|
|
cdf651 |
From ef28a3bdc50d0da6fab86b0d27e4c548ac61a749 Mon Sep 17 00:00:00 2001
|
|
|
75e304 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
75e304 |
Date: Mon, 28 May 2018 21:49:41 +0200
|
|
|
75e304 |
Subject: [PATCH] TESTS: Add a helper binary that can trigger the SIGPIPE to
|
|
|
75e304 |
authorizedkeys
|
|
|
75e304 |
MIME-Version: 1.0
|
|
|
75e304 |
Content-Type: text/plain; charset=UTF-8
|
|
|
75e304 |
Content-Transfer-Encoding: 8bit
|
|
|
75e304 |
|
|
|
75e304 |
Adds a test tool that simulates the behaviour of OpenSSH in the sense
|
|
|
75e304 |
that it starts to read the output from the sss_ssh_authorizedkeys tool,
|
|
|
75e304 |
but then closes the pipe before reading the whole output.
|
|
|
75e304 |
|
|
|
75e304 |
Related:
|
|
|
75e304 |
https://pagure.io/SSSD/sssd/issue/3747
|
|
|
75e304 |
|
|
|
75e304 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
75e304 |
(cherry picked from commit 909c16edb26a3c48b10a49e7919a35d13d31c52e)
|
|
|
75e304 |
---
|
|
|
cdf651 |
Makefile.am | 15 +++-
|
|
|
cdf651 |
src/tests/test_ssh_client.c | 133 ++++++++++++++++++++++++++++++++++++
|
|
|
75e304 |
2 files changed, 147 insertions(+), 1 deletion(-)
|
|
|
75e304 |
create mode 100644 src/tests/test_ssh_client.c
|
|
|
75e304 |
|
|
|
75e304 |
diff --git a/Makefile.am b/Makefile.am
|
|
|
cdf651 |
index 9055130ed74057987795285c243ff47584cf8316..99974cf0e94e1ec6086a53585042653ec5966c2c 100644
|
|
|
75e304 |
--- a/Makefile.am
|
|
|
75e304 |
+++ b/Makefile.am
|
|
|
75e304 |
@@ -331,6 +331,7 @@ endif # HAVE_CMOCKA
|
|
|
75e304 |
check_PROGRAMS = \
|
|
|
75e304 |
stress-tests \
|
|
|
75e304 |
krb5-child-test \
|
|
|
75e304 |
+ test_ssh_client \
|
|
|
75e304 |
$(non_interactive_cmocka_based_tests) \
|
|
|
75e304 |
$(non_interactive_check_based_tests)
|
|
|
75e304 |
|
|
|
cdf651 |
@@ -2291,6 +2292,18 @@ krb5_child_test_LDADD = \
|
|
|
75e304 |
$(SSSD_INTERNAL_LTLIBS) \
|
|
|
75e304 |
libsss_test_common.la
|
|
|
75e304 |
|
|
|
75e304 |
+test_ssh_client_SOURCES = \
|
|
|
75e304 |
+ src/tests/test_ssh_client.c \
|
|
|
75e304 |
+ $(NULL)
|
|
|
75e304 |
+test_ssh_client_CFLAGS = \
|
|
|
75e304 |
+ $(AM_CFLAGS) \
|
|
|
75e304 |
+ -DSSH_CLIENT_DIR=\"$(abs_top_builddir)\" \
|
|
|
75e304 |
+ $(NULL)
|
|
|
75e304 |
+test_ssh_client_LDADD = \
|
|
|
75e304 |
+ $(SSSD_INTERNAL_LTLIBS) \
|
|
|
75e304 |
+ $(SSSD_LIBS) \
|
|
|
75e304 |
+ $(NULL)
|
|
|
75e304 |
+
|
|
|
75e304 |
if BUILD_DBUS_TESTS
|
|
|
75e304 |
|
|
|
75e304 |
sbus_tests_SOURCES = \
|
|
|
cdf651 |
@@ -3446,7 +3459,6 @@ test_iobuf_LDADD = \
|
|
|
75e304 |
$(SSSD_LIBS) \
|
|
|
75e304 |
$(NULL)
|
|
|
75e304 |
|
|
|
75e304 |
-
|
|
|
75e304 |
EXTRA_simple_access_tests_DEPENDENCIES = \
|
|
|
75e304 |
$(ldblib_LTLIBRARIES)
|
|
|
75e304 |
simple_access_tests_SOURCES = \
|
|
|
cdf651 |
@@ -3655,6 +3667,7 @@ intgcheck-prepare:
|
|
|
75e304 |
$(INTGCHECK_CONFIGURE_FLAGS) \
|
|
|
cdf651 |
CFLAGS="-O2 -g $$CFLAGS -DKCM_PEER_UID=$$(id -u)"; \
|
|
|
75e304 |
$(MAKE) $(AM_MAKEFLAGS) ; \
|
|
|
75e304 |
+ $(MAKE) $(AM_MAKEFLAGS) test_ssh_client; \
|
|
|
75e304 |
: Force single-thread install to workaround concurrency issues; \
|
|
|
75e304 |
$(MAKE) $(AM_MAKEFLAGS) -j1 install; \
|
|
|
75e304 |
: Remove .la files from LDB module directory to avoid loader warnings; \
|
|
|
75e304 |
diff --git a/src/tests/test_ssh_client.c b/src/tests/test_ssh_client.c
|
|
|
75e304 |
new file mode 100644
|
|
|
75e304 |
index 0000000000000000000000000000000000000000..8f963941f3249561178436d6f6dfc376780a4cda
|
|
|
75e304 |
--- /dev/null
|
|
|
75e304 |
+++ b/src/tests/test_ssh_client.c
|
|
|
75e304 |
@@ -0,0 +1,133 @@
|
|
|
75e304 |
+/*
|
|
|
75e304 |
+ Copyright (C) 2018 Red Hat
|
|
|
75e304 |
+
|
|
|
75e304 |
+ This program is free software; you can redistribute it and/or modify
|
|
|
75e304 |
+ it under the terms of the GNU General Public License as published by
|
|
|
75e304 |
+ the Free Software Foundation; either version 3 of the License, or
|
|
|
75e304 |
+ (at your option) any later version.
|
|
|
75e304 |
+
|
|
|
75e304 |
+ This program is distributed in the hope that it will be useful,
|
|
|
75e304 |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
75e304 |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
75e304 |
+ GNU General Public License for more details.
|
|
|
75e304 |
+
|
|
|
75e304 |
+ You should have received a copy of the GNU General Public License
|
|
|
75e304 |
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
75e304 |
+*/
|
|
|
75e304 |
+
|
|
|
75e304 |
+#include <popt.h>
|
|
|
75e304 |
+#include <sys/wait.h>
|
|
|
75e304 |
+#include "util/util.h"
|
|
|
75e304 |
+
|
|
|
75e304 |
+#ifdef SSH_CLIENT_DIR
|
|
|
75e304 |
+#define SSH_AK_CLIENT_PATH SSH_CLIENT_DIR"/sss_ssh_authorizedkeys"
|
|
|
75e304 |
+#else
|
|
|
75e304 |
+#error "The path to the ssh authorizedkeys helper is not defined"
|
|
|
75e304 |
+#endif /* SSH_CLIENT_DIR */
|
|
|
75e304 |
+
|
|
|
75e304 |
+int main(int argc, const char *argv[])
|
|
|
75e304 |
+{
|
|
|
75e304 |
+ poptContext pc;
|
|
|
75e304 |
+ int opt;
|
|
|
75e304 |
+ struct poptOption long_options[] = {
|
|
|
75e304 |
+ POPT_AUTOHELP
|
|
|
75e304 |
+ SSSD_DEBUG_OPTS
|
|
|
75e304 |
+ POPT_TABLEEND
|
|
|
75e304 |
+ };
|
|
|
75e304 |
+ struct stat sb;
|
|
|
75e304 |
+ int ret;
|
|
|
75e304 |
+ int status;
|
|
|
75e304 |
+ int p[2];
|
|
|
75e304 |
+ pid_t pid;
|
|
|
75e304 |
+ const char *pc_user = NULL;
|
|
|
75e304 |
+ char *av[3];
|
|
|
75e304 |
+ char buf[5]; /* Ridiculously small buffer by design */
|
|
|
75e304 |
+
|
|
|
75e304 |
+ /* Set debug level to invalid value so we can decide if -d 0 was used. */
|
|
|
75e304 |
+ debug_level = SSSDBG_INVALID;
|
|
|
75e304 |
+
|
|
|
75e304 |
+ pc = poptGetContext(argv[0], argc, argv, long_options, 0);
|
|
|
75e304 |
+ poptSetOtherOptionHelp(pc, "USER");
|
|
|
75e304 |
+ while((opt = poptGetNextOpt(pc)) != -1) {
|
|
|
75e304 |
+ switch(opt) {
|
|
|
75e304 |
+ default:
|
|
|
75e304 |
+ fprintf(stderr, "\nInvalid option %s: %s\n\n",
|
|
|
75e304 |
+ poptBadOption(pc, 0), poptStrerror(opt));
|
|
|
75e304 |
+ poptPrintUsage(pc, stderr, 0);
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ pc_user = poptGetArg(pc);
|
|
|
75e304 |
+ if (pc_user == NULL) {
|
|
|
75e304 |
+ fprintf(stderr, "No user specified\n");
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ poptFreeContext(pc);
|
|
|
75e304 |
+
|
|
|
75e304 |
+ DEBUG_CLI_INIT(debug_level);
|
|
|
75e304 |
+
|
|
|
75e304 |
+ ret = stat(SSH_AK_CLIENT_PATH, &sb);
|
|
|
75e304 |
+ if (ret != 0) {
|
|
|
75e304 |
+ ret = errno;
|
|
|
75e304 |
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
75e304 |
+ "Could not stat %s [%d]: %s\n",
|
|
|
75e304 |
+ SSH_AK_CLIENT_PATH, ret, strerror(ret));
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ ret = pipe(p);
|
|
|
75e304 |
+ if (ret != 0) {
|
|
|
75e304 |
+ perror("pipe");
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ switch (pid = fork()) {
|
|
|
75e304 |
+ case -1:
|
|
|
75e304 |
+ ret = errno;
|
|
|
75e304 |
+ close(p[0]);
|
|
|
75e304 |
+ close(p[1]);
|
|
|
75e304 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "fork failed: %d\n", ret);
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ case 0:
|
|
|
75e304 |
+ /* child */
|
|
|
75e304 |
+ av[0] = discard_const(SSH_AK_CLIENT_PATH);
|
|
|
75e304 |
+ av[1] = discard_const(pc_user);
|
|
|
75e304 |
+ av[2] = NULL;
|
|
|
75e304 |
+
|
|
|
75e304 |
+ close(p[0]);
|
|
|
75e304 |
+ ret = dup2(p[1], STDOUT_FILENO);
|
|
|
75e304 |
+ if (ret == -1) {
|
|
|
75e304 |
+ perror("dup2");
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ execv(av[0], av);
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ default:
|
|
|
75e304 |
+ /* parent */
|
|
|
75e304 |
+ break;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ close(p[1]);
|
|
|
75e304 |
+ read(p[0], buf, sizeof(buf));
|
|
|
75e304 |
+ close(p[0]);
|
|
|
75e304 |
+
|
|
|
75e304 |
+ pid = waitpid(pid, &status, 0);
|
|
|
75e304 |
+ if (pid == -1) {
|
|
|
75e304 |
+ perror("waitpid");
|
|
|
75e304 |
+ return 3;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ if (WIFEXITED(status)) {
|
|
|
75e304 |
+ printf("sss_ssh_authorizedkeys exited with return code %d\n", WEXITSTATUS(status));
|
|
|
75e304 |
+ return 0;
|
|
|
75e304 |
+ } else if (WIFSIGNALED(status)) {
|
|
|
75e304 |
+ printf("sss_ssh_authorizedkeys exited with signal %d\n", WTERMSIG(status));
|
|
|
75e304 |
+ return 1;
|
|
|
75e304 |
+ }
|
|
|
75e304 |
+
|
|
|
75e304 |
+ printf("sss_ssh_authorizedkeys exited for another reason\n");
|
|
|
75e304 |
+ return 2;
|
|
|
75e304 |
+}
|
|
|
75e304 |
--
|
|
|
cdf651 |
2.17.1
|
|
|
75e304 |
|