4 files changed, 88 insertions, 0 deletions

diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..07797e1
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,7 @@
+Tests: pam-auth-update
+Depends: libpam-modules, libpam-runtime, libpam0g
+Restrictions:  needs-root, allow-stderr
+
+Tests: pam-test
+Depends: libpam-modules, libpam-runtime, libpam0g, python3-pam
+Restrictions:  needs-root
diff --git a/debian/tests/pam-auth-update b/debian/tests/pam-auth-update
new file mode 100644
index 0000000..d2649f3
--- /dev/null
+++ b/debian/tests/pam-auth-update
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Copyright 2023, Sam Hartman
+# This code may be redistributed under the same terms as Linux Pam
+# itself, or at your pution, under the GNU General Public License,
+# version 3. 
+
+set -x
+
+fail() {
+    echo "$@" 2>&1
+    exit 1
+}
+
+
+# Confirm enabling pam_mkhomedir updates common-session
+grep mkhomedir /etc/pam.d/* && fail pam_mkhomedir already enabled
+pam-auth-update --enable mkhomedir ||fail pam-auth-update enable failed
+grep mkhomedir /etc/pam.d/common-session ||fail pam_mkhomedir was not enabled
+
+# and confirm that it makes a home directory
+useradd -s /bin/bash pam_test
+su -c date pam_test
+test -d ~pam_test || fail pam_test home directory not made
+
+# confirm added options are preserved
+grep -i rounds /etc/pam.d/common-password &&fail rounds parameter already specified
+sed -i -e 's/obscure yescrypt/obscure yescrypt rounds=3/' /etc/pam.d/common-password
+grep rounds /etc/pam.d/common-password ||fail sed did not update common password
+
+( echo get libpam-runtime/profiles |debconf-communicate  |grep mkhomedir) || fail mkhomedir not in enabled profiles
+
+# Confirm removing mkhomedir preserves  rounds parameter
+pam-auth-update --disable mkhomedir ||fail pam-auth-update disable failed
+( echo get libpam-runtime/profiles |debconf-communicate |grep mkhomedir) && fail mkhomedir still in profiles
+grep mkhomedir /var/lib/pam/seen || fail mkhomedir removed from seen after disable
+grep  mkhomedir /etc/pam.d/common-session &&fail pam_mkhomedir not removed
+grep rounds  /etc/pam.d/common-password || fail rounds parameter not preserved
diff --git a/debian/tests/pam-test b/debian/tests/pam-test
new file mode 100644
index 0000000..dc97da4
--- /dev/null
+++ b/debian/tests/pam-test
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Copyright 2023, Sam Hartman
+# This code may be redistributed under the same terms as Linux Pam
+# itself, or at your pution, under the GNU General Public License,
+# version 3. 
+
+set -e
+useradd -s /bin/bash pam_test 2>&1 || true
+python3 debian/tests/pam-test.py
+userdel pam_test ||true
diff --git a/debian/tests/pam-test.py b/debian/tests/pam-test.py
new file mode 100644
index 0000000..0024ca5
--- /dev/null
+++ b/debian/tests/pam-test.py
@@ -0,0 +1,33 @@
+#!/usr/bin/python3
+# Copyright 2023, Sam Hartman
+# This code may be redistributed under the same terms as Linux Pam
+# itself, or at your pution, under the GNU General Public License,
+# version 3. 
+
+
+import PAM
+
+def conversation(auth, queries, userdata):
+    results = []
+    for prompt, type in queries:
+        if type == PAM.PAM_PROMPT_ECHO_OFF:
+            results.append(('ThisLongPasswordIsHardCoded', 0))
+        else: results.append(('',0))
+    return results
+# set a password
+
+auth = PAM.pam()
+auth.start('passwd')
+auth.set_item(PAM.PAM_USER, 'pam_test')
+auth.set_item(PAM.PAM_CONV, conversation)
+auth.chauthtok()
+
+# Now authenticate and session
+auth = PAM.pam()
+auth.start('login')
+auth.set_item(PAM.PAM_USER, 'pam_test')
+auth.set_item(PAM.PAM_CONV, conversation)
+auth.authenticate()
+auth.acct_mgmt()
+auth.open_session()
+auth.close_session()