diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-20 15:22:35 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-20 15:22:35 +0000 |
| commit | 5d14aabf1d1d96dd8f6ec594ee65863ddbfc087a (patch) | |
| tree | e2579d97e9db101bab6d2512206b2911d91f7c35 /src/tests/intg | |
| parent | Adding debian version 2.9.4-2. (diff) | |
| download | sssd-5d14aabf1d1d96dd8f6ec594ee65863ddbfc087a.tar.xz sssd-5d14aabf1d1d96dd8f6ec594ee65863ddbfc087a.zip | |
Merging upstream version 2.9.5.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/tests/intg')
| -rw-r--r-- | src/tests/intg/Makefile.am | 2 | ||||
| -rw-r--r-- | src/tests/intg/Makefile.in | 3 | ||||
| -rw-r--r-- | src/tests/intg/test_files_provider.py | 13 | ||||
| -rw-r--r-- | src/tests/intg/test_pam_responder.py | 75 |
4 files changed, 91 insertions, 2 deletions
diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 3866d3c..0cfd268 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -199,6 +199,7 @@ clean-local: PAM_CERT_DB_PATH="$(abs_builddir)/../test_CA/SSSD_test_CA.pem" SOFTHSM2_CONF="$(abs_builddir)/../test_CA/softhsm2_one.conf" +SOFTHSM2_TWO_CONF="$(abs_builddir)/../test_CA/softhsm2_two.conf" intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service pam_sss_sc_required pam_sss_try_sc pam_sss_allow_missing_name pam_sss_domains sss_netgroup_thread_test pipepath="$(DESTDIR)$(pipepath)"; \ @@ -233,6 +234,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service PAM_CERT_DB_PATH=$(PAM_CERT_DB_PATH) \ ABS_SRCDIR=$(abs_srcdir) \ SOFTHSM2_CONF=$(SOFTHSM2_CONF) \ + SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \ KCM_RENEW=$(KCM_RENEW) \ FILES_PROVIDER=$(FILES_PROVIDER) \ DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \ diff --git a/src/tests/intg/Makefile.in b/src/tests/intg/Makefile.in index 32df7c7..14048fe 100644 --- a/src/tests/intg/Makefile.in +++ b/src/tests/intg/Makefile.in @@ -366,6 +366,7 @@ HAVE_PYTHON3_BINDINGS = @HAVE_PYTHON3_BINDINGS@ HAVE_SELINUX = @HAVE_SELINUX@ HAVE_SEMANAGE = @HAVE_SEMANAGE@ HAVE_UID_WRAPPER = @HAVE_UID_WRAPPER@ +IDMAP_SAMBA_LIBS = @IDMAP_SAMBA_LIBS@ INI_CONFIG_CFLAGS = @INI_CONFIG_CFLAGS@ INI_CONFIG_LIBS = @INI_CONFIG_LIBS@ INI_CONFIG_V0_CFLAGS = @INI_CONFIG_V0_CFLAGS@ @@ -730,6 +731,7 @@ PAM_SERVICE_DIR = pam_service_dir CLEANFILES = config.py config.pyc passwd group PAM_CERT_DB_PATH = "$(abs_builddir)/../test_CA/SSSD_test_CA.pem" SOFTHSM2_CONF = "$(abs_builddir)/../test_CA/softhsm2_one.conf" +SOFTHSM2_TWO_CONF = "$(abs_builddir)/../test_CA/softhsm2_two.conf" all: all-am .SUFFIXES: @@ -1333,6 +1335,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service PAM_CERT_DB_PATH=$(PAM_CERT_DB_PATH) \ ABS_SRCDIR=$(abs_srcdir) \ SOFTHSM2_CONF=$(SOFTHSM2_CONF) \ + SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \ KCM_RENEW=$(KCM_RENEW) \ FILES_PROVIDER=$(FILES_PROVIDER) \ DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \ diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index fa503dd..c318d73 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -456,6 +456,19 @@ def sssd_id_sync(name): return res, groups +def sync_files_provider(name=None): + """ + Tests with files provider can fail because files provider did not yet + finish updating its cache. Polling for presents of the canary user makes + sure that we wait until the cache is updated. + """ + if name is None: + name = CANARY["name"] + + ret = poll_canary(call_sssd_getpwnam, name) + assert ret + + # Helper functions def user_generator(seqnum): return dict(name='user%d' % seqnum, diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index 1fc3937..a4b36c0 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -34,6 +34,7 @@ import kdc import pytest +from .test_files_provider import sync_files_provider from intg.util import unindent LDAP_BASE_DN = "dc=example,dc=com" @@ -168,7 +169,7 @@ def format_pam_cert_auth_conf(config, provider): {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) @@ -201,7 +202,7 @@ def format_pam_cert_auth_conf_name_format(config, provider): {provider.p} [certmap/auth_only/user1] - matchrule = <SUBJECT>.*CN=SSSD test cert 0001.* + matchrule = <SUBJECT>.*CN=SSSD test cert 000[12].* """).format(**locals()) @@ -381,6 +382,28 @@ def simple_pam_cert_auth_no_cert(request, passwd_ops_setup): @pytest.fixture +def simple_pam_cert_auth_two_certs(request, passwd_ops_setup): + """Setup SSSD with pam_cert_auth=True""" + config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] + + old_softhsm2_conf = os.environ['SOFTHSM2_CONF'] + softhsm2_two_conf = os.environ['SOFTHSM2_TWO_CONF'] + os.environ['SOFTHSM2_CONF'] = softhsm2_two_conf + + conf = format_pam_cert_auth_conf(config, provider_switch(request.param)) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + + os.environ['SOFTHSM2_CONF'] = old_softhsm2_conf + + passwd_ops_setup.useradd(**USER1) + passwd_ops_setup.useradd(**USER2) + sync_files_provider(USER2['name']) + + return None + + +@pytest.fixture def simple_pam_cert_auth_name_format(request, passwd_ops_setup): """Setup SSSD with pam_cert_auth=True and full_name_format""" config.PAM_CERT_DB_PATH = os.environ['PAM_CERT_DB_PATH'] @@ -522,6 +545,54 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "user1", + "--action=auth", "--service=pam_sss_service"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + +@pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) +def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl): + + sssctl = subprocess.Popen(["sssctl", "user-checks", "", + "--action=auth", "--service=pam_sss_allow_missing_name"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="2\n123456") + except Exception: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user [user1]: Success") != -1 + + @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True) def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): """ |