sssd/0054-TESTS-replace-hardcoded-certificates.patch

366 lines
18 KiB
Diff
Raw Normal View History

From a6514e1829c018c7b68b168e6206ec51bd8a7e08 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 14 Feb 2019 18:35:49 +0100
Subject: [PATCH] TESTS: replace hardcoded certificates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since the hardcoded certificates have a limited lifetime they are
replaces by certificates from the test CA.
Related to https://pagure.io/SSSD/sssd/issue/3436
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 0dc7f90667df6420bc9e93ae2c8bacd6ea148f0f)
---
src/tests/cmocka/test_cert_utils.c | 41 ++++--------
src/tests/cmocka/test_pam_srv.c | 104 +++++++++++------------------
2 files changed, 50 insertions(+), 95 deletions(-)
diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
index f50030e49..dd58b73a7 100644
--- a/src/tests/cmocka/test_cert_utils.c
+++ b/src/tests/cmocka/test_cert_utils.c
@@ -34,6 +34,13 @@
#include "util/crypto/nss/nss_util.h"
#include "util/crypto/sss_crypto.h"
+#ifdef HAVE_TEST_CA
+#include "tests/test_CA/SSSD_test_cert_pubsshkey_0001.h"
+#include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+#else
+#define SSSD_TEST_CERT_0001 ""
+#define SSSD_TEST_CERT_SSH_KEY_0001 ""
+#endif
/* TODO: create a certificate for this test */
const uint8_t test_cert_der[] = {
@@ -325,32 +332,6 @@ void test_sss_cert_derb64_to_ldap_filter(void **state)
talloc_free(filter);
}
-#define SSH_TEST_CERT \
-"MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
-"NDEzNDlaFw0xODA1MjQxNDEzNDlaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
-"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
-"ADCCAQoCggEBALfEAE0IUlOAgDTdZQGcYA03IPooixNnkUQruh0eU3uw+KYGQoS1" \
-"YCdCHJzRc+IfuqdNntgtGDIpWADRwB4h963pBImpMSU5L1T4uiHNCpvl9eMt4ynk" \
-"xduOa+JmJUvqvwe7Gj9iDql4lWmJcXvq74/yOc3MBSPQCdg/pHZU65+NjSZmZzlN" \
-"eNV3tQKrhMe6tM00pai2igXilfUpzOU2v+AX69oOesrqTUl9i2eCUirGanR9l95d" \
-"yVCcmIDJd2P2NLIkhbHGRitfTC/tQZ4G+Edg9STw8Y+4ljp2rTHs59dWRBe2Gn8Z" \
-"Zt8zZ5WuNxARVF1THI9X6ydX/uoaz8R7pfkCAwEAAaOCASYwggEiMB8GA1UdIwQY" \
-"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
-"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
-"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
-"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
-"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
-"IEF1dGhvcml0eTAdBgNVHQ4EFgQUMydoshxYXhDXOMo/EETvrZaQuBwwDQYJKoZI" \
-"hvcNAQELBQADggEBADIrTFNvEdZGna7jD1xpiLGGUwCi11GQT+Txg5B7dydUn5U5" \
-"32zSBBZV6bsy0E+PiiAgehJObv9hBaOWnhp7ltNyQod1OLdI1t988ow2wxHvUEEi" \
-"MhRF0h2RJwdYIUIIF7XC01mKBOFj/84vvMOgLToZnGqVzArkzpr1aCaHI7EoTkpb" \
-"V16v+drZkXc47JuHg5CRjTHV/kFPm63gQ8Fstmw/dQZBzbCiVzmcG0Xm9r4jMOOf" \
-"YjVueMt/jk1LP4KoSCBY6kLMcpL5rQm53hO82rPAgV695rjdPlIUm09dvkCl28ZD" \
-"109Ju18eAaaVFewK82NDg9rsNraBKxMCBSgg0es="
-
-#define SSH_PUB_KEY "AAAAB3NzaC1yc2EAAAADAQABAAABAQC3xABNCFJTgIA03WUBnGANNyD6KIsTZ5FEK7odHlN7sPimBkKEtWAnQhyc0XPiH7qnTZ7YLRgyKVgA0cAeIfet6QSJqTElOS9U+LohzQqb5fXjLeMp5MXbjmviZiVL6r8Huxo/Yg6peJVpiXF76u+P8jnNzAUj0AnYP6R2VOufjY0mZmc5TXjVd7UCq4THurTNNKWotooF4pX1KczlNr/gF+vaDnrK6k1JfYtnglIqxmp0fZfeXclQnJiAyXdj9jSyJIWxxkYrX0wv7UGeBvhHYPUk8PGPuJY6dq0x7OfXVkQXthp/GWbfM2eVrjcQEVRdUxyPV+snV/7qGs/Ee6X5"
-
void test_cert_to_ssh_key(void **state)
{
int ret;
@@ -366,13 +347,13 @@ void test_cert_to_ssh_key(void **state)
struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
assert_non_null(ts);
- der = sss_base64_decode(ts, SSH_TEST_CERT, &der_size);
+ der = sss_base64_decode(ts, SSSD_TEST_CERT_0001, &der_size);
assert_non_null(der);
- exp_key = sss_base64_decode(ts, SSH_PUB_KEY, &exp_key_size);
+ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0001, &exp_key_size);
assert_non_null(exp_key);
- ret = cert_to_ssh_key(ts, "sql:" ABS_SRC_DIR "/src/tests/cmocka/p11_nssdb",
+ ret = cert_to_ssh_key(ts, "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
der, der_size, &cert_verify_opts, &key, &key_size);
assert_int_equal(ret, EOK);
assert_int_equal(key_size, exp_key_size);
@@ -407,8 +388,10 @@ int main(int argc, const char *argv[])
setup, teardown),
cmocka_unit_test_setup_teardown(test_sss_cert_derb64_to_ldap_filter,
setup, teardown),
+#ifdef HAVE_TEST_CA
cmocka_unit_test_setup_teardown(test_cert_to_ssh_key,
setup, teardown),
+#endif
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
index c510c2d3b..e68e81f97 100644
--- a/src/tests/cmocka/test_pam_srv.c
+++ b/src/tests/cmocka/test_pam_srv.c
@@ -38,6 +38,14 @@
#include "util/crypto/nss/nss_util.h"
#endif
+#ifdef HAVE_TEST_CA
+#include "tests/test_CA/SSSD_test_cert_x509_0001.h"
+#include "tests/test_CA/SSSD_test_cert_x509_0002.h"
+#else
+#define SSSD_TEST_CERT_0001 ""
+#define SSSD_TEST_CERT_0002 ""
+#endif
+
#define TESTS_PATH "tp_" BASE_FILE_STEM
#define TEST_CONF_DB "test_pam_conf.ldb"
#define TEST_DOM_NAME "pam_test"
@@ -52,55 +60,11 @@
#define TEST_TOKEN_NAME "SSSD Test Token"
#define TEST_MODULE_NAME "NSS-Internal"
-#define TEST_KEY_ID "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7"
-#define TEST_PROMPT "Server-Cert\nCN=ipa-devel.ipa.devel,O=IPA.DEVEL"
-#define TEST_TOKEN_CERT \
-"MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
-"NDE0MTVaFw0xODA1MjQxNDE0MTVaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
-"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
-"ADCCAQoCggEBALHvOzZy/3llvoAYxrtOpux0gDVvSuSRpTGOW/bjpgdTowvXoOb5" \
-"G9Cy/9S6be7ZJ9D95lc/J9W8tX+ShKN8Q4b74l4WjmILQJ4dUsJ/BXfvoMPR8tw/" \
-"G47dGbLZanMXdWGBSTuXhoiogZWib2DhSwrX2DbEH5L3OWooeAVU5ZWOw55/HD7O" \
-"Q/7Of7H3tf4bvxNTFkxh39KQMG28wjPZSv+SZWNHMB+rj2yZgyeHBMkoPOPesAEi" \
-"7KKHxw1MHSv2xBI1AiV+aMdKfYUMy0Rq3PrRU4274i3eaBX4Q9GnDi36K/7bHjbt" \
-"LW0YTIW/L5/cH/BO88BREjxS3bEXAQqlKOcCAwEAAaOCASYwggEiMB8GA1UdIwQY" \
-"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
-"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
-"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
-"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
-"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
-"IEF1dGhvcml0eTAdBgNVHQ4EFgQUIJuWIts3m3uEYqJ9pUL0y7utTiEwDQYJKoZI" \
-"hvcNAQELBQADggEBAB0GyqGxtZ99fsXA1+fHfAwKOwznT7Hh8hN9efEMBJICVud+" \
-"ivUBOH6JpSTWgNLuBhrpebV/b/DSjhn+ayuvoPWng3hjwMbSEIe0euzCEdwVcokt" \
-"bwNMMSeTxSg6wbJnEyZqQEIr2h/TR9dRNxE+RbQXyamW0fUxSVT16iueL0hMwszT" \
-"jCfI/UZv3tDMHbh6D4811A0HO8daW7ufMGb/M+kDxYigJiL2gllMZ+6xba1RRgzF" \
-"8Z+9gqZhCa7FEKJOPNR9RVtJs0qUUutMZrp1zpyx0GTmXQBA7LbgPxy8L68uymEQ" \
-"XyQBwOYRORlnfGyu+Yc9c3E0Wx8Tlznz0lqPR9g="
-
-#define TEST2_KEY_ID "C8D60E009EB195D01A7083EE1D5419251AA87C2C"
-#define TEST2_PROMPT "ipaCert\nCN=IPA RA,O=IPA.DEVEL"
-#define TEST_TOKEN_2ND_CERT \
-"MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
-"NDEzMDFaFw0xODA1MTMxNDEzMDFaMCUxEjAQBgNVBAoMCUlQQS5ERVZFTDEPMA0G" \
-"A1UEAwwGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3abE" \
-"8LmIc6QN16VVxsMlN/rrCOoZKyyJolSzpP4+K66t+KZUiW/1j1MZogjyYyD39U1F" \
-"zpa2H+pID74XYrdiqP7sp+uE9/k2XOv/nN3FobXDt+fSINLDriCmxNhUZqpgo2uq" \
-"Mmka+yx2iJZwkntEoJTcd3aynoa2Sa2ZZbkMBy5p6/pUQKwnD6scOwe6mUDppIBK" \
-"+ZZRm+u/NDdIRFI5wfKLRR1r/ONaJA9nz1TxSEsgLsjG/1m+Zbb6lGG4pePIFkQ9" \
-"Iotpi64obBh93oIxzQR29lBG/FMjQVHlPIbx+xuGx11Vtp5pAomgFz0HRrj0leI7" \
-"bROE+jnC/VGPLQD2aQIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFPci/0Km5D/L5z7Y" \
-"qwEc7E1/GwgcMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2lw" \
-"YS1kZXZlbC5pcGEuZGV2ZWw6ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD" \
-"VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBg" \
-"4Sppx2C3eXPJ4Pd9XElkQPOaBReXf1vV0uk/GlK+rG+aAqAkA2Lryx5PK/iAuzAU" \
-"M6JUpELuQYgqugoCgBXMgsMlpAO/0C3CFq4ZH3KgIsRlRngKPrt6RG0UPMRD1CE2" \
-"tSVkwUWvyK83lDiu2BbWDXyMyz5eZOlp7uHusf5BKvob8jEndHj1YzaNTmVSsDM5" \
-"kiIwf8qgFhsO1HCq08PtAnbVHhqkcvnmIJN98eNWNfTKodDmFVbN8gB0wK+WB5ii" \
-"WVOw7+3/zF1QgqnYX3t+kPLRryip/wvTZkzXWwMNj/W6UHgjNF/4gWGoBgCHu+u3" \
-"EvjMmbVSrEkesibpGQS5"
+#define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
+#define TEST_PROMPT "SSSD test cert 0001 - SSSD\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
+#define TEST2_KEY_ID "5405842D56CF31F0BB025A695C5F3E907051C5B9"
+#define TEST2_PROMPT "SSSD test cert 0002 - SSSD\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
static char CACHED_AUTH_TIMEOUT_STR[] = "4";
static const int CACHED_AUTH_TIMEOUT = 4;
@@ -187,7 +151,7 @@ static errno_t setup_nss_db(void)
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
return ret;
}
- ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
+ ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR);
if (ret < 0) {
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
return ret;
@@ -208,7 +172,7 @@ static errno_t setup_nss_db(void)
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
return ret;
}
- ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
+ ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR);
if (ret < 0) {
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
return ret;
@@ -451,6 +415,7 @@ static int pam_test_setup(void **state)
return 0;
}
+#ifdef HAVE_TEST_CA
#ifdef HAVE_NSS
static int pam_test_setup_no_verification(void **state)
{
@@ -476,6 +441,7 @@ static int pam_test_setup_no_verification(void **state)
return 0;
}
#endif /* HAVE_NSS */
+#endif /* HAVE_TEST_CA */
static int pam_cached_test_setup(void **state)
{
@@ -1915,6 +1881,7 @@ static int test_lookup_by_cert_cb(void *pvt)
return EOK;
}
+
static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt)
{
int ret;
@@ -1927,7 +1894,7 @@ static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt)
attrs = sysdb_new_attrs(pam_test_ctx);
assert_non_null(attrs);
- der = sss_base64_decode(pam_test_ctx, TEST_TOKEN_2ND_CERT, &der_size);
+ der = sss_base64_decode(pam_test_ctx, SSSD_TEST_CERT_0002, &der_size);
assert_non_null(der);
ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_MAPPED_CERT, der, der_size);
@@ -2033,7 +2000,7 @@ void test_pam_preauth_cert_match(void **state)
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2057,7 +2024,7 @@ void test_pam_preauth_cert_match_gdm_smartcard(void **state)
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL,
"gdm-smartcard", test_lookup_by_cert_cb,
- TEST_TOKEN_CERT, false);
+ SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2080,7 +2047,7 @@ void test_pam_preauth_cert_match_wrong_user(void **state)
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
test_lookup_by_cert_wrong_user_cb,
- TEST_TOKEN_CERT, false);
+ SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2111,7 +2078,7 @@ void test_pam_preauth_cert_no_logon_name(void **state)
* request will be done with the username found by the certificate
* lookup. */
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
mock_account_recv_simple();
mock_parse_inp("pamuser", NULL, EOK);
@@ -2140,7 +2107,7 @@ void test_pam_preauth_cert_no_logon_name_with_hint(void **state)
* during pre-auth and there is no need for an extra mocked response as in
* test_pam_preauth_cert_no_logon_name. */
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2162,7 +2129,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert(void **state)
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
+ false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2185,7 +2153,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert_with_hint(void **state)
pam_test_ctx->rctx->domains->user_name_hint = true;
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
+ false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2258,8 +2227,8 @@ void test_pam_cert_auth(void **state)
* in the cache and no second request to the backend is needed. */
mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token",
"NSS-Internal",
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, true);
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2292,8 +2261,8 @@ void test_pam_cert_auth_no_logon_name(void **state)
* in the cache and no second request to the backend is needed. */
mock_input_pam_cert(pam_test_ctx, NULL, "123456", "SSSD Test Token",
"NSS-Internal",
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, true);
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true);
mock_account_recv_simple();
mock_parse_inp("pamuser", NULL, EOK);
@@ -2354,8 +2323,9 @@ void test_pam_cert_auth_double_cert(void **state)
mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token",
"NSS-Internal",
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, true);
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
+ true);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2380,7 +2350,7 @@ void test_pam_cert_preauth_2certs_one_mapping(void **state)
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB_2CERTS);
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2403,7 +2373,7 @@ void test_pam_cert_preauth_2certs_two_mappings(void **state)
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
test_lookup_by_cert_cb_2nd_cert_same_user,
- TEST_TOKEN_CERT, false);
+ SSSD_TEST_CERT_0001, false);
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
@@ -2812,6 +2782,7 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_pam_cached_auth_failed_combined_pw_with_cached_2fa,
pam_cached_test_setup,
pam_test_teardown),
+#ifdef HAVE_TEST_CA
/* p11_child is not built without NSS */
#ifdef HAVE_NSS
cmocka_unit_test_setup_teardown(test_pam_preauth_cert_nocert,
@@ -2856,6 +2827,7 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_pam_cert_auth_no_logon_name_no_key_id,
pam_test_setup, pam_test_teardown),
#endif /* HAVE_NSS */
+#endif /* HAVE_TEST_CA */
cmocka_unit_test_setup_teardown(test_filter_response,
pam_test_setup, pam_test_teardown),
--
2.17.0