sssd/0030-test_ca-set-a-password-PIN-to-nss-databases.patch

58 lines
2.5 KiB
Diff
Raw Normal View History

Backport a bunch of upstream fixes - Resolves: upstream#3821 - crash related to sbus_router_destructor() - Resolves: upstream#3810 - sbus2: fix memory leak in sbus_message_bound_ref - Resolves: upstream#3819 - sssd only sets the SELinux login context if it differs from the default - Resolves: upstream#3807 - The sbus codegen script relies on "python" which might not be available on all distributions - Resolves: upstream#3820 - sudo: search with lower cased name for case insensitive domains - Resolves: upstream#3701 - [RFE] Allow changing default behavior of SSSD from an allow-any default to a deny-any default when it can't find any GPOs to apply to a user login. - Resolves: upstream#3828 - Invalid domain provider causes SSSD to abort startup - Resolves: upstream#3500 - Make sure sssd is a replacement for pam_pkcs11 also for local account authentication - Resolves: upstream#3812 - sssd 2.0.0 segfaults on startup - Resolves: upstream#3826 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated - Resolves: upstream#3827 - SSSD should log to syslog if a domain is not started due to a misconfiguration - Resolves: upstream#3830 - Printing incorrect information about domain with sssctl utility - Resolves: upstream#3489 - p11_child should work wit openssl1.0+ - Resolves: upstream#3750 - [RFE] man 5 sssd-files should mention necessary changes in nsswitch.conf - Resovles: upstream#3650 - RFE: Require smartcard authentication - Resolves: upstream#3334 - sssctl config-check does not check any special characters in domain name of domain section - Resolves: upstream#3849 - Files: The files provider always enumerates which causes duplicate when running getent passwd - Related: upstream#3855 - session not recording for local user when groups defined - Resolves: upstream#3802 - Reuse sysdb_error_to_errno() outside sysdb - Related: upstream#3493 - Remove the pysss.local interface
2018-10-24 08:34:15 +00:00
From a45a410dc7fa7cf84bcac541e693ee8781e25431 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Fri, 7 Sep 2018 22:17:47 +0200
Subject: [PATCH 35/83] test_ca: set a password/PIN to nss databases
To make sure the PIN is properly checked during tests the NSS databases
need a password.
Related to https://pagure.io/SSSD/sssd/issue/3500
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/tests/test_CA/Makefile.am | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/tests/test_CA/Makefile.am b/src/tests/test_CA/Makefile.am
index 0c70993..1bce2c3 100644
--- a/src/tests/test_CA/Makefile.am
+++ b/src/tests/test_CA/Makefile.am
@@ -33,7 +33,7 @@ endif
ca_all: clean serial SSSD_test_CA.pem $(certs) $(certs_h) $(pubkeys) $(pubkeys_h) $(pkcs12) $(extra)
$(pwdfile):
- @echo "12345678" > $@
+ @echo "123456" > $@
SSSD_test_CA.pem: $(openssl_ca_key) $(openssl_ca_config) serial
$(OPENSSL) req -batch -config ${openssl_ca_config} -x509 -new -nodes -key $< -sha256 -days 1024 -set_serial 0 -extensions v3_ca -out $@
@@ -65,18 +65,18 @@ SSSD_test_cert_pubsshkey_%.h: SSSD_test_cert_pubsshkey_%.pub
# - src/tests/cmocka/test_pam_srv.c
p11_nssdb: SSSD_test_cert_pkcs12_0001.pem SSSD_test_CA.pem $(pwdfile)
mkdir $@
- $(CERTUTIL) -d sql:./$@ -N --empty-password
- $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem
- $(PK12UTIL) -d sql:./$@ -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile)
+ $(CERTUTIL) -d sql:./$@ -N -f $(pwdfile)
+ $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem -f $(pwdfile)
+ $(PK12UTIL) -d sql:./$@ -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile) -k $(pwdfile)
# This nss db is used in
# - src/tests/cmocka/test_pam_srv.c
p11_nssdb_2certs: SSSD_test_cert_pkcs12_0001.pem SSSD_test_cert_pkcs12_0002.pem SSSD_test_CA.pem $(pwdfile)
mkdir $@
- $(CERTUTIL) -d sql:./$@ -N --empty-password
- $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem
- $(PK12UTIL) -d sql:./$@ p11_nssdb -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile)
- $(PK12UTIL) -d sql:./$@ p11_nssdb -i SSSD_test_cert_pkcs12_0002.pem -w $(pwdfile)
+ $(CERTUTIL) -d sql:./$@ -N -f $(pwdfile)
+ $(CERTUTIL) -d sql:./$@ -A -n 'SSSD test CA' -t CT,CT,CT -a -i SSSD_test_CA.pem -f $(pwdfile)
+ $(PK12UTIL) -d sql:./$@ -i SSSD_test_cert_pkcs12_0001.pem -w $(pwdfile) -k $(pwdfile)
+ $(PK12UTIL) -d sql:./$@ -i SSSD_test_cert_pkcs12_0002.pem -w $(pwdfile) -k $(pwdfile)
# The softhsm2 PKCS#11 setups are used in
# - src/tests/cmocka/test_pam_srv.c
--
2.9.5