1 /*
2 * Check pam_deny return values.
3 *
4 * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
5 */
6
7 #include "test_assert.h"
8
9 #include <limits.h>
10 #include <stdio.h>
11 #include <string.h>
12 #include <unistd.h>
13 #include <security/pam_appl.h>
14
15 #define MODULE_NAME "pam_deny"
16 #define TEST_NAME "tst-" MODULE_NAME "-retval"
17
18 static const char service_file[] = TEST_NAME ".service";
19 static const char user_name[] = "";
20 static struct pam_conv conv;
21
22 int
23 main(void)
24 {
25 pam_handle_t *pamh = NULL;
26 FILE *fp;
27 char cwd[PATH_MAX];
28
29 ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
30
31 ASSERT_NE(NULL, fp = fopen(service_file, "w"));
32 ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
33 "auth required %s/.libs/%s.so\n"
34 "account required %s/.libs/%s.so\n"
35 "password required %s/.libs/%s.so\n"
36 "session required %s/.libs/%s.so\n",
37 cwd, MODULE_NAME,
38 cwd, MODULE_NAME,
39 cwd, MODULE_NAME,
40 cwd, MODULE_NAME));
41 ASSERT_EQ(0, fclose(fp));
42
43 ASSERT_EQ(PAM_SUCCESS,
44 pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
45 ASSERT_NE(NULL, pamh);
46 ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0));
47 ASSERT_EQ(PAM_CRED_ERR, pam_setcred(pamh, 0));
48 ASSERT_EQ(PAM_AUTH_ERR, pam_acct_mgmt(pamh, 0));
49 ASSERT_EQ(PAM_AUTHTOK_ERR, pam_chauthtok(pamh, 0));
50 ASSERT_EQ(PAM_SESSION_ERR, pam_open_session(pamh, 0));
51 ASSERT_EQ(PAM_SESSION_ERR, pam_close_session(pamh, 0));
52 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
53 pamh = NULL;
54
55 ASSERT_EQ(0, unlink(service_file));
56
57 return 0;
58 }