Hello, "Linux-PAM test" - something like this exists? If so, it is great! Where it can be found? I have looked into PAM tar, and I found some tests there. However, I think they are rather focused on testing the PAM library itself - I did not find there anything which could help with testing of a PAM module. Have I overlooked something? Trying google, I only found something on 'http://www.linuxfromscratch.org/blfs/view/svn/postlfs/linux-pam.html', which, however, is again about testing the basic PAM library. Moreover, there is a note that "The test suite will not provide meaningful results until the package has been installed and minimally configured", which, again, is not what I originally thought about. But maybe I did not search properly, so if you could give more information about what you mean by "Linux-PAM test suite", it will help a lot. I will try to describe in details what I was originally looking for. It could be split into two parts - the first is unit-test framework for PAM module developers, and the second is an environment for automatised PAM configuration testing. On the basis of my short experience with pam-module development, I look for something like: 1. Unit-test framework tied to PAM: I could be extension of e.g. CUnit (or CxxUnit for the development in C++), or project like those. Unfortunately, it is impossible to write unit tests for those functions which need to work with functions provided by PAM due to the need of 'pam_handle_t' structure. Therefore, some extension of a unit test framework is necessary in order to initialise pam_handle_t structure in set_up()-like methods in unit-test. Also methods allowing to define values returned by other functions accessible by PAM module (e.g. pam_get_user()) would be very useful. When building a test suite, the module would be linked together with unit-test framework library, PAM extension of the library and a main() to build an executable. Optionally, a main() could be predefined, and methods with test to execute should only be "registered" within the main. 2. overall test environment: It is similar to what 'pamtester' does, but little more extended. The PAM module developed would be linked against a library behaving as the regular PAM library, cooperating with the 'pamtester' program (it might be a regular PAM library, but allowing to read pam.d configs from user-defined path, not the one used by system then). Developer could be able to define a sequence simulating some critical behaviour, like 'user XY tries to log into system but does not exist there', '... is not authenticated', '... logs-in in successfully', etc. (or maybe just simple 'permission allowed/denied'?). In this way, a sequence of actions could be defined in a script and the result (ret value of the tester?) could be tested. Different conditions and settings could be tested by the definition of different module config files (e.g. different pam.d directories). ---- Both those frameworks should work (be able to be used) INDEPENDENTLY on system PAM configuration (i.e. config in /etc/pam.d), and configured locally in a directory, where a module is developed. Is this what you meant by 'Linux-PAM test suite'? Thank you very much, Dan On Thursday 19 of June 2008, Thorsten Kukuk wrote: > Hello, > > On Thu, Jun 19, rozelak@xxxxxxxx wrote: > > Hallo, > > > > I would like to ask more deeply about the most painless pam-module > > > > testing possibilities. I suppose the use of 'pamtester' app (thanks > > for > > > > recommendation!) as the highest level front-end. To summarise, the > > > > following steps must be carried out: > > > > - build PAM library with user specified paths, in order not to affect > > > > PAM used by the system (it should not be a problem) > > - build pamtester linked with the PAM library created (also no problem) > > > > - write a script(s) which will call pamtester simulating different > > > > conditions of use > > > > > > Now my problem is, how to AUTOMATICALLY simulate authentication > > fails/successes for different users, e.g. to simulate the n-times > > > > successful login of user XY, than some its fails, then attempt of > > > > unprivileged users AB, CD, EF, than successes for XY again, .... > > (all > > > > with different delays between individual attempts, etc.). > > Maybe you should take a look at the Linux-PAM test suite? > > Thorsten _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
