diff options
author | Andreas Schneider <asn@samba.org> | 2015-11-20 15:03:25 +0100 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2015-12-10 13:31:20 +0100 |
commit | 842720928bacb975a0c94ab80ec655d253ee6239 (patch) | |
tree | 0a87c5fd6c53c9db1c5dbeac2956c7e5230aaf07 | |
parent | 8e060eff567d89dad3e035c830cee0e29810dc65 (diff) | |
download | pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.gz pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.tar.xz pam_wrapper-842720928bacb975a0c94ab80ec655d253ee6239.zip |
pam_matrix: Add OpenPAM (BSD) support
Includes:
- pwrap: Fix errno if ENODATA is not available
- nwrap: Add FTW return values if not defined
- pwrap: Add support for BSD prompt and strerror functions
- pwrap: Add detection for pam_syslog and pam_vsyslog
-rw-r--r-- | ConfigureChecks.cmake | 35 | ||||
-rw-r--r-- | config.h.cmake | 10 | ||||
-rw-r--r-- | include/pwrap_compat.h | 8 | ||||
-rw-r--r-- | src/CMakeLists.txt | 16 | ||||
-rw-r--r-- | src/modules/pam_matrix.c | 27 | ||||
-rw-r--r-- | src/modules/pam_set_items.c | 4 | ||||
-rw-r--r-- | src/pam_wrapper.c | 185 | ||||
-rwxr-xr-x | tests/pypamtest_test.py | 2 | ||||
-rw-r--r-- | tests/test_pam_wrapper.c | 44 |
9 files changed, 308 insertions, 23 deletions
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index ca9626e..f3383f9 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -46,6 +46,29 @@ check_function_exists(strncpy HAVE_STRNCPY) check_function_exists(vsnprintf HAVE_VSNPRINTF) check_function_exists(snprintf HAVE_SNPRINTF) +set(CMAKE_REQUIRED_LIBRARIES pam) +check_function_exists(pam_vsyslog HAVE_PAM_VSYSLOG) +check_function_exists(pam_syslog HAVE_PAM_SYSLOG) +set(CMAKE_REQUIRED_LIBRARIES) + +check_prototype_definition(pam_vprompt + "int pam_vprompt(const pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, va_list _ap)" + "-1" + "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h" + HAVE_PAM_VPROMPT_CONST) + +check_prototype_definition(pam_prompt + "int pam_prompt(const pam_handle_t *_pamh, int _style, char **_resp, const char *_fmt, ...)" + "-1" + "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h" + HAVE_PAM_PROMPT_CONST) + +check_prototype_definition(pam_strerror + "const char *pam_strerror(const pam_handle_t *_pamh, int _error_number)" + "NULL" + "stdio.h;sys/types.h;security/pam_appl.h;security/pam_modules.h" + HAVE_PAM_STRERROR_CONST) + # LIBRARIES find_library(PAM_LIBRARY NAMES libpam.so.0 pam) set(PAM_LIBRARY ${PAM_LIBRARY}) @@ -54,6 +77,13 @@ if (PAM_MISC_LIBRARY) set(HAVE_PAM_MISC TRUE) endif() +check_library_exists(${PAM_LIBRARY} openpam_set_option "" HAVE_OPENPAM) + +# PAM FUNCTIONS +set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${PAM_LIBRARY}) +check_function_exists(pam_syslog HAVE_PAM_SYSLOG) +check_function_exists(pam_vsyslog HAVE_PAM_VSYSLOG) + # OPTIONS if (LINUX) @@ -67,6 +97,11 @@ if (LINUX) set(CMAKE_REQUIRED_DEFINITIONS) endif (LINUX) +# COMPAT +if (HAVE_OPENPAM_H) + set(HAVE_OPENPAM 1) +endif () + check_c_source_compiles(" #include <stdbool.h> int main(void) { diff --git a/config.h.cmake b/config.h.cmake index e864bee..9888219 100644 --- a/config.h.cmake +++ b/config.h.cmake @@ -19,12 +19,22 @@ #cmakedefine HAVE_SECURITY_PAM_APPL_H 1 #cmakedefine HAVE_SECURITY_PAM_MODULES_H 1 #cmakedefine HAVE_SECURITY_PAM_EXT_H 1 +#cmakedefine HAVE_OPENPAM ${HAVE_OPENPAM} +#cmakedefine HAVE_PAM_SYSLOG 1 +#cmakedefine HAVE_PAM_VSYSLOG 1 /*************************** FUNCTIONS ***************************/ /* Define to 1 if you have the `seteuid' function. */ #cmakedefine HAVE_SETEUID 1 +#cmakedefine HAVE_PAM_VSYSLOG 1 +#cmakedefine HAVE_PAM_SYSLOG 1 + +#cmakedefine HAVE_PAM_VPROMPT_CONST 1 +#cmakedefine HAVE_PAM_PROMPT_CONST 1 +#cmakedefine HAVE_PAM_STRERROR_CONST 1 + /*************************** LIBRARIES ***************************/ #cmakedefine PAM_LIBRARY "${PAM_LIBRARY}" diff --git a/include/pwrap_compat.h b/include/pwrap_compat.h index 45d7885..a30df15 100644 --- a/include/pwrap_compat.h +++ b/include/pwrap_compat.h @@ -16,7 +16,15 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#ifdef HAVE_OPENPAM +#include <security/openpam.h> +#endif + /* OpenPAM doesn't define PAM_BAD_ITEM */ #ifndef PAM_BAD_ITEM #define PAM_BAD_ITEM PAM_SYSTEM_ERR #endif /* PAM_BAD_ITEM */ + +#ifndef ENODATA +#define ENODATA EPIPE +#endif diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 6e37c32..80b19d3 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -8,9 +8,14 @@ include_directories(${CMAKE_BINARY_DIR}) add_library(pam_wrapper SHARED pam_wrapper.c) -target_link_libraries(pam_wrapper - ${PAMWRAP_REQUIRED_LIBRARIES} - ${CMAKE_THREAD_LIBS_INIT}) +set(PAM_WRAPPER_LIBRARIES + ${PAMWRAP_REQUIRED_LIBRARIES} + ${CMAKE_THREAD_LIBS_INIT}) +if (HAVE_OPENPAM) + list(APPEND PAM_WRAPPER_LIBRARIES pam) +endif (HAVE_OPENPAM) + +target_link_libraries(pam_wrapper ${PAM_WRAPPER_LIBRARIES}) set_target_properties( pam_wrapper @@ -42,6 +47,11 @@ set(pamtest_HEADERS ) include_directories(${CMAKE_SOURCE_DIR}/include) +set(PAM_LIBRARIES pam) +if (HAVE_PAM_MISC) + list(APPEND PAM_LIBRARIES pam_misc) +endif (HAVE_PAM_MISC) + add_library(pamtest SHARED ${pamtest_SOURCES} ${pamtest_HEADERS} diff --git a/src/modules/pam_matrix.c b/src/modules/pam_matrix.c index 870625b..89fdd56 100644 --- a/src/modules/pam_matrix.c +++ b/src/modules/pam_matrix.c @@ -23,11 +23,21 @@ #include <pwd.h> #include <stdlib.h> #include <stdio.h> +#include <stdint.h> #include <string.h> #include <unistd.h> #include <ctype.h> #include <errno.h> #include <time.h> +#include <stdint.h> + +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + +#ifndef discard_const_p +#define discard_const_p(type, ptr) ((type *)discard_const(ptr)) +#endif #ifdef HAVE_SECURITY_PAM_APPL_H #include <security/pam_appl.h> @@ -81,6 +91,14 @@ } \ } while(0); +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + +#ifndef discard_const_p +#define discard_const_p(type, ptr) ((type *)discard_const(ptr)) +#endif + struct pam_lib_items { const char *username; const char *service; @@ -301,7 +319,7 @@ static int pam_matrix_conv(pam_handle_t *pamh, } pam_msg->msg_style = msg_style; - pam_msg->msg = msg; + pam_msg->msg = discard_const_p(char, msg); if (msg_style == PAM_PROMPT_ECHO_ON || msg_style == PAM_PROMPT_ECHO_OFF) { @@ -710,7 +728,14 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, goto done; } +#if HAVE_OPENPAM + /* OpenPAM does not support unsetting variable, set it to + * and empty string instead + */ + rv = pam_putenv(pamh, HOME_VAR"="); +#else rv = pam_putenv(pamh, HOME_VAR); +#endif if (rv != PAM_SUCCESS) { goto done; } diff --git a/src/modules/pam_set_items.c b/src/modules/pam_set_items.c index ae6ef9f..22c2c56 100644 --- a/src/modules/pam_set_items.c +++ b/src/modules/pam_set_items.c @@ -33,7 +33,9 @@ #define ITEM_FILE_KEY "item_file=" static const char *envs[] = { +#ifndef HAVE_OPENPAM "PAM_SERVICE", +#endif "PAM_USER", "PAM_USER_PROMPT", "PAM_TTY", @@ -51,7 +53,9 @@ static const char *envs[] = { }; static const int items[] = { +#ifndef HAVE_OPENPAM PAM_SERVICE, +#endif PAM_USER, PAM_USER_PROMPT, PAM_TTY, diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c index 59455f5..662b8b1 100644 --- a/src/pam_wrapper.c +++ b/src/pam_wrapper.c @@ -33,6 +33,7 @@ #include <dlfcn.h> #include <libgen.h> #include <signal.h> +#include <limits.h> #include <ftw.h> @@ -83,6 +84,14 @@ #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0) #endif +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + +#ifndef discard_const_p +#define discard_const_p(type, ptr) ((type *)discard_const(ptr)) +#endif + /***************** * LOGGING *****************/ @@ -203,12 +212,15 @@ typedef int (*__libpam_pam_vprompt)(pam_handle_t *pamh, const char *fmt, va_list args); -typedef const char * (*__libpam_pam_strerror)(pam_handle_t *pamh, int errnum); +typedef const char * (*__libpam_pam_strerror)(pam_handle_t *pamh, + int errnum); +#ifdef HAVE_PAM_VSYSLOG typedef void (*__libpam_pam_vsyslog)(const pam_handle_t *pamh, int priority, const char *fmt, va_list args); +#endif #define PWRAP_SYMBOL_ENTRY(i) \ union { \ @@ -234,7 +246,9 @@ struct pwrap_libpam_symbols { PWRAP_SYMBOL_ENTRY(pam_set_data); PWRAP_SYMBOL_ENTRY(pam_vprompt); PWRAP_SYMBOL_ENTRY(pam_strerror); +#ifdef HAVE_PAM_VSYSLOG PWRAP_SYMBOL_ENTRY(pam_vsyslog); +#endif }; struct pwrap { @@ -282,6 +296,8 @@ static void *pwrap_load_lib_handle(enum pwrap_lib lib) if (handle == NULL) { handle = dlopen(pwrap.libpam_so, flags); if (handle != NULL) { + PWRAP_LOG(PWRAP_LOG_DEBUG, + "Opened %s\n", pwrap.libpam_so); pwrap.libpam.handle = handle; break; } @@ -469,13 +485,18 @@ static int libpam_pam_vprompt(pam_handle_t *pamh, args); } +#ifdef HAVE_PAM_STRERROR_CONST +static const char *libpam_pam_strerror(const pam_handle_t *pamh, int errnum) +#else static const char *libpam_pam_strerror(pam_handle_t *pamh, int errnum) +#endif { pwrap_bind_symbol_libpam(pam_strerror); - return pwrap.libpam.symbols._libpam_pam_strerror.f(pamh, errnum); + return pwrap.libpam.symbols._libpam_pam_strerror.f(discard_const_p(pam_handle_t, pamh), errnum); } +#ifdef HAVE_PAM_VSYSLOG static void libpam_pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, @@ -488,6 +509,7 @@ static void libpam_pam_vsyslog(const pam_handle_t *pamh, fmt, args); } +#endif /********************************************************* * PWRAP INIT @@ -548,7 +570,7 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod /* done */ break; } else if (bread < 0) { - errno = ENODATA; + errno = EIO; rc = -1; goto out; } @@ -570,7 +592,7 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod bwritten = write(dstfd, buf, bread); if (bwritten < 0) { - errno = ENODATA; + errno = EIO; rc = -1; goto out; } @@ -593,6 +615,24 @@ out: return rc; } +/* Do not pass any flag if not defined */ +#ifndef FTW_ACTIONRETVAL +#define FTW_ACTIONRETVAL 0 +#endif + +/* Action return values */ +#ifndef FTW_STOP +#define FTW_STOP -1 +#endif + +#ifndef FTW_CONTINUE +#define FTW_CONTINUE 0 +#endif + +#ifndef FTW_SKIP_SUBTREE +#define FTW_SKIP_SUBTREE 0 +#endif + static int copy_ftw(const char *fpath, const struct stat *sb, int typeflag, @@ -926,6 +966,56 @@ void pwrap_constructor(void) } +#ifdef HAVE_OPENPAM +static int pwrap_openpam_start(const char *service_name, + const char *user, + const struct pam_conv *pam_conversation, + pam_handle_t **pamh) +{ + int rv; + char fullpath[1024]; + + rv = openpam_set_feature(OPENPAM_RESTRICT_SERVICE_NAME, 0); + if (rv != PAM_SUCCESS) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Cannot disable OPENPAM_RESTRICT_SERVICE_NAME"); + return rv; + } + + rv = openpam_set_feature(OPENPAM_RESTRICT_MODULE_NAME, 0); + if (rv != PAM_SUCCESS) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Cannot disable OPENPAM_RESTRICT_MODULE_NAME"); + return rv; + } + + rv = openpam_set_feature(OPENPAM_VERIFY_MODULE_FILE, 0); + if (rv != PAM_SUCCESS) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Cannot disable OPENPAM_VERIFY_MODULE_FILE"); + return rv; + } + + rv = openpam_set_feature(OPENPAM_VERIFY_POLICY_FILE, 0); + if (rv != PAM_SUCCESS) { + PWRAP_LOG(PWRAP_LOG_ERROR, + "Cannot disable OPENPAM_VERIFY_POLICY_FILE"); + return rv; + } + + snprintf(fullpath, + sizeof(fullpath), + "%s/%s", + pwrap.config_dir, + service_name); + + return libpam_pam_start(fullpath, + user, + pam_conversation, + pamh); +} +#endif + static int pwrap_pam_start(const char *service_name, const char *user, const struct pam_conv *pam_conversation, @@ -936,10 +1026,17 @@ static int pwrap_pam_start(const char *service_name, service_name, user); +#ifdef HAVE_OPENPAM + return pwrap_openpam_start(service_name, + user, + pam_conversation, + pamh); +#else return libpam_pam_start(service_name, user, pam_conversation, pamh); +#endif } @@ -1062,11 +1159,31 @@ int pam_setcred(pam_handle_t *pamh, int flags) return pwrap_pam_setcred(pamh, flags); } +static const char *pwrap_get_service(const char *libpam_service) +{ +#ifdef HAVE_OPENPAM + const char *service_name; + + PWRAP_LOG(PWRAP_LOG_TRACE, + "internal PAM_SERVICE=%s", libpam_service); + service_name = strrchr(libpam_service, '/'); + if (service_name != NULL && service_name[0] == '/') { + service_name++; + } + PWRAP_LOG(PWRAP_LOG_TRACE, + "PAM_SERVICE=%s", service_name); + return service_name; +#else + return libpam_service; +#endif +} + static int pwrap_pam_get_item(const pam_handle_t *pamh, int item_type, const void **item) { int rc; + const char *svc; PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_get_item called"); @@ -1080,9 +1197,12 @@ static int pwrap_pam_get_item(const pam_handle_t *pamh, (char *) *item); break; case PAM_SERVICE: + svc = pwrap_get_service((const char *) *item); + PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_get_item PAM_SERVICE=%s", - (char *) *item); + (char *) svc); + *item = svc; break; case PAM_USER_PROMPT: PWRAP_LOG(PWRAP_LOG_TRACE, @@ -1250,41 +1370,76 @@ int pam_set_data(pam_handle_t *pamh, return pwrap_pam_set_data(pamh, module_data_name, data, cleanup); } +#ifdef HAVE_PAM_VPROMPT_CONST +static int pwrap_pam_vprompt(const pam_handle_t *pamh, +#else static int pwrap_pam_vprompt(pam_handle_t *pamh, +#endif int style, char **response, const char *fmt, va_list args) { PWRAP_LOG(PWRAP_LOG_TRACE, "pwrap_pam_vprompt style=%d", style); - return libpam_pam_vprompt(pamh, style, response, fmt, args); + return libpam_pam_vprompt(discard_const_p(pam_handle_t, pamh), + style, + response, + fmt, + args); } +#ifdef HAVE_PAM_VPROMPT_CONST +int pam_vprompt(const pam_handle_t *pamh, + int style, + char **response, + const char *fmt, + va_list args) +#else int pam_vprompt(pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args) +#endif { - return pwrap_pam_vprompt(pamh, style, response, fmt, args); + return pwrap_pam_vprompt(discard_const_p(pam_handle_t, pamh), + style, + response, + fmt, + args); } +#ifdef HAVE_PAM_PROMPT_CONST +int pam_prompt(const pam_handle_t *pamh, + int style, + char **response, + const char *fmt, ...) +#else int pam_prompt(pam_handle_t *pamh, int style, char **response, const char *fmt, ...) +#endif { va_list args; int rv; va_start(args, fmt); - rv = pwrap_pam_vprompt(pamh, style, response, fmt, args); + rv = pwrap_pam_vprompt(discard_const_p(pam_handle_t, pamh), + style, + response, + fmt, + args); va_end(args); return rv; } +#ifdef HAVE_PAM_STRERROR_CONST +static const char *pwrap_pam_strerror(const pam_handle_t *pamh, int errnum) +#else static const char *pwrap_pam_strerror(pam_handle_t *pamh, int errnum) +#endif { const char *str; @@ -1292,18 +1447,25 @@ static const char *pwrap_pam_strerror(pam_handle_t *pamh, int errnum) PWRAP_LOG(PWRAP_LOG_TRACE, "pam_strerror errnum=%d", errnum); - str = libpam_pam_strerror(pamh, errnum); + str = libpam_pam_strerror(discard_const_p(pam_handle_t, pamh), + errnum); PWRAP_LOG(PWRAP_LOG_TRACE, "pam_strerror error=%s", str); return str; } +#ifdef HAVE_PAM_STRERROR_CONST +const char *pam_strerror(const pam_handle_t *pamh, int errnum) +#else const char *pam_strerror(pam_handle_t *pamh, int errnum) +#endif { - return pwrap_pam_strerror(pamh, errnum); + return pwrap_pam_strerror(discard_const_p(pam_handle_t, pamh), + errnum); } +#ifdef HAVE_PAM_VSYSLOG static void pwrap_pam_vsyslog(const pam_handle_t *pamh, int priority, const char *fmt, @@ -1320,7 +1482,9 @@ void pam_vsyslog(const pam_handle_t *pamh, { pwrap_pam_vsyslog(pamh, priority, fmt, args); } +#endif +#ifdef HAVE_PAM_SYSLOG void pam_syslog(const pam_handle_t *pamh, int priority, const char *fmt, ...) @@ -1331,6 +1495,7 @@ void pam_syslog(const pam_handle_t *pamh, pwrap_pam_vsyslog(pamh, priority, fmt, args); va_end(args); } +#endif /**************************** * DESTRUCTOR diff --git a/tests/pypamtest_test.py b/tests/pypamtest_test.py index e65d3f8..2c74c0b 100755 --- a/tests/pypamtest_test.py +++ b/tests/pypamtest_test.py @@ -124,7 +124,7 @@ class PyPamTestRunTest(unittest.TestCase): self.assertRaisesRegexp(pypamtest.PamTestError, "Error \[2\]: Test case { pam_operation \[0\] " "expected_rv \[0\] flags \[0\] } " - "retured \[7\]", + "retured \[\d\]", pypamtest.run_pamtest, "neo", "matrix_py", [tc], [ neo_password ]) diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c index c7afdac..957f95f 100644 --- a/tests/test_pam_wrapper.c +++ b/tests/test_pam_wrapper.c @@ -380,6 +380,8 @@ static void test_pam_env_functions(void **state) assert_null(vlist[2]); free_vlist(vlist); +#ifndef HAVE_OPENPAM + /* OpenPAM does not support this feature */ rv = pam_putenv(test_ctx->ph, "KEY2"); assert_int_equal(rv, PAM_SUCCESS); @@ -389,6 +391,7 @@ static void test_pam_env_functions(void **state) assert_string_equal(vlist[0], "KEY=value"); assert_null(vlist[1]); free_vlist(vlist); +#endif } static const char *string_in_list(char **list, const char *key) @@ -433,7 +436,13 @@ static void test_pam_session(void **state) /* environment is cleared after session close */ assert_non_null(tests[3].case_out.envlist); +#ifdef HAVE_OPENPAM + v = string_in_list(tests[3].case_out.envlist, "HOMEDIR"); + assert_non_null(v); + assert_string_equal(v, ""); +#else assert_null(tests[3].case_out.envlist[0]); +#endif pamtest_free_env(tests[3].case_out.envlist); } @@ -555,11 +564,23 @@ static void test_pam_item_functions(void **state) assert_int_equal(rv, PAM_SUCCESS); assert_string_equal(item, "test_login"); - rv = pam_get_item(test_ctx->ph, PAM_AUTHTOK, (const void **) &item); + rv = pam_set_item(test_ctx->ph, PAM_AUTHTOK, "mysecret"); +#ifdef HAVE_OPENPAM + /* OpenPAM allows PAM_AUTHTOK getset */ + assert_int_equal(rv, PAM_SUCCESS); +#else assert_int_equal(rv, PAM_BAD_ITEM); +#endif - rv = pam_set_item(test_ctx->ph, PAM_AUTHTOK, "mysecret"); + rv = pam_get_item(test_ctx->ph, PAM_AUTHTOK, (const void **) &item); +#ifdef HAVE_OPENPAM + /* OpenPAM allows PAM_AUTHTOK getset */ + assert_int_equal(rv, PAM_SUCCESS); + assert_string_equal(item, "mysecret"); +#else assert_int_equal(rv, PAM_BAD_ITEM); +#endif + } static int add_to_reply(struct pam_response *res, @@ -752,6 +773,7 @@ static void test_pam_authenticate_db_opt_err(void **state) } +#ifdef HAVE_PAM_VSYSLOG static void vsyslog_test_fn(const pam_handle_t *pamh, int priority, const char *fmt, ...) @@ -772,6 +794,7 @@ static void test_pam_vsyslog(void **state) pam_syslog(test_ctx->ph, LOG_INFO, "This is pam_wrapper test\n"); vsyslog_test_fn(test_ctx->ph, LOG_INFO, "This is pam_wrapper test\n"); } +#endif /* HAVE_PAM_VSYSLOG */ static void test_libpamtest_strerror(void **state) { @@ -812,9 +835,10 @@ static void test_libpamtest_strerror(void **state) static void test_get_set(void **state) { +#ifndef HAVE_OPENPAM const char *svc; +#endif enum pamtest_err perr; - const struct pam_testcase *failed_tc; struct pam_testcase tests[] = { pam_test(PAMTEST_OPEN_SESSION, PAM_SUCCESS), pam_test(PAMTEST_GETENVLIST, PAM_SUCCESS), @@ -822,7 +846,9 @@ static void test_get_set(void **state) (void) state; /* unused */ +#ifndef HAVE_OPENPAM test_setenv("PAM_SERVICE"); +#endif test_setenv("PAM_USER"); test_setenv("PAM_USER_PROMPT"); test_setenv("PAM_TTY"); @@ -840,15 +866,15 @@ static void test_get_set(void **state) perr = run_pamtest("pwrap_get_set", "trinity", NULL, tests); assert_int_equal(perr, PAMTEST_ERR_OK); - /* PAM_SERVICE is a special case, libpam lowercases it */ + /* PAM_SERVICE is a special case, Linux's libpam lowercases it. + * OpenPAM only allows PAM_SERVICE to be set by pam_start() + */ +#ifndef HAVE_OPENPAM svc = string_in_list(tests[1].case_out.envlist, "PAM_SERVICE"); assert_non_null(svc); assert_string_equal(svc, "test_pam_service"); +#endif - failed_tc = pamtest_failed_case(tests); - assert_null(failed_tc); - - //test_getenv(tests[1].case_out.envlist, "PAM_SERVICE"); test_getenv(tests[1].case_out.envlist, "PAM_USER"); test_getenv(tests[1].case_out.envlist, "PAM_USER_PROMPT"); test_getenv(tests[1].case_out.envlist, "PAM_TTY"); @@ -975,9 +1001,11 @@ int main(void) { cmocka_unit_test_setup_teardown(test_pam_authenticate_db_opt_err, setup_ctx_only, teardown_simple), +#ifdef HAVE_PAM_VSYSLOG cmocka_unit_test_setup_teardown(test_pam_vsyslog, setup_noconv, teardown), +#endif cmocka_unit_test_setup_teardown(test_libpamtest_keepopen, setup_passdb, teardown_passdb), |