URL: https://github.com/SSSD/sssd/pull/5945 Author: justin-stephenson Title: #5945: INTG: Restrict smartcard in sc auth tests Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5945/head:pr5945 git checkout pr5945
From a7bed5c50d2dfe3d977ac8a8a53e19aafdf5bbd3 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Mon, 10 Jan 2022 12:37:38 -0500 Subject: [PATCH 1/2] TESTS: Restrict smartcard in sc auth tests Smartcard auth related tests can fail when tests are run on a machine(F34) with a yubikey inserted. Add a p11_uri option to filter only the softhsm2-used test cards. --- src/tests/cmocka/test_pam_srv.c | 3 ++- src/tests/intg/test_pam_responder.py | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c index c86c32a907..bebda99a4d 100644 --- a/src/tests/cmocka/test_pam_srv.c +++ b/src/tests/cmocka/test_pam_srv.c @@ -289,6 +289,7 @@ static int pam_test_setup(void **state) }; struct sss_test_conf_param pam_params[] = { + { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" }, { "p11_child_timeout", "30" }, { "pam_cert_verification", NULL }, { NULL, NULL }, /* Sentinel */ @@ -3105,7 +3106,7 @@ void test_pam_preauth_ocsp_no_ocsp(void **state) }; struct sss_test_conf_param pam_params[] = { - { CONFDB_PAM_P11_URI, NULL }, + { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" }, { NULL, NULL }, /* Sentinel */ }; diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index 866a79267c..ff599d3d40 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -134,6 +134,8 @@ def format_pam_cert_auth_conf(config): pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \ +pam_sss_try_sc, +pam_sss_allow_missing_name pam_cert_db_path = {config.PAM_CERT_DB_PATH} + p11_uri = pkcs11:manufacturer=SoftHSM%20project; \ + token=SSSD%20Test%20Token p11_child_timeout = 5 p11_wait_for_card_timeout = 5 debug_level = 10 @@ -164,6 +166,8 @@ def format_pam_cert_auth_conf_name_format(config): pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \ +pam_sss_try_sc, +pam_sss_allow_missing_name pam_cert_db_path = {config.PAM_CERT_DB_PATH} + p11_uri = pkcs11:manufacturer=SoftHSM%20project; \ + token=SSSD%20Test%20Token p11_child_timeout = 5 p11_wait_for_card_timeout = 5 debug_level = 10 From 40ecbdbefe665bf3fef12d3dfcc4ddcdf19ec586 Mon Sep 17 00:00:00 2001 From: Justin Stephenson <jstep...@redhat.com> Date: Mon, 17 Jan 2022 08:18:19 -0500 Subject: [PATCH 2/2] P11: Increase array size of extra_args Setting the p11_uri for PAM smartcard auth tests leads to some tests (test_pam_cert_autH) requiring >18 elements as arg_c. --- src/responder/pam/pamsrv_p11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c index 0ad7d7590e..09b247de91 100644 --- a/src/responder/pam/pamsrv_p11.c +++ b/src/responder/pam/pamsrv_p11.c @@ -719,7 +719,7 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, struct timeval tv; int pipefd_to_child[2] = PIPE_INIT; int pipefd_from_child[2] = PIPE_INIT; - const char *extra_args[18] = { NULL }; + const char *extra_args[19] = { NULL }; uint8_t *write_buf = NULL; size_t write_buf_len = 0; size_t arg_c;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure