URL: https://github.com/SSSD/sssd/pull/5945
Author: justin-stephenson
 Title: #5945: INTG: Restrict smartcard in sc auth tests
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5945/head:pr5945
git checkout pr5945
From a7bed5c50d2dfe3d977ac8a8a53e19aafdf5bbd3 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 10 Jan 2022 12:37:38 -0500
Subject: [PATCH 1/2] TESTS: Restrict smartcard in sc auth tests

Smartcard auth related tests can fail when tests are run on a
machine(F34) with a yubikey inserted. Add a p11_uri option to filter
only the softhsm2-used test cards.
---
 src/tests/cmocka/test_pam_srv.c      | 3 ++-
 src/tests/intg/test_pam_responder.py | 4 ++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index c86c32a907..bebda99a4d 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -289,6 +289,7 @@ static int pam_test_setup(void **state)
     };
 
     struct sss_test_conf_param pam_params[] = {
+        { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" },
         { "p11_child_timeout", "30" },
         { "pam_cert_verification", NULL },
         { NULL, NULL },             /* Sentinel */
@@ -3105,7 +3106,7 @@ void test_pam_preauth_ocsp_no_ocsp(void **state)
     };
 
     struct sss_test_conf_param pam_params[] = {
-        { CONFDB_PAM_P11_URI, NULL },
+        { CONFDB_PAM_P11_URI, "pkcs11:manufacturer=SoftHSM%20project" },
         { NULL, NULL },             /* Sentinel */
     };
 
diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py
index 866a79267c..ff599d3d40 100644
--- a/src/tests/intg/test_pam_responder.py
+++ b/src/tests/intg/test_pam_responder.py
@@ -134,6 +134,8 @@ def format_pam_cert_auth_conf(config):
         pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
                                    +pam_sss_try_sc, +pam_sss_allow_missing_name
         pam_cert_db_path = {config.PAM_CERT_DB_PATH}
+        p11_uri = pkcs11:manufacturer=SoftHSM%20project; \
+                  token=SSSD%20Test%20Token
         p11_child_timeout = 5
         p11_wait_for_card_timeout = 5
         debug_level = 10
@@ -164,6 +166,8 @@ def format_pam_cert_auth_conf_name_format(config):
         pam_p11_allowed_services = +pam_sss_service, +pam_sss_sc_required, \
                                    +pam_sss_try_sc, +pam_sss_allow_missing_name
         pam_cert_db_path = {config.PAM_CERT_DB_PATH}
+        p11_uri = pkcs11:manufacturer=SoftHSM%20project; \
+                  token=SSSD%20Test%20Token
         p11_child_timeout = 5
         p11_wait_for_card_timeout = 5
         debug_level = 10

From 40ecbdbefe665bf3fef12d3dfcc4ddcdf19ec586 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Mon, 17 Jan 2022 08:18:19 -0500
Subject: [PATCH 2/2] P11: Increase array size of extra_args

Setting the p11_uri for PAM smartcard auth tests leads to some
tests (test_pam_cert_autH) requiring >18 elements as arg_c.
---
 src/responder/pam/pamsrv_p11.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 0ad7d7590e..09b247de91 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -719,7 +719,7 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
     struct timeval tv;
     int pipefd_to_child[2] = PIPE_INIT;
     int pipefd_from_child[2] = PIPE_INIT;
-    const char *extra_args[18] = { NULL };
+    const char *extra_args[19] = { NULL };
     uint8_t *write_buf = NULL;
     size_t write_buf_len = 0;
     size_t arg_c;
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to