so
+auth substack tst-pam_substack4a
+auth required pam_permit.so
diff --git a/xtests/tst-pam_substack4.sh b/xtests/tst-pam_substack4.sh
new file mode 100755
index 00000000..a3ef08a7
--- /dev/null
+++ b/xtests/tst-pam_substack4.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authsucceed tst-pam_substack4
diff --git a/xtests/tst-pam_substack4a.pamd b/xtests/tst-pam_substack4a.pamd
new file mode 100644
index 00000000..3b91c1ba
--- /dev/null
+++ b/xtests/tst-pam_substack4a.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth required pam_debug.so auth=auth_err
+auth required pam_debug.so auth=auth_err
+auth required pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack5.pamd b/xtests/tst-pam_substack5.pamd
new file mode 100644
index 00000000..04f07aeb
--- /dev/null
+++ b/xtests/tst-pam_substack5.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+# Requisite terminates substack
+auth required pam_permit.so
+auth substack tst-pam_substack5a
diff --git a/xtests/tst-pam_substack5.sh b/xtests/tst-pam_substack5.sh
new file mode 100755
index 00000000..e2714fda
--- /dev/null
+++ b/xtests/tst-pam_substack5.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+exec ./tst-pam_authfail tst-pam_substack5
diff --git a/xtests/tst-pam_substack5a.pamd b/xtests/tst-pam_substack5a.pamd
new file mode 100644
index 00000000..a6850f40
--- /dev/null
+++ b/xtests/tst-pam_substack5a.pamd
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth requisite pam_debug.so auth=auth_err
+auth [success=reset] pam_permit.so
diff --git a/xtests/tst-pam_succeed_if1.c b/xtests/tst-pam_succeed_if1.c
new file mode 100644
index 00000000..c0187743
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.c
@@ -0,0 +1,138 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in PAM config file:
+
+ auth required pam_succeed_if.so user in tstpamtest:pamtest
+
+ User is pamtest or tstpamtest, both should succeed.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+static int debug = 0;
+
+static int
+test_with_user (const char *user)
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+
+ retval = pam_start("tst-pam_succeed_if1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_succeed_if1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_authenticate(%s) returned %d\n",
+ user, retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh, retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *user1 = "tstpamtest";
+ const char *user2 = "pamtest";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = test_with_user (user1);
+ if (retval == 0)
+ retval = test_with_user (user2);
+
+ return retval;
+}
diff --git a/xtests/tst-pam_succeed_if1.pamd b/xtests/tst-pam_succeed_if1.pamd
new file mode 100644
index 00000000..f9cbd5a7
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth required pam_succeed_if.so user in tstpamtest:pamtest
diff --git a/xtests/tst-pam_succeed_if1.sh b/xtests/tst-pam_succeed_if1.sh
new file mode 100755
index 00000000..a643b2e8
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamtest
+/usr/sbin/useradd -p '!!' pamtest
+./tst-pam_succeed_if1
+RET=$?
+/usr/sbin/userdel -r tstpamtest 2> /dev/null
+/usr/sbin/userdel -r pamtest 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix1.c b/xtests/tst-pam_unix1.c
new file mode 100644
index 00000000..5ee24082
--- /dev/null
+++ b/xtests/tst-pam_unix1.c
@@ -0,0 +1,122 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Test case: '!!' as password should not allow login
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* !! as password should not allow login */
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix1.pamd b/xtests/tst-pam_unix1.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/xtests/tst-pam_unix1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/xtests/tst-pam_unix1.sh b/xtests/tst-pam_unix1.sh
new file mode 100755
index 00000000..f75bd842
--- /dev/null
+++ b/xtests/tst-pam_unix1.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+/usr/sbin/useradd -p '!!' tstpamunix
+./tst-pam_unix1
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix2.c b/xtests/tst-pam_unix2.c
new file mode 100644
index 00000000..65a75f3e
--- /dev/null
+++ b/xtests/tst-pam_unix2.c
@@ -0,0 +1,154 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check crypt handling
+ * First use exact password, 8 characters (13 characters crypt)
+ * Second use longer password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too long one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix0");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix01");
+ else
+ reply[count].resp = strdup ("pamunix1");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too long */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix2.pamd b/xtests/tst-pam_unix2.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/xtests/tst-pam_unix2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/xtests/tst-pam_unix2.sh b/xtests/tst-pam_unix2.sh
new file mode 100755
index 00000000..7093155f
--- /dev/null
+++ b/xtests/tst-pam_unix2.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# pamunix0 = 0aXKZztA.d1KY
+/usr/sbin/useradd -p 0aXKZztA.d1KY tstpamunix
+./tst-pam_unix2
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix3.c b/xtests/tst-pam_unix3.c
new file mode 100644
index 00000000..50a94587
--- /dev/null
+++ b/xtests/tst-pam_unix3.c
@@ -0,0 +1,155 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check bigcrypt handling
+ * First use exact password, 9 characters (24 characters crypt)
+ * Second use shorter password, 8 characters
+ * Third use wrong password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too short one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix01");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix0");
+ else
+ reply[count].resp = strdup ("pamunix11");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too short */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix3.pamd b/xtests/tst-pam_unix3.pamd
new file mode 100644
index 00000000..1a2990c7
--- /dev/null
+++ b/xtests/tst-pam_unix3.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
+
diff --git a/xtests/tst-pam_unix3.sh b/xtests/tst-pam_unix3.sh
new file mode 100755
index 00000000..ef4a07cd
--- /dev/null
+++ b/xtests/tst-pam_unix3.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU
+/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix
+./tst-pam_unix3
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET