5e1db8fc3e
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
366 lines
18 KiB
Diff
366 lines
18 KiB
Diff
From a6514e1829c018c7b68b168e6206ec51bd8a7e08 Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 14 Feb 2019 18:35:49 +0100
|
|
Subject: [PATCH] TESTS: replace hardcoded certificates
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Since the hardcoded certificates have a limited lifetime they are
|
|
replaces by certificates from the test CA.
|
|
|
|
Related to https://pagure.io/SSSD/sssd/issue/3436
|
|
|
|
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
(cherry picked from commit 0dc7f90667df6420bc9e93ae2c8bacd6ea148f0f)
|
|
---
|
|
src/tests/cmocka/test_cert_utils.c | 41 ++++--------
|
|
src/tests/cmocka/test_pam_srv.c | 104 +++++++++++------------------
|
|
2 files changed, 50 insertions(+), 95 deletions(-)
|
|
|
|
diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
|
|
index f50030e49..dd58b73a7 100644
|
|
--- a/src/tests/cmocka/test_cert_utils.c
|
|
+++ b/src/tests/cmocka/test_cert_utils.c
|
|
@@ -34,6 +34,13 @@
|
|
#include "util/crypto/nss/nss_util.h"
|
|
#include "util/crypto/sss_crypto.h"
|
|
|
|
+#ifdef HAVE_TEST_CA
|
|
+#include "tests/test_CA/SSSD_test_cert_pubsshkey_0001.h"
|
|
+#include "tests/test_CA/SSSD_test_cert_x509_0001.h"
|
|
+#else
|
|
+#define SSSD_TEST_CERT_0001 ""
|
|
+#define SSSD_TEST_CERT_SSH_KEY_0001 ""
|
|
+#endif
|
|
|
|
/* TODO: create a certificate for this test */
|
|
const uint8_t test_cert_der[] = {
|
|
@@ -325,32 +332,6 @@ void test_sss_cert_derb64_to_ldap_filter(void **state)
|
|
talloc_free(filter);
|
|
}
|
|
|
|
-#define SSH_TEST_CERT \
|
|
-"MIIECTCCAvGgAwIBAgIBCDANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
|
|
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
|
|
-"NDEzNDlaFw0xODA1MjQxNDEzNDlaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
|
|
-"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
|
|
-"ADCCAQoCggEBALfEAE0IUlOAgDTdZQGcYA03IPooixNnkUQruh0eU3uw+KYGQoS1" \
|
|
-"YCdCHJzRc+IfuqdNntgtGDIpWADRwB4h963pBImpMSU5L1T4uiHNCpvl9eMt4ynk" \
|
|
-"xduOa+JmJUvqvwe7Gj9iDql4lWmJcXvq74/yOc3MBSPQCdg/pHZU65+NjSZmZzlN" \
|
|
-"eNV3tQKrhMe6tM00pai2igXilfUpzOU2v+AX69oOesrqTUl9i2eCUirGanR9l95d" \
|
|
-"yVCcmIDJd2P2NLIkhbHGRitfTC/tQZ4G+Edg9STw8Y+4ljp2rTHs59dWRBe2Gn8Z" \
|
|
-"Zt8zZ5WuNxARVF1THI9X6ydX/uoaz8R7pfkCAwEAAaOCASYwggEiMB8GA1UdIwQY" \
|
|
-"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
|
|
-"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
|
|
-"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
|
|
-"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
|
|
-"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
|
|
-"IEF1dGhvcml0eTAdBgNVHQ4EFgQUMydoshxYXhDXOMo/EETvrZaQuBwwDQYJKoZI" \
|
|
-"hvcNAQELBQADggEBADIrTFNvEdZGna7jD1xpiLGGUwCi11GQT+Txg5B7dydUn5U5" \
|
|
-"32zSBBZV6bsy0E+PiiAgehJObv9hBaOWnhp7ltNyQod1OLdI1t988ow2wxHvUEEi" \
|
|
-"MhRF0h2RJwdYIUIIF7XC01mKBOFj/84vvMOgLToZnGqVzArkzpr1aCaHI7EoTkpb" \
|
|
-"V16v+drZkXc47JuHg5CRjTHV/kFPm63gQ8Fstmw/dQZBzbCiVzmcG0Xm9r4jMOOf" \
|
|
-"YjVueMt/jk1LP4KoSCBY6kLMcpL5rQm53hO82rPAgV695rjdPlIUm09dvkCl28ZD" \
|
|
-"109Ju18eAaaVFewK82NDg9rsNraBKxMCBSgg0es="
|
|
-
|
|
-#define SSH_PUB_KEY "AAAAB3NzaC1yc2EAAAADAQABAAABAQC3xABNCFJTgIA03WUBnGANNyD6KIsTZ5FEK7odHlN7sPimBkKEtWAnQhyc0XPiH7qnTZ7YLRgyKVgA0cAeIfet6QSJqTElOS9U+LohzQqb5fXjLeMp5MXbjmviZiVL6r8Huxo/Yg6peJVpiXF76u+P8jnNzAUj0AnYP6R2VOufjY0mZmc5TXjVd7UCq4THurTNNKWotooF4pX1KczlNr/gF+vaDnrK6k1JfYtnglIqxmp0fZfeXclQnJiAyXdj9jSyJIWxxkYrX0wv7UGeBvhHYPUk8PGPuJY6dq0x7OfXVkQXthp/GWbfM2eVrjcQEVRdUxyPV+snV/7qGs/Ee6X5"
|
|
-
|
|
void test_cert_to_ssh_key(void **state)
|
|
{
|
|
int ret;
|
|
@@ -366,13 +347,13 @@ void test_cert_to_ssh_key(void **state)
|
|
struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
|
|
assert_non_null(ts);
|
|
|
|
- der = sss_base64_decode(ts, SSH_TEST_CERT, &der_size);
|
|
+ der = sss_base64_decode(ts, SSSD_TEST_CERT_0001, &der_size);
|
|
assert_non_null(der);
|
|
|
|
- exp_key = sss_base64_decode(ts, SSH_PUB_KEY, &exp_key_size);
|
|
+ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0001, &exp_key_size);
|
|
assert_non_null(exp_key);
|
|
|
|
- ret = cert_to_ssh_key(ts, "sql:" ABS_SRC_DIR "/src/tests/cmocka/p11_nssdb",
|
|
+ ret = cert_to_ssh_key(ts, "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
|
|
der, der_size, &cert_verify_opts, &key, &key_size);
|
|
assert_int_equal(ret, EOK);
|
|
assert_int_equal(key_size, exp_key_size);
|
|
@@ -407,8 +388,10 @@ int main(int argc, const char *argv[])
|
|
setup, teardown),
|
|
cmocka_unit_test_setup_teardown(test_sss_cert_derb64_to_ldap_filter,
|
|
setup, teardown),
|
|
+#ifdef HAVE_TEST_CA
|
|
cmocka_unit_test_setup_teardown(test_cert_to_ssh_key,
|
|
setup, teardown),
|
|
+#endif
|
|
};
|
|
|
|
/* Set debug level to invalid value so we can decide if -d 0 was used. */
|
|
diff --git a/src/tests/cmocka/test_pam_srv.c b/src/tests/cmocka/test_pam_srv.c
|
|
index c510c2d3b..e68e81f97 100644
|
|
--- a/src/tests/cmocka/test_pam_srv.c
|
|
+++ b/src/tests/cmocka/test_pam_srv.c
|
|
@@ -38,6 +38,14 @@
|
|
#include "util/crypto/nss/nss_util.h"
|
|
#endif
|
|
|
|
+#ifdef HAVE_TEST_CA
|
|
+#include "tests/test_CA/SSSD_test_cert_x509_0001.h"
|
|
+#include "tests/test_CA/SSSD_test_cert_x509_0002.h"
|
|
+#else
|
|
+#define SSSD_TEST_CERT_0001 ""
|
|
+#define SSSD_TEST_CERT_0002 ""
|
|
+#endif
|
|
+
|
|
#define TESTS_PATH "tp_" BASE_FILE_STEM
|
|
#define TEST_CONF_DB "test_pam_conf.ldb"
|
|
#define TEST_DOM_NAME "pam_test"
|
|
@@ -52,55 +60,11 @@
|
|
|
|
#define TEST_TOKEN_NAME "SSSD Test Token"
|
|
#define TEST_MODULE_NAME "NSS-Internal"
|
|
-#define TEST_KEY_ID "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7"
|
|
-#define TEST_PROMPT "Server-Cert\nCN=ipa-devel.ipa.devel,O=IPA.DEVEL"
|
|
-#define TEST_TOKEN_CERT \
|
|
-"MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
|
|
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
|
|
-"NDE0MTVaFw0xODA1MjQxNDE0MTVaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoG" \
|
|
-"A1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEP" \
|
|
-"ADCCAQoCggEBALHvOzZy/3llvoAYxrtOpux0gDVvSuSRpTGOW/bjpgdTowvXoOb5" \
|
|
-"G9Cy/9S6be7ZJ9D95lc/J9W8tX+ShKN8Q4b74l4WjmILQJ4dUsJ/BXfvoMPR8tw/" \
|
|
-"G47dGbLZanMXdWGBSTuXhoiogZWib2DhSwrX2DbEH5L3OWooeAVU5ZWOw55/HD7O" \
|
|
-"Q/7Of7H3tf4bvxNTFkxh39KQMG28wjPZSv+SZWNHMB+rj2yZgyeHBMkoPOPesAEi" \
|
|
-"7KKHxw1MHSv2xBI1AiV+aMdKfYUMy0Rq3PrRU4274i3eaBX4Q9GnDi36K/7bHjbt" \
|
|
-"LW0YTIW/L5/cH/BO88BREjxS3bEXAQqlKOcCAwEAAaOCASYwggEiMB8GA1UdIwQY" \
|
|
-"MBaAFPci/0Km5D/L5z7YqwEc7E1/GwgcMDsGCCsGAQUFBwEBBC8wLTArBggrBgEF" \
|
|
-"BQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8E" \
|
|
-"BAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGsw" \
|
|
-"aaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JM" \
|
|
-"LmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRl" \
|
|
-"IEF1dGhvcml0eTAdBgNVHQ4EFgQUIJuWIts3m3uEYqJ9pUL0y7utTiEwDQYJKoZI" \
|
|
-"hvcNAQELBQADggEBAB0GyqGxtZ99fsXA1+fHfAwKOwznT7Hh8hN9efEMBJICVud+" \
|
|
-"ivUBOH6JpSTWgNLuBhrpebV/b/DSjhn+ayuvoPWng3hjwMbSEIe0euzCEdwVcokt" \
|
|
-"bwNMMSeTxSg6wbJnEyZqQEIr2h/TR9dRNxE+RbQXyamW0fUxSVT16iueL0hMwszT" \
|
|
-"jCfI/UZv3tDMHbh6D4811A0HO8daW7ufMGb/M+kDxYigJiL2gllMZ+6xba1RRgzF" \
|
|
-"8Z+9gqZhCa7FEKJOPNR9RVtJs0qUUutMZrp1zpyx0GTmXQBA7LbgPxy8L68uymEQ" \
|
|
-"XyQBwOYRORlnfGyu+Yc9c3E0Wx8Tlznz0lqPR9g="
|
|
-
|
|
-#define TEST2_KEY_ID "C8D60E009EB195D01A7083EE1D5419251AA87C2C"
|
|
-#define TEST2_PROMPT "ipaCert\nCN=IPA RA,O=IPA.DEVEL"
|
|
-#define TEST_TOKEN_2ND_CERT \
|
|
-"MIIDazCCAlOgAwIBAgIBBzANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEu" \
|
|
-"REVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNjA1MjMx" \
|
|
-"NDEzMDFaFw0xODA1MTMxNDEzMDFaMCUxEjAQBgNVBAoMCUlQQS5ERVZFTDEPMA0G" \
|
|
-"A1UEAwwGSVBBIFJBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3abE" \
|
|
-"8LmIc6QN16VVxsMlN/rrCOoZKyyJolSzpP4+K66t+KZUiW/1j1MZogjyYyD39U1F" \
|
|
-"zpa2H+pID74XYrdiqP7sp+uE9/k2XOv/nN3FobXDt+fSINLDriCmxNhUZqpgo2uq" \
|
|
-"Mmka+yx2iJZwkntEoJTcd3aynoa2Sa2ZZbkMBy5p6/pUQKwnD6scOwe6mUDppIBK" \
|
|
-"+ZZRm+u/NDdIRFI5wfKLRR1r/ONaJA9nz1TxSEsgLsjG/1m+Zbb6lGG4pePIFkQ9" \
|
|
-"Iotpi64obBh93oIxzQR29lBG/FMjQVHlPIbx+xuGx11Vtp5pAomgFz0HRrj0leI7" \
|
|
-"bROE+jnC/VGPLQD2aQIDAQABo4GWMIGTMB8GA1UdIwQYMBaAFPci/0Km5D/L5z7Y" \
|
|
-"qwEc7E1/GwgcMEEGCCsGAQUFBwEBBDUwMzAxBggrBgEFBQcwAYYlaHR0cDovL2lw" \
|
|
-"YS1kZXZlbC5pcGEuZGV2ZWw6ODAvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYD" \
|
|
-"VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQBg" \
|
|
-"4Sppx2C3eXPJ4Pd9XElkQPOaBReXf1vV0uk/GlK+rG+aAqAkA2Lryx5PK/iAuzAU" \
|
|
-"M6JUpELuQYgqugoCgBXMgsMlpAO/0C3CFq4ZH3KgIsRlRngKPrt6RG0UPMRD1CE2" \
|
|
-"tSVkwUWvyK83lDiu2BbWDXyMyz5eZOlp7uHusf5BKvob8jEndHj1YzaNTmVSsDM5" \
|
|
-"kiIwf8qgFhsO1HCq08PtAnbVHhqkcvnmIJN98eNWNfTKodDmFVbN8gB0wK+WB5ii" \
|
|
-"WVOw7+3/zF1QgqnYX3t+kPLRryip/wvTZkzXWwMNj/W6UHgjNF/4gWGoBgCHu+u3" \
|
|
-"EvjMmbVSrEkesibpGQS5"
|
|
+#define TEST_KEY_ID "C554C9F82C2A9D58B70921C143304153A8A42F17"
|
|
+#define TEST_PROMPT "SSSD test cert 0001 - SSSD\nCN=SSSD test cert 0001,OU=SSSD test,O=SSSD"
|
|
|
|
+#define TEST2_KEY_ID "5405842D56CF31F0BB025A695C5F3E907051C5B9"
|
|
+#define TEST2_PROMPT "SSSD test cert 0002 - SSSD\nCN=SSSD test cert 0002,OU=SSSD test,O=SSSD"
|
|
|
|
static char CACHED_AUTH_TIMEOUT_STR[] = "4";
|
|
static const int CACHED_AUTH_TIMEOUT = 4;
|
|
@@ -187,7 +151,7 @@ static errno_t setup_nss_db(void)
|
|
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
|
|
return ret;
|
|
}
|
|
- ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
|
|
+ ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR);
|
|
if (ret < 0) {
|
|
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
|
|
return ret;
|
|
@@ -208,7 +172,7 @@ static errno_t setup_nss_db(void)
|
|
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
|
|
return ret;
|
|
}
|
|
- ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/cmocka/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_SRC_DIR);
|
|
+ ret = fprintf(fp, "parameters=configdir='sql:%s/src/tests/test_CA/p11_nssdb_2certs' dbSlotDescription='SSSD Test Slot' dbTokenDescription='SSSD Test Token' secmod='secmod.db' flags=readOnly \n\n", ABS_BUILD_DIR);
|
|
if (ret < 0) {
|
|
DEBUG(SSSDBG_FATAL_FAILURE, "fprintf() failed.\n");
|
|
return ret;
|
|
@@ -451,6 +415,7 @@ static int pam_test_setup(void **state)
|
|
return 0;
|
|
}
|
|
|
|
+#ifdef HAVE_TEST_CA
|
|
#ifdef HAVE_NSS
|
|
static int pam_test_setup_no_verification(void **state)
|
|
{
|
|
@@ -476,6 +441,7 @@ static int pam_test_setup_no_verification(void **state)
|
|
return 0;
|
|
}
|
|
#endif /* HAVE_NSS */
|
|
+#endif /* HAVE_TEST_CA */
|
|
|
|
static int pam_cached_test_setup(void **state)
|
|
{
|
|
@@ -1915,6 +1881,7 @@ static int test_lookup_by_cert_cb(void *pvt)
|
|
|
|
return EOK;
|
|
}
|
|
+
|
|
static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt)
|
|
{
|
|
int ret;
|
|
@@ -1927,7 +1894,7 @@ static int test_lookup_by_cert_cb_2nd_cert_same_user(void *pvt)
|
|
attrs = sysdb_new_attrs(pam_test_ctx);
|
|
assert_non_null(attrs);
|
|
|
|
- der = sss_base64_decode(pam_test_ctx, TEST_TOKEN_2ND_CERT, &der_size);
|
|
+ der = sss_base64_decode(pam_test_ctx, SSSD_TEST_CERT_0002, &der_size);
|
|
assert_non_null(der);
|
|
|
|
ret = sysdb_attrs_add_mem(attrs, SYSDB_USER_MAPPED_CERT, der, der_size);
|
|
@@ -2033,7 +2000,7 @@ void test_pam_preauth_cert_match(void **state)
|
|
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2057,7 +2024,7 @@ void test_pam_preauth_cert_match_gdm_smartcard(void **state)
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL,
|
|
"gdm-smartcard", test_lookup_by_cert_cb,
|
|
- TEST_TOKEN_CERT, false);
|
|
+ SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2080,7 +2047,7 @@ void test_pam_preauth_cert_match_wrong_user(void **state)
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
|
|
test_lookup_by_cert_wrong_user_cb,
|
|
- TEST_TOKEN_CERT, false);
|
|
+ SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2111,7 +2078,7 @@ void test_pam_preauth_cert_no_logon_name(void **state)
|
|
* request will be done with the username found by the certificate
|
|
* lookup. */
|
|
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
|
|
mock_account_recv_simple();
|
|
mock_parse_inp("pamuser", NULL, EOK);
|
|
|
|
@@ -2140,7 +2107,7 @@ void test_pam_preauth_cert_no_logon_name_with_hint(void **state)
|
|
* during pre-auth and there is no need for an extra mocked response as in
|
|
* test_pam_preauth_cert_no_logon_name. */
|
|
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2162,7 +2129,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert(void **state)
|
|
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB);
|
|
|
|
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
|
|
+ false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2185,7 +2153,8 @@ void test_pam_preauth_cert_no_logon_name_double_cert_with_hint(void **state)
|
|
pam_test_ctx->rctx->domains->user_name_hint = true;
|
|
|
|
mock_input_pam_cert(pam_test_ctx, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
|
|
+ false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2258,8 +2227,8 @@ void test_pam_cert_auth(void **state)
|
|
* in the cache and no second request to the backend is needed. */
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token",
|
|
"NSS-Internal",
|
|
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, true);
|
|
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2292,8 +2261,8 @@ void test_pam_cert_auth_no_logon_name(void **state)
|
|
* in the cache and no second request to the backend is needed. */
|
|
mock_input_pam_cert(pam_test_ctx, NULL, "123456", "SSSD Test Token",
|
|
"NSS-Internal",
|
|
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, true);
|
|
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, true);
|
|
|
|
mock_account_recv_simple();
|
|
mock_parse_inp("pamuser", NULL, EOK);
|
|
@@ -2354,8 +2323,9 @@ void test_pam_cert_auth_double_cert(void **state)
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", "123456", "SSSD Test Token",
|
|
"NSS-Internal",
|
|
- "A5EF7DEE625CA5996C8D1BA7D036708161FD49E7", NULL,
|
|
- test_lookup_by_cert_double_cb, TEST_TOKEN_CERT, true);
|
|
+ "C554C9F82C2A9D58B70921C143304153A8A42F17", NULL,
|
|
+ test_lookup_by_cert_double_cb, SSSD_TEST_CERT_0001,
|
|
+ true);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_AUTHENTICATE);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2380,7 +2350,7 @@ void test_pam_cert_preauth_2certs_one_mapping(void **state)
|
|
set_cert_auth_param(pam_test_ctx->pctx, NSS_DB_2CERTS);
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
|
|
- test_lookup_by_cert_cb, TEST_TOKEN_CERT, false);
|
|
+ test_lookup_by_cert_cb, SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2403,7 +2373,7 @@ void test_pam_cert_preauth_2certs_two_mappings(void **state)
|
|
|
|
mock_input_pam_cert(pam_test_ctx, "pamuser", NULL, NULL, NULL, NULL, NULL,
|
|
test_lookup_by_cert_cb_2nd_cert_same_user,
|
|
- TEST_TOKEN_CERT, false);
|
|
+ SSSD_TEST_CERT_0001, false);
|
|
|
|
will_return(__wrap_sss_packet_get_cmd, SSS_PAM_PREAUTH);
|
|
will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
|
|
@@ -2812,6 +2782,7 @@ int main(int argc, const char *argv[])
|
|
cmocka_unit_test_setup_teardown(test_pam_cached_auth_failed_combined_pw_with_cached_2fa,
|
|
pam_cached_test_setup,
|
|
pam_test_teardown),
|
|
+#ifdef HAVE_TEST_CA
|
|
/* p11_child is not built without NSS */
|
|
#ifdef HAVE_NSS
|
|
cmocka_unit_test_setup_teardown(test_pam_preauth_cert_nocert,
|
|
@@ -2856,6 +2827,7 @@ int main(int argc, const char *argv[])
|
|
cmocka_unit_test_setup_teardown(test_pam_cert_auth_no_logon_name_no_key_id,
|
|
pam_test_setup, pam_test_teardown),
|
|
#endif /* HAVE_NSS */
|
|
+#endif /* HAVE_TEST_CA */
|
|
|
|
cmocka_unit_test_setup_teardown(test_filter_response,
|
|
pam_test_setup, pam_test_teardown),
|
|
--
|
|
2.17.0
|
|
|