Skip to content

Commit

Permalink
Tests: passkey su authentication update
Browse files Browse the repository at this point in the history 
The issue is an infinite loop in cares.
generate_unique_id() caused by 'LD_PRELOAD=/opt/random.so'.
generate_unique_id() is calling arc4random_buf() and the loop in cares
is keeping a list of old ids to avoid those. But arc4random_buf() is
overwritten by random.so and always returns the same value and as a
result the same id is always used and causes the infinite loop.

To make the environment only available to
passkey_child not to add those environment variable to
/etc/sysconfig/sssd but rename passkey_child.

Signed-off-by: Madhuri Upadhye <[email protected]>
  • Loading branch information
@madhuriupadhye
madhuriupadhye committed Nov 1, 2023
1 parent 798c657 commit 2f8ee23
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 10 deletions.
4 changes: 3 additions & 1 deletion sssd_test_framework/hosts/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ def backup(self) -> None:
backup /etc/sssd "{location}/config"
backup /var/log/sssd "{location}/logs"
backup /var/lib/sss "{location}/lib"
backup /usr/libexec/sssd/passkey_child "{location}/passkey_child.orig"
""",
log_level=SSHLog.Error,
)
Expand All @@ -165,10 +166,11 @@ def restore(self) -> None:
fi
}}
rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd
rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd /usr/libexec/sssd/passkey_child
restore "{self._backup_location}/config" /etc/sssd
restore "{self._backup_location}/logs" /var/log/sssd
restore "{self._backup_location}/lib" /var/lib/sss
restore "{self._backup_location}/passkey_child.orig" /usr/libexec/sssd/passkey_child
""",
log_level=SSHLog.Error,
)
35 changes: 26 additions & 9 deletions sssd_test_framework/utils/authentication.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -321,21 +321,34 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
:rtype: bool
"""
self.fs.backup("/etc/sysconfig/sssd")
import pdb; pdb.set_trace()
device_path = self.fs.upload_to_tmp(device, mode="a=r")
ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r")
script_path = self.fs.upload_to_tmp(script, mode="a=r")
#self.host.ssh.run(
# "mv -f /usr/libexec/sssd/passkey_child /usr/libexec/sssd/passkey_child.orig", raise_on_error=False
#)
import pdb; pdb.set_trace()
self.fs.backup("/usr/libexec/sssd/passkey_child")
#self.fs.truncate("/usr/libexec/sssd/passkey_child")
#sssd.clear(db=True, memcache=True, logs=True)

run_su = self.fs.mktmp(
rf"""
#!/bin/bash
set -ex
env | grep ^UMOCKDEV_ > /etc/sysconfig/sssd
printf "LD_PRELOAD=$LD_PRELOAD" >> /etc/sysconfig/sssd
systemctl restart sssd
chmod -R a+rwx $UMOCKDEV_DIR
su --shell /bin/sh nobody -c "su - '{username}'"
""",
#!/bin/bash
set -ex
echo '#!/bin/bash' > /usr/libexec/sssd/passkey_child
echo -n 'export ' >> /usr/libexec/sssd/passkey_child
env | grep ^UMOCKDEV_ >> /usr/libexec/sssd/passkey_child
echo -n 'export ' >> /usr/libexec/sssd/passkey_child
printf "LD_PRELOAD=$LD_PRELOAD\n" >> /usr/libexec/sssd/passkey_child
echo 'exec /usr/libexec/sssd/passkey_child.orig $@' >> /usr/libexec/sssd/passkey_child
chmod 755 /usr/libexec/sssd/passkey_child
systemctl restart sssd
chmod -R a+rwx $UMOCKDEV_DIR
su --shell /bin/sh nobody -c "su - '{username}'"
""",
mode="a=rx",
)

Expand Down Expand Up @@ -384,6 +397,10 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
"""
)

#self.host.ssh.run(
# "mv -f /usr/libexec/sssd/passkey_child.orig /usr/libexec/sssd/passkey_child", raise_on_error=False
#)

if result.rc > 200:
raise ExpectScriptError(result.rc)

Expand Down

0 comments on commit 2f8ee23

Please sign in to comment.