mirror of
				https://git.proxmox.com/git/mirror_zfs.git
				synced 2025-10-25 17:35:00 +03:00 
			
		
		
		
	pam_zfs_key: tests: check if zfs load-key works on short passphrases
The pam_zfs_key pam module does not enforce a minimum password length while changing the user password and thus the users home dataset passphrase. To not end up with a dateset `zfs load-key` can't load the key for, `zfs load-key` should not enforce a minimum passphrase length. This adds a test for that. Reviewed-by: Felix Dörre <felix@dogcraft.de> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Attila Fülöp <attila@fueloep.org> Closes #12765 Closes #12651 Closes #12656
This commit is contained in:
		
							parent
							
								
									307db92823
								
							
						
					
					
						commit
						4234812d1a
					
				| @ -125,7 +125,7 @@ tests = ['umount_unlinked_drain'] | |||||||
| tags = ['functional', 'mount'] | tags = ['functional', 'mount'] | ||||||
| 
 | 
 | ||||||
| [tests/functional/pam:Linux] | [tests/functional/pam:Linux] | ||||||
| tests = ['pam_basic', 'pam_nounmount'] | tests = ['pam_basic', 'pam_nounmount', 'pam_short_password'] | ||||||
| tags = ['functional', 'pam'] | tags = ['functional', 'pam'] | ||||||
| 
 | 
 | ||||||
| [tests/functional/procfs:Linux] | [tests/functional/procfs:Linux] | ||||||
|  | |||||||
| @ -4,4 +4,5 @@ dist_pkgdata_SCRIPTS = \ | |||||||
| 	cleanup.ksh \
 | 	cleanup.ksh \
 | ||||||
| 	pam_basic.ksh \
 | 	pam_basic.ksh \
 | ||||||
| 	pam_nounmount.ksh \
 | 	pam_nounmount.ksh \
 | ||||||
|  | 	pam_short_password.ksh \
 | ||||||
| 	utilities.kshlib | 	utilities.kshlib | ||||||
|  | |||||||
							
								
								
									
										84
									
								
								tests/zfs-tests/tests/functional/pam/pam_short_password.ksh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										84
									
								
								tests/zfs-tests/tests/functional/pam/pam_short_password.ksh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,84 @@ | |||||||
|  | #!/bin/ksh -p | ||||||
|  | # | ||||||
|  | # CDDL HEADER START | ||||||
|  | # | ||||||
|  | # The contents of this file are subject to the terms of the | ||||||
|  | # Common Development and Distribution License (the "License"). | ||||||
|  | # You may not use this file except in compliance with the License. | ||||||
|  | # | ||||||
|  | # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | ||||||
|  | # or http://www.opensolaris.org/os/licensing. | ||||||
|  | # See the License for the specific language governing permissions | ||||||
|  | # and limitations under the License. | ||||||
|  | # | ||||||
|  | # When distributing Covered Code, include this CDDL HEADER in each | ||||||
|  | # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | ||||||
|  | # If applicable, add the following below this CDDL HEADER, with the | ||||||
|  | # fields enclosed by brackets "[]" replaced with your own identifying | ||||||
|  | # information: Portions Copyright [yyyy] [name of copyright owner] | ||||||
|  | # | ||||||
|  | # CDDL HEADER END | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | # | ||||||
|  | # Copyright 2021 Attila Fülöp <attila@fueloep.org> | ||||||
|  | # | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | . $STF_SUITE/tests/functional/pam/utilities.kshlib | ||||||
|  | 
 | ||||||
|  | if [[ -z pamservice ]]; then | ||||||
|  | 	pamservice=pam_zfs_key_test | ||||||
|  | fi | ||||||
|  | 
 | ||||||
|  | # DESCRIPTION: | ||||||
|  | # If we set the encryption passphrase for a dataset via pam_zfs_key, a minimal | ||||||
|  | # passphrase length isn't enforced. This leads to a non-loadable key if | ||||||
|  | # `zfs load-key` enforces a minimal length. Make sure this isn't the case. | ||||||
|  | 
 | ||||||
|  | log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus unavailable | ||||||
|  | 
 | ||||||
|  | genconfig "homes=$TESTPOOL/pam runstatedir=${runstatedir}" | ||||||
|  | 
 | ||||||
|  | # Load keys and mount userdir. | ||||||
|  | echo "testpass" | pamtester ${pamservice} ${username} open_session | ||||||
|  | references 1 | ||||||
|  | log_must ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus available | ||||||
|  | 
 | ||||||
|  | # Change user and dataset password to short one. | ||||||
|  | printf "short\nshort\n" | pamtester ${pamservice} ${username} chauthtok | ||||||
|  | 
 | ||||||
|  | # Unmount and unload key. | ||||||
|  | log_must pamtester ${pamservice} ${username} close_session | ||||||
|  | references 0 | ||||||
|  | log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus unavailable | ||||||
|  | 
 | ||||||
|  | # Check if password change succeeded. | ||||||
|  | echo "testpass" | pamtester ${pamservice} ${username} open_session | ||||||
|  | references 1 | ||||||
|  | log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus unavailable | ||||||
|  | log_must pamtester ${pamservice} ${username} close_session | ||||||
|  | references 0 | ||||||
|  | 
 | ||||||
|  | echo "short" | pamtester ${pamservice} ${username} open_session | ||||||
|  | references 1 | ||||||
|  | log_must ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus available | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | # Finally check if `zfs load-key` succeeds with the short password. | ||||||
|  | log_must pamtester ${pamservice} ${username} close_session | ||||||
|  | references 0 | ||||||
|  | log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus unavailable | ||||||
|  | 
 | ||||||
|  | echo "short" | zfs load-key "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus available | ||||||
|  | zfs unload-key "$TESTPOOL/pam/${username}" | ||||||
|  | keystatus unavailable | ||||||
|  | 
 | ||||||
|  | log_pass "done." | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Attila Fülöp
						Attila Fülöp