1 /*
2 * Check pam_mkhomedir return values.
3 *
4 * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
5 */
6
7 #include "test_assert.h"
8
9 #include <fcntl.h>
10 #include <limits.h>
11 #include <stdio.h>
12 #include <string.h>
13 #include <unistd.h>
14 #include <pwd.h>
15 #include <sys/stat.h>
16 #include <security/pam_appl.h>
17
18 #define MODULE_NAME "pam_mkhomedir"
19 #define TEST_NAME "tst-" MODULE_NAME "-retval"
20
21 static const char service_file[] = TEST_NAME ".service";
22 static const char user_empty[] = "";
23 static const char user_missing[] = ":";
24 static struct pam_conv conv;
25
26 int
27 main(void)
28 {
29 pam_handle_t *pamh = NULL;
30 FILE *fp;
31 struct passwd *pw;
32 struct stat st;
33 char cwd[PATH_MAX];
34
35 ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
36
37 /* PAM_USER_UNKNOWN */
38 ASSERT_NE(NULL, fp = fopen(service_file, "w"));
39 ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
40 "auth required %s/.libs/%s.so\n"
41 "account required %s/.libs/%s.so\n"
42 "password required %s/.libs/%s.so\n"
43 "session required %s/.libs/%s.so\n",
44 cwd, MODULE_NAME,
45 cwd, MODULE_NAME,
46 cwd, MODULE_NAME,
47 cwd, MODULE_NAME));
48 ASSERT_EQ(0, fclose(fp));
49
50 ASSERT_EQ(PAM_SUCCESS,
51 pam_start_confdir(service_file, user_empty,
52 &conv, ".", &pamh));
53 ASSERT_NE(NULL, pamh);
54 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
55 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
56 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
57 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
58 ASSERT_EQ(PAM_USER_UNKNOWN, pam_open_session(pamh, 0));
59 ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
60 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
61 pamh = NULL;
62
63 ASSERT_EQ(PAM_SUCCESS,
64 pam_start_confdir(service_file, user_missing,
65 &conv, ".", &pamh));
66 ASSERT_NE(NULL, pamh);
67 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
68 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
69 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
70 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
71 ASSERT_EQ(PAM_USER_UNKNOWN, pam_open_session(pamh, 0));
72 ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
73 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
74 pamh = NULL;
75
76 /* PAM_SUCCESS */
77 ASSERT_NE(NULL, fp = fopen(service_file, "w"));
78 ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
79 "auth required %s/.libs/%s.so debug\n"
80 "account required %s/.libs/%s.so debug\n"
81 "password required %s/.libs/%s.so debug\n"
82 "session required %s/.libs/%s.so debug\n",
83 cwd, MODULE_NAME,
84 cwd, MODULE_NAME,
85 cwd, MODULE_NAME,
86 cwd, MODULE_NAME));
87 ASSERT_EQ(0, fclose(fp));
88
89 if ((pw = getpwuid(geteuid())) != NULL &&
90 pw->pw_dir != NULL &&
91 stat(pw->pw_dir, &st) == 0 &&
92 (st.st_mode & S_IFMT) == S_IFDIR) {
93 ASSERT_EQ(PAM_SUCCESS,
94 pam_start_confdir(service_file, pw->pw_name,
95 &conv, ".", &pamh));
96 ASSERT_NE(NULL, pamh);
97 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
98 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
99 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
100 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
101 ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
102 ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, 0));
103 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
104 pamh = NULL;
105 }
106
107 ASSERT_EQ(0, unlink(service_file));
108
109 return 0;
110 }