tests: Turn on PAM support in sshd with pam_wrapper

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>

tests/CMakeLists.txt

@@ -47,6 +47,7 @@ if (WITH_CLIENT_TESTING)
     find_package(socket_wrapper 1.1.5 REQUIRED)
     find_package(nss_wrapper 1.1.2 REQUIRED)
     find_package(uid_wrapper 1.2.0 REQUIRED)
+    find_package(pam_wrapper 1.0.0 REQUIRED)
 
     find_program(SSHD_EXECUTABLE
                  NAME
@@ -76,11 +77,16 @@ if (WITH_CLIENT_TESTING)
     configure_file(etc/group.in ${CMAKE_CURRENT_BINARY_DIR}/etc/group @ONLY)
     configure_file(etc/hosts.in ${CMAKE_CURRENT_BINARY_DIR}/etc/hosts @ONLY)
 
-    set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}")
+    ### Setup pam_wrapper
+    configure_file(etc/pam_matrix_passdb.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam_matrix_passdb @ONLY)
+    configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
+
+    set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}")
     list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1)
     list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
     list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
     list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group)
+    list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d)
 
     # Give bob some keys
     file(COPY keys/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)

tests/etc/pam.d/sshd.in

@@ -0,0 +1,4 @@
+auth        required    @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+account     required    @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+password    required    @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+session     required    @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb

tests/etc/pam_matrix_passdb.in

@@ -0,0 +1,2 @@
+bob:secret:sshd
+alice:secret:sshd

tests/torture.c

@@ -915,6 +915,8 @@ static void torture_setup_create_sshd_config(void **state)
              "UsePrivilegeSeparation no\n"
              "StrictModes no\n"
              "\n"
+             "UsePAM yes\n"
+             "\n"
 #if OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 7
              "HostKeyAlgorithms +ssh-dss\n"
              "Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
@@ -958,6 +960,7 @@ void torture_setup_sshd_server(void **state)
     /* Set the default interface for the server */
     setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
     setenv("UID_WRAPPER_ROOT", "1", 1);
+    setenv("PAM_WRAPPER", "1", 1);
 
     s = *state;
 
@@ -970,6 +973,7 @@ void torture_setup_sshd_server(void **state)
 
     setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
     unsetenv("UID_WRAPPER_ROOT");
+    unsetenv("PAM_WRAPPER");
 }
 
 void torture_teardown_socket_dir(void **state)