From 2f8ee23b527921417c32491dcb51c26917323429 Mon Sep 17 00:00:00 2001 From: Madhuri Upadhye Date: Fri, 20 Oct 2023 14:55:14 +0530 Subject: [PATCH] Tests: passkey su authentication update The issue is an infinite loop in cares. generate_unique_id() caused by 'LD_PRELOAD=/opt/random.so'. generate_unique_id() is calling arc4random_buf() and the loop in cares is keeping a list of old ids to avoid those. But arc4random_buf() is overwritten by random.so and always returns the same value and as a result the same id is always used and causes the infinite loop. To make the environment only available to passkey_child not to add those environment variable to /etc/sysconfig/sssd but rename passkey_child. Signed-off-by: Madhuri Upadhye --- sssd_test_framework/hosts/client.py | 4 ++- sssd_test_framework/utils/authentication.py | 35 +++++++++++++++------ 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/sssd_test_framework/hosts/client.py b/sssd_test_framework/hosts/client.py index 5d56e169..b421b69d 100644 --- a/sssd_test_framework/hosts/client.py +++ b/sssd_test_framework/hosts/client.py @@ -140,6 +140,7 @@ def backup(self) -> None: backup /etc/sssd "{location}/config" backup /var/log/sssd "{location}/logs" backup /var/lib/sss "{location}/lib" + backup /usr/libexec/sssd/passkey_child "{location}/passkey_child.orig" """, log_level=SSHLog.Error, ) @@ -165,10 +166,11 @@ def restore(self) -> None: fi }} - rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd + rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd /usr/libexec/sssd/passkey_child restore "{self._backup_location}/config" /etc/sssd restore "{self._backup_location}/logs" /var/log/sssd restore "{self._backup_location}/lib" /var/lib/sss + restore "{self._backup_location}/passkey_child.orig" /usr/libexec/sssd/passkey_child """, log_level=SSHLog.Error, ) diff --git a/sssd_test_framework/utils/authentication.py b/sssd_test_framework/utils/authentication.py index 8b82c0de..af24845a 100644 --- a/sssd_test_framework/utils/authentication.py +++ b/sssd_test_framework/utils/authentication.py @@ -321,21 +321,34 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr :rtype: bool """ self.fs.backup("/etc/sysconfig/sssd") + import pdb; pdb.set_trace() device_path = self.fs.upload_to_tmp(device, mode="a=r") ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r") script_path = self.fs.upload_to_tmp(script, mode="a=r") + #self.host.ssh.run( + # "mv -f /usr/libexec/sssd/passkey_child /usr/libexec/sssd/passkey_child.orig", raise_on_error=False + #) + import pdb; pdb.set_trace() + self.fs.backup("/usr/libexec/sssd/passkey_child") + #self.fs.truncate("/usr/libexec/sssd/passkey_child") + #sssd.clear(db=True, memcache=True, logs=True) run_su = self.fs.mktmp( rf""" - #!/bin/bash - set -ex - env | grep ^UMOCKDEV_ > /etc/sysconfig/sssd - printf "LD_PRELOAD=$LD_PRELOAD" >> /etc/sysconfig/sssd - systemctl restart sssd - chmod -R a+rwx $UMOCKDEV_DIR - - su --shell /bin/sh nobody -c "su - '{username}'" - """, + #!/bin/bash + set -ex + echo '#!/bin/bash' > /usr/libexec/sssd/passkey_child + echo -n 'export ' >> /usr/libexec/sssd/passkey_child + env | grep ^UMOCKDEV_ >> /usr/libexec/sssd/passkey_child + echo -n 'export ' >> /usr/libexec/sssd/passkey_child + printf "LD_PRELOAD=$LD_PRELOAD\n" >> /usr/libexec/sssd/passkey_child + echo 'exec /usr/libexec/sssd/passkey_child.orig $@' >> /usr/libexec/sssd/passkey_child + chmod 755 /usr/libexec/sssd/passkey_child + systemctl restart sssd + chmod -R a+rwx $UMOCKDEV_DIR + + su --shell /bin/sh nobody -c "su - '{username}'" + """, mode="a=rx", ) @@ -384,6 +397,10 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr """ ) + #self.host.ssh.run( + # "mv -f /usr/libexec/sssd/passkey_child.orig /usr/libexec/sssd/passkey_child", raise_on_error=False + #) + if result.rc > 200: raise ExpectScriptError(result.rc)