summaryrefslogtreecommitdiffstats
path: root/xtests
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--xtests/Makefile.am53
-rw-r--r--xtests/Makefile.in916
-rw-r--r--xtests/access.conf3
-rw-r--r--xtests/group.conf2
-rw-r--r--xtests/limits.conf2
-rwxr-xr-xxtests/run-xtests.sh67
-rw-r--r--xtests/time.conf2
-rw-r--r--xtests/tst-pam_access1.c132
-rw-r--r--xtests/tst-pam_access1.pamd5
-rwxr-xr-xxtests/tst-pam_access1.sh9
-rw-r--r--xtests/tst-pam_access2.c132
-rw-r--r--xtests/tst-pam_access2.pamd5
-rwxr-xr-xxtests/tst-pam_access2.sh9
-rw-r--r--xtests/tst-pam_access3.c132
-rw-r--r--xtests/tst-pam_access3.pamd5
-rwxr-xr-xxtests/tst-pam_access3.sh7
-rw-r--r--xtests/tst-pam_access4.c170
-rw-r--r--xtests/tst-pam_access4.pamd5
-rwxr-xr-xxtests/tst-pam_access4.sh7
-rw-r--r--xtests/tst-pam_assemble_line1.pamd8
-rwxr-xr-xxtests/tst-pam_assemble_line1.sh3
-rw-r--r--xtests/tst-pam_authfail.c96
-rw-r--r--xtests/tst-pam_authfail.pamd5
-rw-r--r--xtests/tst-pam_authsucceed.c96
-rw-r--r--xtests/tst-pam_authsucceed.pamd5
-rw-r--r--xtests/tst-pam_cracklib1.c135
-rw-r--r--xtests/tst-pam_cracklib1.pamd2
-rw-r--r--xtests/tst-pam_cracklib2.c143
-rw-r--r--xtests/tst-pam_cracklib2.pamd2
-rw-r--r--xtests/tst-pam_dispatch1.c99
-rw-r--r--xtests/tst-pam_dispatch1.pamd3
-rw-r--r--xtests/tst-pam_dispatch2.c98
-rw-r--r--xtests/tst-pam_dispatch2.pamd3
-rw-r--r--xtests/tst-pam_dispatch3.c87
-rw-r--r--xtests/tst-pam_dispatch3.pamd5
-rw-r--r--xtests/tst-pam_dispatch4.c94
-rw-r--r--xtests/tst-pam_dispatch4.pamd8
-rw-r--r--xtests/tst-pam_dispatch5.c86
-rw-r--r--xtests/tst-pam_dispatch5.pamd4
-rw-r--r--xtests/tst-pam_group1.c209
-rw-r--r--xtests/tst-pam_group1.pamd6
-rwxr-xr-xxtests/tst-pam_group1.sh11
-rw-r--r--xtests/tst-pam_limits1.c156
-rw-r--r--xtests/tst-pam_limits1.pamd5
-rwxr-xr-xxtests/tst-pam_limits1.sh7
-rw-r--r--xtests/tst-pam_pwhistory1.c169
-rw-r--r--xtests/tst-pam_pwhistory1.pamd6
-rwxr-xr-xxtests/tst-pam_pwhistory1.sh7
-rw-r--r--xtests/tst-pam_substack1.pamd5
-rwxr-xr-xxtests/tst-pam_substack1.sh3
-rw-r--r--xtests/tst-pam_substack1a.pamd2
-rw-r--r--xtests/tst-pam_substack2.pamd6
-rwxr-xr-xxtests/tst-pam_substack2.sh3
-rw-r--r--xtests/tst-pam_substack2a.pamd2
-rw-r--r--xtests/tst-pam_substack3.pamd5
-rwxr-xr-xxtests/tst-pam_substack3.sh3
-rw-r--r--xtests/tst-pam_substack3a.pamd3
-rw-r--r--xtests/tst-pam_substack4.pamd5
-rwxr-xr-xxtests/tst-pam_substack4.sh3
-rw-r--r--xtests/tst-pam_substack4a.pamd4
-rw-r--r--xtests/tst-pam_substack5.pamd4
-rwxr-xr-xxtests/tst-pam_substack5.sh3
-rw-r--r--xtests/tst-pam_substack5a.pamd3
-rw-r--r--xtests/tst-pam_succeed_if1.c138
-rw-r--r--xtests/tst-pam_succeed_if1.pamd2
-rwxr-xr-xxtests/tst-pam_succeed_if1.sh9
-rw-r--r--xtests/tst-pam_time1.c114
-rw-r--r--xtests/tst-pam_time1.pamd5
-rw-r--r--xtests/tst-pam_unix1.c122
-rw-r--r--xtests/tst-pam_unix1.pamd5
-rwxr-xr-xxtests/tst-pam_unix1.sh7
-rw-r--r--xtests/tst-pam_unix2.c154
-rw-r--r--xtests/tst-pam_unix2.pamd5
-rwxr-xr-xxtests/tst-pam_unix2.sh8
-rw-r--r--xtests/tst-pam_unix3.c155
-rw-r--r--xtests/tst-pam_unix3.pamd5
-rwxr-xr-xxtests/tst-pam_unix3.sh8
-rw-r--r--xtests/tst-pam_unix4.c154
-rw-r--r--xtests/tst-pam_unix4.pamd5
-rwxr-xr-xxtests/tst-pam_unix4.sh14
80 files changed, 4185 insertions, 0 deletions
diff --git a/xtests/Makefile.am b/xtests/Makefile.am
new file mode 100644
index 0000000..a6d6f8d
--- /dev/null
+++ b/xtests/Makefile.am
@@ -0,0 +1,53 @@
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+
+AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
+ -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
+LDADD = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+
+CLEANFILES = *~ $(XTESTS)
+
+EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+ tst-pam_dispatch5.pamd \
+ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \
+ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \
+ tst-pam_unix4.pamd \
+ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \
+ tst-pam_unix4.sh \
+ access.conf tst-pam_access1.pamd tst-pam_access1.sh \
+ tst-pam_access2.pamd tst-pam_access2.sh \
+ tst-pam_access3.pamd tst-pam_access3.sh \
+ tst-pam_access4.pamd tst-pam_access4.sh \
+ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \
+ tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \
+ group.conf tst-pam_group1.pamd tst-pam_group1.sh \
+ tst-pam_authfail.pamd tst-pam_authsucceed.pamd \
+ tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \
+ tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \
+ tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \
+ tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \
+ tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \
+ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \
+ tst-pam_time1.pamd time.conf
+
+XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_dispatch4 tst-pam_dispatch5 \
+ tst-pam_cracklib1 tst-pam_cracklib2 \
+ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \
+ tst-pam_pwhistory1 tst-pam_time1
+
+NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
+ tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
+
+
+EXTRA_PROGRAMS = $(XTESTS)
+
+xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
diff --git a/xtests/Makefile.in b/xtests/Makefile.in
new file mode 100644
index 0000000..4325d0d
--- /dev/null
+++ b/xtests/Makefile.in
@@ -0,0 +1,916 @@
+# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2006 Thorsten Kukuk <kukuk@suse.de>
+#
+VPATH = @srcdir@
+am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+EXTRA_PROGRAMS = $(am__EXEEXT_1)
+subdir = xtests
+DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
+ $(top_srcdir)/build-aux/depcomp
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+ $(top_srcdir)/m4/japhar_grep_cflags.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__EXEEXT_1 = tst-pam_dispatch1$(EXEEXT) tst-pam_dispatch2$(EXEEXT) \
+ tst-pam_dispatch3$(EXEEXT) tst-pam_dispatch4$(EXEEXT) \
+ tst-pam_dispatch5$(EXEEXT) tst-pam_cracklib1$(EXEEXT) \
+ tst-pam_cracklib2$(EXEEXT) tst-pam_unix1$(EXEEXT) \
+ tst-pam_unix2$(EXEEXT) tst-pam_unix3$(EXEEXT) \
+ tst-pam_unix4$(EXEEXT) tst-pam_access1$(EXEEXT) \
+ tst-pam_access2$(EXEEXT) tst-pam_access3$(EXEEXT) \
+ tst-pam_access4$(EXEEXT) tst-pam_limits1$(EXEEXT) \
+ tst-pam_succeed_if1$(EXEEXT) tst-pam_group1$(EXEEXT) \
+ tst-pam_authfail$(EXEEXT) tst-pam_authsucceed$(EXEEXT) \
+ tst-pam_pwhistory1$(EXEEXT) tst-pam_time1$(EXEEXT)
+tst_pam_access1_SOURCES = tst-pam_access1.c
+tst_pam_access1_OBJECTS = tst-pam_access1.$(OBJEXT)
+tst_pam_access1_LDADD = $(LDADD)
+tst_pam_access1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+tst_pam_access2_SOURCES = tst-pam_access2.c
+tst_pam_access2_OBJECTS = tst-pam_access2.$(OBJEXT)
+tst_pam_access2_LDADD = $(LDADD)
+tst_pam_access2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_access3_SOURCES = tst-pam_access3.c
+tst_pam_access3_OBJECTS = tst-pam_access3.$(OBJEXT)
+tst_pam_access3_LDADD = $(LDADD)
+tst_pam_access3_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_access4_SOURCES = tst-pam_access4.c
+tst_pam_access4_OBJECTS = tst-pam_access4.$(OBJEXT)
+tst_pam_access4_LDADD = $(LDADD)
+tst_pam_access4_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_authfail_SOURCES = tst-pam_authfail.c
+tst_pam_authfail_OBJECTS = tst-pam_authfail.$(OBJEXT)
+tst_pam_authfail_LDADD = $(LDADD)
+tst_pam_authfail_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_authsucceed_SOURCES = tst-pam_authsucceed.c
+tst_pam_authsucceed_OBJECTS = tst-pam_authsucceed.$(OBJEXT)
+tst_pam_authsucceed_LDADD = $(LDADD)
+tst_pam_authsucceed_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_cracklib1_SOURCES = tst-pam_cracklib1.c
+tst_pam_cracklib1_OBJECTS = tst-pam_cracklib1.$(OBJEXT)
+tst_pam_cracklib1_LDADD = $(LDADD)
+tst_pam_cracklib1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_cracklib2_SOURCES = tst-pam_cracklib2.c
+tst_pam_cracklib2_OBJECTS = tst-pam_cracklib2.$(OBJEXT)
+tst_pam_cracklib2_LDADD = $(LDADD)
+tst_pam_cracklib2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_dispatch1_SOURCES = tst-pam_dispatch1.c
+tst_pam_dispatch1_OBJECTS = tst-pam_dispatch1.$(OBJEXT)
+tst_pam_dispatch1_LDADD = $(LDADD)
+tst_pam_dispatch1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_dispatch2_SOURCES = tst-pam_dispatch2.c
+tst_pam_dispatch2_OBJECTS = tst-pam_dispatch2.$(OBJEXT)
+tst_pam_dispatch2_LDADD = $(LDADD)
+tst_pam_dispatch2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_dispatch3_SOURCES = tst-pam_dispatch3.c
+tst_pam_dispatch3_OBJECTS = tst-pam_dispatch3.$(OBJEXT)
+tst_pam_dispatch3_LDADD = $(LDADD)
+tst_pam_dispatch3_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_dispatch4_SOURCES = tst-pam_dispatch4.c
+tst_pam_dispatch4_OBJECTS = tst-pam_dispatch4.$(OBJEXT)
+tst_pam_dispatch4_LDADD = $(LDADD)
+tst_pam_dispatch4_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_dispatch5_SOURCES = tst-pam_dispatch5.c
+tst_pam_dispatch5_OBJECTS = tst-pam_dispatch5.$(OBJEXT)
+tst_pam_dispatch5_LDADD = $(LDADD)
+tst_pam_dispatch5_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_group1_SOURCES = tst-pam_group1.c
+tst_pam_group1_OBJECTS = tst-pam_group1.$(OBJEXT)
+tst_pam_group1_LDADD = $(LDADD)
+tst_pam_group1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_limits1_SOURCES = tst-pam_limits1.c
+tst_pam_limits1_OBJECTS = tst-pam_limits1.$(OBJEXT)
+tst_pam_limits1_LDADD = $(LDADD)
+tst_pam_limits1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_pwhistory1_SOURCES = tst-pam_pwhistory1.c
+tst_pam_pwhistory1_OBJECTS = tst-pam_pwhistory1.$(OBJEXT)
+tst_pam_pwhistory1_LDADD = $(LDADD)
+tst_pam_pwhistory1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_succeed_if1_SOURCES = tst-pam_succeed_if1.c
+tst_pam_succeed_if1_OBJECTS = tst-pam_succeed_if1.$(OBJEXT)
+tst_pam_succeed_if1_LDADD = $(LDADD)
+tst_pam_succeed_if1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_time1_SOURCES = tst-pam_time1.c
+tst_pam_time1_OBJECTS = tst-pam_time1.$(OBJEXT)
+tst_pam_time1_LDADD = $(LDADD)
+tst_pam_time1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_unix1_SOURCES = tst-pam_unix1.c
+tst_pam_unix1_OBJECTS = tst-pam_unix1.$(OBJEXT)
+tst_pam_unix1_LDADD = $(LDADD)
+tst_pam_unix1_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_unix2_SOURCES = tst-pam_unix2.c
+tst_pam_unix2_OBJECTS = tst-pam_unix2.$(OBJEXT)
+tst_pam_unix2_LDADD = $(LDADD)
+tst_pam_unix2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_unix3_SOURCES = tst-pam_unix3.c
+tst_pam_unix3_OBJECTS = tst-pam_unix3.$(OBJEXT)
+tst_pam_unix3_LDADD = $(LDADD)
+tst_pam_unix3_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+tst_pam_unix4_SOURCES = tst-pam_unix4.c
+tst_pam_unix4_OBJECTS = tst-pam_unix4.$(OBJEXT)
+tst_pam_unix4_LDADD = $(LDADD)
+tst_pam_unix4_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \
+ tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \
+ tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \
+ tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \
+ tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \
+ tst-pam_pwhistory1.c tst-pam_succeed_if1.c tst-pam_time1.c \
+ tst-pam_unix1.c tst-pam_unix2.c tst-pam_unix3.c \
+ tst-pam_unix4.c
+DIST_SOURCES = tst-pam_access1.c tst-pam_access2.c tst-pam_access3.c \
+ tst-pam_access4.c tst-pam_authfail.c tst-pam_authsucceed.c \
+ tst-pam_cracklib1.c tst-pam_cracklib2.c tst-pam_dispatch1.c \
+ tst-pam_dispatch2.c tst-pam_dispatch3.c tst-pam_dispatch4.c \
+ tst-pam_dispatch5.c tst-pam_group1.c tst-pam_limits1.c \
+ tst-pam_pwhistory1.c tst-pam_succeed_if1.c tst-pam_time1.c \
+ tst-pam_unix1.c tst-pam_unix2.c tst-pam_unix3.c \
+ tst-pam_unix4.c
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_O1 = @pam_cv_ld_O1@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = -DLIBPAM_COMPILE -I$(top_srcdir)/libpam/include \
+ -I$(top_srcdir)/libpamc/include -I$(top_srcdir)/libpam_misc/include
+
+LDADD = $(top_builddir)/libpam/libpam.la \
+ $(top_builddir)/libpam_misc/libpam_misc.la
+
+CLEANFILES = *~ $(XTESTS)
+EXTRA_DIST = run-xtests.sh tst-pam_dispatch1.pamd tst-pam_dispatch2.pamd \
+ tst-pam_dispatch3.pamd tst-pam_dispatch4.pamd \
+ tst-pam_dispatch5.pamd \
+ tst-pam_cracklib1.pamd tst-pam_cracklib2.pamd \
+ tst-pam_unix1.pamd tst-pam_unix2.pamd tst-pam_unix3.pamd \
+ tst-pam_unix4.pamd \
+ tst-pam_unix1.sh tst-pam_unix2.sh tst-pam_unix3.sh \
+ tst-pam_unix4.sh \
+ access.conf tst-pam_access1.pamd tst-pam_access1.sh \
+ tst-pam_access2.pamd tst-pam_access2.sh \
+ tst-pam_access3.pamd tst-pam_access3.sh \
+ tst-pam_access4.pamd tst-pam_access4.sh \
+ limits.conf tst-pam_limits1.pamd tst-pam_limits1.sh \
+ tst-pam_succeed_if1.pamd tst-pam_succeed_if1.sh \
+ group.conf tst-pam_group1.pamd tst-pam_group1.sh \
+ tst-pam_authfail.pamd tst-pam_authsucceed.pamd \
+ tst-pam_substack1.pamd tst-pam_substack1a.pamd tst-pam_substack1.sh \
+ tst-pam_substack2.pamd tst-pam_substack2a.pamd tst-pam_substack2.sh \
+ tst-pam_substack3.pamd tst-pam_substack3a.pamd tst-pam_substack3.sh \
+ tst-pam_substack4.pamd tst-pam_substack4a.pamd tst-pam_substack4.sh \
+ tst-pam_substack5.pamd tst-pam_substack5a.pamd tst-pam_substack5.sh \
+ tst-pam_assemble_line1.pamd tst-pam_assemble_line1.sh \
+ tst-pam_pwhistory1.pamd tst-pam_pwhistory1.sh \
+ tst-pam_time1.pamd time.conf
+
+XTESTS = tst-pam_dispatch1 tst-pam_dispatch2 tst-pam_dispatch3 \
+ tst-pam_dispatch4 tst-pam_dispatch5 \
+ tst-pam_cracklib1 tst-pam_cracklib2 \
+ tst-pam_unix1 tst-pam_unix2 tst-pam_unix3 tst-pam_unix4 \
+ tst-pam_access1 tst-pam_access2 tst-pam_access3 \
+ tst-pam_access4 tst-pam_limits1 tst-pam_succeed_if1 \
+ tst-pam_group1 tst-pam_authfail tst-pam_authsucceed \
+ tst-pam_pwhistory1 tst-pam_time1
+
+NOSRCTESTS = tst-pam_substack1 tst-pam_substack2 tst-pam_substack3 \
+ tst-pam_substack4 tst-pam_substack5 tst-pam_assemble_line1
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu xtests/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu xtests/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+tst-pam_access1$(EXEEXT): $(tst_pam_access1_OBJECTS) $(tst_pam_access1_DEPENDENCIES) $(EXTRA_tst_pam_access1_DEPENDENCIES)
+ @rm -f tst-pam_access1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_access1_OBJECTS) $(tst_pam_access1_LDADD) $(LIBS)
+
+tst-pam_access2$(EXEEXT): $(tst_pam_access2_OBJECTS) $(tst_pam_access2_DEPENDENCIES) $(EXTRA_tst_pam_access2_DEPENDENCIES)
+ @rm -f tst-pam_access2$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_access2_OBJECTS) $(tst_pam_access2_LDADD) $(LIBS)
+
+tst-pam_access3$(EXEEXT): $(tst_pam_access3_OBJECTS) $(tst_pam_access3_DEPENDENCIES) $(EXTRA_tst_pam_access3_DEPENDENCIES)
+ @rm -f tst-pam_access3$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_access3_OBJECTS) $(tst_pam_access3_LDADD) $(LIBS)
+
+tst-pam_access4$(EXEEXT): $(tst_pam_access4_OBJECTS) $(tst_pam_access4_DEPENDENCIES) $(EXTRA_tst_pam_access4_DEPENDENCIES)
+ @rm -f tst-pam_access4$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_access4_OBJECTS) $(tst_pam_access4_LDADD) $(LIBS)
+
+tst-pam_authfail$(EXEEXT): $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_DEPENDENCIES) $(EXTRA_tst_pam_authfail_DEPENDENCIES)
+ @rm -f tst-pam_authfail$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_authfail_OBJECTS) $(tst_pam_authfail_LDADD) $(LIBS)
+
+tst-pam_authsucceed$(EXEEXT): $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_DEPENDENCIES) $(EXTRA_tst_pam_authsucceed_DEPENDENCIES)
+ @rm -f tst-pam_authsucceed$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_authsucceed_OBJECTS) $(tst_pam_authsucceed_LDADD) $(LIBS)
+
+tst-pam_cracklib1$(EXEEXT): $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_DEPENDENCIES) $(EXTRA_tst_pam_cracklib1_DEPENDENCIES)
+ @rm -f tst-pam_cracklib1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_cracklib1_OBJECTS) $(tst_pam_cracklib1_LDADD) $(LIBS)
+
+tst-pam_cracklib2$(EXEEXT): $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_DEPENDENCIES) $(EXTRA_tst_pam_cracklib2_DEPENDENCIES)
+ @rm -f tst-pam_cracklib2$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_cracklib2_OBJECTS) $(tst_pam_cracklib2_LDADD) $(LIBS)
+
+tst-pam_dispatch1$(EXEEXT): $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_DEPENDENCIES) $(EXTRA_tst_pam_dispatch1_DEPENDENCIES)
+ @rm -f tst-pam_dispatch1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_dispatch1_OBJECTS) $(tst_pam_dispatch1_LDADD) $(LIBS)
+
+tst-pam_dispatch2$(EXEEXT): $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_DEPENDENCIES) $(EXTRA_tst_pam_dispatch2_DEPENDENCIES)
+ @rm -f tst-pam_dispatch2$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_dispatch2_OBJECTS) $(tst_pam_dispatch2_LDADD) $(LIBS)
+
+tst-pam_dispatch3$(EXEEXT): $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_DEPENDENCIES) $(EXTRA_tst_pam_dispatch3_DEPENDENCIES)
+ @rm -f tst-pam_dispatch3$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_dispatch3_OBJECTS) $(tst_pam_dispatch3_LDADD) $(LIBS)
+
+tst-pam_dispatch4$(EXEEXT): $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_DEPENDENCIES) $(EXTRA_tst_pam_dispatch4_DEPENDENCIES)
+ @rm -f tst-pam_dispatch4$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_dispatch4_OBJECTS) $(tst_pam_dispatch4_LDADD) $(LIBS)
+
+tst-pam_dispatch5$(EXEEXT): $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_DEPENDENCIES) $(EXTRA_tst_pam_dispatch5_DEPENDENCIES)
+ @rm -f tst-pam_dispatch5$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_dispatch5_OBJECTS) $(tst_pam_dispatch5_LDADD) $(LIBS)
+
+tst-pam_group1$(EXEEXT): $(tst_pam_group1_OBJECTS) $(tst_pam_group1_DEPENDENCIES) $(EXTRA_tst_pam_group1_DEPENDENCIES)
+ @rm -f tst-pam_group1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_group1_OBJECTS) $(tst_pam_group1_LDADD) $(LIBS)
+
+tst-pam_limits1$(EXEEXT): $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_DEPENDENCIES) $(EXTRA_tst_pam_limits1_DEPENDENCIES)
+ @rm -f tst-pam_limits1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_limits1_OBJECTS) $(tst_pam_limits1_LDADD) $(LIBS)
+
+tst-pam_pwhistory1$(EXEEXT): $(tst_pam_pwhistory1_OBJECTS) $(tst_pam_pwhistory1_DEPENDENCIES) $(EXTRA_tst_pam_pwhistory1_DEPENDENCIES)
+ @rm -f tst-pam_pwhistory1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_pwhistory1_OBJECTS) $(tst_pam_pwhistory1_LDADD) $(LIBS)
+
+tst-pam_succeed_if1$(EXEEXT): $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_DEPENDENCIES) $(EXTRA_tst_pam_succeed_if1_DEPENDENCIES)
+ @rm -f tst-pam_succeed_if1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_succeed_if1_OBJECTS) $(tst_pam_succeed_if1_LDADD) $(LIBS)
+
+tst-pam_time1$(EXEEXT): $(tst_pam_time1_OBJECTS) $(tst_pam_time1_DEPENDENCIES) $(EXTRA_tst_pam_time1_DEPENDENCIES)
+ @rm -f tst-pam_time1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_time1_OBJECTS) $(tst_pam_time1_LDADD) $(LIBS)
+
+tst-pam_unix1$(EXEEXT): $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_DEPENDENCIES) $(EXTRA_tst_pam_unix1_DEPENDENCIES)
+ @rm -f tst-pam_unix1$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_unix1_OBJECTS) $(tst_pam_unix1_LDADD) $(LIBS)
+
+tst-pam_unix2$(EXEEXT): $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_DEPENDENCIES) $(EXTRA_tst_pam_unix2_DEPENDENCIES)
+ @rm -f tst-pam_unix2$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_unix2_OBJECTS) $(tst_pam_unix2_LDADD) $(LIBS)
+
+tst-pam_unix3$(EXEEXT): $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_DEPENDENCIES) $(EXTRA_tst_pam_unix3_DEPENDENCIES)
+ @rm -f tst-pam_unix3$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_unix3_OBJECTS) $(tst_pam_unix3_LDADD) $(LIBS)
+
+tst-pam_unix4$(EXEEXT): $(tst_pam_unix4_OBJECTS) $(tst_pam_unix4_DEPENDENCIES) $(EXTRA_tst_pam_unix4_DEPENDENCIES)
+ @rm -f tst-pam_unix4$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_unix4_OBJECTS) $(tst_pam_unix4_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_access4.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authfail.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_authsucceed.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_cracklib2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch4.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_dispatch5.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_group1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_limits1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_pwhistory1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_succeed_if1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_time1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix1.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix2.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix3.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_unix4.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
+ clean-libtool cscopelist-am ctags ctags-am distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am
+
+
+xtests: $(XTESTS) run-xtests.sh
+ "$(srcdir)"/run-xtests.sh "$(srcdir)" ${XTESTS} ${NOSRCTESTS}
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/xtests/access.conf b/xtests/access.conf
new file mode 100644
index 0000000..25462dd
--- /dev/null
+++ b/xtests/access.conf
@@ -0,0 +1,3 @@
+
+-:ALL EXCEPT (tstpamaccess) tstpamaccess3 :LOCAL
+-:ALL:127.0.0.1
diff --git a/xtests/group.conf b/xtests/group.conf
new file mode 100644
index 0000000..2cb3487
--- /dev/null
+++ b/xtests/group.conf
@@ -0,0 +1,2 @@
+
+tst-pam_group1;tty1;tstpamgrp;Al0000-2400;tstpamgrpg
diff --git a/xtests/limits.conf b/xtests/limits.conf
new file mode 100644
index 0000000..41a3ea3
--- /dev/null
+++ b/xtests/limits.conf
@@ -0,0 +1,2 @@
+* soft nice 19
+* hard nice -20
diff --git a/xtests/run-xtests.sh b/xtests/run-xtests.sh
new file mode 100755
index 0000000..1cf8684
--- /dev/null
+++ b/xtests/run-xtests.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+SRCDIR=$1
+shift 1
+[ -z "${SRCDIR}" ] && SRCDIR='.'
+
+if test `id -u` -ne 0 ; then
+ echo "You need to be root to run the tests"
+ exit 1
+fi
+
+XTESTS="$@"
+
+failed=0
+pass=0
+skiped=0
+all=0
+
+mkdir -p /etc/security
+for config in access.conf group.conf time.conf limits.conf ; do
+ cp /etc/security/$config /etc/security/$config-pam-xtests
+ install -m 644 "${SRCDIR}"/$config /etc/security/$config
+done
+mv /etc/security/opasswd /etc/security/opasswd-pam-xtests
+
+for testname in $XTESTS ; do
+ for cfg in "${SRCDIR}"/$testname*.pamd ; do
+ install -m 644 $cfg /etc/pam.d/$(basename $cfg .pamd)
+ done
+ if test -f "${SRCDIR}"/$testname.sh ; then
+ test -x "${SRCDIR}"/$testname.sh || chmod 755 "${SRCDIR}"/$testname.sh
+ "${SRCDIR}"/$testname.sh > /dev/null
+ else
+ ./$testname > /dev/null
+ fi
+ RETVAL=$?
+ if test $RETVAL -eq 77 ; then
+ echo "SKIP: $testname"
+ skiped=`expr $skiped + 1`
+ elif test $RETVAL -ne 0 ; then
+ echo "FAIL: $testname"
+ failed=`expr $failed + 1`
+ else
+ echo "PASS: $testname"
+ pass=`expr $pass + 1`
+ fi
+ all=`expr $all + 1`
+ rm -f /etc/pam.d/$testname*
+done
+mv /etc/security/access.conf-pam-xtests /etc/security/access.conf
+mv /etc/security/group.conf-pam-xtests /etc/security/group.conf
+mv /etc/security/time.conf-pam-xtests /etc/security/time.conf
+mv /etc/security/limits.conf-pam-xtests /etc/security/limits.conf
+mv /etc/security/opasswd-pam-xtests /etc/security/opasswd
+if test "$failed" -ne 0; then
+ echo "==================="
+ echo "$failed of $all tests failed"
+ echo "$skiped tests not run"
+ echo "==================="
+ exit 1
+else
+ echo "=================="
+ echo "$all tests passed"
+ echo "$skiped tests not run"
+ echo "=================="
+fi
+exit 0
diff --git a/xtests/time.conf b/xtests/time.conf
new file mode 100644
index 0000000..518124c
--- /dev/null
+++ b/xtests/time.conf
@@ -0,0 +1,2 @@
+*;*;you|me;!Al0000-2400
+*;*;x|y;!Al0000-2400
diff --git a/xtests/tst-pam_access1.c b/xtests/tst-pam_access1.c
new file mode 100644
index 0000000..1571129
--- /dev/null
+++ b/xtests/tst-pam_access1.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is member of group tstpamaccess, pam_authenticate should pass.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess1";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access1.pamd b/xtests/tst-pam_access1.pamd
new file mode 100644
index 0000000..a70f2d9
--- /dev/null
+++ b/xtests/tst-pam_access1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_access1.sh b/xtests/tst-pam_access1.sh
new file mode 100755
index 0000000..70521d2
--- /dev/null
+++ b/xtests/tst-pam_access1.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+/usr/sbin/groupadd tstpamaccess
+/usr/sbin/useradd -G tstpamaccess -p '!!' tstpamaccess1
+./tst-pam_access1
+RET=$?
+/usr/sbin/userdel -r tstpamaccess1 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access2.c b/xtests/tst-pam_access2.c
new file mode 100644
index 0000000..293d72a
--- /dev/null
+++ b/xtests/tst-pam_access2.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT (tstpamaccess):LOCAL
+
+ User is not member of group tstpamaccess, pam_authenticate should fail.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess2";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access2: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access2.pamd b/xtests/tst-pam_access2.pamd
new file mode 100644
index 0000000..a70f2d9
--- /dev/null
+++ b/xtests/tst-pam_access2.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_access2.sh b/xtests/tst-pam_access2.sh
new file mode 100755
index 0000000..7e3e60f
--- /dev/null
+++ b/xtests/tst-pam_access2.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+/usr/sbin/groupadd tstpamaccess
+/usr/sbin/useradd -p '!!' tstpamaccess2
+./tst-pam_access2
+RET=$?
+/usr/sbin/userdel -r tstpamaccess2 2> /dev/null
+/usr/sbin/groupdel tstpamaccess 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access3.c b/xtests/tst-pam_access3.c
new file mode 100644
index 0000000..817ce93
--- /dev/null
+++ b/xtests/tst-pam_access3.c
@@ -0,0 +1,132 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+
+ pam_authenticate should pass for user tstpamaccess3
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess3";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access3: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access3.pamd b/xtests/tst-pam_access3.pamd
new file mode 100644
index 0000000..a70f2d9
--- /dev/null
+++ b/xtests/tst-pam_access3.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_access3.sh b/xtests/tst-pam_access3.sh
new file mode 100755
index 0000000..3630e2e
--- /dev/null
+++ b/xtests/tst-pam_access3.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/sbin/useradd -p '!!' tstpamaccess3
+./tst-pam_access3
+RET=$?
+/usr/sbin/userdel -r tstpamaccess3 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_access4.c b/xtests/tst-pam_access4.c
new file mode 100644
index 0000000..115217f
--- /dev/null
+++ b/xtests/tst-pam_access4.c
@@ -0,0 +1,170 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following lines in access.conf:
+ -:ALL EXCEPT tstpamaccess3 :LOCAL
+ -:ALL:127.0.0.1
+
+ pam_authenticate should fail for /dev/tty1, pass for www.example.com,
+ and fail again for localhost
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamaccess4";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_access4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_RHOST, "www.example.com");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-2: pam_set_item(PAM_RHOST) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_RHOST, "localhost");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_access4-3: pam_set_item(PAM_RHOST) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_access4.pamd b/xtests/tst-pam_access4.pamd
new file mode 100644
index 0000000..a70f2d9
--- /dev/null
+++ b/xtests/tst-pam_access4.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_access.so nodefgroup
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_access4.sh b/xtests/tst-pam_access4.sh
new file mode 100755
index 0000000..4538df4
--- /dev/null
+++ b/xtests/tst-pam_access4.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/sbin/useradd -p '!!' tstpamaccess4
+./tst-pam_access4
+RET=$?
+/usr/sbin/userdel -r tstpamaccess4 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_assemble_line1.pamd b/xtests/tst-pam_assemble_line1.pamd
new file mode 100644
index 0000000..431b3ba
--- /dev/null
+++ b/xtests/tst-pam_assemble_line1.pamd
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# Test that _pam_assemble_line() does not crash with long lines.
+# printf '%511s\\\n%511s\\\n%511s\\\n%511s\\\n'
+ \
+ \
+ \
+ \
+auth required pam_deny.so
diff --git a/xtests/tst-pam_assemble_line1.sh b/xtests/tst-pam_assemble_line1.sh
new file mode 100755
index 0000000..dc2a675
--- /dev/null
+++ b/xtests/tst-pam_assemble_line1.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authfail tst-pam_assemble_line1
diff --git a/xtests/tst-pam_authfail.c b/xtests/tst-pam_authfail.c
new file mode 100644
index 0000000..0e7d808
--- /dev/null
+++ b/xtests/tst-pam_authfail.c
@@ -0,0 +1,96 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that auth stack fails. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ const char *stack="tst-pam_authfail";
+ int retval;
+ int debug = 0;
+
+ if (argc > 2) {
+ stack = argv[2];
+ }
+
+ if (argc > 1) {
+ if (strcmp (argv[1], "-d") == 0)
+ debug = 1;
+ else
+ stack = argv[1];
+ }
+
+
+ retval = pam_start(stack, user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval == PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_authfail.pamd b/xtests/tst-pam_authfail.pamd
new file mode 100644
index 0000000..8ff1a40
--- /dev/null
+++ b/xtests/tst-pam_authfail.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# test that successful sufficient module cannot affect stack
+# after failed required module
+auth required pam_debug.so auth=perm_denied
+auth sufficient pam_debug.so auth=success
diff --git a/xtests/tst-pam_authsucceed.c b/xtests/tst-pam_authsucceed.c
new file mode 100644
index 0000000..c0ee802
--- /dev/null
+++ b/xtests/tst-pam_authsucceed.c
@@ -0,0 +1,96 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that auth stack succeeds. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ const char *stack="tst-pam_authsucceed";
+ int retval;
+ int debug = 0;
+
+ if (argc > 2) {
+ stack = argv[2];
+ }
+
+ if (argc > 1) {
+ if (strcmp (argv[1], "-d") == 0)
+ debug = 1;
+ else
+ stack = argv[1];
+ }
+
+
+ retval = pam_start(stack, user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_authsucceed.pamd b/xtests/tst-pam_authsucceed.pamd
new file mode 100644
index 0000000..abaa1ef
--- /dev/null
+++ b/xtests/tst-pam_authsucceed.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# test that failed sufficient module cannot affect stack
+# with following successful required module
+auth sufficient pam_debug.so auth=auth_err
+auth required pam_debug.so auth=success
diff --git a/xtests/tst-pam_cracklib1.c b/xtests/tst-pam_cracklib1.c
new file mode 100644
index 0000000..1a219c8
--- /dev/null
+++ b/xtests/tst-pam_cracklib1.c
@@ -0,0 +1,135 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ static int calls = 0;
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one NULL */
+ if (calls)
+ reply[count].resp = NULL;
+ else
+ {
+ ++calls;
+ reply[count].resp = strdup ("Kindergarten");
+ }
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that pam_cracklib does not seg.fault on empty passwords. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="root";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_cracklib1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_AUTHTOK_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is NULL */
+ retval = pam_chauthtok (pamh, 0);
+ if (retval != PAM_AUTHTOK_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1-2: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_cracklib1.pamd b/xtests/tst-pam_cracklib1.pamd
new file mode 100644
index 0000000..41a9188
--- /dev/null
+++ b/xtests/tst-pam_cracklib1.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password required pam_cracklib.so
diff --git a/xtests/tst-pam_cracklib2.c b/xtests/tst-pam_cracklib2.c
new file mode 100644
index 0000000..84b4ef6
--- /dev/null
+++ b/xtests/tst-pam_cracklib2.c
@@ -0,0 +1,143 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* This test case checks
+ Patch 1688777: pam_cracklib support for minimum character classes */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+int debug = 0;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ static int calls = 0;
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ if (debug)
+ fprintf(stderr,"Query: %s\n", (*msgm)[count].msg);
+ reply[count].resp_retcode = 0;
+ /* first tow calls get a correct password, second a too
+ easy one. */
+ if (calls > 1)
+ reply[count].resp = strdup ("too easy");
+ else
+ {
+ ++calls;
+ reply[count].resp = strdup ("1a9C*8dK");
+ }
+ if (debug)
+ fprintf(stderr,"Response: %s\n", reply[count].resp);
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="root";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_cracklib2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is wrong */
+ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (retval != PAM_AUTHTOK_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2-2: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "cracklib2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_cracklib2.pamd b/xtests/tst-pam_cracklib2.pamd
new file mode 100644
index 0000000..5915aec
--- /dev/null
+++ b/xtests/tst-pam_cracklib2.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+password required pam_cracklib.so minclass=4
diff --git a/xtests/tst-pam_dispatch1.c b/xtests/tst-pam_dispatch1.c
new file mode 100644
index 0000000..404c011
--- /dev/null
+++ b/xtests/tst-pam_dispatch1.c
@@ -0,0 +1,99 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+static int debug = 0;
+
+/*
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+
+ This stack should not return PAM_IGNORE to the application:
+ auth [default=bad] pam_debug.so auth=ignore
+*/
+static int
+test1 (void)
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+
+ retval = pam_start("tst-pam_dispatch1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+
+int main(int argc, char *argv[])
+{
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ if (test1 ())
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch1.pamd b/xtests/tst-pam_dispatch1.pamd
new file mode 100644
index 0000000..9bfc87c
--- /dev/null
+++ b/xtests/tst-pam_dispatch1.pamd
@@ -0,0 +1,3 @@
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+# This stack should not return PAM_IGNORE to the application:
+auth [default=bad] pam_debug.so auth=ignore
diff --git a/xtests/tst-pam_dispatch2.c b/xtests/tst-pam_dispatch2.c
new file mode 100644
index 0000000..5c63f5b
--- /dev/null
+++ b/xtests/tst-pam_dispatch2.c
@@ -0,0 +1,98 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <strings.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+static int debug = 0;
+
+/*
+ https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+
+ This stack should not return PAM_IGNORE to the application:
+ auth [default=die] pam_debug.so auth=ignore
+*/
+static int
+test2 (void)
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+
+ retval = pam_start("tst-pam_dispatch2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ if (test2 ())
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch2.pamd b/xtests/tst-pam_dispatch2.pamd
new file mode 100644
index 0000000..79f5260
--- /dev/null
+++ b/xtests/tst-pam_dispatch2.pamd
@@ -0,0 +1,3 @@
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196859
+# This stack should not return PAM_IGNORE to the application:
+auth [default=die] pam_debug.so auth=ignore
diff --git a/xtests/tst-pam_dispatch3.c b/xtests/tst-pam_dispatch3.c
new file mode 100644
index 0000000..d44e488
--- /dev/null
+++ b/xtests/tst-pam_dispatch3.c
@@ -0,0 +1,87 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate(pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end(pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch3.pamd b/xtests/tst-pam_dispatch3.pamd
new file mode 100644
index 0000000..7f290ab
--- /dev/null
+++ b/xtests/tst-pam_dispatch3.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth optional pam_debug.so auth=auth_err
+auth sufficient pam_debug.so auth=success
+auth required pam_debug.so auth=perm_denied
+account required pam_debug.so acct=acct_expired
diff --git a/xtests/tst-pam_dispatch4.c b/xtests/tst-pam_dispatch4.c
new file mode 100644
index 0000000..a4db8a8
--- /dev/null
+++ b/xtests/tst-pam_dispatch4.c
@@ -0,0 +1,94 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* Check that jumps are processed correctly. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval == PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch4: pam_acct_mgmt returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "test4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch4.pamd b/xtests/tst-pam_dispatch4.pamd
new file mode 100644
index 0000000..ac995ad
--- /dev/null
+++ b/xtests/tst-pam_dispatch4.pamd
@@ -0,0 +1,8 @@
+#%PAM-1.0
+# We jump to end of the stack with previous pam_permit.so, should pass
+auth required pam_permit.so
+auth [success=1 default=ignore] pam_debug.so auth=success
+auth required pam_deny.so
+# We jump to end of the stack without any module in OK state, should fail
+account [success=1 default=ignore] pam_debug.so account=success
+account required pam_deny.so
diff --git a/xtests/tst-pam_dispatch5.c b/xtests/tst-pam_dispatch5.c
new file mode 100644
index 0000000..f1197b3
--- /dev/null
+++ b/xtests/tst-pam_dispatch5.c
@@ -0,0 +1,86 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+static struct pam_conv conv = {
+ misc_conv,
+ NULL
+};
+
+
+/* jump after the end of the stack and make sure we don't seg.fault. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="nobody";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_dispatch5", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_PERM_DENIED)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_dispatch5: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_dispatch5.pamd b/xtests/tst-pam_dispatch5.pamd
new file mode 100644
index 0000000..ea781f7
--- /dev/null
+++ b/xtests/tst-pam_dispatch5.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+# Jump after the end of the stack
+auth [success=2 default=bad] pam_permit.so
+auth required pam_deny.so
diff --git a/xtests/tst-pam_group1.c b/xtests/tst-pam_group1.c
new file mode 100644
index 0000000..e5e5ae1
--- /dev/null
+++ b/xtests/tst-pam_group1.c
@@ -0,0 +1,209 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in group.conf:
+
+ tst-pam_group1;*;tstpamgrp;Al0000-2400;tstpamgrpg
+
+
+ pam_group should add group tstpamgrpg to user tstpamgrp, but not
+ to tstpamgrp2.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <grp.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <security/pam_appl.h>
+
+#define GROUP_BLK 10
+#define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK)
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+static int debug = 0;
+
+static int
+run_test (const char *user, gid_t groupid, int needit)
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+ int no_grps;
+
+ retval = pam_start("tst-pam_group1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_setcred returned %d\n", retval);
+ return 1;
+ }
+
+
+ no_grps = getgroups(0, NULL); /* find the current number of groups */
+ if (no_grps > 0)
+ {
+ int i, found;
+ gid_t *grps = calloc (blk_size (no_grps), sizeof(gid_t));
+
+ if (getgroups(no_grps, grps) < 0)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: getroups returned error: %m\n");
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ return 1;
+ }
+
+ found = 0;
+ for (i = 0; i < no_grps; ++i)
+ {
+#if 0
+ if (debug)
+ fprintf (stderr, "gid[%d]=%d\n", i, grps[i]);
+#endif
+ if (grps[i] == groupid)
+ found = 1;
+ }
+ if ((needit && found) || (!needit && !found))
+ {
+ /* everything is ok */
+ }
+ else
+ {
+ pam_end (pamh, PAM_SYSTEM_ERR);
+ if (debug)
+ fprintf (stderr,
+ "pam_group1: unexpected result for %s: needit=%d, found=%d\n",
+ user, needit, found);
+ return 1;
+ }
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_group1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ struct group *grp;
+ gid_t grpid;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ grp = getgrnam ("tstpamgrpg");
+ if (grp == NULL)
+ return 1;
+ grpid = grp->gr_gid;
+
+ if (run_test ("root", grpid, 0) != 0 ||
+ run_test ("tstpamgrp2", grpid, 0) != 0 ||
+ run_test ("tstpamgrp", grpid, 1) != 0)
+ return 1;
+
+ return 0;
+}
diff --git a/xtests/tst-pam_group1.pamd b/xtests/tst-pam_group1.pamd
new file mode 100644
index 0000000..e75d0d1
--- /dev/null
+++ b/xtests/tst-pam_group1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_group.so
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_group1.sh b/xtests/tst-pam_group1.sh
new file mode 100755
index 0000000..44faca9
--- /dev/null
+++ b/xtests/tst-pam_group1.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+/usr/sbin/groupadd tstpamgrpg
+/usr/sbin/useradd -p '!!' tstpamgrp
+/usr/sbin/useradd -p '!!' tstpamgrp2
+./tst-pam_group1
+RET=$?
+/usr/sbin/userdel -r tstpamgrp 2> /dev/null
+/usr/sbin/userdel -r tstpamgrp2 2> /dev/null
+/usr/sbin/groupdel tstpamgrpg 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_limits1.c b/xtests/tst-pam_limits1.c
new file mode 100644
index 0000000..d895240
--- /dev/null
+++ b/xtests/tst-pam_limits1.c
@@ -0,0 +1,156 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in limits.conf:
+ * soft nice 19
+ * hard nice -20
+
+ getrlimit should return soft=1 and hard=40.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ const char *user="tstpamlimits";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+#ifdef RLIMIT_NICE
+ retval = pam_start("tst-pam_limits1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_limits1: pam_set_item(PAM_TTY) returned %d\n",
+ retval);
+ return 1;
+ }
+
+ retval = pam_open_session (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_open_session returned %d\n",
+ retval);
+ return 1;
+ }
+
+ struct rlimit rlim;
+
+ getrlimit (RLIMIT_NICE, &rlim);
+
+ if (rlim.rlim_cur != 1 && rlim.rlim_max != 40)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: getrlimit failed, soft=%u, hard=%u\n",
+ (unsigned int) rlim.rlim_cur, (unsigned int) rlim.rlim_max);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_limits1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+#else
+ if (debug)
+ fprintf (stderr, "pam_limits1: RLIMIT_NICE does not exist)\n");
+
+ return 77;
+#endif
+}
diff --git a/xtests/tst-pam_limits1.pamd b/xtests/tst-pam_limits1.pamd
new file mode 100644
index 0000000..7b1771c
--- /dev/null
+++ b/xtests/tst-pam_limits1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_permit.so
+session required pam_limits.so
diff --git a/xtests/tst-pam_limits1.sh b/xtests/tst-pam_limits1.sh
new file mode 100755
index 0000000..32c021d
--- /dev/null
+++ b/xtests/tst-pam_limits1.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/sbin/useradd -p '!!' tstpamlimits
+./tst-pam_limits1
+RET=$?
+/usr/sbin/userdel -r tstpamlimits 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_pwhistory1.c b/xtests/tst-pam_pwhistory1.c
new file mode 100644
index 0000000..5c3246f
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.c
@@ -0,0 +1,169 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check remember handling
+ * Change ten times the password
+ * Try the ten passwords again, should always be rejected
+ * Try a new password, should succeed
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+static const char *passwords[] = {
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10",
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10",
+ "pamhistory11",
+ "pamhistory01", "pamhistory02", "pamhistory03",
+ "pamhistory04", "pamhistory05", "pamhistory06",
+ "pamhistory07", "pamhistory08", "pamhistory09",
+ "pamhistory10"};
+
+static int debug;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ if (debug)
+ fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style,
+ msgm[0]->msg);
+
+ if (msgm[0]->msg_style != 1)
+ return PAM_SUCCESS;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup (passwords[in_test]);
+ if (debug)
+ fprintf (stderr, "send password %s\n", reply[count].resp);
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpampwhistory";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ for (in_test = 0;
+ in_test < (int)(sizeof (passwords)/sizeof (char *)); in_test++)
+ {
+
+ retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_start returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+
+ retval = pam_chauthtok (pamh, 0);
+ if (in_test < 10 || in_test == 20)
+ {
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+ }
+ else if (in_test < 20)
+ {
+ if (retval != PAM_MAXTRIES)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1-%d: pam_chauthtok returned %d\n",
+ in_test, retval);
+ return 1;
+ }
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ }
+
+ return 0;
+}
diff --git a/xtests/tst-pam_pwhistory1.pamd b/xtests/tst-pam_pwhistory1.pamd
new file mode 100644
index 0000000..d60db7c
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_permit.so
+password required pam_pwhistory.so remember=10 retry=1 enforce_for_root
+password required pam_unix.so use_authtok md5
+session required pam_permit.so
diff --git a/xtests/tst-pam_pwhistory1.sh b/xtests/tst-pam_pwhistory1.sh
new file mode 100755
index 0000000..0f212e2
--- /dev/null
+++ b/xtests/tst-pam_pwhistory1.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/sbin/useradd tstpampwhistory
+./tst-pam_pwhistory1
+RET=$?
+/usr/sbin/userdel -r tstpampwhistory 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_substack1.pamd b/xtests/tst-pam_substack1.pamd
new file mode 100644
index 0000000..8dfe1b8
--- /dev/null
+++ b/xtests/tst-pam_substack1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Even if the substack succeeds with sufficient
+# the whole stack should fail.
+auth substack tst-pam_substack1a
+auth required pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack1.sh b/xtests/tst-pam_substack1.sh
new file mode 100755
index 0000000..f1b72a7
--- /dev/null
+++ b/xtests/tst-pam_substack1.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authfail tst-pam_substack1
diff --git a/xtests/tst-pam_substack1a.pamd b/xtests/tst-pam_substack1a.pamd
new file mode 100644
index 0000000..51c8c8f
--- /dev/null
+++ b/xtests/tst-pam_substack1a.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth sufficient pam_debug.so auth=success
diff --git a/xtests/tst-pam_substack2.pamd b/xtests/tst-pam_substack2.pamd
new file mode 100644
index 0000000..618e298
--- /dev/null
+++ b/xtests/tst-pam_substack2.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+# Even if the substack fails with requisite
+# the whole stack should succeed.
+auth substack tst-pam_substack2a
+auth [success=reset] pam_permit.so
+auth required pam_debug.so auth=success
diff --git a/xtests/tst-pam_substack2.sh b/xtests/tst-pam_substack2.sh
new file mode 100755
index 0000000..3804fa7
--- /dev/null
+++ b/xtests/tst-pam_substack2.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authsucceed tst-pam_substack2
diff --git a/xtests/tst-pam_substack2a.pamd b/xtests/tst-pam_substack2a.pamd
new file mode 100644
index 0000000..db85354
--- /dev/null
+++ b/xtests/tst-pam_substack2a.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth requisite pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack3.pamd b/xtests/tst-pam_substack3.pamd
new file mode 100644
index 0000000..4fc6016
--- /dev/null
+++ b/xtests/tst-pam_substack3.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Reset in the substack resets to state as of it was
+# in the beginning of substack evaluation
+auth required pam_permit.so
+auth substack tst-pam_substack3a
diff --git a/xtests/tst-pam_substack3.sh b/xtests/tst-pam_substack3.sh
new file mode 100755
index 0000000..aa48e8e
--- /dev/null
+++ b/xtests/tst-pam_substack3.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authsucceed tst-pam_substack3
diff --git a/xtests/tst-pam_substack3a.pamd b/xtests/tst-pam_substack3a.pamd
new file mode 100644
index 0000000..a2ae915
--- /dev/null
+++ b/xtests/tst-pam_substack3a.pamd
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth required pam_debug.so auth=auth_err
+auth [success=reset] pam_permit.so
diff --git a/xtests/tst-pam_substack4.pamd b/xtests/tst-pam_substack4.pamd
new file mode 100644
index 0000000..f0017c7
--- /dev/null
+++ b/xtests/tst-pam_substack4.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# Substack is counted as one module in jumps
+auth [success=1] pam_permit.so
+auth substack tst-pam_substack4a
+auth required pam_permit.so
diff --git a/xtests/tst-pam_substack4.sh b/xtests/tst-pam_substack4.sh
new file mode 100755
index 0000000..958a07a
--- /dev/null
+++ b/xtests/tst-pam_substack4.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authsucceed tst-pam_substack4
diff --git a/xtests/tst-pam_substack4a.pamd b/xtests/tst-pam_substack4a.pamd
new file mode 100644
index 0000000..3b91c1b
--- /dev/null
+++ b/xtests/tst-pam_substack4a.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth required pam_debug.so auth=auth_err
+auth required pam_debug.so auth=auth_err
+auth required pam_debug.so auth=auth_err
diff --git a/xtests/tst-pam_substack5.pamd b/xtests/tst-pam_substack5.pamd
new file mode 100644
index 0000000..04f07ae
--- /dev/null
+++ b/xtests/tst-pam_substack5.pamd
@@ -0,0 +1,4 @@
+#%PAM-1.0
+# Requisite terminates substack
+auth required pam_permit.so
+auth substack tst-pam_substack5a
diff --git a/xtests/tst-pam_substack5.sh b/xtests/tst-pam_substack5.sh
new file mode 100755
index 0000000..7e0da74
--- /dev/null
+++ b/xtests/tst-pam_substack5.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec ./tst-pam_authfail tst-pam_substack5
diff --git a/xtests/tst-pam_substack5a.pamd b/xtests/tst-pam_substack5a.pamd
new file mode 100644
index 0000000..a6850f4
--- /dev/null
+++ b/xtests/tst-pam_substack5a.pamd
@@ -0,0 +1,3 @@
+#%PAM-1.0
+auth requisite pam_debug.so auth=auth_err
+auth [success=reset] pam_permit.so
diff --git a/xtests/tst-pam_succeed_if1.c b/xtests/tst-pam_succeed_if1.c
new file mode 100644
index 0000000..c018774
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.c
@@ -0,0 +1,138 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following line in PAM config file:
+
+ auth required pam_succeed_if.so user in tstpamtest:pamtest
+
+ User is pamtest or tstpamtest, both should succeed.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+static int debug = 0;
+
+static int
+test_with_user (const char *user)
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+
+ retval = pam_start("tst-pam_succeed_if1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_succeed_if1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_authenticate(%s) returned %d\n",
+ user, retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh, retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_access1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+ const char *user1 = "tstpamtest";
+ const char *user2 = "pamtest";
+ int retval;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = test_with_user (user1);
+ if (retval == 0)
+ retval = test_with_user (user2);
+
+ return retval;
+}
diff --git a/xtests/tst-pam_succeed_if1.pamd b/xtests/tst-pam_succeed_if1.pamd
new file mode 100644
index 0000000..f9cbd5a
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.pamd
@@ -0,0 +1,2 @@
+#%PAM-1.0
+auth required pam_succeed_if.so user in tstpamtest:pamtest
diff --git a/xtests/tst-pam_succeed_if1.sh b/xtests/tst-pam_succeed_if1.sh
new file mode 100755
index 0000000..58e57b4
--- /dev/null
+++ b/xtests/tst-pam_succeed_if1.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+/usr/sbin/useradd -p '!!' tstpamtest
+/usr/sbin/useradd -p '!!' pamtest
+./tst-pam_succeed_if1
+RET=$?
+/usr/sbin/userdel -r tstpamtest 2> /dev/null
+/usr/sbin/userdel -r pamtest 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_time1.c b/xtests/tst-pam_time1.c
new file mode 100644
index 0000000..9fc0669
--- /dev/null
+++ b/xtests/tst-pam_time1.c
@@ -0,0 +1,114 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ test case:
+
+ Check the following lines in time.conf:
+ *;*;you|me;!Al0000-2400
+ *;*;x|y;!Al0000-2400
+
+ User 'x' should not be able to login.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+
+struct test_t {
+ const char *user;
+ int retval;
+};
+
+static struct test_t tests[] = {
+ {"xy", 0},
+ {"yx", 0},
+ {"you",6},
+ {"me", 6},
+ {"x", 6},
+ {"y", 6},
+};
+
+static int num_tests = sizeof (tests) / sizeof (struct test_t);
+
+static struct pam_conv conv = {
+ NULL, NULL
+};
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh = NULL;
+ int retval;
+ int debug = 0;
+ int i;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ for (i = 0; i < num_tests; i++)
+ {
+ retval = pam_start("tst-pam_time1", tests[i].user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_time1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_acct_mgmt (pamh, 0);
+ if (retval != tests[i].retval)
+ {
+ if (debug)
+ fprintf (stderr,
+ "pam_time1: pam_acct_mgmt(%s) returned wrong value, %d, expected %d\n",
+ tests[i].user, retval, tests[i].retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_time1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_time1.pamd b/xtests/tst-pam_time1.pamd
new file mode 100644
index 0000000..c4cd6c7
--- /dev/null
+++ b/xtests/tst-pam_time1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_permit.so
+account required pam_time.so
+password required pam_permit.so
+session required pam_permit.so
diff --git a/xtests/tst-pam_unix1.c b/xtests/tst-pam_unix1.c
new file mode 100644
index 0000000..5ee2408
--- /dev/null
+++ b/xtests/tst-pam_unix1.c
@@ -0,0 +1,122 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Test case: '!!' as password should not allow login
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup ("!!");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix1", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* !! as password should not allow login */
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "pam_unix1: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix1.pamd b/xtests/tst-pam_unix1.pamd
new file mode 100644
index 0000000..6cd67b6
--- /dev/null
+++ b/xtests/tst-pam_unix1.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
diff --git a/xtests/tst-pam_unix1.sh b/xtests/tst-pam_unix1.sh
new file mode 100755
index 0000000..72deac0
--- /dev/null
+++ b/xtests/tst-pam_unix1.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+/usr/sbin/useradd -p '!!' tstpamunix
+./tst-pam_unix1
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix2.c b/xtests/tst-pam_unix2.c
new file mode 100644
index 0000000..65a75f3
--- /dev/null
+++ b/xtests/tst-pam_unix2.c
@@ -0,0 +1,154 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check crypt handling
+ * First use exact password, 8 characters (13 characters crypt)
+ * Second use longer password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too long one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix0");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix01");
+ else
+ reply[count].resp = strdup ("pamunix1");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix2", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too long */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix2-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix2: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix2.pamd b/xtests/tst-pam_unix2.pamd
new file mode 100644
index 0000000..6cd67b6
--- /dev/null
+++ b/xtests/tst-pam_unix2.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
diff --git a/xtests/tst-pam_unix2.sh b/xtests/tst-pam_unix2.sh
new file mode 100755
index 0000000..c04d6e6
--- /dev/null
+++ b/xtests/tst-pam_unix2.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# pamunix0 = 0aXKZztA.d1KY
+/usr/sbin/useradd -p 0aXKZztA.d1KY tstpamunix
+./tst-pam_unix2
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix3.c b/xtests/tst-pam_unix3.c
new file mode 100644
index 0000000..50a9458
--- /dev/null
+++ b/xtests/tst-pam_unix3.c
@@ -0,0 +1,155 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check bigcrypt handling
+ * First use exact password, 9 characters (24 characters crypt)
+ * Second use shorter password, 8 characters
+ * Third use wrong password, 9 characters
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+
+static int in_test;
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Each prompt elicits the same response. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ reply[count].resp_retcode = 0;
+ /* first call get a password, second one a too short one */
+ if (in_test == 1)
+ reply[count].resp = strdup ("pamunix01");
+ else if (in_test == 2)
+ reply[count].resp = strdup ("pamunix0");
+ else
+ reply[count].resp = strdup ("pamunix11");
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+
+ if (argc > 1 && strcmp (argv[1], "-d") == 0)
+ debug = 1;
+
+ retval = pam_start("tst-pam_unix3", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try one, first input is correct, second is NULL */
+ in_test = 1;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-1: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Try two, second input is too short */
+ in_test = 2;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-2: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+ /* Third try, third input is wrong */
+ in_test = 3;
+ retval = pam_authenticate (pamh, 0);
+ if (retval != PAM_AUTH_ERR)
+ {
+ if (debug)
+ fprintf (stderr, "unix3-3: pam_authenticate returned %d\n", retval);
+ return 1;
+ }
+
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix3: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix3.pamd b/xtests/tst-pam_unix3.pamd
new file mode 100644
index 0000000..6cd67b6
--- /dev/null
+++ b/xtests/tst-pam_unix3.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so
+session required pam_unix.so
diff --git a/xtests/tst-pam_unix3.sh b/xtests/tst-pam_unix3.sh
new file mode 100755
index 0000000..b52db2b
--- /dev/null
+++ b/xtests/tst-pam_unix3.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU
+/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix
+./tst-pam_unix3
+RET=$?
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET
diff --git a/xtests/tst-pam_unix4.c b/xtests/tst-pam_unix4.c
new file mode 100644
index 0000000..1ba0a40
--- /dev/null
+++ b/xtests/tst-pam_unix4.c
@@ -0,0 +1,154 @@
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Check password change minimum days handling.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <security/pam_appl.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <unistd.h>
+
+/* A conversation function which uses an internally-stored value for
+ the responses. */
+static int
+fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
+ struct pam_response **response, void *appdata_ptr UNUSED)
+{
+ struct pam_response *reply;
+ int count;
+ static int respnum = 0;
+ static const char *resps[] = { "pamunix01", "TsTPAM01MAP", "TsTPAM01MAP" };
+
+ /* Sanity test. */
+ if (num_msg <= 0)
+ return PAM_CONV_ERR;
+
+ /* Allocate memory for the responses. */
+ reply = calloc (num_msg, sizeof (struct pam_response));
+ if (reply == NULL)
+ return PAM_CONV_ERR;
+
+ /* Answer with appropriate response from the above array. */
+ for (count = 0; count < num_msg; ++count)
+ {
+ if (msgm[count]->msg_style == PAM_PROMPT_ECHO_OFF)
+ {
+ reply[count].resp_retcode = 0;
+ reply[count].resp = strdup (resps[respnum % 3]);
+ ++respnum;
+ }
+ }
+
+ /* Set the pointers in the response structure and return. */
+ *response = reply;
+ return PAM_SUCCESS;
+}
+
+static struct pam_conv conv = {
+ fake_conv,
+ NULL
+};
+
+
+/* Check that errors of optional modules are ignored and that
+ required modules after a sufficient one are not executed. */
+
+int
+main(int argc, char *argv[])
+{
+ pam_handle_t *pamh=NULL;
+ const char *user="tstpamunix";
+ int retval;
+ int debug = 0;
+ int fail;
+ struct passwd *pwd;
+
+ if (argc < 2 || (*argv[1] != 'f' &&
+ *argv[1] != 'p'))
+ {
+ fprintf (stderr, "Need fail or pass argument.\n");
+ return 2;
+ }
+
+ fail = *argv[1] == 'f';
+
+ if (argc > 2 && strcmp (argv[2], "-d") == 0)
+ debug = 1;
+
+ pwd = getpwnam (user);
+
+ if (pwd == NULL)
+ {
+ if (debug)
+ fprintf (stderr, "unix4: Missing tstpamunix user.\n");
+ return 2;
+ }
+
+ /* we must switch the real (not effective) user so the restrictions
+ are enforced */
+ setreuid (pwd->pw_uid, -1);
+
+ retval = pam_start("tst-pam_unix4", user, &conv, &pamh);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix4: pam_start returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_chauthtok (pamh, 0);
+ if ((!fail && retval != PAM_SUCCESS) || (fail && retval == PAM_SUCCESS))
+ {
+ if (debug)
+ fprintf (stderr, "unix4-1: pam_chauthtok returned %d\n", retval);
+ return 1;
+ }
+
+ retval = pam_end (pamh,retval);
+ if (retval != PAM_SUCCESS)
+ {
+ if (debug)
+ fprintf (stderr, "unix4: pam_end returned %d\n", retval);
+ return 1;
+ }
+ return 0;
+}
diff --git a/xtests/tst-pam_unix4.pamd b/xtests/tst-pam_unix4.pamd
new file mode 100644
index 0000000..1affa8e
--- /dev/null
+++ b/xtests/tst-pam_unix4.pamd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+auth required pam_unix.so
+account required pam_unix.so
+password required pam_unix.so debug
+session required pam_unix.so
diff --git a/xtests/tst-pam_unix4.sh b/xtests/tst-pam_unix4.sh
new file mode 100755
index 0000000..e7976fd
--- /dev/null
+++ b/xtests/tst-pam_unix4.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# pamunix01 = 0aXKZztA.d1KYIuFXArmd2jU
+/usr/sbin/useradd -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix
+# this run must successfully change the password
+./tst-pam_unix4 pass
+RET=$?
+/usr/sbin/usermod -p 0aXKZztA.d1KYIuFXArmd2jU tstpamunix
+/usr/bin/chage -m 10000 tstpamunix
+# this run must fail to change the password
+./tst-pam_unix4 fail || RET=$?
+
+/usr/sbin/userdel -r tstpamunix 2> /dev/null
+exit $RET