[Pkg-sssd-devel] [Git][sssd-team/sssd][master] 2 commits: autopkgtests: switch to ssh for the login test

Simon Josefsson (@jas) gitlab at salsa.debian.org
Fri Dec 20 15:15:20 GMT 2024 


Simon Josefsson pushed to branch master at Debian SSSD packaging / sssd


Commits:
f8a25703 by Andreas Hasenack at 2024-12-19T14:41:26-03:00
autopkgtests: switch to ssh for the login test

This avoids hitting #1081027.

Closes: #1081027

- - - - -
fabe844c by Andreas Hasenack at 2024-12-19T14:41:30-03:00
autopkgtests: display logs in the case of a failure

- - - - -


5 changed files:

- debian/tests/control
- debian/tests/ldap-user-group-krb5-auth
- debian/tests/ldap-user-group-ldap-auth
- debian/tests/login.exp
- debian/tests/util


Changes:

=====================================
debian/tests/control
=====================================
@@ -1,9 +1,9 @@
 Tests: ldap-user-group-ldap-auth
-Depends: @, slapd, ldap-utils, openssl, expect, lsb-release
+Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, openssh-server
 Restrictions: isolation-container, needs-root, allow-stderr
 
 Tests: ldap-user-group-krb5-auth
-Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc
+Depends: @, slapd, ldap-utils, openssl, expect, lsb-release, krb5-user, krb5-admin-server, krb5-kdc, openssh-server
 Restrictions: isolation-container, needs-root, allow-stderr
 
 Tests: sssd-softhism2-certificates-tests.sh


=====================================
debian/tests/ldap-user-group-krb5-auth
=====================================
@@ -5,6 +5,21 @@ set -ex
 . debian/tests/util
 . debian/tests/common-tests
 
+cleanup() {
+    result=$?
+    set +e
+    if [ ${result} -ne 0 ]; then
+        echo "## Something failed, gathering logs"
+        echo
+        gather_logs
+    else
+        echo "## All tests passed, phew"
+    fi
+    cleanup_sshd_config
+}
+
+trap cleanup EXIT
+
 mydomain="example.com"
 myhostname="ldap.${mydomain}"
 mysuffix="dc=example,dc=com"
@@ -30,6 +45,10 @@ enable_pam_mkhomedir
 run_common_tests
 
 # login works with the kerberos password
-echo "The Kerberos principal can login on a terminal"
+echo "The Kerberos principal can login via ssh"
+
+# this test is not via gssapi: we need password authentication
+setup_sshd_password_auth
+
 kdestroy > /dev/null 2>&1 || /bin/true
 /usr/bin/expect -f debian/tests/login.exp "${ldap_user}" "${kerberos_principal_pw}" "${ldap_user}"@"${myrealm}"


=====================================
debian/tests/ldap-user-group-ldap-auth
=====================================
@@ -5,6 +5,21 @@ set -ex
 . debian/tests/util
 . debian/tests/common-tests
 
+cleanup() {
+    result=$?
+    set +e
+    if [ ${result} -ne 0 ]; then
+        echo "## Something failed, gathering logs"
+        echo
+        gather_logs
+    else
+        echo "## All tests passed, phew"
+    fi
+    cleanup_sshd_config
+}
+
+trap cleanup EXIT
+
 mydomain="example.com"
 myhostname="ldap.${mydomain}"
 mysuffix="dc=example,dc=com"
@@ -25,5 +40,9 @@ enable_pam_mkhomedir
 # tests begin here
 run_common_tests
 
-echo "The LDAP user can login on a terminal"
+echo "The LDAP user can login via ssh"
+
+# this test is not via gssapi: we need password authentication
+setup_sshd_password_auth
+
 /usr/bin/expect -f debian/tests/login.exp "${ldap_user}" "${ldap_user_pw}"


=====================================
debian/tests/login.exp
=====================================
@@ -16,10 +16,8 @@ if { $distribution == "Ubuntu" } {
     exit 1
 }
 
-spawn login
-expect "login:"
-send "$user\r"
-expect "Password:"
+spawn ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $user at localhost
+expect "assword: "
 send "$password\r"
 expect {
   timeout


=====================================
debian/tests/util
=====================================
@@ -262,3 +262,22 @@ create_krb_principal() {
     kadmin.local -q "addprinc -pw ${password} ${principal}"
 }
 
+setup_sshd_password_auth() {
+    cat > /etc/ssh/sshd_config.d/00-dep8.conf <<EOF
+PasswordAuthentication yes
+EOF
+    systemctl restart ssh
+}
+
+cleanup_sshd_config() {
+    rm -f /etc/ssh/sshd_config.d/00-dep8.conf 2>/dev/null || :
+    systemctl restart ssh
+}
+
+gather_logs() {
+    echo "## journalctl"
+    journalctl -b --lines 200
+    echo
+    echo "## dmesg"
+    dmesg -T | tail -n 200
+}



View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/2fe9f761e22b122f3c302038904b66a79d2a64e5...fabe844c69c0ee1bea63c8367f5e1b3b6ac6d241

-- 
View it on GitLab: https://salsa.debian.org/sssd-team/sssd/-/compare/2fe9f761e22b122f3c302038904b66a79d2a64e5...fabe844c69c0ee1bea63c8367f5e1b3b6ac6d241
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-sssd-devel/attachments/20241220/d446e45f/attachment-0001.htm>

More information about the Pkg-sssd-devel mailing list