dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0013-TESTS-Add-a-helper-binary-that-can-trigger-the-SIGPI.patch

cdf651
From ef28a3bdc50d0da6fab86b0d27e4c548ac61a749 Mon Sep 17 00:00:00 2001
75e304
From: Jakub Hrozek <jhrozek@redhat.com>
75e304
Date: Mon, 28 May 2018 21:49:41 +0200
75e304
Subject: [PATCH] TESTS: Add a helper binary that can trigger the SIGPIPE to
75e304
 authorizedkeys
75e304
MIME-Version: 1.0
75e304
Content-Type: text/plain; charset=UTF-8
75e304
Content-Transfer-Encoding: 8bit
75e304
75e304
Adds a test tool that simulates the behaviour of OpenSSH in the sense
75e304
that it starts to read the output from the sss_ssh_authorizedkeys tool,
75e304
but then closes the pipe before reading the whole output.
75e304
75e304
Related:
75e304
https://pagure.io/SSSD/sssd/issue/3747
75e304
75e304
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
75e304
(cherry picked from commit 909c16edb26a3c48b10a49e7919a35d13d31c52e)
75e304
---
cdf651
 Makefile.am                 |  15 +++-
cdf651
 src/tests/test_ssh_client.c | 133 ++++++++++++++++++++++++++++++++++++
75e304
 2 files changed, 147 insertions(+), 1 deletion(-)
75e304
 create mode 100644 src/tests/test_ssh_client.c
75e304
75e304
diff --git a/Makefile.am b/Makefile.am
cdf651
index 9055130ed74057987795285c243ff47584cf8316..99974cf0e94e1ec6086a53585042653ec5966c2c 100644
75e304
--- a/Makefile.am
75e304
+++ b/Makefile.am
75e304
@@ -331,6 +331,7 @@ endif   # HAVE_CMOCKA
75e304
 check_PROGRAMS = \
75e304
     stress-tests \
75e304
     krb5-child-test \
75e304
+    test_ssh_client \
75e304
     $(non_interactive_cmocka_based_tests) \
75e304
     $(non_interactive_check_based_tests)
75e304
 
cdf651
@@ -2291,6 +2292,18 @@ krb5_child_test_LDADD = \
75e304
     $(SSSD_INTERNAL_LTLIBS) \
75e304
     libsss_test_common.la
75e304
 
75e304
+test_ssh_client_SOURCES = \
75e304
+    src/tests/test_ssh_client.c \
75e304
+    $(NULL)
75e304
+test_ssh_client_CFLAGS = \
75e304
+    $(AM_CFLAGS) \
75e304
+    -DSSH_CLIENT_DIR=\"$(abs_top_builddir)\" \
75e304
+    $(NULL)
75e304
+test_ssh_client_LDADD = \
75e304
+    $(SSSD_INTERNAL_LTLIBS) \
75e304
+    $(SSSD_LIBS) \
75e304
+    $(NULL)
75e304
+
75e304
 if BUILD_DBUS_TESTS
75e304
 
75e304
 sbus_tests_SOURCES = \
cdf651
@@ -3446,7 +3459,6 @@ test_iobuf_LDADD = \
75e304
     $(SSSD_LIBS) \
75e304
     $(NULL)
75e304
 
75e304
-
75e304
 EXTRA_simple_access_tests_DEPENDENCIES = \
75e304
     $(ldblib_LTLIBRARIES)
75e304
 simple_access_tests_SOURCES = \
cdf651
@@ -3655,6 +3667,7 @@ intgcheck-prepare:
75e304
 	    $(INTGCHECK_CONFIGURE_FLAGS) \
cdf651
 	    CFLAGS="-O2 -g $$CFLAGS -DKCM_PEER_UID=$$(id -u)"; \
75e304
 	$(MAKE) $(AM_MAKEFLAGS) ; \
75e304
+	$(MAKE) $(AM_MAKEFLAGS) test_ssh_client; \
75e304
 	: Force single-thread install to workaround concurrency issues; \
75e304
 	$(MAKE) $(AM_MAKEFLAGS) -j1 install; \
75e304
 	: Remove .la files from LDB module directory to avoid loader warnings; \
75e304
diff --git a/src/tests/test_ssh_client.c b/src/tests/test_ssh_client.c
75e304
new file mode 100644
75e304
index 0000000000000000000000000000000000000000..8f963941f3249561178436d6f6dfc376780a4cda
75e304
--- /dev/null
75e304
+++ b/src/tests/test_ssh_client.c
75e304
@@ -0,0 +1,133 @@
75e304
+/*
75e304
+    Copyright (C) 2018 Red Hat
75e304
+
75e304
+    This program is free software; you can redistribute it and/or modify
75e304
+    it under the terms of the GNU General Public License as published by
75e304
+    the Free Software Foundation; either version 3 of the License, or
75e304
+    (at your option) any later version.
75e304
+
75e304
+    This program is distributed in the hope that it will be useful,
75e304
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
75e304
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
75e304
+    GNU General Public License for more details.
75e304
+
75e304
+    You should have received a copy of the GNU General Public License
75e304
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
75e304
+*/
75e304
+
75e304
+#include <popt.h>
75e304
+#include <sys/wait.h>
75e304
+#include "util/util.h"
75e304
+
75e304
+#ifdef SSH_CLIENT_DIR
75e304
+#define SSH_AK_CLIENT_PATH SSH_CLIENT_DIR"/sss_ssh_authorizedkeys"
75e304
+#else
75e304
+#error "The path to the ssh authorizedkeys helper is not defined"
75e304
+#endif /* SSH_CLIENT_DIR */
75e304
+
75e304
+int main(int argc, const char *argv[])
75e304
+{
75e304
+    poptContext pc;
75e304
+    int opt;
75e304
+    struct poptOption long_options[] = {
75e304
+        POPT_AUTOHELP
75e304
+        SSSD_DEBUG_OPTS
75e304
+        POPT_TABLEEND
75e304
+    };
75e304
+    struct stat sb;
75e304
+    int ret;
75e304
+    int status;
75e304
+    int p[2];
75e304
+    pid_t pid;
75e304
+    const char *pc_user = NULL;
75e304
+    char *av[3];
75e304
+    char buf[5]; /* Ridiculously small buffer by design */
75e304
+
75e304
+    /* Set debug level to invalid value so we can decide if -d 0 was used. */
75e304
+    debug_level = SSSDBG_INVALID;
75e304
+
75e304
+    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
75e304
+    poptSetOtherOptionHelp(pc, "USER");
75e304
+    while((opt = poptGetNextOpt(pc)) != -1) {
75e304
+        switch(opt) {
75e304
+        default:
75e304
+            fprintf(stderr, "\nInvalid option %s: %s\n\n",
75e304
+                    poptBadOption(pc, 0), poptStrerror(opt));
75e304
+            poptPrintUsage(pc, stderr, 0);
75e304
+            return 3;
75e304
+        }
75e304
+    }
75e304
+
75e304
+    pc_user = poptGetArg(pc);
75e304
+    if (pc_user == NULL) {
75e304
+        fprintf(stderr, "No user specified\n");
75e304
+        return 3;
75e304
+    }
75e304
+
75e304
+    poptFreeContext(pc);
75e304
+
75e304
+    DEBUG_CLI_INIT(debug_level);
75e304
+
75e304
+    ret = stat(SSH_AK_CLIENT_PATH, &sb);
75e304
+    if (ret != 0) {
75e304
+        ret = errno;
75e304
+        DEBUG(SSSDBG_CRIT_FAILURE,
75e304
+              "Could not stat %s [%d]: %s\n",
75e304
+              SSH_AK_CLIENT_PATH, ret, strerror(ret));
75e304
+        return 3;
75e304
+    }
75e304
+
75e304
+    ret = pipe(p);
75e304
+    if (ret != 0) {
75e304
+        perror("pipe");
75e304
+        return 3;
75e304
+    }
75e304
+
75e304
+    switch (pid = fork()) {
75e304
+    case -1:
75e304
+        ret = errno;
75e304
+        close(p[0]);
75e304
+        close(p[1]);
75e304
+        DEBUG(SSSDBG_CRIT_FAILURE, "fork failed: %d\n", ret);
75e304
+        return 3;
75e304
+    case 0:
75e304
+        /* child */
75e304
+        av[0] = discard_const(SSH_AK_CLIENT_PATH);
75e304
+        av[1] = discard_const(pc_user);
75e304
+        av[2] = NULL;
75e304
+
75e304
+        close(p[0]);
75e304
+        ret = dup2(p[1], STDOUT_FILENO);
75e304
+        if (ret == -1) {
75e304
+            perror("dup2");
75e304
+            return 3;
75e304
+        }
75e304
+
75e304
+        execv(av[0], av);
75e304
+        return 3;
75e304
+    default:
75e304
+        /* parent */
75e304
+        break;
75e304
+    }
75e304
+
75e304
+    close(p[1]);
75e304
+    read(p[0], buf, sizeof(buf));
75e304
+    close(p[0]);
75e304
+
75e304
+    pid = waitpid(pid, &status, 0);
75e304
+    if (pid == -1) {
75e304
+        perror("waitpid");
75e304
+        return 3;
75e304
+    }
75e304
+
75e304
+    if (WIFEXITED(status)) {
75e304
+        printf("sss_ssh_authorizedkeys exited with return code %d\n", WEXITSTATUS(status));
75e304
+        return 0;
75e304
+    } else if (WIFSIGNALED(status)) {
75e304
+        printf("sss_ssh_authorizedkeys exited with signal %d\n", WTERMSIG(status));
75e304
+        return 1;
75e304
+    }
75e304
+
75e304
+    printf("sss_ssh_authorizedkeys exited for another reason\n");
75e304
+    return 2;
75e304
+}
75e304
-- 
cdf651
2.17.1
75e304