68ef824a5f
And also ... - Related: upstream#941 - return multiple server addresses to the Kerberos locator plugin - Related: upstream#3652 - kdcinfo doesn't get populated for other domains - Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD closes its end of the pipe before reading all the SSH keys - Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully - Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being able to consume an @-sign in the user/group name. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
95 lines
3.3 KiB
Diff
95 lines
3.3 KiB
Diff
From 0adf4f50e9773afda2dc422b04163f19d946c150 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Tue, 19 Jun 2018 11:39:02 +0200
|
|
Subject: [PATCH] TESTS: Add a regression test for SIGHUP handling in
|
|
sss_ssh_authorizedkeys
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
A regression test for:
|
|
https://pagure.io/SSSD/sssd/issue/3747
|
|
|
|
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
(cherry picked from commit 4cc3c1a1b1070c12bcc4351880d8207e47b37496)
|
|
---
|
|
src/tests/intg/test_ssh_pubkey.py | 58 +++++++++++++++++++++++++++++++
|
|
1 file changed, 58 insertions(+)
|
|
|
|
diff --git a/src/tests/intg/test_ssh_pubkey.py b/src/tests/intg/test_ssh_pubkey.py
|
|
index fbf55566e341373873057ec4e3af1d7f83202aa7..8fb41c62d87ec210c9aad8582023fe1cb00f2b4e 100644
|
|
--- a/src/tests/intg/test_ssh_pubkey.py
|
|
+++ b/src/tests/intg/test_ssh_pubkey.py
|
|
@@ -24,6 +24,8 @@ import time
|
|
import ldap
|
|
import ldap.modlist
|
|
import pytest
|
|
+import string
|
|
+import random
|
|
|
|
import config
|
|
import ds_openldap
|
|
@@ -230,3 +232,59 @@ def test_ssh_pubkey_retrieve(add_user_with_ssh_key):
|
|
|
|
sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user2"])
|
|
assert len(sshpubkey) == 0
|
|
+
|
|
+
|
|
+@pytest.fixture()
|
|
+def sighup_client(request):
|
|
+ test_ssh_cli_path = os.path.join(config.ABS_BUILDDIR,
|
|
+ "..", "..", "..", "test_ssh_client")
|
|
+ assert os.access(test_ssh_cli_path, os.X_OK)
|
|
+ return test_ssh_cli_path
|
|
+
|
|
+
|
|
+@pytest.fixture
|
|
+def add_user_with_many_keys(request, ldap_conn):
|
|
+ # Generate a large list of unique ssh pubkeys
|
|
+ pubkey_list = []
|
|
+ while len(pubkey_list) < 50:
|
|
+ new_pubkey = list(USER1_PUBKEY1)
|
|
+ new_pubkey[10] = random.choice(string.ascii_uppercase)
|
|
+ new_pubkey[11] = random.choice(string.ascii_uppercase)
|
|
+ new_pubkey[12] = random.choice(string.ascii_uppercase)
|
|
+ str_new_pubkey = ''.join(c for c in new_pubkey)
|
|
+ if str_new_pubkey in pubkey_list:
|
|
+ continue
|
|
+ pubkey_list.append(str_new_pubkey)
|
|
+
|
|
+ ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
|
|
+ ent_list.add_user("user1", 1001, 2001, sshPubKey=pubkey_list)
|
|
+ create_ldap_fixture(request, ldap_conn, ent_list)
|
|
+
|
|
+ conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS)
|
|
+ create_conf_fixture(request, conf)
|
|
+ create_sssd_fixture(request)
|
|
+ return None
|
|
+
|
|
+
|
|
+def test_ssh_sighup(add_user_with_many_keys, sighup_client):
|
|
+ """
|
|
+ A regression test for https://pagure.io/SSSD/sssd/issue/3747
|
|
+
|
|
+ OpenSSH can close its end of the pipe towards sss_ssh_authorizedkeys
|
|
+ before all of the output is read. In that case, older versions
|
|
+ of sss_ssh_authorizedkeys were receiving a SIGPIPE
|
|
+ """
|
|
+ cli_path = sighup_client
|
|
+
|
|
+ # python actually does the sensible, but unexpected (for a C programmer)
|
|
+ # thing and handles SIGPIPE. In order to reproduce the bug, we need
|
|
+ # to unset the SIGPIPE handler
|
|
+ signal.signal(signal.SIGPIPE, signal.SIG_DFL)
|
|
+
|
|
+ process = subprocess.Popen([cli_path, "user1"],
|
|
+ stdout=subprocess.PIPE,
|
|
+ stderr=subprocess.PIPE)
|
|
+ _, _ = process.communicate()
|
|
+ # If the test tool detects that sss_ssh_authorizedkeys was killed with a
|
|
+ # signal, it would have returned 1
|
|
+ assert process.returncode == 0
|
|
--
|
|
2.17.1
|
|
|