pam_matrix: Add OpenPAM (BSD) support

Includes: - pwrap: Fix errno if ENODATA is not available - nwrap: Add FTW return values if not defined - pwrap: Add support for BSD prompt and strerror functions - pwrap: Add detection for pam_syslog and pam_vsyslog
author: Andreas Schneider <asn@samba.org> 2015-11-20 15:03:25 +0100
committer: Andreas Schneider <asn@samba.org> 2015-12-10 13:31:20 +0100
commit: 842720928bacb975a0c94ab80ec655d253ee6239 (patch)
tree: 0a87c5fd6c53c9db1c5dbeac2956c7e5230aaf07
parent: 8e060eff567d89dad3e035c830cee0e29810dc65 (diff)
download: pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.gz
pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.xz
pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.zip
9 files changed, 308 insertions, 23 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index ca9626e..f3383f9 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -46,6 +46,29 @@ check_function_exists(strncpy HAVE_STRNCPY)
 check_function_exists(vsnprintf HAVE_VSNPRINTF)
 check_function_exists(snprintf HAVE_SNPRINTF)
 
+set(CMAKE_REQUIRED_LIBRARIES pam)
+check_function_exists(pam_vsyslog HAVE_PAM_VSYSLOG)
+check_function_exists(pam_syslog HAVE_PAM_SYSLOG)
+set(CMAKE_REQUIRED_LIBRARIES)
+
+check_prototype_definition(pam_vprompt
+    "int pam_vprompt(const pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, va_list _ap)"
+    "-1"
+    "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h"
+    HAVE_PAM_VPROMPT_CONST)
+
+check_prototype_definition(pam_prompt
+    "int pam_prompt(const pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, ...)"
+    "-1"
+    "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h"
+    HAVE_PAM_PROMPT_CONST)
+
+check_prototype_definition(pam_strerror
+    "const char *pam_strerror(const pam_handle_t *_pamh, int _error_number)"
+    "NULL"
+    "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h"
+    HAVE_PAM_STRERROR_CONST)
+
 # LIBRARIES
 find_library(PAM_LIBRARY NAMES libpam.so.0 pam)
 set(PAM_LIBRARY ${PAM_LIBRARY})
@@ -54,6 +77,13 @@ if (PAM_MISC_LIBRARY)
 	set(HAVE_PAM_MISC TRUE)
 endif()
 
+check_library_exists(${PAM_LIBRARY} openpam_set_option "" HAVE_OPENPAM)
+
+# PAM FUNCTIONS
+set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${PAM_LIBRARY})
+check_function_exists(pam_syslog HAVE_PAM_SYSLOG)
+check_function_exists(pam_vsyslog HAVE_PAM_VSYSLOG)
+
 # OPTIONS
 
 if (LINUX)
@@ -67,6 +97,11 @@ if (LINUX)
     set(CMAKE_REQUIRED_DEFINITIONS)
 endif (LINUX)
 
+# COMPAT
+if (HAVE_OPENPAM_H)
+    set(HAVE_OPENPAM    1)
+endif ()
+
 check_c_source_compiles("
 #include <stdbool.h>
 int main(void) {
diff --git a/config.h.cmake b/config.h.cmake
index e864bee..9888219 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -19,12 +19,22 @@
 #cmakedefine HAVE_SECURITY_PAM_APPL_H 1
 #cmakedefine HAVE_SECURITY_PAM_MODULES_H 1
 #cmakedefine HAVE_SECURITY_PAM_EXT_H 1
+#cmakedefine HAVE_OPENPAM ${HAVE_OPENPAM}
+#cmakedefine HAVE_PAM_SYSLOG 1
+#cmakedefine HAVE_PAM_VSYSLOG 1
 
 /*************************** FUNCTIONS ***************************/
 
 /* Define to 1 if you have the `seteuid' function. */
 #cmakedefine HAVE_SETEUID 1
 
+#cmakedefine HAVE_PAM_VSYSLOG 1
+#cmakedefine HAVE_PAM_SYSLOG 1
+
+#cmakedefine HAVE_PAM_VPROMPT_CONST 1
+#cmakedefine HAVE_PAM_PROMPT_CONST 1
+#cmakedefine HAVE_PAM_STRERROR_CONST 1
+
 /*************************** LIBRARIES ***************************/
 #cmakedefine PAM_LIBRARY "${PAM_LIBRARY}"
 
diff --git a/include/pwrap_compat.h b/include/pwrap_compat.h
index 45d7885..a30df15 100644
--- a/include/pwrap_compat.h
+++ b/include/pwrap_compat.h
@@ -16,7 +16,15 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#ifdef HAVE_OPENPAM
+#include <security/openpam.h>
+#endif
+
 /* OpenPAM doesn't define PAM_BAD_ITEM */
 #ifndef PAM_BAD_ITEM
 #define PAM_BAD_ITEM	PAM_SYSTEM_ERR
 #endif /* PAM_BAD_ITEM */
+
+#ifndef ENODATA
+#define ENODATA EPIPE
+#endif
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 6e37c32..80b19d3 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -8,9 +8,14 @@ include_directories(${CMAKE_BINARY_DIR})
 
 add_library(pam_wrapper SHARED pam_wrapper.c)
 
-target_link_libraries(pam_wrapper
-                      ${PAMWRAP_REQUIRED_LIBRARIES}
-                      ${CMAKE_THREAD_LIBS_INIT})
+set(PAM_WRAPPER_LIBRARIES
+	${PAMWRAP_REQUIRED_LIBRARIES}
+	${CMAKE_THREAD_LIBS_INIT})
+if (HAVE_OPENPAM)
+	list(APPEND PAM_WRAPPER_LIBRARIES pam)
+endif (HAVE_OPENPAM)
+
+target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES})
 
 set_target_properties(
   pam_wrapper
@@ -42,6 +47,11 @@ set(pamtest_HEADERS
 )
 include_directories(${CMAKE_SOURCE_DIR}/include)
 
+set(PAM_LIBRARIES pam)
+if (HAVE_PAM_MISC)
+	list(APPEND PAM_LIBRARIES pam_misc)
+endif (HAVE_PAM_MISC)
+
 add_library(pamtest SHARED
             ${pamtest_SOURCES}
             ${pamtest_HEADERS}
diff --git a/src/modules/pam_matrix.c b/src/modules/pam_matrix.c
index 870625b..89fdd56 100644
--- a/src/modules/pam_matrix.c
+++ b/src/modules/pam_matrix.c
@@ -23,11 +23,21 @@
 #include <pwd.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <stdint.h>
 #include <string.h>
 #include <unistd.h>
 #include <ctype.h>
 #include <errno.h>
 #include <time.h>
+#include <stdint.h>
+
+#ifndef discard_const
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+#endif
+
+#ifndef discard_const_p
+#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
+#endif
 
 #ifdef HAVE_SECURITY_PAM_APPL_H
 #include <security/pam_appl.h>
@@ -81,6 +91,14 @@
 	}				\
 } while(0);
 
+#ifndef discard_const
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+#endif
+
+#ifndef discard_const_p
+#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
+#endif
+
 struct pam_lib_items {
 	const char *username;
 	const char *service;
@@ -301,7 +319,7 @@ static int pam_matrix_conv(pam_handle_t *pamh,
 	}
 
 	pam_msg->msg_style = msg_style;
-	pam_msg->msg = msg;
+	pam_msg->msg = discard_const_p(char, msg);
 
 	if (msg_style == PAM_PROMPT_ECHO_ON ||
 	    msg_style == PAM_PROMPT_ECHO_OFF) {
@@ -710,7 +728,14 @@ pam_sm_close_session(pam_handle_t *pamh, int flags,
 		goto done;
 	}
 
+#if HAVE_OPENPAM
+	/* OpenPAM does not support unsetting variable, set it to
+	 * and empty string instead
+	 */
+	rv = pam_putenv(pamh, HOME_VAR"=");
+#else
 	rv = pam_putenv(pamh, HOME_VAR);
+#endif
 	if (rv != PAM_SUCCESS) {
 		goto done;
 	}
diff --git a/src/modules/pam_set_items.c b/src/modules/pam_set_items.c
index ae6ef9f..22c2c56 100644
--- a/src/modules/pam_set_items.c
+++ b/src/modules/pam_set_items.c
@@ -33,7 +33,9 @@
 #define ITEM_FILE_KEY	"item_file="
 
 static const char *envs[] = {
+#ifndef HAVE_OPENPAM
 	"PAM_SERVICE",
+#endif
 	"PAM_USER",
 	"PAM_USER_PROMPT",
 	"PAM_TTY",
@@ -51,7 +53,9 @@ static const char *envs[] = {
 };
 
 static const int items[] = {
+#ifndef HAVE_OPENPAM
 	PAM_SERVICE,
+#endif
 	PAM_USER,
 	PAM_USER_PROMPT,
 	PAM_TTY,
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index 59455f5..662b8b1 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -33,6 +33,7 @@
 #include <dlfcn.h>
 #include <libgen.h>
 #include <signal.h>
+#include <limits.h>
 
 #include <ftw.h>
 
@@ -83,6 +84,14 @@
 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
 #endif
 
+#ifndef discard_const
+#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
+#endif
+
+#ifndef discard_const_p
+#define discard_const_p(type, ptr) ((type *)discard_const(ptr))
+#endif
+
 /*****************
  * LOGGING
  *****************/
@@ -203,12 +212,15 @@ typedef int (*__libpam_pam_vprompt)(pam_handle_t *pamh,
 				    const char *fmt,
 				    va_list args);
 
-typedef const char * (*__libpam_pam_strerror)(pam_handle_t *pamh, int errnum);
+typedef const char * (*__libpam_pam_strerror)(pam_handle_t *pamh,
+                                              int errnum);
 
+#ifdef HAVE_PAM_VSYSLOG
 typedef void (*__libpam_pam_vsyslog)(const pam_handle_t *pamh,
 				     int priority,
 				     const char *fmt,
 				     va_list args);
+#endif
 
 #define PWRAP_SYMBOL_ENTRY(i) \
 	union { \
@@ -234,7 +246,9 @@ struct pwrap_libpam_symbols {
 	PWRAP_SYMBOL_ENTRY(pam_set_data);
 	PWRAP_SYMBOL_ENTRY(pam_vprompt);
 	PWRAP_SYMBOL_ENTRY(pam_strerror);
+#ifdef HAVE_PAM_VSYSLOG
 	PWRAP_SYMBOL_ENTRY(pam_vsyslog);
+#endif
 };
 
 struct pwrap {
@@ -282,6 +296,8 @@ static void *pwrap_load_lib_handle(enum pwrap_lib lib)
 		if (handle == NULL) {
 			handle = dlopen(pwrap.libpam_so, flags);
 			if (handle != NULL) {
+				PWRAP_LOG(PWRAP_LOG_DEBUG,
+					  "Opened %s\n", pwrap.libpam_so);
 				pwrap.libpam.handle = handle;
 				break;
 			}
@@ -469,13 +485,18 @@ static int libpam_pam_vprompt(pam_handle_t *pamh,
 							  args);
 }
 
+#ifdef HAVE_PAM_STRERROR_CONST
+static const char *libpam_pam_strerror(const pam_handle_t *pamh, int errnum)
+#else
 static const char *libpam_pam_strerror(pam_handle_t *pamh, int errnum)
+#endif
 {
 	pwrap_bind_symbol_libpam(pam_strerror);
 
-	return pwrap.libpam.symbols._libpam_pam_strerror.f(pamh, errnum);
+	return pwrap.libpam.symbols._libpam_pam_strerror.f(discard_const_p(pam_handle_t, pamh), errnum);
 }
 
+#ifdef HAVE_PAM_VSYSLOG
 static void libpam_pam_vsyslog(const pam_handle_t *pamh,
 			       int priority,
 			       const char *fmt,
@@ -488,6 +509,7 @@ static void libpam_pam_vsyslog(const pam_handle_t *pamh,
 						   fmt,
 						   args);
 }
+#endif
 
 /*********************************************************
  * PWRAP INIT
@@ -548,7 +570,7 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod
 			/* done */
 			break;
 		} else if (bread < 0) {
-			errno = ENODATA;
+			errno = EIO;
 			rc = -1;
 			goto out;
 		}
@@ -570,7 +592,7 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod
 
 		bwritten = write(dstfd, buf, bread);
 		if (bwritten < 0) {
-			errno = ENODATA;
+			errno = EIO;
 			rc = -1;
 			goto out;
 		}
@@ -593,6 +615,24 @@ out:
 	return rc;
 }
 
+/* Do not pass any flag if not defined */
+#ifndef FTW_ACTIONRETVAL
+#define FTW_ACTIONRETVAL 0
+#endif
+
+/* Action return values */
+#ifndef FTW_STOP
+#define FTW_STOP -1
+#endif
+
+#ifndef FTW_CONTINUE
+#define FTW_CONTINUE 0
+#endif
+
+#ifndef FTW_SKIP_SUBTREE
+#define FTW_SKIP_SUBTREE 0
+#endif
+
 static int copy_ftw(const char *fpath,
 		    const struct stat *sb,
 		    int typeflag,
@@ -926,6 +966,56 @@ void pwrap_constructor(void)
 }
 
 
+#ifdef HAVE_OPENPAM
+static int pwrap_openpam_start(const char *service_name,
+			       const char *user,
+			       const struct pam_conv *pam_conversation,
+			       pam_handle_t **pamh)
+{
+	int rv;
+	char fullpath[1024];
+
+	rv = openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0);
+	if (rv != PAM_SUCCESS) {
+		PWRAP_LOG(PWRAP_LOG_ERROR,
+			  "Cannot disable OPENPAM_RESTRICT_SERVICE_NAME");
+		return rv;
+	}
+
+	rv = openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0);
+	if (rv != PAM_SUCCESS) {
+		PWRAP_LOG(PWRAP_LOG_ERROR,
+			  "Cannot disable OPENPAM_RESTRICT_MODULE_NAME");
+		return rv;
+	}
+
+	rv = openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0);
+	if (rv != PAM_SUCCESS) {
+		PWRAP_LOG(PWRAP_LOG_ERROR,
+			  "Cannot disable OPENPAM_VERIFY_MODULE_FILE");
+		return rv;
+	}
+
+	rv = openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0);
+	if (rv != PAM_SUCCESS) {
+		PWRAP_LOG(PWRAP_LOG_ERROR,
+			  "Cannot disable OPENPAM_VERIFY_POLICY_FILE");
+		return rv;
+	}
+
+	snprintf(fullpath,
+		 sizeof(fullpath),
+		 "%s/%s",
+		 pwrap.config_dir,
+		 service_name);
+
+	return libpam_pam_start(fullpath,
+				user,
+				pam_conversation,
+				pamh);
+}
+#endif
+
 static int pwrap_pam_start(const char *service_name,
 			   const char *user,
 			   const struct pam_conv *pam_conversation,
@@ -936,10 +1026,17 @@ static int pwrap_pam_start(const char *service_name,
 		  service_name,
 		  user);
 
+#ifdef HAVE_OPENPAM
+	return pwrap_openpam_start(service_name,
+				   user,
+				   pam_conversation,
+				   pamh);
+#else
 	return libpam_pam_start(service_name,
 				user,
 				pam_conversation,
 				pamh);
+#endif
 }
 
 
@@ -1062,11 +1159,31 @@ int pam_setcred(pam_handle_t *pamh, int flags)
 	return pwrap_pam_setcred(pamh, flags);
 }
 
+static const char *pwrap_get_service(const char *libpam_service)
+{
+#ifdef HAVE_OPENPAM
+	const char *service_name;
+
+	PWRAP_LOG(PWRAP_LOG_TRACE,
+		  "internal PAM_SERVICE=%s", libpam_service);
+	service_name = strrchr(libpam_service, '/');
+	if (service_name != NULL && service_name[0] == '/') {
+		service_name++;
+	}
+	PWRAP_LOG(PWRAP_LOG_TRACE,
+		  "PAM_SERVICE=%s", service_name);
+	return service_name;
+#else
+	return libpam_service;
+#endif
+}
+
 static int pwrap_pam_get_item(const pam_handle_t *pamh,
 			      int item_type,
 			      const void **item)
 {
 	int rc;
+	const char *svc;
 
 	PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_get_item called");
 
@@ -1080,9 +1197,12 @@ static int pwrap_pam_get_item(const pam_handle_t *pamh,
 				  (char *) *item);
 			break;
 		case PAM_SERVICE:
+			svc = pwrap_get_service((const char *) *item);
+
 			PWRAP_LOG(PWRAP_LOG_TRACE,
 				  "pwrap_get_item PAM_SERVICE=%s",
-				  (char *) *item);
+				  (char *) svc);
+			*item = svc;
 			break;
 		case PAM_USER_PROMPT:
 			PWRAP_LOG(PWRAP_LOG_TRACE,
@@ -1250,41 +1370,76 @@ int pam_set_data(pam_handle_t *pamh,
 	return pwrap_pam_set_data(pamh, module_data_name, data, cleanup);
 }
 
+#ifdef HAVE_PAM_VPROMPT_CONST
+static int pwrap_pam_vprompt(const pam_handle_t *pamh,
+#else
 static int pwrap_pam_vprompt(pam_handle_t *pamh,
+#endif
 			     int style,
 			     char **response,
 			     const char *fmt,
 			     va_list args)
 {
 	PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_pam_vprompt style=%d", style);
-	return libpam_pam_vprompt(pamh, style, response, fmt, args);
+	return libpam_pam_vprompt(discard_const_p(pam_handle_t, pamh),
+				  style,
+				  response,
+				  fmt,
+				  args);
 }
 
+#ifdef HAVE_PAM_VPROMPT_CONST
+int pam_vprompt(const pam_handle_t *pamh,
+		int style,
+		char **response,
+		const char *fmt,
+		va_list args)
+#else
 int pam_vprompt(pam_handle_t *pamh,
 		int style,
 		char **response,
 		const char *fmt,
 		va_list args)
+#endif
 {
-	return pwrap_pam_vprompt(pamh, style, response, fmt, args);
+	return pwrap_pam_vprompt(discard_const_p(pam_handle_t, pamh),
+				 style,
+				 response,
+				 fmt,
+				 args);
 }
 
+#ifdef HAVE_PAM_PROMPT_CONST
+int pam_prompt(const pam_handle_t *pamh,
+	       int style,
+	       char **response,
+	       const char *fmt, ...)
+#else
 int pam_prompt(pam_handle_t *pamh,
 	       int style,
 	       char **response,
 	       const char *fmt, ...)
+#endif
 {
 	va_list args;
 	int rv;
 
 	va_start(args, fmt);
-	rv = pwrap_pam_vprompt(pamh, style, response, fmt, args);
+	rv = pwrap_pam_vprompt(discard_const_p(pam_handle_t, pamh),
+			       style,
+			       response,
+			       fmt,
+			       args);
 	va_end(args);
 
 	return rv;  
 }
 
+#ifdef HAVE_PAM_STRERROR_CONST
+static const char *pwrap_pam_strerror(const pam_handle_t *pamh, int errnum)
+#else
 static const char *pwrap_pam_strerror(pam_handle_t *pamh, int errnum)
+#endif
 {
 	const char *str;
 
@@ -1292,18 +1447,25 @@ static const char *pwrap_pam_strerror(pam_handle_t *pamh, int errnum)
 
 	PWRAP_LOG(PWRAP_LOG_TRACE, "pam_strerror errnum=%d", errnum);
 
-	str = libpam_pam_strerror(pamh, errnum);
+	str = libpam_pam_strerror(discard_const_p(pam_handle_t, pamh),
+				  errnum);
 
 	PWRAP_LOG(PWRAP_LOG_TRACE, "pam_strerror error=%s", str);
 
 	return str;
 }
 
+#ifdef HAVE_PAM_STRERROR_CONST
+const char *pam_strerror(const pam_handle_t *pamh, int errnum)
+#else
 const char *pam_strerror(pam_handle_t *pamh, int errnum)
+#endif
 {
-	return pwrap_pam_strerror(pamh, errnum);
+	return pwrap_pam_strerror(discard_const_p(pam_handle_t, pamh),
+				  errnum);
 }
 
+#ifdef HAVE_PAM_VSYSLOG
 static void pwrap_pam_vsyslog(const pam_handle_t *pamh,
 			      int priority,
 			      const char *fmt,
@@ -1320,7 +1482,9 @@ void pam_vsyslog(const pam_handle_t *pamh,
 {
 	pwrap_pam_vsyslog(pamh, priority, fmt, args);
 }
+#endif
 
+#ifdef HAVE_PAM_SYSLOG
 void pam_syslog(const pam_handle_t *pamh,
 	        int priority,
 	        const char *fmt, ...)
@@ -1331,6 +1495,7 @@ void pam_syslog(const pam_handle_t *pamh,
 	pwrap_pam_vsyslog(pamh, priority, fmt, args);
 	va_end(args);
 }
+#endif
 
 /****************************
  * DESTRUCTOR
diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py
index e65d3f8..2c74c0b 100755
--- a/tests/pypamtest_test.py
+++ b/tests/pypamtest_test.py
@@ -124,7 +124,7 @@ class PyPamTestRunTest(unittest.TestCase):
         self.assertRaisesRegexp(pypamtest.PamTestError,
                                 "Error \[2\]: Test case { pam_operation \[0\] "
                                 "expected_rv \[0\] flags \[0\] } "
-                                "retured \[7\]",
+                                "retured \[\d\]",
                                 pypamtest.run_pamtest,
                                 "neo", "matrix_py", [tc], [ neo_password ])
 
diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c
index c7afdac..957f95f 100644
--- a/tests/test_pam_wrapper.c
+++ b/tests/test_pam_wrapper.c
@@ -380,6 +380,8 @@ static void test_pam_env_functions(void **state)
 	assert_null(vlist[2]);
 	free_vlist(vlist);
 
+#ifndef HAVE_OPENPAM
+	/* OpenPAM does not support this feature */
 	rv = pam_putenv(test_ctx->ph, "KEY2");
 	assert_int_equal(rv, PAM_SUCCESS);
 
@@ -389,6 +391,7 @@ static void test_pam_env_functions(void **state)
 	assert_string_equal(vlist[0], "KEY=value");
 	assert_null(vlist[1]);
 	free_vlist(vlist);
+#endif
 }
 
 static const char *string_in_list(char **list, const char *key)
@@ -433,7 +436,13 @@ static void test_pam_session(void **state)
 
 	/* environment is cleared after session close */
 	assert_non_null(tests[3].case_out.envlist);
+#ifdef HAVE_OPENPAM
+	v = string_in_list(tests[3].case_out.envlist, "HOMEDIR");
+	assert_non_null(v);
+	assert_string_equal(v, "");
+#else
 	assert_null(tests[3].case_out.envlist[0]);
+#endif
 	pamtest_free_env(tests[3].case_out.envlist);
 }
 
@@ -555,11 +564,23 @@ static void test_pam_item_functions(void **state)
 	assert_int_equal(rv, PAM_SUCCESS);
 	assert_string_equal(item, "test_login");
 
-	rv = pam_get_item(test_ctx->ph, PAM_AUTHTOK, (const void **) &item);
+	rv = pam_set_item(test_ctx->ph, PAM_AUTHTOK, "mysecret");
+#ifdef HAVE_OPENPAM
+	/* OpenPAM allows PAM_AUTHTOK getset */
+	assert_int_equal(rv, PAM_SUCCESS);
+#else
 	assert_int_equal(rv, PAM_BAD_ITEM);
+#endif
 
-	rv = pam_set_item(test_ctx->ph, PAM_AUTHTOK, "mysecret");
+	rv = pam_get_item(test_ctx->ph, PAM_AUTHTOK, (const void **) &item);
+#ifdef HAVE_OPENPAM
+	/* OpenPAM allows PAM_AUTHTOK getset */
+	assert_int_equal(rv, PAM_SUCCESS);
+	assert_string_equal(item, "mysecret");
+#else
 	assert_int_equal(rv, PAM_BAD_ITEM);
+#endif
+
 }
 
 static int add_to_reply(struct pam_response *res,
@@ -752,6 +773,7 @@ static void test_pam_authenticate_db_opt_err(void **state)
 }
 
 
+#ifdef HAVE_PAM_VSYSLOG
 static void vsyslog_test_fn(const pam_handle_t *pamh,
 			    int priority,
 			    const char *fmt, ...)
@@ -772,6 +794,7 @@ static void test_pam_vsyslog(void **state)
 	pam_syslog(test_ctx->ph, LOG_INFO, "This is pam_wrapper test\n");
 	vsyslog_test_fn(test_ctx->ph, LOG_INFO, "This is pam_wrapper test\n");
 }
+#endif /* HAVE_PAM_VSYSLOG */
 
 static void test_libpamtest_strerror(void **state)
 {
@@ -812,9 +835,10 @@ static void test_libpamtest_strerror(void **state)
 
 static void test_get_set(void **state)
 {
+#ifndef HAVE_OPENPAM
 	const char *svc;
+#endif
 	enum pamtest_err perr;
-	const struct pam_testcase *failed_tc;
 	struct pam_testcase tests[] = {
 		pam_test(PAMTEST_OPEN_SESSION, PAM_SUCCESS),
 		pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS),
@@ -822,7 +846,9 @@ static void test_get_set(void **state)
 
 	(void) state;	/* unused */
 
+#ifndef HAVE_OPENPAM
 	test_setenv("PAM_SERVICE");
+#endif
 	test_setenv("PAM_USER");
 	test_setenv("PAM_USER_PROMPT");
 	test_setenv("PAM_TTY");
@@ -840,15 +866,15 @@ static void test_get_set(void **state)
 	perr = run_pamtest("pwrap_get_set", "trinity", NULL, tests);
 	assert_int_equal(perr, PAMTEST_ERR_OK);
 
-	/* PAM_SERVICE is a special case, libpam lowercases it */
+	/* PAM_SERVICE is a special case, Linux's libpam lowercases it.
+	 * OpenPAM only allows PAM_SERVICE to be set by pam_start()
+	 */
+#ifndef HAVE_OPENPAM
 	svc = string_in_list(tests[1].case_out.envlist, "PAM_SERVICE");
 	assert_non_null(svc);
 	assert_string_equal(svc, "test_pam_service");
+#endif
 
-	failed_tc = pamtest_failed_case(tests);
-	assert_null(failed_tc);
-
-	//test_getenv(tests[1].case_out.envlist, "PAM_SERVICE");
 	test_getenv(tests[1].case_out.envlist, "PAM_USER");
 	test_getenv(tests[1].case_out.envlist, "PAM_USER_PROMPT");
 	test_getenv(tests[1].case_out.envlist, "PAM_TTY");
@@ -975,9 +1001,11 @@ int main(void) {
 		cmocka_unit_test_setup_teardown(test_pam_authenticate_db_opt_err,
 						setup_ctx_only,
 						teardown_simple),
+#ifdef HAVE_PAM_VSYSLOG
 		cmocka_unit_test_setup_teardown(test_pam_vsyslog,
 						setup_noconv,
 						teardown),
+#endif
 		cmocka_unit_test_setup_teardown(test_libpamtest_keepopen,
 						setup_passdb,
 						teardown_passdb),
author	Andreas Schneider <asn@samba.org>	2015-11-20 15:03:25 +0100
committer	Andreas Schneider <asn@samba.org>	2015-12-10 13:31:20 +0100
commit	842720928bacb975a0c94ab80ec655d253ee6239 (patch)
tree	0a87c5fd6c53c9db1c5dbeac2956c7e5230aaf07
parent	8e060eff567d89dad3e035c830cee0e29810dc65 (diff)
download	pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.gz pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.xz pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.zip