URL: https://github.com/SSSD/sssd/pull/928 Author: pbrezina Title: #928: pam_sss: treat whitespace name as missing name if allow_missing_name is set Action: opened
PR body: """ Resolves: https://pagure.io/SSSD/sssd/issue/4101 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/928/head:pr928 git checkout pr928
From 00d7bd85ad0759657793e62cdfe64a715fbcf08a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Tue, 5 Nov 2019 11:54:23 +0100 Subject: [PATCH] pam_sss: treat whitespace name as missing name if allow_missing_name is set Resolves: https://pagure.io/SSSD/sssd/issue/4101 --- src/sss_client/pam_sss.c | 11 ++++++----- src/tests/cmocka/test_string_utils.c | 11 +++++++++++ src/tests/cmocka/test_utils.c | 1 + src/tests/cmocka/test_utils.h | 1 + src/tests/intg/test_pam_responder.py | 29 +++++++++++++++++++++++++++- src/util/string_utils.c | 18 +++++++++++++++++ src/util/util.h | 3 +++ 7 files changed, 68 insertions(+), 6 deletions(-) diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 7643e307ae..583ae99bd1 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1215,14 +1215,15 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t flags, ret = PAM_SUCCESS; } if (ret != PAM_SUCCESS) return ret; - if (pi->pam_user == NULL) { - if (flags & PAM_CLI_FLAGS_ALLOW_MISSING_NAME) { + if (flags & PAM_CLI_FLAGS_ALLOW_MISSING_NAME) { + if (is_string_empty_or_whitespace(pi->pam_user)) { pi->pam_user = ""; - } else { - D(("No user found, aborting.")); - return PAM_BAD_ITEM; } } + if (pi->pam_user == NULL) { + D(("No user found, aborting.")); + return PAM_BAD_ITEM; + } if (strcmp(pi->pam_user, "root") == 0) { D(("pam_sss will not handle root.")); return PAM_USER_UNKNOWN; diff --git a/src/tests/cmocka/test_string_utils.c b/src/tests/cmocka/test_string_utils.c index 57e6f2617b..7b0d1cf605 100644 --- a/src/tests/cmocka/test_string_utils.c +++ b/src/tests/cmocka/test_string_utils.c @@ -269,3 +269,14 @@ void test_concatenate_string_array(void **state) assert_true(check_leaks_pop(mem_ctx) == true); talloc_free(mem_ctx); } + +void test_is_string_empty_or_whitespace(void **state) +{ + assert_true(is_string_empty_or_whitespace(NULL)); + assert_true(is_string_empty_or_whitespace("")); + assert_true(is_string_empty_or_whitespace(" ")); + assert_true(is_string_empty_or_whitespace(" ")); + assert_true(is_string_empty_or_whitespace("\t ")); + assert_false(is_string_empty_or_whitespace("a")); + assert_false(is_string_empty_or_whitespace(" a")); +} diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index 666f329030..a9e797b305 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -2020,6 +2020,7 @@ int main(int argc, const char *argv[]) cmocka_unit_test(test_guid_blob_to_string_buf), cmocka_unit_test(test_get_last_x_chars), cmocka_unit_test(test_concatenate_string_array), + cmocka_unit_test(test_is_string_empty_or_whitespace), cmocka_unit_test_setup_teardown(test_add_strings_lists, setup_leak_tests, teardown_leak_tests), diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h index e93e0da253..5e59100d6f 100644 --- a/src/tests/cmocka/test_utils.h +++ b/src/tests/cmocka/test_utils.h @@ -32,5 +32,6 @@ void test_reverse_replace_whitespaces(void **state); void test_guid_blob_to_string_buf(void **state); void test_get_last_x_chars(void **state); void test_concatenate_string_array(void **state); +void test_is_string_empty_or_whitespace(void **state); #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */ diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index ad6bec7474..cb2bb69c13 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -618,7 +618,34 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): if sssctl.wait() != 0: raise Exception("sssctl failed") - assert err.find("pam_authenticate for user [user1]: Success") != -1 + assert err.find("pam_authenticate for user []: Success") != -1 + + +def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): + """ + Test pam_sss allow_missing_name feature. + """ + + sssctl = subprocess.Popen(["sssctl", "user-checks", " ", + "--action=auth", + "--service=pam_sss_allow_missing_name"], + universal_newlines=True, + env=env_for_sssctl, stdin=subprocess.PIPE, + stdout=subprocess.PIPE, stderr=subprocess.PIPE) + + try: + out, err = sssctl.communicate(input="123456") + except: + sssctl.kill() + out, err = sssctl.communicate() + + sssctl.stdin.close() + sssctl.stdout.close() + + if sssctl.wait() != 0: + raise Exception("sssctl failed") + + assert err.find("pam_authenticate for user []: Success") != -1 def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl): diff --git a/src/util/string_utils.c b/src/util/string_utils.c index 1215ec96a5..6c14f5bd5b 100644 --- a/src/util/string_utils.c +++ b/src/util/string_utils.c @@ -20,6 +20,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include <ctype.h> #include "util/util.h" char *sss_replace_char(TALLOC_CTX *mem_ctx, @@ -146,3 +147,20 @@ char **concatenate_string_array(TALLOC_CTX *mem_ctx, return string_array; } + +bool is_string_empty_or_whitespace(const char *str) +{ + int i; + + if (str == NULL) { + return true; + } + + for (i = 0; str[i] != '\0'; i++) { + if (!isspace(str[i])) { + return false; + } + } + + return true; +} diff --git a/src/util/util.h b/src/util/util.h index 2cbca43f79..7e79f6a330 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -661,6 +661,9 @@ char **concatenate_string_array(TALLOC_CTX *mem_ctx, char **arr1, size_t len1, char **arr2, size_t len2); +/* return true if string is null or consist only of whitespace chars */ +bool is_string_empty_or_whitespace(const char *str); + /* from become_user.c */ errno_t become_user(uid_t uid, gid_t gid); struct sss_creds;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org