test_pam_srv.c revision c8fe1d922b254aa92e74f428135ada3c8bde87a1
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen Sumit Bose <sbose@redhat.com>
16f816d3f3c32ae3351834253f52ddd0212bcbf3Timo Sirainen Copyright (C) 2015 Red Hat
a2f250a332dfc1e6cd4ffd196c621eb9dbf7b8a1Timo Sirainen SSSD tests: PAM responder tests
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen This program is free software; you can redistribute it and/or modify
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen it under the terms of the GNU General Public License as published by
463e82bdf0e990f4f2252d2b53ea23a5abe5883cTimo Sirainen the Free Software Foundation; either version 3 of the License, or
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen (at your option) any later version.
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen This program is distributed in the hope that it will be useful,
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen GNU General Public License for more details.
2c677e9d339bc91d5b54376ba2986f71476c06abTimo Sirainen You should have received a copy of the GNU General Public License
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
2c677e9d339bc91d5b54376ba2986f71476c06abTimo Sirainen"MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainen"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA2MjMx" \
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen"NjMyMDdaFw0xNzA2MjMxNjMyMDdaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
945631faab2bf1aed8d95a1fd0c317a9ce153725Timo Sirainen"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen"ADCCAQoCggEBALXUq56VlY+Z0aWLLpFAjFfbElPBXGQsbZb85J3cGyPjaMHC9wS+" \
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen"wjB6Ve4HmQyPLx8hbINdDmbawMHYQvTScLYfsqLtj0Lqw20sUUmedk+Es5Oh9VHo" \
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen"nd8MavYx25Du2u+T0iSgNIDikXguiwCmtAj8VC49ebbgITcjJGzMmiiuJkV3o93Y" \
e6d7d19c328e7043ad35d5a52c1617bde915a16fTimo Sirainen"vvYF0VjLGDQbQWOy7IxzYJeNVJnZWKo67CHdok6qOrm9rxQt81rzwV/mGLbCMUbr" \
d7095f3a4466fbb78b2d5eb3d322bc15a5b0ab1fTimo Sirainen"+N4M8URtd7EmzaYZQmNm//s2owFrCYMxpLiURPj+URZVuB72504/Ix7X0HCbA/AV" \
153de7823e64c67678b3fc95719c41a8ec5b864dTimo Sirainen"26J27fPY5nc8DMwfhUDCbTqPH/JEjd3mvY8CAwEAAaOCASYwggEiMB8GA1UdIwQY" \
153de7823e64c67678b3fc95719c41a8ec5b864dTimo Sirainen"MBaAFJOq+KAQmPEnNp8Wok23eGTdE7aDMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
f81a4d2002da0db33d11ca694d3a91b3ee2a0fdbTimo Sirainen"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
b0be0bead3d6963149f7f2a9504b8ab5aced9af5Timo Sirainen"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
bbf796c17f02538058d7559bfe96d677e5b55015Timo Sirainen"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
e6d7d19c328e7043ad35d5a52c1617bde915a16fTimo Sirainen"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
8d131435ba4648c8821160ec38d508c97177c715Timo Sirainen"IEF1dGhvcml0eTAdBgNVHQ4EFgQUFaDNd5a53QGpaw5m63hnwXicMQ8wDQYJKoZI" \
9315dd69233d554452df0c12bc57002d2042a8f4Timo Sirainen"hvcNAQELBQADggEBADH7Nj00qqGhGJeXJQAsepqSskz/wooqXh8vgVyb8SS4N0/c" \
7de1c472fd23ddac6b4dc5cbeee6fa6a8418b071Timo Sirainen"0aQtVmY81xamlXE12ZFpwDX43d+EufBkwCUKFX/+8JFDd2doAyeJxv1xM22kKRpc" \
7de1c472fd23ddac6b4dc5cbeee6fa6a8418b071Timo Sirainen"AqITPgMsa9ToGMWxjbVpc/X/5YfZixWPF0/eZUTotBj9oaR039UrhGfyN7OguF/G" \
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen"rzmxtB5y4ZrMpcD/Oe90mkd9HY7sA/fB8OWOUgeRfQoh97HNS0UiDWsPtfxmjQG5" \
538c58fc95200fcc5e91abdda8b912b574a2f968Timo Sirainen"zotpoBIZmdH+ipYsu58HohHVlM9Wi5H4QmiiXl+Soldkq7eXYlafcmT7wv8+cKwz" \
a28a6267f48971117dec958b160deefd14ebb7a6Timo Sirainen"Nz0Tm3+eYpFqRo3skr6QzXi525Jkg3r6r+kkhxU=" \
a28a6267f48971117dec958b160deefd14ebb7a6Timo Sirainen/* Must be global because it is needed in some wrappers */
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "Failed to create " NSS_DB_PATH ".\n");
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen ret = execlp("certutil", "certutil", "-N", "--empty-password", "-d",
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "execl() failed.\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen } else if (child_pid > 0) {
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "fork() failed\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "fopen() failed.\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen ret = fprintf(fp, "library=libsoftokn3.so\nname=soft\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
1cad0dd34667548ba39f794ddeb9fc486cf4c666Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "fclose() failed.\n");
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainenstatic void cleanup_nss_db(void)
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Failed to remove cert9.db.\n");
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Failed to remove key4.db.\n");
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Failed to remove pkcs11.db.\n");
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, "Failed to remove " NSS_DB_PATH "\n");
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen ret = sss_hash_create(pctx, 10, &pctx->id_table);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainenstatic int add_confdb_params(struct sss_test_conf_param params[],
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainen ret = confdb_add_param(cdb, true, section, params[i].key, val);
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainenstatic int add_pam_params(struct sss_test_conf_param pam_params[],
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen return add_confdb_params(pam_params, cdb, CONFDB_PAM_CONF_ENTRY);
9315dd69233d554452df0c12bc57002d2042a8f4Timo Sirainenstatic int add_monitor_params(struct sss_test_conf_param monitor_params[],
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen return add_confdb_params(monitor_params, cdb, CONFDB_MONITOR_CONF_ENTRY);
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainenvoid test_pam_setup(struct sss_test_conf_param dom_params[],
31050c3df6cbe403e8ced8ef11b5c4e12124d354Timo Sirainen pam_test_ctx = talloc_zero(NULL, struct pam_test_ctx);
68b3667c9ee95951d7c3e03b19b2d37abbaa5736Timo Sirainen pam_test_ctx->tctx = create_dom_test_ctx(pam_test_ctx, TESTS_PATH,
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen /* FIXME - perhaps this should be folded into sssd_domain_init or stricty
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen * used together
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = sss_names_init(pam_test_ctx, pam_test_ctx->tctx->confdb,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen TEST_DOM_NAME, &pam_test_ctx->tctx->dom->names);
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen /* Initialize the PAM responder */
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pam_test_ctx->rctx = mock_rctx(pam_test_ctx, pam_test_ctx->tctx->ev,
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pam_test_ctx->rctx->cdb = pam_test_ctx->tctx->confdb;
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pam_test_ctx->pctx->rctx = pam_test_ctx->rctx;
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb);
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen ret = add_monitor_params(monitor_params, pam_test_ctx->rctx->cdb);
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen /* Create client context */
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pam_test_ctx->cctx = mock_cctx(pam_test_ctx, pam_test_ctx->rctx);
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pam_test_ctx->cctx->ev = pam_test_ctx->tctx->ev;
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen prctx->cli_protocol_version = register_cli_protocol_version();
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen assert_non_null(pam_test_ctx->wrong_user_fqdn);
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen /* Prime the cache with a valid user */
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen /* Add entry to the initgr cache to make sure no initgr request is sent to
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen * the backend */
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen ret = pam_initgr_cache_set(pam_test_ctx->pctx->rctx->ev,
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen /* Prime the cache with a user for wrong matches */
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen /* Add entry to the initgr cache to make sure no initgr request is sent to
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen * the backend */
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen ret = pam_initgr_cache_set(pam_test_ctx->pctx->rctx->ev,
bddd52cb7f3e5a894c080f60750aa76b5aeaf103Timo Sirainen struct sss_test_conf_param monitor_params[] = {
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainen test_pam_setup(dom_params, pam_params, monitor_params, state);
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainenstatic int pam_test_setup_no_verification(void **state)
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainen struct sss_test_conf_param monitor_params[] = {
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainen { "certificate_verification", "no_verification" },
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen test_pam_setup(dom_params, pam_params, monitor_params, state);
9f19a50d5966643c4d1c5ca06868ac2ad31bc4d5Timo Sirainen#endif /* HAVE_NSS */
ad48319996942463675b53877092ab7e13a7a75aTimo Sirainen { "cached_auth_timeout", CACHED_AUTH_TIMEOUT_STR },
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen struct sss_test_conf_param monitor_params[] = {
cd5ee8630497fdbd853ef588a858b4ef619a5e03Timo Sirainen test_pam_setup(dom_params, pam_params, monitor_params, state);
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen ret = sysdb_delete_user(pam_test_ctx->tctx->dom,
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen ret = sysdb_delete_user(pam_test_ctx->tctx->dom,
a28a6267f48971117dec958b160deefd14ebb7a6Timo Sirainentypedef int (*cmd_cb_fn_t)(uint32_t, uint8_t *, size_t);
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainenint __real_read_pipe_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1032e5427bf10566098f3b3bb9110e2bc1227e85Timo Sirainenvoid __real_sss_packet_get_body(struct sss_packet *packet,
a28a6267f48971117dec958b160deefd14ebb7a6Timo Sirainenvoid __wrap_sss_packet_get_body(struct sss_packet *packet,
a28a6267f48971117dec958b160deefd14ebb7a6Timo Sirainen enum sss_test_wrapper_call wtype = sss_mock_type(enum sss_test_wrapper_call);
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainen return __real_sss_packet_get_body(packet, body, blen);
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainenvoid __real_sss_packet_get_body(struct sss_packet *packet,
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainenvoid __wrap_sss_cmd_done(struct cli_ctx *cctx, void *freectx)
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen prctx = talloc_get_type(cctx->protocol_ctx, struct cli_protocol);
20b9283d4af31e45e588014da427fb2dbcd3227aTimo Sirainen __real_sss_packet_get_body(packet, &body, &blen);
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen pam_test_ctx->tctx->error = check_cb(sss_packet_get_status(packet),
95a1a5195d56f3cf5d1e529aad668f87ad3b979bTimo Sirainenenum sss_cli_command __wrap_sss_packet_get_cmd(struct sss_packet *packet)
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainenint __wrap_sss_cmd_send_empty(struct cli_ctx *cctx, TALLOC_CTX *freectx)
fa5957ffc9b676bfd649fa9953e63e72ee4ebeb4Timo Sirainenint __wrap_pam_dp_send_req(struct pam_auth_req *preq, int timeout)
fa5957ffc9b676bfd649fa9953e63e72ee4ebeb4Timo Sirainen /* Set expected status */
3342badd8c69adff34db589fb0a221ace5996212Timo Sirainen preq->pd->pam_status = pam_test_ctx->exp_pam_status;
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainenstatic void mock_input_pam(TALLOC_CTX *mem_ctx, const char *name,
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen ret = sss_auth_pack_2fa_blob(pwd, 0, fa2, 0, NULL, 0, &needed_size);
1b3bb8d39686ed24730cbc31cc9a33dc62c8c6c3Timo Sirainen ret = sss_auth_pack_2fa_blob(pwd, 0, fa2, 0, authtok,
d647e72663b52cb2301df5eaf93e67ee873a41f8Timo Sirainen pi.pam_authtok_size = strlen(pi.pam_authtok) + 1;
d647e72663b52cb2301df5eaf93e67ee873a41f8Timo Sirainen pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
d647e72663b52cb2301df5eaf93e67ee873a41f8Timo Sirainen pi.pam_service_size = strlen(pi.pam_service) + 1;
5a7b52012bf77132bb8f466d07e0e88c63fdba42Timo Sirainen ret = pack_message_v3(&pi, &buf_size, &m_buf);
5a7b52012bf77132bb8f466d07e0e88c63fdba42Timo Sirainen buf = talloc_memdup(mem_ctx, m_buf, buf_size);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen will_return(__wrap_sss_packet_get_body, buf_size);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstatic void mock_input_pam_cert(TALLOC_CTX *mem_ctx, const char *name,
e063aca6bc2f08bec516d4b631052ea9191f011dTimo Sirainen pi.pam_authtok_size = strlen(pi.pam_authtok) + 1;
e063aca6bc2f08bec516d4b631052ea9191f011dTimo Sirainen pi.pam_authtok_type = SSS_AUTHTOK_TYPE_SC_PIN;
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pi.pam_service = service == NULL ? "login" : service;
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen pi.pam_service_size = strlen(pi.pam_service) + 1;
0c909e3461607eadcd66f4eac69b7f34e37fccf1Timo Sirainen ret = pack_message_v3(&pi, &buf_size, &m_buf);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen buf = talloc_memdup(mem_ctx, m_buf, buf_size);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_WRAPPER);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen will_return(__wrap_sss_packet_get_body, buf_size);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstatic int test_pam_simple_check(uint32_t status, uint8_t *body, size_t blen)
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_int_equal(val, pam_test_ctx->exp_pam_status);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_string_equal(body + rp, TEST_DOM_NAME);
2c677e9d339bc91d5b54376ba2986f71476c06abTimo Sirainen#define PKCS11_LOGIN_TOKEN_ENV_NAME "PKCS11_LOGIN_TOKEN_NAME"
2c677e9d339bc91d5b54376ba2986f71476c06abTimo Sirainenstatic int test_pam_cert_check_gdm_smartcard(uint32_t status, uint8_t *body,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_int_equal(val, pam_test_ctx->exp_pam_status);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_string_equal(body + rp, TEST_DOM_NAME);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_int_equal(val, (strlen(PKCS11_LOGIN_TOKEN_ENV_NAME "=")
6e07b4251bf6a3cf34019c351a32a65c08392e58Timo Sirainen PKCS11_LOGIN_TOKEN_ENV_NAME "=" TEST_TOKEN_NAME);
a5b331e18b220fac557480b569b85215a1b3bd8eTimo Sirainen assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
ec922832ddc917e48d98fdb409051b9c162b90a3Timo Sirainen assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
6e07b4251bf6a3cf34019c351a32a65c08392e58Timo Sirainen assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen assert_string_equal(body + rp, TEST_TOKEN_NAME);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstatic int test_pam_cert_check(uint32_t status, uint8_t *body, size_t blen)
a5b331e18b220fac557480b569b85215a1b3bd8eTimo Sirainen assert_int_equal(val, pam_test_ctx->exp_pam_status);
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_string_equal(body + rp, TEST_DOM_NAME);
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_int_equal(val, (sizeof("pamuser@"TEST_DOM_NAME) + sizeof(TEST_TOKEN_NAME)));
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_int_equal(*(body + rp + sizeof("pamuser@"TEST_DOM_NAME) - 1), 0);
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_string_equal(body + rp, "pamuser@"TEST_DOM_NAME);
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_int_equal(*(body + rp + sizeof(TEST_TOKEN_NAME) - 1), 0);
e76f5e07be5bec4e5ca99c3e093ff7f11edbe1b7Timo Sirainen assert_string_equal(body + rp, TEST_TOKEN_NAME);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstatic int test_pam_offline_chauthtok_check(uint32_t status,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen pam_test_ctx->exp_pam_status = PAM_AUTHTOK_ERR;
a5b331e18b220fac557480b569b85215a1b3bd8eTimo Sirainen assert_int_equal(val, pam_test_ctx->exp_pam_status);
6a19e109ee8c5a6f688da83a86a7f6abeb71abddTimo Sirainen assert_string_equal(body + rp, TEST_DOM_NAME);
a5b331e18b220fac557480b569b85215a1b3bd8eTimo Sirainen assert_int_equal(val, SSS_PAM_USER_INFO_OFFLINE_CHPASS);
a5b331e18b220fac557480b569b85215a1b3bd8eTimo Sirainenstatic int test_pam_failed_offline_auth_check(uint32_t status, uint8_t *body,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen pam_test_ctx->exp_pam_status = PAM_PERM_DENIED;
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen return test_pam_simple_check(status, body, blen);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainenstatic int test_pam_successful_offline_auth_check(uint32_t status,
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainen return test_pam_simple_check(status, body, blen);
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainenstatic int test_pam_successful_cached_auth_check(uint32_t status,
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainen return test_pam_simple_check(status, body, blen);
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainenstatic int test_pam_wrong_pw_offline_auth_check(uint32_t status,
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainen return test_pam_simple_check(status, body, blen);
c5794838af9995f50bfecb06a3cd4f9a0ac77858Timo Sirainenstatic int test_pam_creds_insufficient_check(uint32_t status,
8bb360f9e5de1c25e4f875205bb06e8bf15dae14Timo Sirainenstatic int test_pam_user_unknown_check(uint32_t status,
8872e5c991430f96138a46e36b7f3c2c40d8e5c2Timo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
8872e5c991430f96138a46e36b7f3c2c40d8e5c2Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
20261d71760e4199cb8d906ab9704a4561d954d7Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
d143077bd518de129b8d446fb58e003903e50867Timo Sirainen /* Wait until the test finishes with EOK */
7ded22760598b78ee29f9418eacc0abe3fb51055Timo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
a2f250a332dfc1e6cd4ffd196c621eb9dbf7b8a1Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_SETCRED);
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
5626ae5e3316eced244adb6485c0927f1c7fdc41Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_SETCRED,
a2f250a332dfc1e6cd4ffd196c621eb9dbf7b8a1Timo Sirainen /* Wait until the test finishes with EOK */
ccffbed92cb02c24fd717808a84138240bf1885bTimo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_ACCT_MGMT);
ccffbed92cb02c24fd717808a84138240bf1885bTimo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_ACCT_MGMT,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen /* Wait until the test finishes with EOK */
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
1d3f7c1278168d5b1cbfa9a2cc9929a0909056b4Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_OPEN_SESSION);
68f4cc25b3a5627b9de42bb0f12b570ee0e56e9cTimo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
d12f05c7c391786d0d9795ec3aa4377280bbfaeaTimo Sirainen pam_test_ctx->exp_pam_status = PAM_NO_MODULE_DATA;
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION,
68f4cc25b3a5627b9de42bb0f12b570ee0e56e9cTimo Sirainen /* Wait until the test finishes with EOK */
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CLOSE_SESSION);
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CLOSE_SESSION,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen /* Wait until the test finishes with EOK */
ae8817f05005f57bba32479a610b52d083e2b6ebTimo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
5c7aa03f959b8b9cab3eba8a585a90f4b50a4cdfTimo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK);
5c7aa03f959b8b9cab3eba8a585a90f4b50a4cdfTimo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
32339680e0197f50f1f5b40a28099a9e0f19ab23Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK,
cff21b6a2e9e54086544dfdc0e33fe8321e6bf02Timo Sirainen /* Wait until the test finishes with EOK */
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_CHAUTHTOK_PRELIM);
d41573018e85896ec836d897fd554e87126147f5Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
3697080532ccd9f51fac108be6079b616c7a2ddfTimo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_CHAUTHTOK_PRELIM,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen /* Wait until the test finishes with EOK */
1dec807061d7d428dba5c5a92cd2a5ff843a2039Timo Sirainen mock_input_pam(pam_test_ctx, "pamuser", NULL, NULL);
ae8817f05005f57bba32479a610b52d083e2b6ebTimo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
1dec807061d7d428dba5c5a92cd2a5ff843a2039Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
1dec807061d7d428dba5c5a92cd2a5ff843a2039Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_PREAUTH,
1dec807061d7d428dba5c5a92cd2a5ff843a2039Timo Sirainen /* Wait until the test finishes with EOK */
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen/* Cached on-line authentication */
686c00553a7cea22272548d9fb8c888170965ec9Timo Sirainenstatic void common_test_pam_cached_auth(const char *pwd)
686c00553a7cea22272548d9fb8c888170965ec9Timo Sirainen mock_input_pam(pam_test_ctx, "pamuser", pwd, NULL);
686c00553a7cea22272548d9fb8c888170965ec9Timo Sirainen will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
686c00553a7cea22272548d9fb8c888170965ec9Timo Sirainen will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen set_cmd_cb(test_pam_successful_cached_auth_check);
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_AUTHENTICATE,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen /* Wait until the test finishes with EOK */
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainenvoid test_pam_cached_auth_success(void **state)
5a07b37a9df398b5189c14872a600384208ab74bTimo Sirainen /* Back end should be contacted */
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen assert_true(pam_test_ctx->provider_contacted);
6e07b4251bf6a3cf34019c351a32a65c08392e58Timo Sirainen ret = sysdb_cache_password(pam_test_ctx->tctx->dom,
ae8817f05005f57bba32479a610b52d083e2b6ebTimo Sirainen /* Reset before next call */
7bd3f5614e0dd2324dd1015f084de72c0b069a1aTimo Sirainen /* Back end should not be contacted */
ae8817f05005f57bba32479a610b52d083e2b6ebTimo Sirainen assert_false(pam_test_ctx->provider_contacted);
b9ce555e8624a5593b3bfd81b572b7d2e1e1fca5Timo Sirainenvoid test_pam_cached_auth_wrong_pw(void **state)
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = sysdb_cache_password(pam_test_ctx->tctx->dom,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = pam_set_last_online_auth_with_curr_token(pam_test_ctx->tctx->dom,
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainen /* Back end should be contacted */
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainen assert_true(pam_test_ctx->provider_contacted);
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainen/* test cached_auth_timeout option */
2a734f36105e33ab452d057df6bc7a2b7d9f96f0Timo Sirainenvoid test_pam_cached_auth_opt_timeout(void **state)
eddd9bf1a1369aea4a2715f6be1137da6d17d293Timo Sirainen ret = sysdb_cache_password(pam_test_ctx->tctx->dom,
8aacc9e7c84f8376822823ec98c2f551d4919b2eTimo Sirainen last_online = time(NULL) - CACHED_AUTH_TIMEOUT - 1;
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen ret = pam_set_last_online_auth_with_curr_token(pam_test_ctx->tctx->dom,
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen /* Back end should be contacted */
e26a771fad55dfba4d5021d12ed5685c951d9b7bTimo Sirainen assert_true(pam_test_ctx->provider_contacted);
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainen/* too long since last on-line authentication */
51795bfe9d05d92fe942cb451aec2b9d16d32a11Timo Sirainenvoid test_pam_cached_auth_timeout(void **state)
88b6f36ef1b453c08e8d9cadb229b39fc9bb4a1cTimo Sirainen ret = sysdb_cache_password(pam_test_ctx->tctx->dom,
bf91bed88d4e294b4577ba2a3b14d87cf35ae135Timo Sirainen ret = pam_set_last_online_auth_with_curr_token(pam_test_ctx->tctx->dom,
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen /* Back end should be contacted */
2a6af811ea3de3cf9e2f15e446674dd21b0705f3Timo Sirainen assert_true(pam_test_ctx->provider_contacted);
b35f7104715edee0cfac6d46ab0b342033867eb7Timo Sirainenvoid test_pam_cached_auth_success_combined_pw_with_cached_2fa(void **state)
f7656d7bc15510a4259ed74ddda3c560de8a51c1Timo Sirainen assert_true(pam_test_ctx->provider_contacted);
f7656d7bc15510a4259ed74ddda3c560de8a51c1Timo Sirainen ret = sysdb_cache_password_ex(pam_test_ctx->tctx->dom,
f7656d7bc15510a4259ed74ddda3c560de8a51c1Timo Sirainen /* Reset before next call */
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
return EOK;
int ret;
return EOK;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int ret;
int rv;
int no_cleanup = 0;
int opt;
#ifdef HAVE_NSS
switch (opt) {
#ifdef HAVE_NSS
return rv;