eb6c560542
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
on the directory /etc/sssd
122 lines
4.3 KiB
Diff
122 lines
4.3 KiB
Diff
From 84946be361a17bbb593f246849bd1357aa2f79da Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 20 Oct 2016 11:48:22 +0200
|
|
Subject: [PATCH 15/39] PAM: add a test for filter_responses()
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit c8fe1d922b254aa92e74f428135ada3c8bde87a1)
|
|
(cherry picked from commit 0157678081e299660105c753f2d2ac2081960bca)
|
|
---
|
|
src/responder/pam/pamsrv.h | 3 +++
|
|
src/responder/pam/pamsrv_cmd.c | 4 ++--
|
|
src/tests/cmocka/test_pam_srv.c | 52 +++++++++++++++++++++++++++++++++++++++++
|
|
3 files changed, 57 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
|
|
index e686d03a4..8437d082e 100644
|
|
--- a/src/responder/pam/pamsrv.h
|
|
+++ b/src/responder/pam/pamsrv.h
|
|
@@ -99,4 +99,7 @@ errno_t
|
|
pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain,
|
|
const char *username,
|
|
uint64_t value);
|
|
+
|
|
+errno_t filter_responses(struct confdb_ctx *cdb,
|
|
+ struct response_data *resp_list);
|
|
#endif /* __PAMSRV_H__ */
|
|
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
|
index e52fc7642..b3690d763 100644
|
|
--- a/src/responder/pam/pamsrv_cmd.c
|
|
+++ b/src/responder/pam/pamsrv_cmd.c
|
|
@@ -470,8 +470,8 @@ fail:
|
|
return ret;
|
|
}
|
|
|
|
-static errno_t filter_responses(struct confdb_ctx *cdb,
|
|
- struct response_data *resp_list)
|
|
+errno_t filter_responses(struct confdb_ctx *cdb,
|
|
+ struct response_data *resp_list)
|
|
{
|
|
int ret;
|
|
struct response_data *resp;
|
|
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
|
|
index 4b2dea4be..41d177233 100644
|
|
--- a/src/tests/cmocka/test_pam_srv.c
|
|
+++ b/src/tests/cmocka/test_pam_srv.c
|
|
@@ -31,6 +31,7 @@
|
|
#include "responder/pam/pam_helpers.h"
|
|
#include "sss_client/pam_message.h"
|
|
#include "sss_client/sss_cli.h"
|
|
+#include "confdb/confdb.h"
|
|
|
|
#include "util/crypto/sss_crypto.h"
|
|
#ifdef HAVE_NSS
|
|
@@ -1759,6 +1760,54 @@ void test_pam_cert_auth(void **state)
|
|
assert_int_equal(ret, EOK);
|
|
}
|
|
|
|
+void test_filter_response(void **state)
|
|
+{
|
|
+ int ret;
|
|
+ struct pam_data *pd;
|
|
+ uint8_t offline_auth_data[(sizeof(uint32_t) + sizeof(int64_t))];
|
|
+ uint32_t info_type;
|
|
+
|
|
+ struct sss_test_conf_param pam_params[] = {
|
|
+ { CONFDB_PAM_VERBOSITY, "1" },
|
|
+ { NULL, NULL }, /* Sentinel */
|
|
+ };
|
|
+
|
|
+ ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ pd = talloc_zero(pam_test_ctx, struct pam_data);
|
|
+ assert_non_null(pd);
|
|
+
|
|
+ info_type = SSS_PAM_USER_INFO_OFFLINE_AUTH;
|
|
+ memset(offline_auth_data, 0, sizeof(offline_auth_data));
|
|
+ memcpy(offline_auth_data, &info_type, sizeof(uint32_t));
|
|
+ ret = pam_add_response(pd, SSS_PAM_USER_INFO,
|
|
+ sizeof(offline_auth_data), offline_auth_data);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ assert_true(pd->resp_list->do_not_send_to_client);
|
|
+
|
|
+ pam_params[0].value = "0";
|
|
+ ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ assert_true(pd->resp_list->do_not_send_to_client);
|
|
+
|
|
+ /* SSS_PAM_USER_INFO_OFFLINE_AUTH message will only be shown with
|
|
+ * pam_verbosity 2 or above if cache password never expires. */
|
|
+ pam_params[0].value = "2";
|
|
+ ret = add_pam_params(pam_params, pam_test_ctx->rctx->cdb);
|
|
+ assert_int_equal(ret, EOK);
|
|
+
|
|
+ ret = filter_responses(pam_test_ctx->rctx->cdb, pd->resp_list);
|
|
+ assert_int_equal(ret, EOK);
|
|
+ assert_false(pd->resp_list->do_not_send_to_client);
|
|
+}
|
|
+
|
|
int main(int argc, const char *argv[])
|
|
{
|
|
int rv;
|
|
@@ -1870,6 +1919,9 @@ int main(int argc, const char *argv[])
|
|
pam_test_setup_no_verification,
|
|
pam_test_teardown),
|
|
#endif /* HAVE_NSS */
|
|
+
|
|
+ cmocka_unit_test_setup_teardown(test_filter_response,
|
|
+ pam_test_setup, pam_test_teardown),
|
|
};
|
|
|
|
/* Set debug level to invalid value so we can deside if -d 0 was used. */
|
|
--
|
|
2.11.0
|
|
|