From 1376c1565abb318a5b4d086edd7f295ee3da6b13 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 25 Feb 2009 15:50:21 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2009-02-25 Tomas Mraz * xtests/access.conf: Add a line for name resolution test case. * xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL keyword. Add a test case for name resolution. * modules/pam_access/pam_access.c (from_match): Move name resolution to network_netmask_match(). (network_netmask_match): Do a name resolution of the origin only if matching against a real network/netmask. --- xtests/access.conf | 1 + xtests/tst-pam_access4.c | 28 ++++++++++++++++++++++++---- 2 files changed, 25 insertions(+), 4 deletions(-) (limited to 'xtests') diff --git a/xtests/access.conf b/xtests/access.conf index 8088ec61..25462dd9 100644 --- a/xtests/access.conf +++ b/xtests/access.conf @@ -1,2 +1,3 @@ -:ALL EXCEPT (tstpamaccess) tstpamaccess3 :LOCAL +-:ALL:127.0.0.1 diff --git a/xtests/tst-pam_access4.c b/xtests/tst-pam_access4.c index 2b887a4d..115217f6 100644 --- a/xtests/tst-pam_access4.c +++ b/xtests/tst-pam_access4.c @@ -34,10 +34,12 @@ /* test case: - Check the following line in access.conf: + Check the following lines in access.conf: -:ALL EXCEPT tstpamaccess3 :LOCAL + -:ALL:127.0.0.1 - pam_authenticate should fail for /dev/tty1 and pass for www.example.com + pam_authenticate should fail for /dev/tty1, pass for www.example.com, + and fail again for localhost */ #ifdef HAVE_CONFIG_H @@ -121,12 +123,12 @@ main(int argc, char *argv[]) return 1; } - retval = pam_set_item (pamh, PAM_TTY, "www.example.com"); + retval = pam_set_item (pamh, PAM_RHOST, "www.example.com"); if (retval != PAM_SUCCESS) { if (debug) fprintf (stderr, - "pam_access4-2: pam_set_item(PAM_TTY) returned %d\n", + "pam_access4-2: pam_set_item(PAM_RHOST) returned %d\n", retval); return 1; } @@ -139,6 +141,24 @@ main(int argc, char *argv[]) return 1; } + retval = pam_set_item (pamh, PAM_RHOST, "localhost"); + if (retval != PAM_SUCCESS) + { + if (debug) + fprintf (stderr, + "pam_access4-3: pam_set_item(PAM_RHOST) returned %d\n", + retval); + return 1; + } + + retval = pam_authenticate (pamh, 0); + if (retval != PAM_PERM_DENIED) + { + if (debug) + fprintf (stderr, "pam_access4-3: pam_authenticate returned %d\n", retval); + return 1; + } + retval = pam_end (pamh,retval); if (retval != PAM_SUCCESS) { -- cgit v1.2.3