1 /*
2 * Check pam_time return values.
3 *
4 * Copyright (c) 2020-2022 Dmitry V. Levin <ldv@altlinux.org>
5 * Copyright (c) 2022 Stefan Schubert <schubi@suse.de>
6 */
7
8 #include "test_assert.h"
9
10 #include <limits.h>
11 #include <stdio.h>
12 #include <string.h>
13 #include <unistd.h>
14 #include <security/pam_appl.h>
15
16 #define MODULE_NAME "pam_time"
17 #define TEST_NAME "tst-" MODULE_NAME "-retval"
18
19 static const char service_file[] = TEST_NAME ".service";
20 static const char config_file[] = TEST_NAME ".conf";
21 static struct pam_conv conv;
22
23 int
24 main(void)
25 {
26 pam_handle_t *pamh = NULL;
27 FILE *fp;
28 char cwd[PATH_MAX];
29
30 ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
31
32 /* PAM_USER_UNKNOWN */
33 ASSERT_NE(NULL, fp = fopen(service_file, "w"));
34 ASSERT_LT(0,
35 fprintf(fp, "#%%PAM-1.0\n"
36 "auth required %s/.libs/%s.so\n"
37 "account required %s/.libs/%s.so\n"
38 "password required %s/.libs/%s.so\n"
39 "session required %s/.libs/%s.so\n",
40 cwd, MODULE_NAME,
41 cwd, MODULE_NAME,
42 cwd, MODULE_NAME,
43 cwd, MODULE_NAME));
44 ASSERT_EQ(0, fclose(fp));
45
46 ASSERT_EQ(PAM_SUCCESS,
47 pam_start_confdir(service_file, "", &conv, ".", &pamh));
48 ASSERT_NE(NULL, pamh);
49 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
50 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
51 ASSERT_EQ(PAM_USER_UNKNOWN, pam_acct_mgmt(pamh, 0));
52 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
53 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
54 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
55 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
56 pamh = NULL;
57
58 ASSERT_NE(NULL, fp = fopen(config_file, "w"));
59 ASSERT_LT(0, fprintf(fp, "# only root can access %s\n"
60 "%s ; * ; !root ; !Al0000-2400\n",
61 service_file, service_file));
62 ASSERT_EQ(0, fclose(fp));
63
64 /* conffile= specifies an existing file */
65 ASSERT_NE(NULL, fp = fopen(service_file, "w"));
66 ASSERT_LT(0,
67 fprintf(fp, "#%%PAM-1.0\n"
68 "auth required %s/.libs/%s.so conffile=%s\n"
69 "account required %s/.libs/%s.so conffile=%s\n"
70 "password required %s/.libs/%s.so conffile=%s\n"
71 "session required %s/.libs/%s.so conffile=%s\n",
72 cwd, MODULE_NAME, config_file,
73 cwd, MODULE_NAME, config_file,
74 cwd, MODULE_NAME, config_file,
75 cwd, MODULE_NAME, config_file));
76 ASSERT_EQ(0, fclose(fp));
77
78 ASSERT_EQ(PAM_SUCCESS,
79 pam_start_confdir(service_file, "root", &conv, ".", &pamh));
80 ASSERT_NE(NULL, pamh);
81 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
82 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
83 ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
84 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
85 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
86 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
87 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
88 pamh = NULL;
89
90 ASSERT_EQ(PAM_SUCCESS,
91 pam_start_confdir(service_file, "noone", &conv, ".", &pamh));
92 ASSERT_NE(NULL, pamh);
93 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_authenticate(pamh, 0));
94 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_setcred(pamh, 0));
95 ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0));
96 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
97 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
98 ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
99 ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
100 pamh = NULL;
101
102 /* cleanup */
103 ASSERT_EQ(0, unlink(config_file));
104 ASSERT_EQ(0, unlink(service_file));
105
106 return 0;
107 }