xref: /freebsd/contrib/openpam/t/t_openpam_dispatch.c (revision 3416500aef140042c64bc149cb1ec6620483bc44) 
1 /*-
2  * Copyright (c) 2015-2017 Dag-Erling Smørgrav
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. The name of the author may not be used to endorse or promote
14  *    products derived from this software without specific prior written
15  *    permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $OpenPAM: t_openpam_dispatch.c 938 2017-04-30 21:34:42Z des $
30  */
31 
32 #ifdef HAVE_CONFIG_H
33 # include "config.h"
34 #endif
35 
36 #include <err.h>
37 #include <stdint.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <unistd.h>
42 
43 #include <cryb/test.h>
44 
45 #include <security/pam_appl.h>
46 #include <security/openpam.h>
47 
48 #include "openpam_impl.h"
49 #include "t_pam_conv.h"
50 
51 #define T_FUNC(n, d)							\
52 	static const char *t_ ## n ## _desc = d;			\
53 	static int t_ ## n ## _func(OPENPAM_UNUSED(char **desc),	\
54 	    OPENPAM_UNUSED(void *arg))
55 
56 #define T(n)								\
57 	t_add_test(&t_ ## n ## _func, NULL, "%s", t_ ## n ## _desc)
58 
59 const char *pam_return_so;
60 
61 T_FUNC(empty_policy, "empty policy")
62 {
63 	struct t_pam_conv_script script;
64 	struct pam_conv pamc;
65 	struct t_file *tf;
66 	pam_handle_t *pamh;
67 	int pam_err, ret;
68 
69 	memset(&script, 0, sizeof script);
70 	pamc.conv = &t_pam_conv;
71 	pamc.appdata_ptr = &script;
72 	tf = t_fopen(NULL);
73 	t_fprintf(tf, "# empty policy\n");
74 	pam_err = pam_start(tf->name, "test", &pamc, &pamh);
75 	if (pam_err != PAM_SUCCESS) {
76 		t_printv("pam_start() returned %d\n", pam_err);
77 		return (0);
78 	}
79 	/*
80 	 * Note: openpam_dispatch() currently returns PAM_SYSTEM_ERR when
81 	 * the chain is empty, it should possibly return PAM_SERVICE_ERR
82 	 * instead.
83 	 */
84 	pam_err = pam_authenticate(pamh, 0);
85 	t_printv("pam_authenticate() returned %d\n", pam_err);
86 	ret = (pam_err == PAM_SYSTEM_ERR);
87 	pam_err = pam_setcred(pamh, 0);
88 	t_printv("pam_setcred() returned %d\n", pam_err);
89 	ret &= (pam_err == PAM_SYSTEM_ERR);
90 	pam_err = pam_acct_mgmt(pamh, 0);
91 	t_printv("pam_acct_mgmt() returned %d\n", pam_err);
92 	ret &= (pam_err == PAM_SYSTEM_ERR);
93 	pam_err = pam_chauthtok(pamh, 0);
94 	t_printv("pam_chauthtok() returned %d\n", pam_err);
95 	ret &= (pam_err == PAM_SYSTEM_ERR);
96 	pam_err = pam_open_session(pamh, 0);
97 	t_printv("pam_open_session() returned %d\n", pam_err);
98 	ret &= (pam_err == PAM_SYSTEM_ERR);
99 	pam_err = pam_close_session(pamh, 0);
100 	t_printv("pam_close_session() returned %d\n", pam_err);
101 	ret &= (pam_err == PAM_SYSTEM_ERR);
102 	pam_end(pamh, pam_err);
103 	t_fclose(tf);
104 	return (ret);
105 }
106 
107 static struct t_pam_return_case {
108 	int		 facility;
109 	int		 primitive;
110 	int		 flags;
111 	struct {
112 		int		 ctlflag;
113 		int		 modret;
114 	} mod[2];
115 	int		 result;
116 } t_pam_return_cases[] = {
117 	{
118 		PAM_AUTH, PAM_SM_AUTHENTICATE, 0,
119 		{
120 			{ PAM_REQUIRED, PAM_SUCCESS },
121 			{ PAM_REQUIRED, PAM_SUCCESS },
122 		},
123 		PAM_SUCCESS,
124 	},
125 };
126 
127 T_FUNC(mod_return, "module return value")
128 {
129 	struct t_pam_return_case *tc;
130 	struct t_pam_conv_script script;
131 	struct pam_conv pamc;
132 	struct t_file *tf;
133 	pam_handle_t *pamh;
134 	unsigned int i, j, n;
135 	int pam_err;
136 
137 	memset(&script, 0, sizeof script);
138 	pamc.conv = &t_pam_conv;
139 	pamc.appdata_ptr = &script;
140 	n = sizeof t_pam_return_cases / sizeof t_pam_return_cases[0];
141 	for (i = 0; i < n; ++i) {
142 		tc = &t_pam_return_cases[i];
143 		tf = t_fopen(NULL);
144 		for (j = 0; j < 2; ++j) {
145 			t_fprintf(tf, "%s %s %s error=%s\n",
146 			    pam_facility_name[tc->facility],
147 			    pam_control_flag_name[tc->mod[j].ctlflag],
148 			    pam_return_so,
149 			    pam_err_name[tc->mod[j].modret]);
150 		}
151 		pam_err = pam_start(tf->name, "test", &pamc, &pamh);
152 		if (pam_err != PAM_SUCCESS) {
153 			t_printv("pam_start() returned %d\n", pam_err);
154 			t_fclose(tf);
155 			continue;
156 		}
157 		switch (tc->primitive) {
158 		case PAM_SM_AUTHENTICATE:
159 			pam_err = pam_authenticate(pamh, tc->flags);
160 			break;
161 		case PAM_SM_SETCRED:
162 			pam_err = pam_setcred(pamh, tc->flags);
163 			break;
164 		case PAM_SM_ACCT_MGMT:
165 			pam_err = pam_acct_mgmt(pamh, tc->flags);
166 			break;
167 		case PAM_SM_OPEN_SESSION:
168 			pam_err = pam_open_session(pamh, tc->flags);
169 			break;
170 		case PAM_SM_CLOSE_SESSION:
171 			pam_err = pam_close_session(pamh, tc->flags);
172 			break;
173 		case PAM_SM_CHAUTHTOK:
174 			pam_err = pam_chauthtok(pamh, tc->flags);
175 			break;
176 		}
177 		t_printv("%s returned %d\n",
178 		    pam_func_name[tc->primitive], pam_err);
179 		pam_end(pamh, pam_err);
180 		t_printv("here\n");
181 		t_fclose(tf);
182 	}
183 	return (1);
184 }
185 
186 
187 /***************************************************************************
188  * Boilerplate
189  */
190 
191 static int
192 t_prepare(int argc, char *argv[])
193 {
194 
195 	(void)argc;
196 	(void)argv;
197 
198 	if ((pam_return_so = getenv("PAM_RETURN_SO")) == NULL) {
199 		t_printv("define PAM_RETURN_SO before running these tests\n");
200 		return (0);
201 	}
202 
203 	openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0);
204 	openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0);
205 	openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0);
206 	openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0);
207 	openpam_set_feature(OPENPAM_FALLBACK_TO_OTHER, 0);
208 
209 	T(empty_policy);
210 	T(mod_return);
211 
212 	return (0);
213 }
214 
215 int
216 main(int argc, char *argv[])
217 {
218 
219 	t_main(t_prepare, NULL, argc, argv);
220 }
221