1 /*
2 * Redistribution and use in source and binary forms, with or without
3 * modification, are permitted provided that the following conditions
4 * are met:
5 * 1. Redistributions of source code must retain the above copyright
6 * notice, and the entire permission notice in its entirety,
7 * including the disclaimer of warranties.
8 * 2. Redistributions in binary form must reproduce the above copyright
9 * notice, this list of conditions and the following disclaimer in the
10 * documentation and/or other materials provided with the distribution.
11 * 3. The name of the author may not be used to endorse or promote
12 * products derived from this software without specific prior
13 * written permission.
14 *
15 * ALTERNATIVELY, this product may be distributed under the terms of
16 * the GNU Public License, in which case the provisions of the GPL are
17 * required INSTEAD OF the above restrictions. (This clause is
18 * necessary due to a potential bad interaction between the GPL and
19 * the restrictions contained in a BSD-style copyright.)
20 *
21 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
22 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
24 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 /*
35 * Check remember handling
36 * Change ten times the password
37 * Try the ten passwords again, should always be rejected
38 * Try a new password, should succeed
39 */
40
41 #ifdef HAVE_CONFIG_H
42 #include <config.h>
43 #endif
44
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #include <security/pam_appl.h>
49 #include "pam_inline.h"
50
51 static unsigned int in_test;
52
53 static const char *passwords[] = {
54 "pamhistory01", "pamhistory02", "pamhistory03",
55 "pamhistory04", "pamhistory05", "pamhistory06",
56 "pamhistory07", "pamhistory08", "pamhistory09",
57 "pamhistory10",
58 "pamhistory01", "pamhistory02", "pamhistory03",
59 "pamhistory04", "pamhistory05", "pamhistory06",
60 "pamhistory07", "pamhistory08", "pamhistory09",
61 "pamhistory10",
62 "pamhistory11",
63 "pamhistory01", "pamhistory02", "pamhistory03",
64 "pamhistory04", "pamhistory05", "pamhistory06",
65 "pamhistory07", "pamhistory08", "pamhistory09",
66 "pamhistory10"};
67
68 static int debug;
69
70 /* A conversation function which uses an internally-stored value for
71 the responses. */
72 static int
73 fake_conv (int num_msg, const struct pam_message **msgm,
74 struct pam_response **response, void *appdata_ptr UNUSED)
75 {
76 struct pam_response *reply;
77 int count;
78
79 /* Sanity test. */
80 if (num_msg <= 0)
81 return PAM_CONV_ERR;
82
83 if (debug)
84 fprintf (stderr, "msg_style=%d, msg=%s\n", msgm[0]->msg_style,
85 msgm[0]->msg);
86
87 if (msgm[0]->msg_style != 1)
88 return PAM_SUCCESS;
89
90 /* Allocate memory for the responses. */
91 reply = calloc (num_msg, sizeof (struct pam_response));
92 if (reply == NULL)
93 return PAM_CONV_ERR;
94
95 /* Each prompt elicits the same response. */
96 for (count = 0; count < num_msg; ++count)
97 {
98 reply[count].resp_retcode = 0;
99 reply[count].resp = strdup (passwords[in_test]);
100 if (debug)
101 fprintf (stderr, "send password %s\n", reply[count].resp);
102 }
103
104 /* Set the pointers in the response structure and return. */
105 *response = reply;
106 return PAM_SUCCESS;
107 }
108
109 static struct pam_conv conv = {
110 fake_conv,
111 NULL
112 };
113
114
115 int
116 main(int argc, char *argv[])
117 {
118 pam_handle_t *pamh=NULL;
119 const char *user="tstpampwhistory";
120 int retval;
121
122 if (argc > 1 && strcmp (argv[1], "-d") == 0)
123 debug = 1;
124
125 for (in_test = 0; in_test < PAM_ARRAY_SIZE(passwords); in_test++)
126 {
127
128 retval = pam_start("tst-pam_pwhistory1", user, &conv, &pamh);
129 if (retval != PAM_SUCCESS)
130 {
131 if (debug)
132 fprintf (stderr, "pwhistory1-%u: pam_start returned %d\n",
133 in_test, retval);
134 return 1;
135 }
136
137 retval = pam_chauthtok (pamh, 0);
138 if (in_test < 10 || in_test == 20)
139 {
140 if (retval != PAM_SUCCESS)
141 {
142 if (debug)
143 fprintf (stderr, "pwhistory1-%u: pam_chauthtok returned %d\n",
144 in_test, retval);
145 return 1;
146 }
147 }
148 else if (in_test < 20)
149 {
150 if (retval != PAM_MAXTRIES)
151 {
152 if (debug)
153 fprintf (stderr, "pwhistory1-%u: pam_chauthtok returned %d\n",
154 in_test, retval);
155 return 1;
156 }
157 }
158
159 retval = pam_end (pamh,retval);
160 if (retval != PAM_SUCCESS)
161 {
162 if (debug)
163 fprintf (stderr, "pwhistory1: pam_end returned %d\n", retval);
164 return 1;
165 }
166 }
167
168 return 0;
169 }