libpamtest: Handle NULL passwords in libpamtest

author Jakub Hrozek <jakub.hrozek@posteo.se>

Mon, 2 Nov 2015 19:59:28 +0000 (20:59 +0100)

committer Andreas Schneider <asn@samba.org>

Thu, 10 Dec 2015 12:31:20 +0000 (13:31 +0100)
author Jakub Hrozek <jakub.hrozek@posteo.se>
Mon, 2 Nov 2015 19:59:28 +0000 (20:59 +0100)
committer Andreas Schneider <asn@samba.org>
Thu, 10 Dec 2015 12:31:20 +0000 (13:31 +0100)
diff --git a/src/libpamtest.c b/src/libpamtest.c

index 6cac46834cd55fb8e3e2f2caa1f9957fc756fcf8..79363f91e75f129a8c7078d6076581bd546d87ea 100644 (file)
--- a/src/libpamtest.c
+++ b/src/libpamtest.c
@@ -174,7 +174,7 @@ static int pamtest_simple_conv(int num_msg,
                                struct pam_response **response,
                                void *appdata_ptr)
  {
-       int i;
+       int i, ri;
         int ret;
         struct pam_response *reply;
         const char *prompt;
@@ -191,6 +191,7 @@ static int pamtest_simple_conv(int num_msg,
                 if (reply == NULL) {
                         return PAM_CONV_ERR;
                 }
+               ri = 0;
         }
  
         for (i=0; i < num_msg; i++) {
@@ -198,16 +199,18 @@ static int pamtest_simple_conv(int num_msg,
                 case PAM_PROMPT_ECHO_OFF:
                         prompt = (const char *) \
                                    cctx->data->in_echo_off[cctx->echo_off_idx];
-                       if (prompt == NULL) {
-                               return PAM_CONV_ERR;
-                       }
  
                         if (reply != NULL) {
-                               ret = add_to_reply(&reply[i], prompt);
-                               if (ret != PAM_SUCCESS) {
-                                       /* FIXME - free data? */
-                                       return ret;
+                               if (prompt != NULL) {
+                                       ret = add_to_reply(&reply[ri], prompt);
+                                       if (ret != PAM_SUCCESS) {
+                                               /* FIXME - free data? */
+                                               return ret;
+                                       }
+                               } else {
+                                       reply[ri].resp = NULL;
                                 }
+                               ri++;
                         }
  
                         cctx->echo_off_idx++;
@@ -220,11 +223,16 @@ static int pamtest_simple_conv(int num_msg,
                         }
  
                         if (reply != NULL) {
-                               ret = add_to_reply(&reply[i], prompt);
-                               if (ret != PAM_SUCCESS) {
-                                       /* FIXME - free data? */
-                                       return ret;
+                               if (prompt != NULL) {
+                                       ret = add_to_reply(&reply[ri], prompt);
+                                       if (ret != PAM_SUCCESS) {
+                                               /* FIXME - free data? */
+                                               return ret;
+                                       }
+                               } else {
+                                       reply[ri].resp = NULL;
                                 }
+                               ri++;
                         }
  
                         cctx->echo_on_idx++;
diff --git a/src/modules/pam_matrix.c b/src/modules/pam_matrix.c

index 21dd551f529be52f0df93590319dc14da1e38dea..870625b84004cf348714ebbebd0abcafede2feee 100644 (file)
--- a/src/modules/pam_matrix.c
+++ b/src/modules/pam_matrix.c
@@ -517,6 +517,11 @@ static int _pam_matrix_auth(struct pam_matrix_ctx *pctx)
  {
         int rv = PAM_AUTH_ERR;
  
+       if (pctx->pli.password == NULL) {
+               /* NULL passwords are not allowed */
+               return PAM_CRED_ERR;
+       }
+
         if (pctx->pli.password != NULL &&
             pctx->pmi.password != NULL &&
             strcmp(pctx->pli.password, pctx->pmi.password) == 0) {
diff --git a/tests/test_pam_wrapper.c b/tests/test_pam_wrapper.c

index f1143c65912bdfa62f9d041ef7365412be578860..7f14a913deaf897d412370fff8cf833590384ffb 100644 (file)
--- a/tests/test_pam_wrapper.c
+++ b/tests/test_pam_wrapper.c
@@ -263,6 +263,26 @@ static void test_pam_authenticate(void **state)
         assert_int_equal(perr, PAMTEST_ERR_OK);
  }
  
+static void test_pam_authenticate_null_password(void **state)
+{
+       enum pamtest_err perr;
+       struct pamtest_conv_data conv_data;
+       const char *empty_authtoks[] = {
+               NULL,
+       };
+       struct pam_testcase tests[] = {
+               pam_test(PAMTEST_AUTHENTICATE, PAM_CRED_ERR),
+       };
+
+       (void) state;   /* unused */
+
+       ZERO_STRUCT(conv_data);
+       conv_data.in_echo_off = empty_authtoks;
+
+       perr = run_pamtest("matrix", "trinity", &conv_data, tests);
+       assert_int_equal(perr, PAMTEST_ERR_OK);
+}
+
  static void test_pam_authenticate_err(void **state)
  {
         enum pamtest_err perr;
@@ -882,6 +902,9 @@ int main(void) {
                 cmocka_unit_test_setup_teardown(test_pam_authenticate,
                                                 setup_passdb,
                                                 teardown_passdb),
+               cmocka_unit_test_setup_teardown(test_pam_authenticate_null_password,
+                                               setup_passdb,
+                                               teardown_passdb),
                 cmocka_unit_test_setup_teardown(test_pam_authenticate_err,
                                                 setup_passdb,
                                                 teardown_passdb),
author	Jakub Hrozek <jakub.hrozek@posteo.se>
	Mon, 2 Nov 2015 19:59:28 +0000 (20:59 +0100)
committer	Andreas Schneider <asn@samba.org>
	Thu, 10 Dec 2015 12:31:20 +0000 (13:31 +0100)
src/libpamtest.c		patch \| blob \| history
src/modules/pam_matrix.c		patch \| blob \| history
tests/test_pam_wrapper.c		patch \| blob \| history