1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that the following conditions
4 * are met:
5 * 1. Redistributions of source code must retain the above copyright
6 * notice, and the entire permission notice in its entirety,
7 * including the disclaimer of warranties.
8 * 2. Redistributions in binary form must reproduce the above copyright
9 * notice, this list of conditions and the following disclaimer in the
10 * documentation and/or other materials provided with the distribution.
11 * 3. The name of the author may not be used to endorse or promote
12 * products derived from this software without specific prior
13 * written permission.
14 *
15 * ALTERNATIVELY, this product may be distributed under the terms of
16 * the GNU Public License, in which case the provisions of the GPL are
17 * required INSTEAD OF the above restrictions. (This clause is
18 * necessary due to a potential bad interaction between the GPL and
19 * the restrictions contained in a BSD-style copyright.)
20 *
21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /*
35 test case:
36
37 Check the following lines in access.conf:
38 -:ALL EXCEPT tstpamaccess3 :LOCAL
39 -:ALL:127.0.0.1
40
41 pam_authenticate should fail for /dev/tty1, pass for www.example.com,
42 and fail again for localhost
43 */
44
45 #ifdef HAVE_CONFIG_H
46 #include <config.h>
47 #endif
48
49 #include <stdio.h>
50 #include <stdlib.h>
51 #include <string.h>
52 #include <security/pam_appl.h>
53
54 /* A conversation function which uses an internally-stored value for
55 the responses. */
56 static int
57 fake_conv (int num_msg, const struct pam_message **msgm UNUSED,
58 struct pam_response **response, void *appdata_ptr UNUSED)
59 {
60 struct pam_response *reply;
61 int count;
62
63 /* Sanity test. */
64 if (num_msg <= 0)
65 return PAM_CONV_ERR;
66
67 /* Allocate memory for the responses. */
68 reply = calloc (num_msg, sizeof (struct pam_response));
69 if (reply == NULL)
70 return PAM_CONV_ERR;
71
72 /* Each prompt elicits the same response. */
73 for (count = 0; count < num_msg; ++count)
74 {
75 reply[count].resp_retcode = 0;
76 reply[count].resp = strdup ("!!");
77 }
78
79 /* Set the pointers in the response structure and return. */
80 *response = reply;
81 return PAM_SUCCESS;
82 }
83
84 static struct pam_conv conv = {
85 fake_conv,
86 NULL
87 };
88
89 int
90 main(int argc, char *argv[])
91 {
92 pam_handle_t *pamh = NULL;
93 const char *user="tstpamaccess4";
94 int retval;
95 int debug = 0;
96
97 if (argc > 1 && strcmp (argv[1], "-d") == 0)
98 debug = 1;
99
100 retval = pam_start("tst-pam_access4", user, &conv, &pamh);
101 if (retval != PAM_SUCCESS)
102 {
103 if (debug)
104 fprintf (stderr, "pam_access4: pam_start returned %d\n", retval);
105 return 1;
106 }
107
108 retval = pam_set_item (pamh, PAM_TTY, "/dev/tty1");
109 if (retval != PAM_SUCCESS)
110 {
111 if (debug)
112 fprintf (stderr,
113 "pam_access4-1: pam_set_item(PAM_TTY) returned %d\n",
114 retval);
115 return 1;
116 }
117
118 retval = pam_authenticate (pamh, 0);
119 if (retval != PAM_PERM_DENIED)
120 {
121 if (debug)
122 fprintf (stderr, "pam_access4-1: pam_authenticate returned %d\n", retval);
123 return 1;
124 }
125
126 retval = pam_set_item (pamh, PAM_RHOST, "www.example.com");
127 if (retval != PAM_SUCCESS)
128 {
129 if (debug)
130 fprintf (stderr,
131 "pam_access4-2: pam_set_item(PAM_RHOST) returned %d\n",
132 retval);
133 return 1;
134 }
135
136 retval = pam_authenticate (pamh, 0);
137 if (retval != PAM_SUCCESS)
138 {
139 if (debug)
140 fprintf (stderr, "pam_access4-2: pam_authenticate returned %d\n", retval);
141 return 1;
142 }
143
144 retval = pam_set_item (pamh, PAM_RHOST, "localhost");
145 if (retval != PAM_SUCCESS)
146 {
147 if (debug)
148 fprintf (stderr,
149 "pam_access4-3: pam_set_item(PAM_RHOST) returned %d\n",
150 retval);
151 return 1;
152 }
153
154 retval = pam_authenticate (pamh, 0);
155 if (retval != PAM_PERM_DENIED)
156 {
157 if (debug)
158 fprintf (stderr, "pam_access4-3: pam_authenticate returned %d\n", retval);
159 return 1;
160 }
161
162 retval = pam_end (pamh,retval);
163 if (retval != PAM_SUCCESS)
164 {
165 if (debug)
166 fprintf (stderr, "pam_access4: pam_end returned %d\n", retval);
167 return 1;
168 }
169 return 0;
170 }