tests: Turn on PAM support in sshd with pam_wrapper
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Этот коммит содержится в:
родитель
0e98f1214d
Коммит
7aa84318ae
@ -47,6 +47,7 @@ if (WITH_CLIENT_TESTING)
|
||||
find_package(socket_wrapper 1.1.5 REQUIRED)
|
||||
find_package(nss_wrapper 1.1.2 REQUIRED)
|
||||
find_package(uid_wrapper 1.2.0 REQUIRED)
|
||||
find_package(pam_wrapper 1.0.0 REQUIRED)
|
||||
|
||||
find_program(SSHD_EXECUTABLE
|
||||
NAME
|
||||
@ -76,11 +77,16 @@ if (WITH_CLIENT_TESTING)
|
||||
configure_file(etc/group.in ${CMAKE_CURRENT_BINARY_DIR}/etc/group @ONLY)
|
||||
configure_file(etc/hosts.in ${CMAKE_CURRENT_BINARY_DIR}/etc/hosts @ONLY)
|
||||
|
||||
set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}")
|
||||
### Setup pam_wrapper
|
||||
configure_file(etc/pam_matrix_passdb.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam_matrix_passdb @ONLY)
|
||||
configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
|
||||
|
||||
set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}")
|
||||
list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1)
|
||||
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
|
||||
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
|
||||
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group)
|
||||
list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d)
|
||||
|
||||
# Give bob some keys
|
||||
file(COPY keys/id_rsa DESTINATION ${CMAKE_CURRENT_BINARY_DIR}/home/bob/.ssh/ FILE_PERMISSIONS OWNER_READ OWNER_WRITE)
|
||||
|
4
tests/etc/pam.d/sshd.in
Обычный файл
4
tests/etc/pam.d/sshd.in
Обычный файл
@ -0,0 +1,4 @@
|
||||
auth required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
|
||||
account required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
|
||||
password required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
|
||||
session required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
|
2
tests/etc/pam_matrix_passdb.in
Обычный файл
2
tests/etc/pam_matrix_passdb.in
Обычный файл
@ -0,0 +1,2 @@
|
||||
bob:secret:sshd
|
||||
alice:secret:sshd
|
@ -915,6 +915,8 @@ static void torture_setup_create_sshd_config(void **state)
|
||||
"UsePrivilegeSeparation no\n"
|
||||
"StrictModes no\n"
|
||||
"\n"
|
||||
"UsePAM yes\n"
|
||||
"\n"
|
||||
#if OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 7
|
||||
"HostKeyAlgorithms +ssh-dss\n"
|
||||
"Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
|
||||
@ -958,6 +960,7 @@ void torture_setup_sshd_server(void **state)
|
||||
/* Set the default interface for the server */
|
||||
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
|
||||
setenv("UID_WRAPPER_ROOT", "1", 1);
|
||||
setenv("PAM_WRAPPER", "1", 1);
|
||||
|
||||
s = *state;
|
||||
|
||||
@ -970,6 +973,7 @@ void torture_setup_sshd_server(void **state)
|
||||
|
||||
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
|
||||
unsetenv("UID_WRAPPER_ROOT");
|
||||
unsetenv("PAM_WRAPPER");
|
||||
}
|
||||
|
||||
void torture_teardown_socket_dir(void **state)
|
||||
|
Загрузка…
Ссылка в новой задаче
Block a user