From 103a22b85df5c371aefb08e476a3ab950e6882a3 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 19 Jun 2018 11:39:02 +0200 Subject: [PATCH] TESTS: Add a regression test for SIGHUP handling in sss_ssh_authorizedkeys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A regression test for: https://pagure.io/SSSD/sssd/issue/3747 Reviewed-by: Fabiano FidĂȘncio (cherry picked from commit 4cc3c1a1b1070c12bcc4351880d8207e47b37496) --- src/tests/intg/test_ssh_pubkey.py | 58 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/src/tests/intg/test_ssh_pubkey.py b/src/tests/intg/test_ssh_pubkey.py index fbf55566e341373873057ec4e3af1d7f83202aa7..8fb41c62d87ec210c9aad8582023fe1cb00f2b4e 100644 --- a/src/tests/intg/test_ssh_pubkey.py +++ b/src/tests/intg/test_ssh_pubkey.py @@ -24,6 +24,8 @@ import time import ldap import ldap.modlist import pytest +import string +import random import config import ds_openldap @@ -230,3 +232,59 @@ def test_ssh_pubkey_retrieve(add_user_with_ssh_key): sshpubkey = get_call_output(["sss_ssh_authorizedkeys", "user2"]) assert len(sshpubkey) == 0 + + +@pytest.fixture() +def sighup_client(request): + test_ssh_cli_path = os.path.join(config.ABS_BUILDDIR, + "..", "..", "..", "test_ssh_client") + assert os.access(test_ssh_cli_path, os.X_OK) + return test_ssh_cli_path + + +@pytest.fixture +def add_user_with_many_keys(request, ldap_conn): + # Generate a large list of unique ssh pubkeys + pubkey_list = [] + while len(pubkey_list) < 50: + new_pubkey = list(USER1_PUBKEY1) + new_pubkey[10] = random.choice(string.ascii_uppercase) + new_pubkey[11] = random.choice(string.ascii_uppercase) + new_pubkey[12] = random.choice(string.ascii_uppercase) + str_new_pubkey = ''.join(c for c in new_pubkey) + if str_new_pubkey in pubkey_list: + continue + pubkey_list.append(str_new_pubkey) + + ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) + ent_list.add_user("user1", 1001, 2001, sshPubKey=pubkey_list) + create_ldap_fixture(request, ldap_conn, ent_list) + + conf = format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + create_conf_fixture(request, conf) + create_sssd_fixture(request) + return None + + +def test_ssh_sighup(add_user_with_many_keys, sighup_client): + """ + A regression test for https://pagure.io/SSSD/sssd/issue/3747 + + OpenSSH can close its end of the pipe towards sss_ssh_authorizedkeys + before all of the output is read. In that case, older versions + of sss_ssh_authorizedkeys were receiving a SIGPIPE + """ + cli_path = sighup_client + + # python actually does the sensible, but unexpected (for a C programmer) + # thing and handles SIGPIPE. In order to reproduce the bug, we need + # to unset the SIGPIPE handler + signal.signal(signal.SIGPIPE, signal.SIG_DFL) + + process = subprocess.Popen([cli_path, "user1"], + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + _, _ = process.communicate() + # If the test tool detects that sss_ssh_authorizedkeys was killed with a + # signal, it would have returned 1 + assert process.returncode == 0 -- 2.14.4