1 /* 2 * Authentication tests for the pam-krb5 module with an incorrect AUTHTOK. 3 * 4 * This test case includes tests that require Kerberos to be configured and a 5 * username and password available and that run with an incorrect AUTHTOK 6 * already set. They test various prompting fallback cases. They don't write 7 * a ticket cache (which requires additional work to test the cache 8 * ownership). 9 * 10 * Written by Russ Allbery <eagle@eyrie.org> 11 * Copyright 2020 Russ Allbery <eagle@eyrie.org> 12 * Copyright 2011-2012 13 * The Board of Trustees of the Leland Stanford Junior University 14 * 15 * SPDX-License-Identifier: BSD-3-clause or GPL-1+ 16 */ 17 18 #include <config.h> 19 #include <portable/system.h> 20 21 #include <tests/fakepam/script.h> 22 #include <tests/tap/kerberos.h> 23 #include <tests/tap/process.h> 24 #include <tests/tap/string.h> 25 26 27 int 28 main(void) 29 { 30 struct script_config config; 31 struct kerberos_config *krbconf; 32 33 /* Load the Kerberos principal and password from a file. */ 34 krbconf = kerberos_setup(TAP_KRB_NEEDS_PASSWORD); 35 memset(&config, 0, sizeof(config)); 36 config.user = krbconf->userprinc; 37 config.password = krbconf->password; 38 39 /* Set the authtok to something bogus. */ 40 config.authtok = "BAD PASSWORD THAT WILL NOT WORK"; 41 42 /* 43 * Generate a testing krb5.conf file with a nonexistent default realm so 44 * that we can be sure that our principals will stay fully-qualified in 45 * the logs. 46 */ 47 kerberos_generate_conf("bogus.example.com"); 48 49 plan_lazy(); 50 run_script_dir("data/scripts/bad-authtok", &config); 51 52 return 0; 53 } 54