1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include "qemu/osdep.h"
22#include "qapi/error.h"
23#include "qemu/module.h"
24#include "authz/pamacct.h"
25
26#include <security/pam_appl.h>
27
28static bool failauth;
29
30
31
32
33
34
35
36
37
38
39int
40pam_start(const char *service_name, const char *user,
41 const struct pam_conv *pam_conversation,
42 pam_handle_t **pamh)
43{
44 failauth = true;
45 if (!g_str_equal(service_name, "qemu-vnc")) {
46 return PAM_AUTH_ERR;
47 }
48
49 if (g_str_equal(user, "fred")) {
50 failauth = false;
51 }
52
53 *pamh = (pam_handle_t *)0xbadeaffe;
54 return PAM_SUCCESS;
55}
56
57
58int
59pam_acct_mgmt(pam_handle_t *pamh, int flags)
60{
61 if (failauth) {
62 return PAM_AUTH_ERR;
63 }
64
65 return PAM_SUCCESS;
66}
67
68
69int
70pam_end(pam_handle_t *pamh, int status)
71{
72 return PAM_SUCCESS;
73}
74
75
76static void test_authz_unknown_service(void)
77{
78 Error *local_err = NULL;
79 QAuthZPAM *auth = qauthz_pam_new("auth0",
80 "qemu-does-not-exist",
81 &error_abort);
82
83 g_assert_nonnull(auth);
84
85 g_assert_false(qauthz_is_allowed(QAUTHZ(auth), "fred", &local_err));
86
87 error_free_or_abort(&local_err);
88 object_unparent(OBJECT(auth));
89}
90
91
92static void test_authz_good_user(void)
93{
94 QAuthZPAM *auth = qauthz_pam_new("auth0",
95 "qemu-vnc",
96 &error_abort);
97
98 g_assert_nonnull(auth);
99
100 g_assert_true(qauthz_is_allowed(QAUTHZ(auth), "fred", &error_abort));
101
102 object_unparent(OBJECT(auth));
103}
104
105
106static void test_authz_bad_user(void)
107{
108 Error *local_err = NULL;
109 QAuthZPAM *auth = qauthz_pam_new("auth0",
110 "qemu-vnc",
111 &error_abort);
112
113 g_assert_nonnull(auth);
114
115 g_assert_false(qauthz_is_allowed(QAUTHZ(auth), "bob", &local_err));
116
117 error_free_or_abort(&local_err);
118 object_unparent(OBJECT(auth));
119}
120
121
122int main(int argc, char **argv)
123{
124 g_test_init(&argc, &argv, NULL);
125
126 module_call_init(MODULE_INIT_QOM);
127
128 g_test_add_func("/auth/pam/unknown-service", test_authz_unknown_service);
129 g_test_add_func("/auth/pam/good-user", test_authz_good_user);
130 g_test_add_func("/auth/pam/bad-user", test_authz_bad_user);
131
132 return g_test_run();
133}
134