aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@cryptomilk.org>2015-10-01 13:56:32 +0200
committerAndreas Schneider <asn@cryptomilk.org>2018-10-05 12:09:45 +0200
commitbf2a33b21e3fb8143811a1ac4a8eabe2b8441dd2 (patch)
tree4f24f7af27d8052d130f042d45527fa8a6d02607
parent130194aa0e538700c21e70bc81f6ae04cc2b95d1 (diff)
downloadlibssh-bf2a33b21e3fb8143811a1ac4a8eabe2b8441dd2.tar.gz
libssh-bf2a33b21e3fb8143811a1ac4a8eabe2b8441dd2.tar.xz
libssh-bf2a33b21e3fb8143811a1ac4a8eabe2b8441dd2.zip
tests: Turn on PAM support in sshd with pam_wrapper
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> (cherry-picked from commit 7aa84318)
-rw-r--r--tests/CMakeLists.txt8
-rw-r--r--tests/etc/pam.d/sshd.in4
-rw-r--r--tests/etc/pam_matrix_passdb.in2
-rw-r--r--tests/torture.c4
4 files changed, 17 insertions, 1 deletions
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index c0405f9c..36d774e5 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -47,6 +47,7 @@ if (WITH_CLIENT_TESTING)
find_package(socket_wrapper 1.1.5 REQUIRED)
find_package(nss_wrapper 1.1.2 REQUIRED)
find_package(uid_wrapper 1.2.0 REQUIRED)
+ find_package(pam_wrapper 1.0.0 REQUIRED)
find_program(SSHD_EXECUTABLE
NAME
@@ -76,11 +77,16 @@ if (WITH_CLIENT_TESTING)
configure_file(etc/group.in ${CMAKE_CURRENT_BINARY_DIR}/etc/group @ONLY)
configure_file(etc/hosts.in ${CMAKE_CURRENT_BINARY_DIR}/etc/hosts @ONLY)
- set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}")
+ ### Setup pam_wrapper
+ configure_file(etc/pam_matrix_passdb.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam_matrix_passdb @ONLY)
+ configure_file(etc/pam.d/sshd.in ${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d/sshd @ONLY)
+
+ set(TORTURE_ENVIRONMENT "LD_PRELOAD=${SOCKET_WRAPPER_LIBRARY}:${NSS_WRAPPER_LIBRARY}:${UID_WRAPPER_LIBRARY}:${PAM_WRAPPER_LIBRARY}")
list(APPEND TORTURE_ENVIRONMENT UID_WRAPPER=1)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_PASSWD=${CMAKE_CURRENT_BINARY_DIR}/etc/passwd)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_SHADOW=${CMAKE_CURRENT_BINARY_DIR}/etc/shadow)
list(APPEND TORTURE_ENVIRONMENT NSS_WRAPPER_GROUP=${CMAKE_CURRENT_BINARY_DIR}/etc/group)
+ list(APPEND TORTURE_ENVIRONMENT PAM_WRAPPER_SERVICE_DIR=${CMAKE_CURRENT_BINARY_DIR}/etc/pam.d)
message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
diff --git a/tests/etc/pam.d/sshd.in b/tests/etc/pam.d/sshd.in
new file mode 100644
index 00000000..57c66f94
--- /dev/null
+++ b/tests/etc/pam.d/sshd.in
@@ -0,0 +1,4 @@
+auth required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+account required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+password required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
+session required @PAM_WRAPPER_MODULE_DIR@/pam_matrix.so passdb=@CMAKE_CURRENT_BINARY_DIR@/etc/pam_matrix_passdb
diff --git a/tests/etc/pam_matrix_passdb.in b/tests/etc/pam_matrix_passdb.in
new file mode 100644
index 00000000..8891fcfe
--- /dev/null
+++ b/tests/etc/pam_matrix_passdb.in
@@ -0,0 +1,2 @@
+bob:secret:sshd
+alice:secret:sshd
diff --git a/tests/torture.c b/tests/torture.c
index a4f38ad3..f9c9c036 100644
--- a/tests/torture.c
+++ b/tests/torture.c
@@ -813,6 +813,8 @@ static void torture_setup_create_sshd_config(void **state)
"UsePrivilegeSeparation no\n"
"StrictModes no\n"
"\n"
+ "UsePAM yes\n"
+ "\n"
#if OPENSSH_VERSION_MAJOR == 6 && OPENSSH_VERSION_MINOR >= 7
"HostKeyAlgorithms +ssh-dss\n"
"Ciphers +3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc\n"
@@ -856,6 +858,7 @@ void torture_setup_sshd_server(void **state)
/* Set the default interface for the server */
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
setenv("UID_WRAPPER_ROOT", "1", 1);
+ setenv("PAM_WRAPPER", "1", 1);
s = *state;
@@ -868,6 +871,7 @@ void torture_setup_sshd_server(void **state)
setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
unsetenv("UID_WRAPPER_ROOT");
+ unsetenv("PAM_WRAPPER");
}
void torture_teardown_socket_dir(void **state)