Test: Check the TGT of user after auth for passkey

Add the test case of passkey where we are checking TGT of user after successful auth with IPA server. Signed-off-by: Madhuri Upadhye <[email protected]>
SSSD · Jun 5, 2024 · e9d88d5 · e9d88d5
1 parent 7c443ab
commit e9d88d5
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 0 deletions.
diff --git a/src/tests/system/data/test_passkey/test_passkey__check_tgt/passkey-mapping.ipa b/src/tests/system/data/test_passkey/test_passkey__check_tgt/passkey-mapping.ipa
@@ -0,0 +1 @@
+passkey:UUDmIHJqneuAiCxFQViZ3Sth4jwIPir2SAsOS0jj/WFAi8kdPY5SwAmlWfLhJfi9GJHZiOAqnXgfSEXjUWdx4Q==,MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnZWGeUbCGnaLN7sGLOX+iM+vQwnv1RLJMxr9tQRLTfn1pkzzHLVTeK0AWpOeOoQgHtiNFnIYx6Js8yzLAvocGQ==
diff --git a/src/tests/system/data/test_passkey/test_passkey__check_tgt/umockdev.script.ipa b/src/tests/system/data/test_passkey/test_passkey__check_tgt/umockdev.script.ipa
@@ -0,0 +1,25 @@
+d 0 /dev/hidraw1
+
+w 2 ^@�����^@^H^A^A^A^A^A^A^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 3 �����^@^Q^A^A^A^A^A^A^A^A^C�^D�^B^E^D^C^E^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+w 1 ^@^C�^D֐^@^A^D^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 3 ^C�^D֐^@�^@�^A�fU2F_V2hFIDO_2_0lFIDO_2_1_PRE^B�kcredProtectkhmac-secr^C�^D�^@et^CP/�W��^SG�^V�Z�� *^D�brk�bup�dplat�iclientPin�ucredentialM^C�^D�^AgmtPreview�^E^Y^D�^F�^B^A^G^H^H^X�^I�cnfccusb^J��calg&dtypejpublic-key�^C�^D�^Bcalg'dtypejpublic-key^M^D^N^Z^@^E^D^C^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+w 1 ^@^C�^D֐^@�^B�^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^C��bidX@Q@^@^C�^D�^@� rj�뀈,EAX��+a�<^H>*�H^K^NKH��a@��^]=�R�^I�Y��%��^X�و�*�x^_HE�Q^@^C�^D�^Agq�dtypejpublic-key^E�bup�^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 82 ^C�^D֐^@�^@�^A�bidX@Q@� rj�뀈,EAX��+a�<^H>*�H^K^NKH��a@��^]=�R�^I�Y��%��^C�^D�^@^X�و�*�x^_HE�Qgq�dtypejpublic-key^BX%�^@�|���Dږ^Qx??�d^Q/N�4�/o^C�^D�^AC���}.�[^@^@^@^@^S^CXG0E^B!^@�F�/��Z�/^U^S��/���^P�b�^M*Wal�<C�^O�^B u[�]^C�^D�^Bs1�[>�7��د}^C^E:_�&�4v���^T�^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+w 5 ^@^C�^D֐^@^F^F�^A^B^B^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 3 ^C�^D֐^@Q^@�^A�^A^B^C8^X ^A!X �r�W�C�m�;Ģ�ާ�^ZP�ie����_r��׀B"X ح�rX�!m^C�^D�^@W�z;��^Y^CI& �³S&ק�n;ah^L^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+w 6 ^@^C�^D֐^@x^F�^A^B^B^E^C�^A^B^C8^X ^A!X 3�B�1�ˠ^S�^\^Ev�,�^P<Rij��,Q�\���b"X [�^M^J^@^C�^D�^@�G8��������5��Q\^\^U��^E�Q!^FX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A��^]9Tԟ�"$T�^@^C�^D�^A�<�^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 79 ^C�^D֐^@5^@�^BX0^\š����X^XW��rӲl����H���p]^NJ�M^L�)���-E�r^UX)>m9�^@^@^@^@
+w 1 ^@^C�^D֐^@�^B�^Ahipa.test^BX ^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^A^C��bidX@Q@^@^C�^D�^@� rj�뀈,EAX��+a�<^H>*�H^K^NKH��a@��^]=�R�^I�Y��%��^X�و�*�x^_HE�Q^@^C�^D�^Agq�dtypejpublic-key^E�bup�^FX �y���˫�����3-ꆣ\��32.JzW#^I��^@^C�^D�^Bm^G^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 252 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 290 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 290 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 290 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 290 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 289 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 290 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 289 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 291 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 289 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 291 ^C�^Dֻ^@^A^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
+r 289 ^C�^Dֻ^@^A^A^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^C�^D֐^@�^@�^A�bidX@Q@� rj�뀈,EAX��+a�<^H>*�H^K^NKH��a@��^]=�R�^I�Y��%��^C�^D�^@^X�و�*�x^_HE�Qgq�dtypejpublic-key^BX%�^@�|���Dږ^Qx??�d^Q/N�4�/o^C�^D�^AC���}.�[^E^@^@^@^V^CXH0F^B!^@�p��C�^^�p3��G^K�|ǋyZe���˒e�6�d�^B!^@�^L�^C�^D�^BV�^Al^J�4y1�"��A�p���Zm�|w�^L�^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
diff --git a/src/tests/system/tests/test_passkey.py b/src/tests/system/tests/test_passkey.py
@@ -13,6 +13,7 @@
 from __future__ import annotations
 
 import pytest
+from pytest_mh import mh_fixture
 from sssd_test_framework.roles.client import Client
 from sssd_test_framework.roles.generic import GenericProvider
 from sssd_test_framework.roles.ipa import IPA
@@ -26,6 +27,16 @@ def passkey_requires_root(client: Client) -> tuple[bool, str] | bool:
     return True
 
 
+@mh_fixture()
+def umockdev_ipaotpd_update(ipa: IPA, request: pytest.FixtureRequest):
+    """
+    Update the [email protected] file from ipa server
+    for umockdev
+    """
+    ipa.fs.append("/usr/lib/systemd/system/[email protected]", "Environment=LD_PRELOAD=/opt/random.so")
+    ipa.svc.restart("ipa")
+
+
 @pytest.mark.importance("high")
 @pytest.mark.topology(KnownTopology.Client)
 @pytest.mark.builtwith(client="passkey")
@@ -544,3 +555,39 @@ def test_passkey__su_fips_fido_key(client: Client, provider: GenericProvider, mo
         ioctl=f"{moduledatadir}/umockdev.ioctl",
         script=f"{testdatadir}/umockdev.script.{suffix}",
     )
+
+
+@pytest.mark.importance("critical")
+@pytest.mark.topology(KnownTopology.IPA)
+@pytest.mark.builtwith(client="passkey", ipa="passkey")
+# @pytest.mark.require.with_args(passkey_requires_root)
+def test_passkey__check_tgt(client: Client, ipa: IPA, moduledatadir: str, testdatadir: str, umockdev_ipaotpd_update):
+    """
+    :title: Check the TGT of user after authentication.
+    :setup:
+        1. Add a user with --user-auth-type=passkey in the server with passkey mapping.
+        2. Setup SSSD client with FIDO and umockdev, start SSSD service.
+    :steps:
+        1. Check authentication of the user
+        2. Check TGT after authenticates.
+    :expectedresults:
+        1. User authenticates successfully.
+        2. Gets the TGT.
+    :customerscenario: False
+    """
+    with open(f"{testdatadir}/passkey-mapping.ipa") as f:
+        ipa.user("user1").add(user_auth_type="passkey").passkey_add(f.read().strip())
+
+    client.sssd.start()
+
+    rc, _, output, _ = client.auth.su.passkey_with_output(
+        username="user1",
+        pin=123456,
+        device=f"{moduledatadir}/umockdev.device",
+        ioctl=f"{moduledatadir}/umockdev.ioctl",
+        script=f"{testdatadir}/umockdev.script.ipa",
+        command="klist",
+    )
+
+    assert rc == 0, "Authentication failed"
+    assert "Ticket cache" in output, "Failed to get the TGT"