libpamtest: Use root for pam_faillock test

pyllyukko · Jan 28, 2025 · 7dd2c95 · 7dd2c95
1 parent ec33b73
commit 7dd2c95
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 6 deletions.
diff --git a/.github/workflows/pam.yml b/.github/workflows/pam.yml
@@ -88,7 +88,7 @@ jobs:
           tests/test -t 7 -r 0
           echo '[*] Test 12'
           # Wrong password
-          tests/test -t 8
+          tests/test -t 8 -r 0
       - name: Harden PAM
         run: |
           ansible-playbook harden.yml --tags pam --skip-tags slackware
@@ -105,9 +105,13 @@ jobs:
           # Use of su should be denied
           tests/test -t 7 -r 2
           # Test failed login & pam_faillock
-          sudo tests/test -t 8
+          sudo tests/test -t 8 -r 2
+          sudo tests/test -t 8 -r 2
+          sudo tests/test -t 8 -r 2
+          sudo tests/test -t 8 -r 2
+          sudo tests/test -t 8 -r 2
           sudo ls -l /var/run/faillock/
-          sudo faillock --user nobody
+          sudo faillock --user root
       - name: chmod /var/log/auth.log
         run: sudo chmod -c 644 /var/log/auth.log
       - name: Archive auth.log

diff --git a/tests/test.c b/tests/test.c
@@ -66,9 +66,8 @@ static void test_pam_authenticate_wrong_password(void **state)
   ZERO_STRUCT(conv_data);
   conv_data.in_echo_off = trinity_authtoks;
 
-  perr = run_pamtest("login", "nobody", &conv_data, tests, NULL);
-  // tests specify PAM_AUTH_ERR as the expected result
-  assert_int_equal(perr, PAMTEST_ERR_OK);
+  perr = run_pamtest("login", "root", &conv_data, tests, NULL);
+  assert_int_equal(perr, testcase);
 }
 static void test_pam_authenticate_nobody(void **state)
 {