1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
* Copyright (c) 2015 Andreas Schneider <asn@samba.org>
* Copyright (c) 2015 Jakub Hrozek <jakub.hrozek@posteo.se>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __LIBPAMTEST_H_
#define __LIBPAMTEST_H_
#include <stdint.h>
#include <security/pam_appl.h>
/* operations */
enum pamtest_ops {
/* These operations correspond to libpam ops */
PAMTEST_AUTHENTICATE,
PAMTEST_SETCRED,
PAMTEST_ACCOUNT,
PAMTEST_OPEN_SESSION,
PAMTEST_CLOSE_SESSION,
PAMTEST_CHAUTHTOK,
/* These operation affect test output */
PAMTEST_GETENVLIST, /* Call pam_getenvlist. */
PAMTEST_KEEPHANDLE, /* Don't call pam_end() but return handle */
/* The two below can't be set by API user, but are useful if pam_start()
* or pam_end() fails and the API user wants to find out what happened
* with pamtest_failed_case()
*/
PAMTEST_START,
PAMTEST_END,
/* Boundary.. */
PAMTEST_SENTINEL,
};
struct pamtest_case {
enum pamtest_ops pam_operation; /* The pam operation to run */
int expected_rv; /* What we expect the op to return */
int flags; /* Extra flags to pass to the op */
int op_rv; /* What the op really returns */
union {
char **envlist; /* output of PAMTEST_ENVLIST */
pam_handle_t *ph; /* output of PAMTEST_KEEPHANDLE */
} case_out; /* depends on pam_operation, mostly unused */
};
enum pamtest_err {
PAMTEST_ERR_OK, /* Testcases returns correspond with input */
PAMTEST_ERR_START, /* pam_start() failed */
PAMTEST_ERR_CASE, /* A testcase failed. Use pamtest_failed_case */
PAMTEST_ERR_OP, /* Could not run a test case */
PAMTEST_ERR_END, /* pam_end failed */
PAMTEST_ERR_KEEPHANDLE, /* Handled internally */
PAMTEST_ERR_INTERNAL, /* Internal error - bad input or similar */
};
typedef int (*pam_conv_fn)(int num_msg,
const struct pam_message **msg,
struct pam_response **resp,
void *appdata_ptr);
enum pamtest_err pamtest_ex(const char *service,
const char *user,
pam_conv_fn conv_fn,
void *conv_userdata,
struct pamtest_case *test_cases);
void pamtest_free_env(char **envlist);
const struct pamtest_case *pamtest_failed_case(struct pamtest_case *test_cases);
enum pamtest_err pamtest(const char *service,
const char *user,
void *conv_userdata,
struct pamtest_case *test_cases);
#endif /* __LIBPAMTEST_H_ */
|