configure.in Added basic PAM support. Unlock default keyring on login if

	* daemon/gnome-keyring-daemon.c:
	* daemon/gnome-keyring-daemon-ops.c:
	* daemon/Makefile.am:
	* keyrings/gkr-keyring.c:
	* keyrings/gkr-keyring.h:
	* library/Makefile.am:
	* pam/gkr-pam-module.c: (added)
	* pam/Makefile.am: (added) 
	* tests/Makefile.am:
	* tests/unit-test-pam.c: (added)
	* tests/unit-test-pam-setup.c: (added)
	* configure.in
	* Makefile.am: Added basic PAM support. Unlock default keyring
	on login if the password matches.

svn path=/trunk/; revision=700

3 files changed, 242 insertions, 2 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 05e4a60e..df447c6c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -15,14 +15,22 @@ LIBS = \
 	$(GLIB_LIBS) \
 	$(GTHREAD_LIBS)
 	
+if WITH_PAM
+PAM_TEST = run-pam-test
+else
+PAM_TEST = 
+endif
+	
 noinst_PROGRAMS= \
 	list-keyrings \
 	test-keyring \
 	test-keyring-two \
 	run-library-test \
 	run-prompt-test \
-	run-base-test
+	run-base-test \
+	$(PAM_TEST)
 	
+# ------------------------------------------------------------------------------
 # Simply list all the keyrings and whatever they have access to
 
 list_keyrings_SOURCES = \
@@ -31,6 +39,7 @@ list_keyrings_SOURCES = \
 list_keyrings_LDADD = \
 	$(top_builddir)/library/libgnome-keyring.la
 
+# ------------------------------------------------------------------------------
 # A generic testing program
 
 test_keyring_SOURCES = \
@@ -107,7 +116,25 @@ run_prompt_test_SOURCES = \
 run_prompt_test_LDADD = \
 	$(top_builddir)/library/libgnome-keyring.la
 
-# -----------------------------------------------------------------------------
+# ------------------------------------------------------------------------------
+# PAM tests
+
+UNIT_TESTS_PAM = \
+	unit-test-pam-setup.c \
+	unit-test-pam.c
+	
+run-pam-test.c: $(UNIT_TESTS_PAM) unit-tests-prep.sh Makefile.am
+	sh unit-tests-prep.sh -b run-pam-test $(UNIT_TESTS_PAM)
+	
+run_pam_test_SOURCES = \
+	run-pam-test.c \
+	run-pam-test.h \
+	$(UNIT_TESTS_PAM)
+	
+run_pam_test_LDADD = \
+	-lpam 
+
+# ------------------------------------------------------------------------------
 # Run the tests
 
 run-auto-tests: $(noinst_PROGRAMS)
diff --git a/tests/unit-test-pam-setup.c b/tests/unit-test-pam-setup.c
new file mode 100644
index 00000000..23a32367
--- /dev/null
+++ b/tests/unit-test-pam-setup.c
@@ -0,0 +1,128 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* unit-test-pam-setup.c: Setup for PAM tests
+
+   Copyright (C) 2007 Stefan Walter
+
+   The Gnome Keyring Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The Gnome Keyring Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the Gnome Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+
+   Author: Stef Walter <stef@memberwebs.com>
+*/
+
+#include <sys/types.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+#include <unistd.h>
+
+#include "run-pam-test.h"
+
+#include <security/pam_appl.h>
+
+/* 
+ * Each test looks like (on one line):
+ *     void unit_test_xxxxx (CuTest* cu)
+ * 
+ * Each setup looks like (on one line):
+ *     void unit_setup_xxxxx (void);
+ * 
+ * Each teardown looks like (on one line):
+ *     void unit_teardown_xxxxx (void);
+ * 
+ * Tests be run in the order specified here.
+ */
+
+/* Used directly by the other tests */
+pam_handle_t *test_pamh = NULL;
+  
+static int
+conv_func (int n, const struct pam_message **msg,
+           struct pam_response **resp, void *arg)
+{
+        struct pam_response *aresp;
+        int i;
+	
+	g_assert (n > 0 && n < PAM_MAX_NUM_MSG);
+	aresp = g_new0(struct pam_response, n);
+	
+        for (i = 0; i < n; ++i) {
+		aresp[i].resp_retcode = 0;
+		aresp[i].resp = NULL;
+		switch (msg[i]->msg_style) {
+		case PAM_PROMPT_ECHO_OFF:
+			aresp[i].resp = getpass (msg[i]->msg);
+			g_assert (aresp[i].resp != NULL);
+			break;
+		case PAM_PROMPT_ECHO_ON:
+			aresp[i].resp = getpass (msg[i]->msg);
+			g_assert (aresp[i].resp != NULL);
+			break;
+		case PAM_ERROR_MSG:
+			fputs(msg[i]->msg, stderr);
+			if (strlen(msg[i]->msg) > 0 &&
+			    msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
+				fputc('\n', stderr);
+			break;
+                case PAM_TEXT_INFO:
+			fputs(msg[i]->msg, stdout);
+			if (strlen(msg[i]->msg) > 0 &&
+			    msg[i]->msg[strlen(msg[i]->msg) - 1] != '\n')
+				fputc('\n', stdout);
+        		break;
+        	default:
+        		return PAM_CONV_ERR;
+		}
+        }
+	*resp = aresp;
+	return PAM_SUCCESS;
+}  
+
+struct pam_conv conv = { conv_func, NULL };
+
+void unit_setup_pam (void)
+{
+	char user[1024];
+	int ret;
+	
+	printf ("Make sure the PAM module is installed by doing:\n"	
+		"# make install-pam\n"
+		"\n"
+		"Then make /etc/pam.d/testgkr contains:\n"
+		"\n"
+		"auth    required        pam_unix.so nullok_secure\n"
+		"auth    optional        pam_gnome_keyring.so try_first_pass\n"
+		"session required        pam_unix.so\n"
+		"session optional        pam_gnome_keyring.so\n"
+		"\n");
+	sleep (1);
+	
+	printf ("User: ");
+	fgets (user, sizeof (user), stdin);
+	
+	g_strstrip (user);
+
+	ret = pam_start ("testgkr", user[0] ? user : g_get_user_name (), &conv, &test_pamh);
+	if (ret != PAM_SUCCESS)
+		g_error ("couldn't initialize pam");
+		
+	g_assert (test_pamh);
+}	
+
+void unit_teardown_pam (void)
+{
+	g_assert (test_pamh);
+	pam_end (test_pamh, PAM_SUCCESS);
+}
diff --git a/tests/unit-test-pam.c b/tests/unit-test-pam.c
new file mode 100644
index 00000000..05822b15
--- /dev/null
+++ b/tests/unit-test-pam.c
@@ -0,0 +1,85 @@
+/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */
+/* unit-test-pam.c: Test PAM module
+
+   Copyright (C) 2007 Stefan Walter
+
+   The Gnome Keyring Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The Gnome Keyring Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the Gnome Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+
+   Author: Stef Walter <stef@memberwebs.com>
+*/
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "run-pam-test.h"
+
+#include <security/pam_appl.h>
+
+/* 
+ * Each test looks like (on one line):
+ *     void unit_test_xxxxx (CuTest* cu)
+ * 
+ * Each setup looks like (on one line):
+ *     void unit_setup_xxxxx (void);
+ * 
+ * Each teardown looks like (on one line):
+ *     void unit_teardown_xxxxx (void);
+ * 
+ * Tests be run in the order specified here.
+ */
+ 
+extern pam_handle_t *test_pamh;
+
+void unit_test_pam_open (CuTest* cu)
+{
+	char** pam_env;
+
+	/* Clear out this environment variable so we force a new daemon */
+	putenv("GNOME_KEYRING_SOCKET=");
+
+	int ret = pam_authenticate (test_pamh, 0);
+	if (ret != PAM_SUCCESS)
+		g_printerr ("Bad user/password?\n\n");
+	CuAssertIntEquals (cu, PAM_SUCCESS, ret);
+	
+	pam_env = pam_getenvlist (test_pamh);
+	while (*pam_env)
+		putenv ((char*)*(pam_env++));
+
+	ret = pam_open_session (test_pamh, 0);
+	CuAssertIntEquals (cu, PAM_SUCCESS, ret);
+}
+
+void unit_test_pam_env (CuTest* cu)
+{
+	const char *socket;
+
+		
+	socket = g_getenv ("GNOME_KEYRING_SOCKET");
+	CuAssert (cu, "socket should have been setup", socket && socket[0]);
+	CuAssert (cu, "socket should have been created", g_file_test (socket, G_FILE_TEST_EXISTS));
+
+	g_printerr ("GNOME_KEYRING_SOCKET is: %s\n", g_getenv ("GNOME_KEYRING_SOCKET"));
+	sleep (3);
+}
+
+void unit_test_pam_close (CuTest* cu)
+{
+	int ret = pam_close_session (test_pamh, 0);
+	CuAssertIntEquals (cu, PAM_SUCCESS, ret);
+}