Skip to content

Commit

Permalink
Tests: passkey: Add a ssh key as a passkey mapping
Browse files Browse the repository at this point in the history
Here, added two test cases:
1. Check log message when we add ssh key as passkey
mapping.
2. Check log message when we add ssh key with
passkey token.

Signed-off-by: Madhuri Upadhye <[email protected]>
  • Loading branch information
madhuriupadhye committed Mar 7, 2024
1 parent 0935ce9 commit e9fb6a8
Show file tree
Hide file tree
Showing 6 changed files with 85 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-rsa\20AAAAB3NzaC1yc2EAAAADAQABAAABgQCa+l8uZ6Q5G58PVMe1na7NrOMTzo2wOZfFwo0fM3RbvfAdlz/wsGwln2+EXA19FiXu/nNj4EwYGP9hymKuYaXzpq40k0VbhEL1v/qzXQvuKZgNx42vxi7NITaaAXuYj8OZQsZTvv+xgkREZmhQ6YqEjTJ0JzpD9fj8Gf8Mgn8pdsb/ZODLMAwEKtQ2DaWqH5jCqzoGEJlRl+kRbnrHc+RQrmj7NnY1voEJNrmzCyJFH5awZyBl/ZdbvpnwCKnVEleBFULrOIfJ9lc/QMmURCMa6RfW5CFrxdtjUwiIxfMiHe+zUY5T9L0Q6FWnlfNz/63Xdcrw1Gc90OCZKcqf/4P9N5flGSGSfiO5fD8gCCJ0c3WhxSVMREDP3ibKDsz8yhw2OuyGcfRo4nnchxy9G7031m2t9rUXc12eS1EKGJiPiT9IuTQ9nCG2PslkqR+KUMiYoS9MqTsAj9HhuTMkFhcYFyufxFmt/S4rIqVwmP8lY4GwwJwOnZwNLj/I2HwC+pk=\[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
passkey:HaHAF2gHz+mVSueE+0PkWC7650orZywlB1vw1ugQ1Yr66nbGfabQ0CSskFuAuuq9I8bERTnQmSqG5fBwgAhV0g==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAcsfy0PMAs/X2RsxZ7RSxX5tvltepZA6ksGLh6E4cVYOAgvndpNoVqFdngMgC9wK2AJiW16KmZxP9fc+FkEGyw==
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
passkey:YBAM/eevCjx1qHi2E8od26YpsVMJ5me4BkyHdcmrMKc9vZjvOoXltohZI366xPzd6qhkFw/xTxr69F1BQh48cw==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKpN2j1VHbTCRiUHjYfKIgGGKLlk18VyOj4YclbyFdB2PXPAQ2YGMRatEOoinOm7dbFZXWWqsR7/aS5giM6qckQ==
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
passkey:PzNQAn2th+rfrCtiLO9cERbteU/nGNt57U6LyPs1JHs2gL16pPDAIoscr7s5zYnV+ZkNVEDuS2v/ZH7dI2GPJQ==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwdsR5rszSVJ38J1delmnIBClewFjik49D74k4LrvwNO1dMQJLPKrmrgUIkQXEUmyqTJ6xHpIGEbZmqp1KsJVfA==
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ssh-rsa\20AAAAB3NzaC1yc2EAAAADAQABAAABgQCa+l8uZ6Q5G58PVMe1na7NrOMTzo2wOZfFwo0fM3RbvfAdlz/wsGwln2+EXA19FiXu/nNj4EwYGP9hymKuYaXzpq40k0VbhEL1v/qzXQvuKZgNx42vxi7NITaaAXuYj8OZQsZTvv+xgkREZmhQ6YqEjTJ0JzpD9fj8Gf8Mgn8pdsb/ZODLMAwEKtQ2DaWqH5jCqzoGEJlRl+kRbnrHc+RQrmj7NnY1voEJNrmzCyJFH5awZyBl/ZdbvpnwCKnVEleBFULrOIfJ9lc/QMmURCMa6RfW5CFrxdtjUwiIxfMiHe+zUY5T9L0Q6FWnlfNz/63Xdcrw1Gc90OCZKcqf/4P9N5flGSGSfiO5fD8gCCJ0c3WhxSVMREDP3ibKDsz8yhw2OuyGcfRo4nnchxy9G7031m2t9rUXc12eS1EKGJiPiT9IuTQ9nCG2PslkqR+KUMiYoS9MqTsAj9HhuTMkFhcYFyufxFmt/S4rIqVwmP8lY4GwwJwOnZwNLj/I2HwC+pk=\[email protected]
80 changes: 80 additions & 0 deletions src/tests/system/tests/test_passkey.py
Original file line number Diff line number Diff line change
Expand Up @@ -411,3 +411,83 @@ def test_passkey__su_same_key_for_multi_user(
ioctl=f"{moduledatadir}/umockdev.ioctl",
script=f"{testdatadir}/umockdev.script.{suffix}.{user}",
)


@pytest.mark.importance("high")
@pytest.mark.ticket(jira="SSSD-7011", gh=7066)
@pytest.mark.topology(KnownTopologyGroup.AnyAD)
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.builtwith(client="passkey", provider="passkey")
def test_passkey__ssh_key_as_passkey_mapping_token(
client: Client, provider: GenericADProvider, moduledatadir: str, testdatadir: str
):
"""
:title: Check ssh key as a passkey mapping token with AD, Samba and LDAP server.
:setup:
1. Add a users in AD, Samba and LDAP server and add ssh key as a passkey mapping.
2. Setup SSSD client with FIDO, start SSSD service.
:steps:
1. Check su non-passkey authentication of the user.
2. Required error message in pam log.
:expectedresults:
1. Successfully su authenticate the user with correct password.
2. Successfully get the expected message in pam log.
:customerscenario: False
"""
suffix = type(provider).__name__.lower()

if suffix == "ldap":
client.sssd.domain["local_auth_policy"] = "only"

with open(f"{testdatadir}/ssh-key") as f:
provider.user("user1").add().passkey_add(f.read().strip())

client.sssd.start()

# We are running simple su not to check authentication with passkey but just to get
# expected log message.
assert client.auth.su.password("user1", "Secret123"), "login with wrong password succeeded"

pam_log = client.fs.read(client.sssd.logs.pam)
assert "Mapping data found is not passkey related" in pam_log, "String was not found in the logs"


@pytest.mark.importance("high")
@pytest.mark.ticket(jira="SSSD-7011", gh=7066)
@pytest.mark.topology(KnownTopologyGroup.AnyAD)
@pytest.mark.topology(KnownTopology.LDAP)
@pytest.mark.builtwith(client="passkey", provider="passkey")
def test_passkey__ssh_key_with_passkey_mapping_token(
client: Client, provider: GenericADProvider, moduledatadir: str, testdatadir: str
):
"""
:title: Check ssh key with a passkey mapping token with AD, Samba and LDAP server.
:setup:
1. Add a users in AD, Samba and LDAP server and add ssh key and a passkey mapping.
2. Setup SSSD client with FIDO, start SSSD service.
:steps:
1. Check su non-passkey authentication of the user.
2. Required error message in pam log.
:expectedresults:
1. su failed to authenticate the user with correct password.
2. Successfully get the expected message in pam log.
:customerscenario: False
"""
suffix = type(provider).__name__.lower()

if suffix == "ldap":
client.sssd.domain["local_auth_policy"] = "only"

user_add = provider.user("user1").add()
for mapping in ["ssh_key", f"passkey-mapping.{suffix}"]:
with open(f"{testdatadir}/{mapping}") as f:
user_add.passkey_add(f.read().strip())

client.sssd.start()

# We are running simple su not to check authentication with passkey but just to get
# expected log message.
assert not client.auth.su.password("user1", "Secret123"), "login with wrong password succeeded"

pam_log = client.fs.read(client.sssd.logs.pam)
assert "Mapping data found is not passkey related" in pam_log, "String was not found in the logs"

0 comments on commit e9fb6a8

Please sign in to comment.