1 files changed, 210 insertions, 0 deletions

diff --git a/tests/wrap-pam.c b/tests/wrap-pam.c
new file mode 100644
index 0000000..bd728ac
--- /dev/null
+++ b/tests/wrap-pam.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2013 Red Hat, Inc.
+ *
+ * This Program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This Program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this Program; if not, write to the
+ *
+ *   Free Software Foundation, Inc.
+ *   59 Temple Place, Suite 330
+ *   Boston, MA 02111-1307 USA
+ *
+ */
+#define _GNU_SOURCE
+
+#include <sys/types.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <security/pam_appl.h>
+
+static const struct {
+	int value;
+	const char *name;
+} pam_errors[] = {
+	{PAM_SUCCESS, "SUCCESS"},
+	{PAM_SUCCESS, "0"},
+	{PAM_OPEN_ERR, "OPEN_ERR"},
+	{PAM_SYMBOL_ERR, "SYMBOL_ERR"},
+	{PAM_SERVICE_ERR, "SERVICE_ERR"},
+	{PAM_SYSTEM_ERR, "SYSTEM_ERR"},
+	{PAM_BUF_ERR, "BUF_ERR"},
+	{PAM_PERM_DENIED, "PERM_DENIED"},
+	{PAM_AUTH_ERR, "AUTH_ERR"},
+	{PAM_CRED_INSUFFICIENT, "CRED_INSUFFICIENT"},
+	{PAM_AUTHINFO_UNAVAIL, "AUTHINFO_UNAVAIL"},
+	{PAM_USER_UNKNOWN, "USER_UNKNOWN"},
+	{PAM_MAXTRIES, "MAXTRIES"},
+	{PAM_NEW_AUTHTOK_REQD, "NEW_AUTHTOK_REQD"},
+	{PAM_ACCT_EXPIRED, "ACCT_EXPIRED"},
+	{PAM_SESSION_ERR, "SESSION_ERR"},
+	{PAM_CRED_UNAVAIL, "CRED_UNAVAIL"},
+	{PAM_CRED_EXPIRED, "CRED_EXPIRED"},
+	{PAM_CRED_ERR, "CRED_ERR"},
+	{PAM_NO_MODULE_DATA, "NO_MODULE_DATA"},
+	{PAM_CONV_ERR, "CONV_ERR"},
+	{PAM_AUTHTOK_ERR, "AUTHTOK_ERR"},
+	{PAM_AUTHTOK_RECOVERY_ERR, "AUTHTOK_RECOVERY_ERR"},
+	{PAM_AUTHTOK_LOCK_BUSY, "AUTHTOK_LOCK_BUSY"},
+	{PAM_AUTHTOK_DISABLE_AGING, "AUTHTOK_DISABLE_AGING"},
+	{PAM_TRY_AGAIN, "TRY_AGAIN"},
+	{PAM_IGNORE, "IGNORE"},
+	{PAM_ABORT, "ABORT"},
+	{PAM_AUTHTOK_EXPIRED, "AUTHTOK_EXPIRED"},
+	{PAM_MODULE_UNKNOWN, "UNKNOWN"},
+	{PAM_BAD_ITEM, "BAD_ITEM"},
+	{PAM_CONV_AGAIN, "CONV_AGAIN"},
+	{PAM_INCOMPLETE, "INCOMPLETE"},
+};
+
+typedef struct pam_handle {
+	char *authtok, errbuf[LINE_MAX];
+	struct pam_conv conv;
+	int auth, acct;
+} pam_handle_t;
+
+static int
+pam_numerror(const char *name)
+{
+	unsigned int i, l;
+
+	for (i = 0; i < sizeof(pam_errors) / sizeof(pam_errors[0]); i++) {
+		l = strlen(pam_errors[i].name);
+		if (strncasecmp(pam_errors[i].name, name, l) == 0) {
+			return pam_errors[i].value;
+		}
+	}
+	return -1;
+}
+
+const char *
+pam_strerror(pam_handle_t *pamh, int errnum)
+{
+	unsigned int i;
+
+	for (i = 0; i < sizeof(pam_errors) / sizeof(pam_errors[0]); i++) {
+		if (pam_errors[i].value == errnum) {
+			return pam_errors[i].name;
+		}
+	}
+	snprintf(pamh->errbuf, sizeof(pamh->errbuf), "PAM error %d", errnum);
+	return pamh->errbuf;
+}
+
+int
+pam_start(const char *service_name, const char *user,
+	  const struct pam_conv *pam_conversation, pam_handle_t **pamh)
+{
+	FILE *fp;
+	char buf[LINE_MAX], *p, *q;
+	pam_handle_t *ret;
+
+	ret = calloc(1, sizeof(*ret));
+	if (ret == NULL) {
+		return PAM_BUF_ERR;
+	}
+	ret->conv = *pam_conversation;
+	if (getenv("WRAPPERS_PAM_CREDS") == NULL) {
+		return PAM_ABORT;
+	}
+	fp = fopen(getenv("WRAPPERS_PAM_CREDS"), "r");
+	if (fp == NULL) {
+		return PAM_ABORT;
+	}
+	while (fgets(buf, sizeof(buf), fp) != NULL) {
+		buf[strcspn(buf, "\r\n")] = '\0';
+		if ((strlen(buf) > strlen(user)) &&
+		    (strncmp(user, buf, strlen(user)) == 0) &&
+		    (buf[strlen(user)] == ':')) {
+			p = buf + strcspn(buf, ":");
+			if (*p != '\0') {
+				p++;
+				q = p + strcspn(p, ":");
+				ret->authtok = strndup(p, q - p);
+				p = q;
+			}
+			if (*p != '\0') {
+				p++;
+				q = p + strcspn(p, ":");
+				ret->auth = pam_numerror(p);
+				p = q;
+			}
+			if (*p != '\0') {
+				p++;
+				q = p + strcspn(p, ":");
+				ret->acct = pam_numerror(p);
+				p = q;
+			}
+			break;
+		}
+	}
+	fclose(fp);
+	*pamh = ret;
+	return PAM_SUCCESS;
+}
+
+int
+pam_end(pam_handle_t *pamh, int pam_status)
+{
+	if (pamh == NULL) {
+		return PAM_SYSTEM_ERR;
+	}
+	free(pamh->authtok);
+	free(pamh);
+	return PAM_SUCCESS;
+}
+
+int
+pam_authenticate(pam_handle_t *pamh, int flags)
+{
+	struct pam_response *resp;
+	struct pam_message messages[] = {
+		{.msg_style = PAM_PROMPT_ECHO_OFF, .msg = "Password: "},
+	};
+	const struct pam_message *msgs = &messages[0];
+	int ret;
+
+	resp = NULL;
+	if (pamh == NULL) {
+		return PAM_SYSTEM_ERR;
+	}
+	if (pamh->authtok == NULL) {
+		return pamh->auth ? pamh->auth : PAM_USER_UNKNOWN;
+	}
+	if (pamh->conv.conv == NULL) {
+		return PAM_CONV_ERR;
+	}
+	ret = pamh->conv.conv(1, &msgs, &resp, pamh->conv.appdata_ptr);
+	if (ret != PAM_SUCCESS) {
+		return ret;
+	}
+	if (strcmp(pamh->authtok, resp->resp) == 0) {
+		ret = pamh->auth;
+	} else {
+		ret = PAM_AUTH_ERR;
+	}
+	free(resp->resp);
+	free(resp);
+	return ret;
+}
+
+int
+pam_acct_mgmt(pam_handle_t *pamh, int flags)
+{
+	if (pamh == NULL) {
+		return PAM_SYSTEM_ERR;
+	}
+	return pamh->acct;
+}