Tests: passkey su authentication update

The issue is an infinite loop in cares. generate_unique_id() caused by 'LD_PRELOAD=/opt/random.so'. generate_unique_id() is calling arc4random_buf() and the loop in cares is keeping a list of old ids to avoid those. But arc4random_buf() is overwritten by random.so and always returns the same value and as a result the same id is always used and causes the infinite loop. To make the environment only available to passkey_child not to add those environment variable to /etc/sysconfig/sssd but rename passkey_child. Signed-off-by: Madhuri Upadhye <[email protected]>
SSSD · Nov 10, 2023 · 053afb6 · 053afb6
1 parent d98fb8d
commit 053afb6
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/sssd_test_framework/utils/authentication.py b/sssd_test_framework/utils/authentication.py
@@ -320,24 +320,36 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
         :return: True if authentication was successful, False otherwise.
         :rtype: bool
         """
-        self.fs.backup("/etc/sysconfig/sssd")
+        #self.fs.backup("/usr/libexec/sssd/passkey_child")
+        self.fs.copy("/usr/libexec/sssd/passkey_child", "/usr/libexec/sssd/passkey_child.orig")
+        #self.host.ssh.run("rm -f /usr/libexec/sssd/passkey_child", raise_on_error=False)
+
         device_path = self.fs.upload_to_tmp(device, mode="a=r")
         ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r")
         script_path = self.fs.upload_to_tmp(script, mode="a=r")
 
+        content_run_su = """
+                #!/bin/bash
+                export LD_PRELOAD=/opt/random.so:libumockdev-preload.so.0
+                exec /usr/libexec/sssd/passkey_child.orig $@
+                """
+        self.fs.write("/usr/libexec/sssd/passkey_child", content_run_su, mode="0755")
+
         run_su = self.fs.mktmp(
             rf"""
-            #!/bin/bash
-            set -ex
-            env | grep ^UMOCKDEV_ > /etc/sysconfig/sssd
-            printf "LD_PRELOAD=$LD_PRELOAD" >> /etc/sysconfig/sssd
-            systemctl restart sssd
-            chmod -R a+rwx $UMOCKDEV_DIR
-
-            su --shell /bin/sh nobody -c "su - '{username}'"
-            """,
+                #!/bin/bash
+                set -ex
+                echo "" >> /usr/libexec/sssd/passkey_child
+                echo -n 'export ' >> /usr/libexec/sssd/passkey_child
+                env | grep ^UMOCKDEV_ >> /usr/libexec/sssd/passkey_child
+                systemctl restart sssd
+                chmod -R a+rwx $UMOCKDEV_DIR
+
+                su --shell /bin/sh nobody -c "su - '{username}'"
+                """,
             mode="a=rx",
         )
+        import pdb; pdb.set_trace()
 
         playback_umockdev = self.fs.mktmp(
             rf"""
@@ -384,6 +396,8 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
             """
         )
 
+        self.fs.restore("/usr/libexec/sssd/passkey_child")
+
         if result.rc > 200:
             raise ExpectScriptError(result.rc)