summaryrefslogtreecommitdiffstats
path: root/modules/pam_localuser/tst-pam_localuser-retval.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_localuser/tst-pam_localuser-retval.c')
-rw-r--r--modules/pam_localuser/tst-pam_localuser-retval.c144
1 files changed, 144 insertions, 0 deletions
diff --git a/modules/pam_localuser/tst-pam_localuser-retval.c b/modules/pam_localuser/tst-pam_localuser-retval.c
new file mode 100644
index 0000000..5581cec
--- /dev/null
+++ b/modules/pam_localuser/tst-pam_localuser-retval.c
@@ -0,0 +1,144 @@
+/*
+ * Check pam_localuser return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_localuser"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char passwd_file[] = TEST_NAME ".passwd";
+static const char missing_file[] = TEST_NAME ".missing";
+
+static const char alice_line[] = "alice:x:1001:1001:Alice:/home/alice:";
+static const char bob_line[] = "bob:x:1002:1002:Bob:/home/bob:";
+static const char craig_prefix[] = ":x:1003:1003:";
+static const char craig_suffix[] = "craig:/home/craig:";
+
+int
+main(void)
+{
+ static struct pam_conv conv;
+ pam_handle_t *pamh = NULL;
+ FILE *fp;
+ char cwd[PATH_MAX];
+ char name[BUFSIZ];
+
+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+ /* default passwd */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so\n",
+ cwd, MODULE_NAME));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ memset(name, 'x', sizeof(name) - 1);
+ name[sizeof(name) - 1] = '\0';
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "root:x", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ /* missing passwd file */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so file=%s\n",
+ cwd, MODULE_NAME, missing_file));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "root", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ /* custom passwd file */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so file=%s\n",
+ cwd, MODULE_NAME, passwd_file));
+ ASSERT_EQ(0, fclose(fp));
+
+ memcpy(name + (sizeof(name) - sizeof(craig_prefix)),
+ craig_prefix, sizeof(craig_prefix));
+ ASSERT_NE(NULL, fp = fopen(passwd_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "%s\n%s\n%s%s\n",
+ alice_line, bob_line, name, craig_suffix));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ memset(name, 'x', sizeof(name) - 1);
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "alice", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "bob", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "alice:x", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, "craig", &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(0, unlink(service_file));
+ ASSERT_EQ(0, unlink(passwd_file));
+
+ return 0;
+}