From e2b88b48967abc9396c199626997e3181cde89b9 Mon Sep 17 00:00:00 2001
From: Madhuri Upadhye <mupadhye@redhat.com>
Date: Fri, 20 Oct 2023 14:55:14 +0530
Subject: [PATCH] Tests: passkey su authentication update

The issue is an infinite loop in cares.
generate_unique_id() caused by 'LD_PRELOAD=/opt/random.so'.
generate_unique_id() is calling arc4random_buf() and the loop in cares
is keeping a list of old ids to avoid those. But arc4random_buf() is
overwritten by random.so and always returns the same value and as a
result the same id is always used and causes the infinite loop.

To make the environment only available to
passkey_child not to add those environment variable to
/etc/sysconfig/sssd but rename passkey_child.

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
---
 sssd_test_framework/utils/authentication.py | 28 +++++++++++++--------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/sssd_test_framework/utils/authentication.py b/sssd_test_framework/utils/authentication.py
index 8b82c0de..5445fd3e 100644
--- a/sssd_test_framework/utils/authentication.py
+++ b/sssd_test_framework/utils/authentication.py
@@ -320,22 +320,28 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
         :return: True if authentication was successful, False otherwise.
         :rtype: bool
         """
-        self.fs.backup("/etc/sysconfig/sssd")
+        self.fs.backup("/usr/libexec/sssd/passkey_child")
+        self.fs.copy("/usr/libexec/sssd/passkey_child", "/usr/libexec/sssd/passkey_child.orig")
+
         device_path = self.fs.upload_to_tmp(device, mode="a=r")
         ioctl_path = self.fs.upload_to_tmp(ioctl, mode="a=r")
         script_path = self.fs.upload_to_tmp(script, mode="a=r")
 
         run_su = self.fs.mktmp(
             rf"""
-            #!/bin/bash
-            set -ex
-            env | grep ^UMOCKDEV_ > /etc/sysconfig/sssd
-            printf "LD_PRELOAD=$LD_PRELOAD" >> /etc/sysconfig/sssd
-            systemctl restart sssd
-            chmod -R a+rwx $UMOCKDEV_DIR
-
-            su --shell /bin/sh nobody -c "su - '{username}'"
-            """,
+                #!/bin/bash
+                set -ex
+                echo '#!/bin/bash' > /usr/libexec/sssd/passkey_child
+                echo -n 'export ' >> /usr/libexec/sssd/passkey_child
+                env | grep ^UMOCKDEV_ >> /usr/libexec/sssd/passkey_child
+                echo -n 'export ' >> /usr/libexec/sssd/passkey_child
+                printf "LD_PRELOAD=$LD_PRELOAD\n" >> /usr/libexec/sssd/passkey_child
+                echo 'exec /usr/libexec/sssd/passkey_child.orig $@' >> /usr/libexec/sssd/passkey_child
+                chmod 755 /usr/libexec/sssd/passkey_child
+                chmod -R a+rwx $UMOCKDEV_DIR
+
+                su --shell /bin/sh nobody -c "su - '{username}'"
+                """,
             mode="a=rx",
         )
 
@@ -384,6 +390,8 @@ def passkey(self, username: str, *, pin: str | int, device: str, ioctl: str, scr
             """
         )
 
+        self.fs.restore("/usr/libexec/sssd/passkey_child")
+
         if result.rc > 200:
             raise ExpectScriptError(result.rc)