SSSD / sssd

Clone

f91adcc TESTS: Get rid of KCM_PEER_UID

Authored and Committed by jhrozek 5 years ago
raw patch tree parent
5 files changed. 42 lines added. 11 lines removed.
Makefile.am
file modified
+1 -1
src/tests/intg/getsockopt_wrapper.c
file modified
+32 -0
src/tests/intg/test_kcm.py
file modified
+4 -1
src/tests/intg/test_secrets.py
file modified
+4 -2
src/util/secrets/secrets.c
file modified
+1 -7 
    TESTS: Get rid of KCM_PEER_UID
    
    In normal operation, libsss_secret only allows root to write to the KCM
    namespace. This was impractical in tests, because the identity of the
    client is read from the socket and even with the socket and uid
    wrapping, still the real UID was used. So we #define-d the client ID to
    something else during tests.
    
    But this is also problematic for tests that do not use the secrets
    responder, but only the libsecrets, beacause there the ID of the caller
    is root, because of uid_wrapper.
    
    This patch changes the approach so that the secrets responder tests
    preload getsockopt_wrapper() and any communication to the secrets socket
    rewrites the client credentials to be root. In combination with
    uid_wrapper which pretends to libsss_secrets that the caller is root, we
    can get rid of test-specific #define in the code.
    
    Related:
    https://pagure.io/SSSD/sssd/issue/3685
    
    Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
file modified
+1 -1
file modified
+32 -0
file modified
+4 -1
file modified
+4 -2
file modified
+1 -7
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.