From 496ac13f3fdb94aee1ccf5821fb58749b4665bc8 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Mon, 19 Aug 2024 17:10:08 +0200 Subject: [PATCH] Respect '--without-infopipe' in 'sssctl' and tests --- Makefile.am | 14 ++++++---- src/tests/dlopen-tests.c | 2 ++ src/tests/intg/Makefile.am | 7 +++++ src/tests/intg/test_infopipe.py | 8 ++++++ src/tests/intg/test_pam_responder.py | 39 ++++++++++++++++++++++++++ src/tools/sssctl/sssctl.c | 6 ++++ src/tools/sssctl/sssctl.h | 41 +++++++++++++++------------- src/tools/sssctl/sssctl_logs.c | 1 - 8 files changed, 92 insertions(+), 26 deletions(-) diff --git a/Makefile.am b/Makefile.am index 82e0c5882a3..c10dbe22542 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1945,15 +1945,17 @@ sssctl_SOURCES = \ src/tools/sssctl/sssctl_cache.c \ src/tools/sssctl/sssctl_data.c \ src/tools/sssctl/sssctl_logs.c \ - src/tools/sssctl/sssctl_domains.c \ src/tools/sssctl/sssctl_config.c \ - src/tools/sssctl/sssctl_user_checks.c \ + $(SSSD_TOOLS_OBJ) +if BUILD_PASSKEY +sssctl_SOURCES += src/tools/sssctl/sssctl_passkey.c +endif +if BUILD_IFP +sssctl_SOURCES += \ src/tools/sssctl/sssctl_access_report.c \ src/tools/sssctl/sssctl_cert.c \ - $(SSSD_TOOLS_OBJ) \ - $(NULL) -if BUILD_PASSKEY - sssctl_SOURCES += src/tools/sssctl/sssctl_passkey.c + src/tools/sssctl/sssctl_domains.c \ + src/tools/sssctl/sssctl_user_checks.c endif sssctl_LDADD = \ $(TOOLS_LIBS) \ diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c index d910de4b80a..2f19c679e04 100644 --- a/src/tests/dlopen-tests.c +++ b/src/tests/dlopen-tests.c @@ -91,8 +91,10 @@ struct so { { "libsss_sbus_sync.so", {NULL} }, { "libsss_iface.so", {NULL} }, { "libsss_iface_sync.so", {NULL} }, +#ifdef BUILD_IFP { "libifp_iface.so", {NULL} }, { "libifp_iface_sync.so", {NULL} }, +#endif { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_simple.so", NULL } }, #ifdef BUILD_FILES_PROVIDER diff --git a/src/tests/intg/Makefile.am b/src/tests/intg/Makefile.am index 0cfd268dce7..0461b5367eb 100644 --- a/src/tests/intg/Makefile.am +++ b/src/tests/intg/Makefile.am @@ -107,6 +107,12 @@ else FILES_PROVIDER = "disabled" endif +if BUILD_IFP +IFP = "enabled" +else +IFP = "disabled" +endif + cwrap-dbus-system.conf: data/cwrap-dbus-system.conf.in Makefile $(SED) -e "s!@runstatedir[@]!$(runstatedir)!" \ @@ -237,6 +243,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \ KCM_RENEW=$(KCM_RENEW) \ FILES_PROVIDER=$(FILES_PROVIDER) \ + IFP=$(IFP) \ DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \ DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \ DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \ diff --git a/src/tests/intg/test_infopipe.py b/src/tests/intg/test_infopipe.py index ae925858fc0..131dd8d1f37 100644 --- a/src/tests/intg/test_infopipe.py +++ b/src/tests/intg/test_infopipe.py @@ -42,6 +42,14 @@ INTERACTIVE_TIMEOUT = 4 +def have_ifp_support(): + return os.environ['IFP'] == "enabled" + + +pytestmark = pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") + + class DbusDaemon(object): def __init__(self): self.pid = 0 diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py index a9656a49f90..2de331129a8 100644 --- a/src/tests/intg/test_pam_responder.py +++ b/src/tests/intg/test_pam_responder.py @@ -39,6 +39,9 @@ LDAP_BASE_DN = "dc=example,dc=com" +def have_ifp_support(): + return os.environ['IFP'] == "enabled" + def provider_list(): if os.environ['FILES_PROVIDER'] == "enabled": return ('files', 'files_with_policy', 'proxy') @@ -436,6 +439,8 @@ def pam_prompting_config(request, ldap_conn): return None +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") def test_password_prompting_config_global(ldap_conn, pam_prompting_config, env_for_sssctl): """Check global change of the password prompt""" @@ -461,6 +466,8 @@ def test_password_prompting_config_global(ldap_conn, pam_prompting_config, assert err.find("My global prompt") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") def test_password_prompting_config_srv(ldap_conn, pam_prompting_config, env_for_sssctl): """Check change of the password prompt for dedicated service""" @@ -502,6 +509,8 @@ def env_for_sssctl(request): return env_for_sssctl +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): @@ -527,6 +536,8 @@ def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl): "Authentication failure") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): @@ -551,6 +562,8 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl): @@ -575,6 +588,8 @@ def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True) def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl): @@ -599,6 +614,8 @@ def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True) def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): """ @@ -621,6 +638,8 @@ def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl): assert err.find("Password:") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password_with_sc'], indirect=True) def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl): @@ -651,6 +670,8 @@ def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): @@ -676,6 +697,8 @@ def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth_no_cert', provider_list(), indirect=True) def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): @@ -712,6 +735,8 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): @@ -738,6 +763,8 @@ def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): @@ -763,6 +790,8 @@ def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): """ @@ -792,6 +821,8 @@ def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl): "service cannot retrieve authentication info") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): """ @@ -820,6 +851,8 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True) def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): """ @@ -848,6 +881,8 @@ def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl): assert err.find("pam_authenticate for user [user1]: Success") != -1 +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") @pytest.mark.parametrize('simple_pam_cert_auth_name_format', provider_list(), indirect=True) def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl): """ @@ -910,6 +945,8 @@ def setup_krb5(request, kdc_instance, passwd_ops_setup): return None +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") def test_krb5_auth(setup_krb5, env_for_sssctl): """ Test basic Kerberos authentication, check for authentication failure when @@ -976,6 +1013,8 @@ def setup_krb5_domains(request, kdc_instance, passwd_ops_setup): return None +@pytest.mark.skipif(not have_ifp_support(), + reason="IFP support isn't built, skipping") def test_krb5_auth_domains(setup_krb5_domains, env_for_sssctl): """ Test basic Kerberos authentication with pam_sss 'domains' option, make diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c index 9d4eb949306..5a6d0403392 100644 --- a/src/tools/sssctl/sssctl.c +++ b/src/tools/sssctl/sssctl.c @@ -314,11 +314,15 @@ bool sssctl_restart_sssd(bool force) int main(int argc, const char **argv) { struct sss_route_cmd commands[] = { +#ifdef BUILD_IFP SSS_TOOL_DELIMITER("SSSD Status:"), SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list), SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status), SSS_TOOL_COMMAND_FLAGS("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("access-report", "Generate access report for a domain", 0, sssctl_access_report), +#else + SSS_TOOL_DELIMITER("IFP support isn't built, 'sssctl' functionality is limited."), +#endif /* BUILD_IFP */ SSS_TOOL_DELIMITER("Information about cached content:"), SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show), SSS_TOOL_COMMAND("group-show", "Information about cached group", 0, sssctl_group_show), @@ -336,10 +340,12 @@ int main(int argc, const char **argv) SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_DELIMITER("Configuration files tools:"), SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT), +#ifdef BUILD_IFP SSS_TOOL_DELIMITER("Certificate related tools:"), SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map), SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK), +#endif /* BUILD_IFP */ SSS_TOOL_DELIMITER("GPOs related tools:"), SSS_TOOL_COMMAND("gpo-show", "Information about cached GPO", 0, sssctl_gpo_show), SSS_TOOL_COMMAND("gpo-list", "Enumerate cached GPOs", 0, sssctl_gpo_list), diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h index 378512ce8f8..17eb10b02db 100644 --- a/src/tools/sssctl/sssctl.h +++ b/src/tools/sssctl/sssctl.h @@ -61,6 +61,7 @@ errno_t sssctl_systemd_start(void); errno_t sssctl_systemd_stop(void); errno_t sssctl_systemd_restart(void); +#ifdef BUILD_IFP errno_t sssctl_domain_list(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); @@ -69,6 +70,27 @@ errno_t sssctl_domain_status(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); +errno_t sssctl_user_checks(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); + +errno_t sssctl_cert_show(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); + +errno_t sssctl_cert_map(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); + +errno_t sssctl_cert_eval_rule(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); + +errno_t sssctl_access_report(struct sss_cmdline *cmdline, + struct sss_tool_ctx *tool_ctx, + void *pvt); +#endif /* BUILD_IFP */ + errno_t sssctl_client_data_backup(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); @@ -121,31 +143,12 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); -errno_t sssctl_user_checks(struct sss_cmdline *cmdline, - struct sss_tool_ctx *tool_ctx, - void *pvt); - -errno_t sssctl_access_report(struct sss_cmdline *cmdline, - struct sss_tool_ctx *tool_ctx, - void *pvt); - -errno_t sssctl_cert_show(struct sss_cmdline *cmdline, - struct sss_tool_ctx *tool_ctx, - void *pvt); - -errno_t sssctl_cert_map(struct sss_cmdline *cmdline, - struct sss_tool_ctx *tool_ctx, - void *pvt); #ifdef BUILD_PASSKEY errno_t sssctl_passkey_register(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); #endif /* BUILD_PASSKEY */ -errno_t sssctl_cert_eval_rule(struct sss_cmdline *cmdline, - struct sss_tool_ctx *tool_ctx, - void *pvt); - errno_t sssctl_gpo_show(struct sss_cmdline *cmdline, struct sss_tool_ctx *tool_ctx, void *pvt); diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c index 75e855bb901..9a7f3228642 100644 --- a/src/tools/sssctl/sssctl_logs.c +++ b/src/tools/sssctl/sssctl_logs.c @@ -40,7 +40,6 @@ #include "tools/tools_util.h" #include "confdb/confdb.h" #include "sss_iface/sss_iface_sync.h" -#include "responder/ifp/ifp_iface/ifp_iface_sync.h" #define LOG_FILE(file) " " LOG_PATH "/" file #define LOG_FILES LOG_FILE("*.log")