URL: https://github.com/SSSD/sssd/pull/5945
Author: justin-stephenson
Title: #5945: INTG: Restrict smartcard in sc auth tests
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5945/head:pr5945
git checkout pr5945
From a7bed5c50d2dfe3d977ac8a8a53e19aafdf5bbd3 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 10 Jan 2022 12:37:38 -0500
Subject: [PATCH 1/2] TESTS: Restrict smartcard in sc auth tests
Smartcard auth related tests can fail when tests are run on a
machine(F34) with a yubikey inserted. Add a p11_uri option to filter
only the softhsm2-used test cards.
---
src/tests/cmocka/test_pam_srv.c | 3 ++-
src/tests/intg/test_pam_responder.py | 4 ++++
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index c86c32a907..bebda99a4d 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -289,6 +289,7 @@ static int pam_test_setup(void **state)
};
struct sss_test_conf_param pam_params[] = {
+ { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" },
{ "p11_child_timeout", "30" },
{ "pam_cert_verification", NULL },
{ NULL, NULL }, /* Sentinel */
@@ -3105,7 +3106,7 @@ void test_pam_preauth_ocsp_no_ocsp(void **state)
};
struct sss_test_conf_param pam_params[] = {
- { CONFDB_PAM_P11_URI, NULL },
+ { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" },
{ NULL, NULL }, /* Sentinel */
};
diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py
index 866a79267c..ff599d3d40 100644
--- a/src/tests/intg/test_pam_responder.py
+++ b/src/tests/intg/test_pam_responder.py
@@ -134,6 +134,8 @@ def format_pam_cert_auth_conf(config):
pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
+pam_sss_try_sc, +pam_sss_allow_missing_name
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
+ p11_uri = pkcs11:manufacturer=SoftHSM%20project; \
+ token=SSSD%20Test%20Token
p11_child_timeout = 5
p11_wait_for_card_timeout = 5
debug_level = 10
@@ -164,6 +166,8 @@ def format_pam_cert_auth_conf_name_format(config):
pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
+pam_sss_try_sc, +pam_sss_allow_missing_name
pam_cert_db_path = {config.PAM_CERT_DB_PATH}
+ p11_uri = pkcs11:manufacturer=SoftHSM%20project; \
+ token=SSSD%20Test%20Token
p11_child_timeout = 5
p11_wait_for_card_timeout = 5
debug_level = 10
From 40ecbdbefe665bf3fef12d3dfcc4ddcdf19ec586 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 17 Jan 2022 08:18:19 -0500
Subject: [PATCH 2/2] P11: Increase array size of extra_args
Setting the p11_uri for PAM smartcard auth tests leads to some
tests (test_pam_cert_autH) requiring >18 elements as arg_c.
---
src/responder/pam/pamsrv_p11.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 0ad7d7590e..09b247de91 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -719,7 +719,7 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
struct timeval tv;
int pipefd_to_child[2] = PIPE_INIT;
int pipefd_from_child[2] = PIPE_INIT;
- const char *extra_args[18] = { NULL };
+ const char *extra_args[19] = { NULL };
uint8_t *write_buf = NULL;
size_t write_buf_len = 0;
size_t arg_c;
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
