[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Apr 7 12:20:03 UTC 2017
The branch, master has been updated
via 0641653 python: Add a simple pam_winbind test
via a46566e lib: Add pam_wrapper 1.0.3
via 7a4e2be uid_wrapper: use conf.blddir to construct libnss_wrapper_so_path
via 05c8aa6 resolv_wrapper: use conf.blddir to construct libnss_wrapper_so_path
via 013a92c nss_wrapper: use conf.blddir to construct libnss_wrapper_so_path
via a26ba9d script/compare_cc_results.py: ignore all LIB*_WRAPPER_SO_PATH values
from b680cee selftest: tests idmap mapping with idmap_rid
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0641653c302e7542b2627e840fc9ad03ab1a9a37
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 5 15:59:39 2017 +0200
python: Add a simple pam_winbind test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Apr 7 14:19:23 CEST 2017 on sn-devel-144
commit a46566ea5e35103bc5c349fe9a1d4af484020cf7
Author: Andreas Schneider <asn at samba.org>
Date: Wed Mar 29 15:55:53 2017 +0200
lib: Add pam_wrapper 1.0.3
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7a4e2bef182c109dec7ada62628eae525f4fe52d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 7 09:27:39 2017 +0200
uid_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 05c8aa63909e7691bf49c04c7c15bb576a69e2bd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 7 09:27:39 2017 +0200
resolv_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 013a92ccc84d8df9255d8e28793c8ecd766681c7
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 7 09:27:39 2017 +0200
nss_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit a26ba9d8066a7abd01e679b4c166968eff6824a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 7 09:26:53 2017 +0200
script/compare_cc_results.py: ignore all LIB*_WRAPPER_SO_PATH values
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/nss_wrapper/wscript | 4 +-
lib/pam_wrapper/libpamtest.c | 323 ++++
lib/pam_wrapper/libpamtest.h | 278 ++++
lib/pam_wrapper/pam_wrapper.c | 1686 ++++++++++++++++++++
.../sys_popen.h => lib/pam_wrapper/pwrap_compat.h | 22 +-
lib/pam_wrapper/python/pypamtest.c | 1103 +++++++++++++
lib/pam_wrapper/wscript | 109 ++
lib/resolv_wrapper/wscript | 4 +-
lib/uid_wrapper/wscript | 4 +-
python/samba/tests/pam_winbind.py | 39 +
python/samba/tests/test_pam_winbind.sh | 35 +
script/compare_cc_results.py | 12 +-
selftest/tests.py | 4 +
wscript | 1 +
wscript_build | 2 +
15 files changed, 3608 insertions(+), 18 deletions(-)
create mode 100644 lib/pam_wrapper/libpamtest.c
create mode 100644 lib/pam_wrapper/libpamtest.h
create mode 100644 lib/pam_wrapper/pam_wrapper.c
copy source3/lib/sys_popen.h => lib/pam_wrapper/pwrap_compat.h (53%)
create mode 100644 lib/pam_wrapper/python/pypamtest.c
create mode 100644 lib/pam_wrapper/wscript
create mode 100644 python/samba/tests/pam_winbind.py
create mode 100755 python/samba/tests/test_pam_winbind.sh
Changeset truncated at 500 lines:
diff --git a/lib/nss_wrapper/wscript b/lib/nss_wrapper/wscript
index 113d99f..f35e94e 100644
--- a/lib/nss_wrapper/wscript
+++ b/lib/nss_wrapper/wscript
@@ -101,8 +101,8 @@ def configure(conf):
define='HAVE_LINUX_GETNAMEINFO_UNSIGNED', headers='unistd.h netdb.h')
# Create full path to nss_wrapper
- srcdir = os.path.realpath(conf.srcdir)
- libnss_wrapper_so_path = srcdir + '/bin/default/lib/nss_wrapper/libnss-wrapper.so'
+ blddir = os.path.realpath(conf.blddir)
+ libnss_wrapper_so_path = blddir + '/default/lib/nss_wrapper/libnss-wrapper.so'
conf.DEFINE('LIBNSS_WRAPPER_SO_PATH', libnss_wrapper_so_path)
conf.DEFINE('NSS_WRAPPER', 1)
diff --git a/lib/pam_wrapper/libpamtest.c b/lib/pam_wrapper/libpamtest.c
new file mode 100644
index 0000000..c0ab41d
--- /dev/null
+++ b/lib/pam_wrapper/libpamtest.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (c) 2015 Andreas Schneider <asn at samba.org>
+ * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek at posteo.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+
+#include "libpamtest.h"
+
+#define MIN(a,b) ((a) < (b) ? (a) : (b))
+
+static enum pamtest_err run_test_case(pam_handle_t *ph,
+ struct pam_testcase *tc)
+{
+ switch (tc->pam_operation) {
+ case PAMTEST_AUTHENTICATE:
+ tc->op_rv = pam_authenticate(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_SETCRED:
+ tc->op_rv = pam_setcred(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_ACCOUNT:
+ tc->op_rv = pam_acct_mgmt(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_OPEN_SESSION:
+ tc->op_rv = pam_open_session(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_CLOSE_SESSION:
+ tc->op_rv = pam_close_session(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_CHAUTHTOK:
+ tc->op_rv = pam_chauthtok(ph, tc->flags);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_GETENVLIST:
+ tc->case_out.envlist = pam_getenvlist(ph);
+ return PAMTEST_ERR_OK;
+ case PAMTEST_KEEPHANDLE:
+ tc->case_out.ph = ph;
+ return PAMTEST_ERR_KEEPHANDLE;
+ default:
+ return PAMTEST_ERR_OP;
+ }
+
+ return PAMTEST_ERR_OP;
+}
+
+enum pamtest_err _pamtest_conv(const char *service,
+ const char *user,
+ pam_conv_fn conv_fn,
+ void *conv_userdata,
+ struct pam_testcase test_cases[],
+ size_t num_test_cases)
+{
+ int rv;
+ pam_handle_t *ph;
+ struct pam_conv conv;
+ size_t tcindex;
+ struct pam_testcase *tc = NULL;
+ bool call_pam_end = true;
+
+ conv.conv = conv_fn;
+ conv.appdata_ptr = conv_userdata;
+
+ if (test_cases == NULL) {
+ return PAMTEST_ERR_INTERNAL;
+ }
+
+ rv = pam_start(service, user, &conv, &ph);
+ if (rv != PAM_SUCCESS) {
+ return PAMTEST_ERR_START;
+ }
+
+ for (tcindex = 0; tcindex < num_test_cases; tcindex++) {
+ tc = &test_cases[tcindex];
+
+ rv = run_test_case(ph, tc);
+ if (rv == PAMTEST_ERR_KEEPHANDLE) {
+ call_pam_end = false;
+ continue;
+ } else if (rv != PAMTEST_ERR_OK) {
+ return PAMTEST_ERR_INTERNAL;
+ }
+
+ if (tc->op_rv != tc->expected_rv) {
+ break;
+ }
+ }
+
+ if (call_pam_end == true && tc != NULL) {
+ rv = pam_end(ph, tc->op_rv);
+ if (rv != PAM_SUCCESS) {
+ return PAMTEST_ERR_END;
+ }
+ }
+
+ if (tcindex < num_test_cases) {
+ return PAMTEST_ERR_CASE;
+ }
+
+ return PAMTEST_ERR_OK;
+}
+
+void pamtest_free_env(char **envlist)
+{
+ size_t i;
+
+ if (envlist == NULL) {
+ return;
+ }
+
+ for (i = 0; envlist[i] != NULL; i++) {
+ free(envlist[i]);
+ }
+ free(envlist);
+}
+
+const struct pam_testcase *
+_pamtest_failed_case(struct pam_testcase *test_cases,
+ size_t num_test_cases)
+{
+ size_t tcindex;
+
+ for (tcindex = 0; tcindex < num_test_cases; tcindex++) {
+ const struct pam_testcase *tc = &test_cases[tcindex];
+
+ if (tc->expected_rv != tc->op_rv) {
+ return tc;
+ }
+ }
+
+ /* Nothing failed */
+ return NULL;
+}
+
+const char *pamtest_strerror(enum pamtest_err perr)
+{
+ switch (perr) {
+ case PAMTEST_ERR_OK:
+ return "Success";
+ case PAMTEST_ERR_START:
+ return "pam_start failed()";
+ case PAMTEST_ERR_CASE:
+ return "Unexpected testcase result";
+ case PAMTEST_ERR_OP:
+ return "Could not run a test case";
+ case PAMTEST_ERR_END:
+ return "pam_end failed()";
+ case PAMTEST_ERR_KEEPHANDLE:
+ /* Fallthrough */
+ case PAMTEST_ERR_INTERNAL:
+ return "Internal libpamtest error";
+ }
+
+ return "Unknown";
+}
+
+struct pamtest_conv_ctx {
+ struct pamtest_conv_data *data;
+
+ size_t echo_off_idx;
+ size_t echo_on_idx;
+ size_t err_idx;
+ size_t info_idx;
+};
+
+static int add_to_reply(struct pam_response *reply, const char *str)
+{
+ size_t len;
+
+ len = strlen(str) + 1;
+
+ reply->resp = calloc(len, sizeof(char));
+ if (reply->resp == NULL) {
+ return PAM_BUF_ERR;
+ }
+
+ memcpy(reply->resp, str, len);
+ return PAM_SUCCESS;
+}
+
+static void free_reply(struct pam_response *reply, int num_msg)
+{
+ int i;
+
+ if (reply == NULL) {
+ return;
+ }
+
+ for (i = 0; i < num_msg; i++) {
+ free(reply[i].resp);
+ }
+ free(reply);
+}
+
+static int pamtest_simple_conv(int num_msg,
+ const struct pam_message **msgm,
+ struct pam_response **response,
+ void *appdata_ptr)
+{
+ int i, ri = 0;
+ int ret;
+ struct pam_response *reply = NULL;
+ const char *prompt;
+ struct pamtest_conv_ctx *cctx = \
+ (struct pamtest_conv_ctx *) appdata_ptr;
+
+ if (cctx == NULL) {
+ return PAM_CONV_ERR;
+ }
+
+ if (response) {
+ reply = (struct pam_response *) calloc(num_msg,
+ sizeof(struct pam_response));
+ if (reply == NULL) {
+ return PAM_CONV_ERR;
+ }
+ }
+
+ for (i=0; i < num_msg; i++) {
+ switch (msgm[i]->msg_style) {
+ case PAM_PROMPT_ECHO_OFF:
+ prompt = (const char *) \
+ cctx->data->in_echo_off[cctx->echo_off_idx];
+
+ if (reply != NULL) {
+ if (prompt != NULL) {
+ ret = add_to_reply(&reply[ri], prompt);
+ if (ret != PAM_SUCCESS) {
+ free_reply(reply, num_msg);
+ return ret;
+ }
+ } else {
+ reply[ri].resp = NULL;
+ }
+ ri++;
+ }
+
+ cctx->echo_off_idx++;
+ break;
+ case PAM_PROMPT_ECHO_ON:
+ prompt = (const char *) \
+ cctx->data->in_echo_on[cctx->echo_on_idx];
+ if (prompt == NULL) {
+ free_reply(reply, num_msg);
+ return PAM_CONV_ERR;
+ }
+
+ if (reply != NULL) {
+ if (prompt != NULL) {
+ ret = add_to_reply(&reply[ri], prompt);
+ if (ret != PAM_SUCCESS) {
+ free_reply(reply, num_msg);
+ return ret;
+ }
+ }
+ ri++;
+ }
+
+ cctx->echo_on_idx++;
+ break;
+ case PAM_ERROR_MSG:
+ if (cctx->data->out_err != NULL) {
+ memcpy(cctx->data->out_err[cctx->err_idx],
+ msgm[i]->msg,
+ MIN(strlen(msgm[i]->msg),
+ PAM_MAX_MSG_SIZE));
+ cctx->err_idx++;
+ }
+ break;
+ case PAM_TEXT_INFO:
+ if (cctx->data->out_info != NULL) {
+ memcpy(cctx->data->out_info[cctx->info_idx],
+ msgm[i]->msg,
+ MIN(strlen(msgm[i]->msg),
+ PAM_MAX_MSG_SIZE));
+ cctx->info_idx++;
+ }
+ break;
+ default:
+ continue;
+ }
+ }
+
+ if (response && ri > 0) {
+ *response = reply;
+ } else {
+ free(reply);
+ }
+
+ return PAM_SUCCESS;
+}
+
+enum pamtest_err _pamtest(const char *service,
+ const char *user,
+ struct pamtest_conv_data *conv_data,
+ struct pam_testcase test_cases[],
+ size_t num_test_cases)
+{
+ struct pamtest_conv_ctx cctx = {
+ .data = conv_data,
+ };
+
+ return _pamtest_conv(service, user,
+ pamtest_simple_conv,
+ &cctx,
+ test_cases,
+ num_test_cases);
+}
diff --git a/lib/pam_wrapper/libpamtest.h b/lib/pam_wrapper/libpamtest.h
new file mode 100644
index 0000000..0307a26
--- /dev/null
+++ b/lib/pam_wrapper/libpamtest.h
@@ -0,0 +1,278 @@
+/*
+ * Copyright (c) 2015 Andreas Schneider <asn at samba.org>
+ * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek at posteo.se>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __LIBPAMTEST_H_
+#define __LIBPAMTEST_H_
+
+#include <stdint.h>
+#include <security/pam_appl.h>
+
+/**
+ * @defgroup pamtest The pamtest API
+ *
+ * @{
+ */
+
+/**
+ * @brief The enum which describes the operations performed by pamtest().
+ */
+enum pamtest_ops {
+ /** run pam_authenticate to authenticate the account */
+ PAMTEST_AUTHENTICATE,
+ /** run pam_setcred() to establish/delete user credentials */
+ PAMTEST_SETCRED,
+ /** run pam_acct_mgmt() to validate the PAM account */
+ PAMTEST_ACCOUNT,
+ /** run pam_open_session() to start a PAM session */
+ PAMTEST_OPEN_SESSION,
+ /** run pam_close_session() to end a PAM session */
+ PAMTEST_CLOSE_SESSION,
+ /** run pam_chauthtok() to update the authentication token */
+ PAMTEST_CHAUTHTOK,
+
+ /**
+ * If this option is set the test will call pam_getenvlist() and copy
+ * the environment into case_out.envlist.
+ */
+ PAMTEST_GETENVLIST = 20,
+ /**
+ * This will prevent calling pam_end() and will just return the
+ * PAM handle in case_out.ph.
+ */
+ PAMTEST_KEEPHANDLE,
+};
+
+
+/**
+ * @brief The PAM testcase struction. Use the pam_test and pam_test_flags
+ * macros to fill them.
+ *
+ * @see run_pamtest()
+ */
+struct pam_testcase {
+ enum pamtest_ops pam_operation; /* The pam operation to run */
+ int expected_rv; /* What we expect the op to return */
+ int flags; /* Extra flags to pass to the op */
+
+ int op_rv; /* What the op really returns */
+
+ union {
+ char **envlist; /* output of PAMTEST_ENVLIST */
+ pam_handle_t *ph; /* output of PAMTEST_KEEPHANDLE */
+ } case_out; /* depends on pam_operation, mostly unused */
+};
+
+/** Initializes a pam_tescase structure. */
+#define pam_test(op, expected) { op, expected, 0, 0, { .envlist = NULL } }
+/** Initializes a CMUnitTest structure with additional PAM flags. */
+#define pam_test_flags(op, expected, flags) { op, expected, flags, 0, { .envlist = NULL } }
+
+/**
+ * @brief The return code of the pamtest function
+ */
+enum pamtest_err {
+ /** Testcases returns correspond with input */
+ PAMTEST_ERR_OK,
+ /** pam_start() failed */
+ PAMTEST_ERR_START,
+ /** A testcase failed. Use pamtest_failed_case */
+ PAMTEST_ERR_CASE,
+ /** Could not run a test case */
+ PAMTEST_ERR_OP,
+ /** pam_end failed */
+ PAMTEST_ERR_END,
+ /** Handled internally */
+ PAMTEST_ERR_KEEPHANDLE,
+ /** Internal error - bad input or similar */
+ PAMTEST_ERR_INTERNAL,
+};
+
+/**
+ * @brief PAM conversation function, defined in pam_conv(3)
+ *
+ * This is just a typedef to use in our declarations. See man pam_conv(3)
+ * for more details.
+ */
+typedef int (*pam_conv_fn)(int num_msg,
+ const struct pam_message **msg,
+ struct pam_response **resp,
+ void *appdata_ptr);
+
+/**
+ * @brief This structure should be used when using run_pamtest,
+ * which uses an internal conversation function.
+ */
+struct pamtest_conv_data {
+ /** When the conversation function receives PAM_PROMPT_ECHO_OFF,
+ * it reads the auth token from the in_echo_off array and keeps
+ * an index internally.
+ */
+ const char **in_echo_off;
+ /** When the conversation function receives PAM_PROMPT_ECHO_ON,
+ * it reads the input from the in_echo_off array and keeps
+ * an index internally.
+ */
+ const char **in_echo_on;
+
+ /** Captures messages through PAM_TEXT_INFO. The test caller is
+ * responsible for allocating enough space in the array.
+ */
+ char **out_err;
+ /** Captures messages through PAM_ERROR_MSG. The test caller is
+ * responsible for allocating enough space in the array.
+ */
+ char **out_info;
+};
+
+#ifdef DOXYGEN
+/**
+ * @brief Run libpamtest test cases
+ *
+ * This is using the default libpamtest conversation function.
+ *
+ * @param[in] service The PAM service to use in the conversation
+ *
+ * @param[in] user The user to run conversation as
--
Samba Shared Repository
More information about the samba-cvs
mailing list