Automatic testing of pam modules

rozelak at volny.cz rozelak at volny.cz
Mon Jun 30 12:06:34 UTC 2008 

Hallo Hannes,

> --- On Mon, 6/23/08, rozelak at volny.cz <rozelak at volny.cz> wrote:
> > did you just compiled your own pam library to use paths
> > from env variables, or did you also do some hacks which
> > sould be useful?
>
> I primarily patched the latest version to obtain pathnames
> from environment variables.  I also directed system logging
> to a file.  My aim, however, was to modify the original PAM
> code as little as possible, since I want to reduce the
> possibility of introducing anomalous behaviors due to the
> changes themselves (is that Heisencode? :-).
>

Great! I absolutely agree with the effort not to affect the ordinary
PAM (the code used when PAM is integrated within system). Were the modifications
accepted into PAM project? Could you send me the code with your modifications?

As for me, I am now more concentrated on unit-testing framework, which
would allow to test individual procedures of a module independently
on any surrounding. However, some pam-specific stuff must still be initialised
- particularly 'pam_handle_t' structure, as module can access functions
like 'pam_get_data()', 'pam_set_data()', 'pam_get_user()', 'pam_get_service()'
and, of course, logging stuff from PAM library. Therefore, I try to
create functions, available for testing only, allowing to pretend that
PAM framework is initialised (while it is not in fact, in the case of
unit tests), while still allowing to set individual data used within
test (the tested functions should not know that they are tested ;-)).

So my plan is to create functions:

extern int PAM_NONNULL((1))
pam_test_start(pam_handle_t **pamh);

extern int PAM_NONNULL((1,2))
pam_test_set_service(pam_handle_t *pamh, const char *service_name);

extern int PAM_NONNULL((1,2))
pam_test_set_user(pam_handle_t *pamh, const char *user);

extern int PAM_NONNULL((1))
pam_test_end(pam_handle_t *pamh);


which can be called from 'setUp()' and 'tearDown()' methods in unit-test
suite. Also functions like 'pam_get_data()', 'pam_set_data()', 'pam_get_user()',
'pam_syslog()' and others should be bypassed if necessary. Unfortunately,
work goes slowly as I can work on in only 2 hours a week :-(

So, if you could send me your modifications, it might save some time
for me.

Best regards,
Dan


P.S. One question to core PAM developers: what should I care about in
the test-specific adjustments of already existing functions? Of course,
I really want to "infect" core PAM library as less as possible!

More information about the Pam-list mailing list