mirror of
				https://git.proxmox.com/git/mirror_zfs.git
				synced 2025-10-25 17:35:00 +03:00 
			
		
		
		
	pam_zfs_key: tests: check if zfs load-key works on short passphrases
The pam_zfs_key pam module does not enforce a minimum password length while changing the user password and thus the users home dataset passphrase. To not end up with a dateset `zfs load-key` can't load the key for, `zfs load-key` should not enforce a minimum passphrase length. This adds a test for that. Reviewed-by: Felix Dörre <felix@dogcraft.de> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Attila Fülöp <attila@fueloep.org> Closes #12765 Closes #12651 Closes #12656
This commit is contained in:
		
							parent
							
								
									307db92823
								
							
						
					
					
						commit
						4234812d1a
					
				| @ -125,7 +125,7 @@ tests = ['umount_unlinked_drain'] | ||||
| tags = ['functional', 'mount'] | ||||
| 
 | ||||
| [tests/functional/pam:Linux] | ||||
| tests = ['pam_basic', 'pam_nounmount'] | ||||
| tests = ['pam_basic', 'pam_nounmount', 'pam_short_password'] | ||||
| tags = ['functional', 'pam'] | ||||
| 
 | ||||
| [tests/functional/procfs:Linux] | ||||
|  | ||||
| @ -4,4 +4,5 @@ dist_pkgdata_SCRIPTS = \ | ||||
| 	cleanup.ksh \
 | ||||
| 	pam_basic.ksh \
 | ||||
| 	pam_nounmount.ksh \
 | ||||
| 	pam_short_password.ksh \
 | ||||
| 	utilities.kshlib | ||||
|  | ||||
							
								
								
									
										84
									
								
								tests/zfs-tests/tests/functional/pam/pam_short_password.ksh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										84
									
								
								tests/zfs-tests/tests/functional/pam/pam_short_password.ksh
									
									
									
									
									
										Executable file
									
								
							| @ -0,0 +1,84 @@ | ||||
| #!/bin/ksh -p | ||||
| # | ||||
| # CDDL HEADER START | ||||
| # | ||||
| # The contents of this file are subject to the terms of the | ||||
| # Common Development and Distribution License (the "License"). | ||||
| # You may not use this file except in compliance with the License. | ||||
| # | ||||
| # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | ||||
| # or http://www.opensolaris.org/os/licensing. | ||||
| # See the License for the specific language governing permissions | ||||
| # and limitations under the License. | ||||
| # | ||||
| # When distributing Covered Code, include this CDDL HEADER in each | ||||
| # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | ||||
| # If applicable, add the following below this CDDL HEADER, with the | ||||
| # fields enclosed by brackets "[]" replaced with your own identifying | ||||
| # information: Portions Copyright [yyyy] [name of copyright owner] | ||||
| # | ||||
| # CDDL HEADER END | ||||
| # | ||||
| 
 | ||||
| # | ||||
| # Copyright 2021 Attila Fülöp <attila@fueloep.org> | ||||
| # | ||||
| 
 | ||||
| 
 | ||||
| . $STF_SUITE/tests/functional/pam/utilities.kshlib | ||||
| 
 | ||||
| if [[ -z pamservice ]]; then | ||||
| 	pamservice=pam_zfs_key_test | ||||
| fi | ||||
| 
 | ||||
| # DESCRIPTION: | ||||
| # If we set the encryption passphrase for a dataset via pam_zfs_key, a minimal | ||||
| # passphrase length isn't enforced. This leads to a non-loadable key if | ||||
| # `zfs load-key` enforces a minimal length. Make sure this isn't the case. | ||||
| 
 | ||||
| log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus unavailable | ||||
| 
 | ||||
| genconfig "homes=$TESTPOOL/pam runstatedir=${runstatedir}" | ||||
| 
 | ||||
| # Load keys and mount userdir. | ||||
| echo "testpass" | pamtester ${pamservice} ${username} open_session | ||||
| references 1 | ||||
| log_must ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus available | ||||
| 
 | ||||
| # Change user and dataset password to short one. | ||||
| printf "short\nshort\n" | pamtester ${pamservice} ${username} chauthtok | ||||
| 
 | ||||
| # Unmount and unload key. | ||||
| log_must pamtester ${pamservice} ${username} close_session | ||||
| references 0 | ||||
| log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus unavailable | ||||
| 
 | ||||
| # Check if password change succeeded. | ||||
| echo "testpass" | pamtester ${pamservice} ${username} open_session | ||||
| references 1 | ||||
| log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus unavailable | ||||
| log_must pamtester ${pamservice} ${username} close_session | ||||
| references 0 | ||||
| 
 | ||||
| echo "short" | pamtester ${pamservice} ${username} open_session | ||||
| references 1 | ||||
| log_must ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus available | ||||
| 
 | ||||
| 
 | ||||
| # Finally check if `zfs load-key` succeeds with the short password. | ||||
| log_must pamtester ${pamservice} ${username} close_session | ||||
| references 0 | ||||
| log_mustnot ismounted "$TESTPOOL/pam/${username}" | ||||
| keystatus unavailable | ||||
| 
 | ||||
| echo "short" | zfs load-key "$TESTPOOL/pam/${username}" | ||||
| keystatus available | ||||
| zfs unload-key "$TESTPOOL/pam/${username}" | ||||
| keystatus unavailable | ||||
| 
 | ||||
| log_pass "done." | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user
	 Attila Fülöp
						Attila Fülöp