Integration test for confdir handling.

Add tests to cover StartConfDir with custom services path.

2 files changed, 46 insertions, 0 deletions

diff --git a/my-service b/my-service
new file mode 100644
index 0000000..2dfbc5a
--- /dev/null
+++ b/my-service
@@ -0,0 +1,2 @@
+# Custom stack to always permit, independent of the user name/pass
+auth	required			pam_permit.so
diff --git a/transaction_test.go b/transaction_test.go
index 2da45ab..c56edf2 100644
--- a/transaction_test.go
+++ b/transaction_test.go
@@ -166,6 +166,50 @@ func TestPAM_007(t *testing.T) {
 	}
 }
 
+func TestPAM_ConfDir(t *testing.T) {
+	u, _ := user.Current()
+	if u.Uid != "0" {
+		t.Skip("run this test as root")
+	}
+	c := Credentials{
+		// the custom service always permits even with wrong password.
+		Password: "wrongsecret",
+	}
+	tx, err := StartConfDir("my-service", "test", c, ".")
+	if !CheckPamHasStartConfdir() {
+		if err == nil {
+			t.Fatalf("start should have errored out as pam_start_confdir is not available: %v", err)
+		}
+		// nothing else we do, we don't support it.
+		return
+	}
+	if err != nil {
+		t.Fatalf("start #error: %v", err)
+	}
+	err = tx.Authenticate(0)
+	if err != nil {
+		t.Fatalf("authenticate #error: %v", err)
+	}
+}
+
+func TestPAM_ConfDir_FailNoServiceOrUnsupported(t *testing.T) {
+	u, _ := user.Current()
+	if u.Uid != "0" {
+		t.Skip("run this test as root")
+	}
+	c := Credentials{
+		Password: "secret",
+	}
+	_, err := StartConfDir("does-not-exists", "test", c, ".")
+	if err == nil {
+		t.Fatalf("authenticate #expected an error")
+	}
+	s := err.Error()
+	if len(s) == 0 {
+		t.Fatalf("error #expected an error message")
+	}
+}
+
 func TestItem(t *testing.T) {
 	tx, _ := StartFunc("passwd", "test", func(s Style, msg string) (string, error) {
 		return "", nil