Re: PAM Testing

Andreas Schneider <mail@xxxxxxxxxxxx> · Wed, 29 Apr 2009 14:49:05 +0200

On Wednesday 29 April 2009 12:31:23 Andreas Schneider wrote:
> After this, I've created a patch for http://pamtester.soruceforge.net/ to
> use pam_start_test() and added the possibility to specify the config
> directory via a commandline option.
>

Here is a patch to define the password to use for authentication via the 
commandline.

src/pamtester -v -C/tmp/pam.d -Psecret login csync authenticate
pamtester: invoking pam_start(login, csync, ...)
pamtester: performing operation - authenticate
pamtester: successfully authenticated


	-- andreas
Index: pamtester-0.1.2/src/Makefile.am
===================================================================

--- pamtester-0.1.2.orig/src/Makefile.am
+++ pamtester-0.1.2/src/Makefile.am
@@ -12,5 +12,7 @@ pamtester_SOURCES=\
 	util.c \
 	util.h \
 	compat.c \
-	compat.h
+	compat.h \
+	conv.c \
+	conv.h
 CFLAGS=-Wall
Index: pamtester-0.1.2/src/app.c
===================================================================
--- pamtester-0.1.2.orig/src/app.c
+++ pamtester-0.1.2/src/app.c
@@ -80,6 +80,7 @@
 #include "util.h"
 #include "app.h"
 #include "compat.h"
+#include "conv.h"
 
 static int resolve_item_type(int *retval, const char *name)
 {
@@ -157,6 +158,8 @@ void pamtester_app_init(pamtester_app_t
 	params->app_name = xstrdup(app_name);
 	params->service = NULL;
 	params->user = NULL;
+	params->password = NULL;
+	params->newpassword = NULL;
 	params->config_dir = NULL;
 	params->items = params->last_item = NULL;
 	params->envs = params->last_env = NULL;
@@ -172,6 +175,8 @@ void pamtester_app_cleanup(pamtester_app
 	xfree(params->app_name);
 	xfree(params->service);
 	xfree(params->user);
+	xfree(params->password);
+	xfree(params->newpassword);
 	xfree(params->config_dir);
 
 	for (item = params->items; item != NULL; item = next_item) {
@@ -202,7 +207,7 @@ int pamtester_app_run(pamtester_app_t *p
 
 	int err;
 	char *err_msg = NULL;
-	const struct pam_conv conv = { misc_conv, NULL };
+	struct pam_conv conv = { misc_conv, NULL };
 	pamtester_pam_item_t *item;
 	pam_handle_t *pamh = NULL;
 	pamtester_op_t *op;
@@ -211,6 +216,11 @@ int pamtester_app_run(pamtester_app_t *p
 		fprintf(stderr, "%s: invoking pam_start(%s, %s, ...)\n", params->app_name, params->service, params->user);
 	}
 
+	if (params->password != NULL) {
+		conv.conv = pamtester_password_conv;
+		conv.appdata_ptr = (void *) params;
+	}
+
 	if ((err = pam_start_test((params->service == NULL ? "" : params->service),
 			(params->user == NULL ? "": params->user),
 			params->config_dir, &conv, &pamh))) {
Index: pamtester-0.1.2/src/conv.c
===================================================================
--- /dev/null
+++ pamtester-0.1.2/src/conv.c
@@ -0,0 +1,101 @@
+/*
+ * pamtester - PAM testing program.
+ *
+ * Copyright (c) 2009, Günther Deschner <gd@xxxxxxxxx>
+ * Copyright (c) 2009, Andreas Schneider <mail@xxxxxxxxxxxx>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *   - Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of the "pamtester" nor the names of its
+ *     contributors may be used to endorse or promote products derived from
+ *     this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "app.h"
+#include "conv.h"
+
+int pamtester_password_conv(int num_msg,
+		       const struct pam_message **msg,
+		       struct pam_response **resp,
+		       void *appdata_ptr)
+{
+	int replies = 0;
+	struct pam_response *reply = NULL;
+	pamtester_app_t *creds = appdata_ptr;
+
+	*resp = NULL;
+
+	if (num_msg <= 0) {
+		return PAM_CONV_ERR;
+	}
+
+	reply = malloc(sizeof(struct pam_response) * num_msg);
+	if (!reply) {
+		return PAM_CONV_ERR;
+	}
+
+	memset(reply, '\0', sizeof(struct pam_response) * num_msg);
+
+	for (replies = 0; replies < num_msg; replies++) {
+		switch (msg[replies]->msg_style) {
+			case PAM_PROMPT_ECHO_ON:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = strdup(creds->user);
+				/* PAM frees resp */
+				break;
+
+			case PAM_PROMPT_ECHO_OFF:
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = strdup(creds->password);
+				/* PAM frees resp */
+				break;
+
+			case PAM_TEXT_INFO:
+				/* fall through */
+
+			case PAM_ERROR_MSG:
+				/* ignore it... */
+				reply[replies].resp_retcode = PAM_SUCCESS;
+				reply[replies].resp = NULL;
+				break;
+
+			case PAM_RADIO_TYPE:
+				printf("radio type received\n");
+				break;
+
+			default:
+				/* Must be an error of some sort... */
+				if (reply) {
+					free(reply);
+				}
+				return PAM_CONV_ERR;
+		}
+	}
+	if (reply) {
+		*resp = reply;
+	}
+	return PAM_SUCCESS;
+}
+
+
Index: pamtester-0.1.2/src/conv.h
===================================================================
--- /dev/null
+++ pamtester-0.1.2/src/conv.h
@@ -0,0 +1,47 @@
+/*
+ * pamtester - PAM testing program.
+ *
+ * Copyright (c) 2009, Günther Deschner <gd@xxxxxxxxx>
+ * Copyright (c) 2009, Andreas Schneider <mail@xxxxxxxxxxxx>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ *   - Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of the "pamtester" nor the names of its
+ *     contributors may be used to endorse or promote products derived from
+ *     this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
+ * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _PAMTESTER_CONV_H
+#define _PAMTESTER_CONV_H
+
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+int pamtester_password_conv(int num_msg,
+		       const struct pam_message **msg,
+		       struct pam_response **resp,
+		       void *appdata_ptr);
+
+#endif /* _PAMTESTER_CONV_H */
+
Index: pamtester-0.1.2/src/pamtester.c
===================================================================
--- pamtester-0.1.2.orig/src/pamtester.c
+++ pamtester-0.1.2/src/pamtester.c
@@ -78,6 +78,28 @@ static int opt_hdlr_configdir(void *para
 	return 0;
 }
 
+static int opt_hdlr_password(void *param, const char *val)
+{
+	pamtester_app_t *x = (pamtester_app_t *)param;
+
+	if (val != NULL) {
+		x->password = xstrdup(val);
+	}
+
+	return 0;
+}
+
+static int opt_hdlr_newpassword(void *param, const char *val)
+{
+	pamtester_app_t *x = (pamtester_app_t *)param;
+
+	if (val != NULL) {
+		x->newpassword = xstrdup(val);
+	}
+
+	return 0;
+}
+
 static int opt_hdlr_item(void *param, const char *val)
 {
 	pamtester_app_t *x = (pamtester_app_t *)param;
@@ -141,6 +163,8 @@ pamtester_opt_spec_t options[] = {
 	{ "C", "configdir", 1, 0, '*', opt_hdlr_configdir },
 	{ "I", "item", 1, 1, '*', opt_hdlr_item },
 	{ "E", "env", 1, 1, '*', opt_hdlr_env },
+	{ "P", "password", 1, 0, '*', opt_hdlr_password },
+	{ "N", "newpassword", 1, 0, '*', opt_hdlr_newpassword },
 	{ "v", "verbose", 1, 0, '?', opt_hdlr_verbose },
 	{ NULL, NULL, 0, 0, 0, NULL }
 };
@@ -155,7 +179,9 @@ int main(int argc, const char **argv)
 	const char *prog_name = xbasename(argv[0]);
 
 	if (argc < 2) {
-		fprintf(stderr, "usage: %s [-Cconfigdir] [-Eenv=value] [-Iparam=value] service user op_name ...\n", prog_name);
+		fprintf(stderr, "usage: %s [-Cconfigdir] [-Eenv=value] "
+				"[-Iparam=value] [-Ppassword] [-Nnewpassword] "
+				"service user op_name ...\n", prog_name);
 		exit(-1);
 	}
 
Attachment:
signature.asc

Description: This is a digitally signed message part.
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



