From 622996a9a7d462cdb51cd2a2c5ecd3b00bb48b85 Mon Sep 17 00:00:00 2001
From: Jake Chen <jakechentw@gmail.com>
Date: Wed, 17 Jun 2020 15:25:39 +0800
Subject: Store password to cache only after passing all PAM checks, including
 account.

---
 tests/run.sh | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tests')

diff --git a/tests/run.sh b/tests/run.sh
index 5a2e291..4fcc98e 100755
--- a/tests/run.sh
+++ b/tests/run.sh
@@ -33,9 +33,14 @@ curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn | tee /
 
 if rpm -ql httpd | grep mod_authn_socache ; then
 	echo "Testing AuthBasicProvider socache PAM + AuthnCacheProvideFor PAM"
+	rm /etc/pam-account/bob
 	curl -s -D /dev/stdout -o /dev/null http://localhost/authn | tee /dev/stderr | grep 401
 	curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn-cached | tee /dev/stderr | grep 401
 	echo Secret > /etc/pam-auth/bob
+	curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn-cached | tee /dev/stderr | grep 401
+	# rerun the same request, verify that passing auth did not store password into cache
+	curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn-cached | tee /dev/stderr | grep 401
+	touch /etc/pam-account/bob
 	curl -u bob:Secret -s http://localhost/authn-cached | tee /dev/stderr | grep 'User bob'
 	echo Secret2 > /etc/pam-auth/bob
 	curl -u bob:Secret -s -D /dev/stdout -o /dev/null http://localhost/authn | tee /dev/stderr | grep 401
-- 
cgit