diff options
author | Ondrej Kozina <okozina@redhat.com> | 2023-11-14 13:35:58 +0100 |
---|---|---|
committer | Ondrej Kozina <okozina@redhat.com> | 2023-11-17 10:42:23 +0100 |
commit | 5ef1878b34224ad02909493d69cec4d819a47401 (patch) | |
tree | 095d6e58e6f3a651e23cb2c4b27e6e0d789abcf8 | |
parent | 836e5e453903b88c04e8b98b573e761bcf75b09c (diff) | |
download | cryptsetup-5ef1878b34224ad02909493d69cec4d819a47401.tar.gz |
Do not use fake-token-path in ssh and systemd plugin tests.
-rw-r--r-- | tests/Makefile.am | 3 | ||||
-rw-r--r-- | tests/meson.build | 4 | ||||
-rwxr-xr-x | tests/ssh-test-plugin | 27 | ||||
-rwxr-xr-x | tests/systemd-test-plugin | 31 | ||||
-rw-r--r-- | tokens/ssh/cryptsetup-ssh.c | 15 |
5 files changed, 46 insertions, 34 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index 6f6c69d5..c74c8f26 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -45,8 +45,7 @@ if EXTERNAL_TOKENS TESTS += systemd-test-plugin endif -ssh-test-plugin: fake_token_path.so -systemd-test-plugin: fake_token_path.so fake_systemd_tpm_path.so +systemd-test-plugin: fake_systemd_tpm_path.so # Do not use global CFLAGS here as the *.so link does not support sanitizers fake_token_path.so: fake_token_path.c diff --git a/tests/meson.build b/tests/meson.build index dfa4795a..2dd5b0c4 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -157,6 +157,7 @@ tests_env = environment() tests_env.set('CRYPTSETUP_PATH', src_build_dir) tests_env.set('LIBCRYPTSETUP_DIR', lib_build_dir) tests_env.set('srcdir', meson.current_source_dir()) +tests_env.set('SSH_BUILD_DIR', tokens_ssh_build_dir) tests_env.set('CRYPTSETUP_TESTS_RUN_IN_MESON', '1') tests_env_valg = tests_env @@ -728,7 +729,6 @@ if get_option('ssh-token') and not enable_static is_parallel: false, depends: [ cryptsetup_ssh, - fake_token_path, libcryptsetup_token_ssh, ]) test('valg-ssh-test-plugin', @@ -740,7 +740,6 @@ if get_option('ssh-token') and not enable_static suite: 'valgrind', depends: [ cryptsetup_ssh, - fake_token_path, libcryptsetup_token_ssh, ]) endif @@ -754,7 +753,6 @@ if get_option('external-tokens') and not enable_static is_parallel: false, depends: [ fake_systemd_tpm_path, - fake_token_path, ]) endif diff --git a/tests/ssh-test-plugin b/tests/ssh-test-plugin index 97908bc3..2475034e 100755 --- a/tests/ssh-test-plugin +++ b/tests/ssh-test-plugin @@ -1,10 +1,10 @@ #!/bin/bash [ -z "$CRYPTSETUP_PATH" ] && { - TOKEN_PATH="./fake_token_path.so" - [ ! -f $TOKEN_PATH ] && { echo "Please compile $TOKEN_PATH."; exit 77; } - export LD_PRELOAD=$TOKEN_PATH CRYPTSETUP_PATH=".." + if [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ]; then + SSH_BUILD_DIR="$PWD/../.libs" + fi } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup CRYPTSETUP_SSH=$CRYPTSETUP_PATH/cryptsetup-ssh @@ -35,12 +35,8 @@ fi [ -z "$srcdir" ] && srcdir="." [ -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] || { - # test runs on meson build - TOKEN_PATH="$CRYPTSETUP_PATH/../tests/fake_token_path.so" - [ ! -f $TOKEN_PATH ] && { echo "Please compile $TOKEN_PATH."; exit 77; } - export LD_PRELOAD=$TOKEN_PATH - - CRYPTSETUP_SSH="$CRYPTSETUP_PATH/../tokens/ssh/cryptsetup-ssh" + # test runs on meson build + CRYPTSETUP_SSH="$CRYPTSETUP_PATH/../tokens/ssh/cryptsetup-ssh" } function remove_mapping() @@ -170,6 +166,9 @@ check_dump() [ "$keyslot_dump" = "$keyslot" ] || fail " keyslot check from dump failed." } +if [ -n "$SSH_BUILD_DIR" ]; then + CUSTOM_TOKENS_PATH="--external-tokens-path $SSH_BUILD_DIR" +fi [ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped." [ -n "$VALG" ] && valgrind_setup && CRYPTSETUP=valgrind_run && CRYPTSETUP_SSH=valgrind_run_ssh [ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped." @@ -192,17 +191,17 @@ ssh_check create_user ssh_setup -$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH +$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH $CUSTOM_TOKENS_PATH [ $? -ne 0 ] && fail "Failed to add SSH token to $IMG" -out=$($CRYPTSETUP luksDump $IMG) +out=$($CRYPTSETUP luksDump $CUSTOM_TOKENS_PATH $IMG) check_dump "$out" 0 echo "[OK]" echo -n "Activating using SSH token: " $CRYPTSETUP luksOpen --token-only --disable-external-tokens -r $IMG $MAP && fail "Tokens should be disabled" -$CRYPTSETUP luksOpen -r $IMG $MAP -q >/dev/null 2>&1 <&- +$CRYPTSETUP luksOpen $CUSTOM_TOKENS_PATH -r $IMG $MAP -q >/dev/null 2>&1 <&- [ $? -ne 0 ] && fail "Failed to open $IMG using SSH token" echo "[OK]" @@ -211,10 +210,10 @@ $CRYPTSETUP token remove --token-id 0 $IMG || fail "Failed to remove token" echo -n "Adding SSH token with --key-slot: " -$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1 +$CRYPTSETUP_SSH add $IMG --ssh-server $SSH_SERVER --ssh-user $USER --ssh-path $SSH_PATH --ssh-keypath $SSH_KEY_PATH --key-slot 1 $CUSTOM_TOKENS_PATH [ $? -ne 0 ] && fail "Failed to add SSH token to $IMG" -out=$($CRYPTSETUP luksDump $IMG) +out=$($CRYPTSETUP luksDump $CUSTOM_TOKENS_PATH $IMG) check_dump "$out" 1 echo "[OK]" diff --git a/tests/systemd-test-plugin b/tests/systemd-test-plugin index 8698138e..7515f762 100755 --- a/tests/systemd-test-plugin +++ b/tests/systemd-test-plugin @@ -67,8 +67,6 @@ CRYPTENROLL_LD_PRELOAD="" bin_check ninja bin_check pkgconf - TOKEN_PATH=fake_token_path.so - [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH." INSTALL_PATH=$CRYPTSETUP_PATH/../external-tokens/install mkdir -p $INSTALL_PATH DESTDIR=$INSTALL_PATH meson install -C .. @@ -90,12 +88,13 @@ CRYPTENROLL_LD_PRELOAD="" meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/../tokens/ssh + cd $CRYPTSETUP_PATH/../tests - cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_PATH/../tokens/ssh - cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_PATH/../tests + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$CRYPTSETUP_PATH/../tests" - export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/../tests/$TOKEN_PATH" CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/../lib/libcryptsetup.so" echo "CRYPTENROLL_LD_PRELOAD $CRYPTENROLL_LD_PRELOAD" @@ -107,8 +106,6 @@ CRYPTENROLL_LD_PRELOAD="" bin_check ninja bin_check pkgconf - TOKEN_PATH=fake_token_path.so - [ -f $TOKEN_PATH ] || skip "Please compile $TOKEN_PATH." INSTALL_PATH=$(pwd)/external-tokens/install make -C .. install DESTDIR=$INSTALL_PATH PC_FILE="$(find $INSTALL_PATH -name 'libcryptsetup.pc')" @@ -128,11 +125,12 @@ CRYPTENROLL_LD_PRELOAD="" meson setup build/ -D tpm2=true -D libcryptsetup=true -D libcryptsetup-plugins=true || skip "Failed to configure systemd via meson, some dependencies are probably missing." ninja -C build/ systemd-cryptenroll libcryptsetup-token-systemd-tpm2.so || skip "Failed to build systemd." + CRYPTSETUP_TOKENS_PATH=$CRYPTSETUP_PATH/.libs + cd $CRYPTSETUP_PATH/tests - cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so ../.libs/ - cp $SYSTEMD_PATH/build/src/shared/*.so ../.libs/ + cp $SYSTEMD_PATH/build/libcryptsetup-token-*.so $CRYPTSETUP_TOKENS_PATH + cp $SYSTEMD_PATH/build/src/shared/*.so $CRYPTSETUP_TOKENS_PATH - export LD_PRELOAD="${LD_PRELOAD-}:$CRYPTSETUP_PATH/tests/$TOKEN_PATH" CRYPTENROLL_LD_PRELOAD="$CRYPTSETUP_PATH/.libs/libcryptsetup.so" } CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup @@ -155,6 +153,9 @@ CRYPTSETUP=$CRYPTSETUP_PATH/cryptsetup echo "Virtual TPM set up at $TPM_PATH" } +if [ -n "$SSH_BUILD_DIR" ]; then + CUSTOM_TOKENS_PATH="--external-tokens-path $SSH_BUILD_DIR" +fi FAKE_TPM_PATH="$(pwd)/fake_systemd_tpm_path.so" [ ! -z "$CRYPTSETUP_TESTS_RUN_IN_MESON" ] && FAKE_TPM_PATH="$CRYPTSETUP_PATH/../tests/fake_systemd_tpm_path.so" [ -f $FAKE_TPM_PATH ] || skip "Please compile $FAKE_TPM_PATH." @@ -169,23 +170,23 @@ echo $PASSWD | $CRYPTSETUP luksFormat --type luks2 $FAST_PBKDF_OPT $IMG --force- echo "Enrolling the device to TPM 2 using systemd-cryptenroll.." LD_PRELOAD="$LD_PRELOAD:$CRYPTENROLL_LD_PRELOAD" PASSWORD="$PASSWD" $SYSTEMD_CRYPTENROLL $IMG --tpm2-device=$TPM_PATH >/dev/null 2>&1 -$CRYPTSETUP luksDump $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." +$CRYPTSETUP luksDump --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG | grep -q "tpm2-blob" || fail "Failed to dump $IMG using systemd_tpm2 token (no tpm2-blob in output)." echo "Activating the device via TPM2 external token.." -$CRYPTSETUP open --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH --token-only $IMG $MAP >/dev/null 2>&1 || fail "Failed to open $IMG using systemd_tpm2 token." $CRYPTSETUP close $MAP >/dev/null 2>&1 || fail "Failed to close $MAP." echo "Adding passphrase via TPM2 token.." -echo $PASSWD2 | $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." +echo $PASSWD2 | $CRYPTSETUP luksAddKey --external-tokens-path $CRYPTSETUP_TOKENS_PATH $FAST_PBKDF_OPT $IMG --force-password -q --token-only >/dev/null 2>&1 || fail "Failed to add passphrase by tpm2 token." echo $PASSWD2 | $CRYPTSETUP open $IMG --test-passphrase --disable-external-tokens >/dev/null 2>&1 || fail "Failed to test passphrase added by tpm2 token." echo "Exporting and removing TPM2 token.." EXPORTED_TOKEN=$($CRYPTSETUP token export $IMG --token-id 0) $CRYPTSETUP token remove $IMG --token-id 0 -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 && fail "Activating without passphrase should fail after TPM2 token removal." echo "Re-importing TPM2 token.." echo $EXPORTED_TOKEN | $CRYPTSETUP token import $IMG --token-id 0 || fail "Failed to re-import deleted token." -$CRYPTSETUP open $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." +$CRYPTSETUP open --external-tokens-path $CRYPTSETUP_TOKENS_PATH $IMG --test-passphrase --token-only >/dev/null 2>&1 || fail "Failed to activate after re-importing deleted token." cleanup exit 0 diff --git a/tokens/ssh/cryptsetup-ssh.c b/tokens/ssh/cryptsetup-ssh.c index e356898f..72d40a04 100644 --- a/tokens/ssh/cryptsetup-ssh.c +++ b/tokens/ssh/cryptsetup-ssh.c @@ -47,6 +47,7 @@ #define OPT_DEBUG 5 #define OPT_DEBUG_JSON 6 #define OPT_KEY_SLOT 7 +#define OPT_TOKENS_PATH 8 void tools_cleanup(void) { @@ -59,6 +60,7 @@ static int token_add( const char *user, const char *path, const char *keypath, + const char *plugin_path, int keyslot) { @@ -68,6 +70,12 @@ static int token_add( const char *string_token; int r, token; + if (plugin_path) { + r = crypt_token_set_external_path(plugin_path); + if (r < 0) + return r; + } + r = crypt_init(&cd, device); if (r) return r; @@ -148,6 +156,8 @@ static struct argp_option options[] = { {"ssh-user", OPT_SSH_USER, "STRING", 0, N_("Username used for the remote server")}, {"ssh-path", OPT_SSH_PATH, "STRING", 0, N_("Path to the key file on the remote server")}, {"ssh-keypath", OPT_KEY_PATH, "STRING", 0, N_("Path to the SSH key for connecting to the remote server")}, + {"external-tokens-path", + OPT_TOKENS_PATH,"STRING", 0, N_("Path to directory containinig libcryptsetup external tokens")}, {"key-slot", OPT_KEY_SLOT, "NUM", 0, N_("Keyslot to assign the token to. If not specified, token will "\ "be assigned to the first keyslot matching provided passphrase.")}, {0, 0, 0, 0, N_("Generic options:")}, @@ -164,6 +174,7 @@ struct arguments { char *ssh_user; char *ssh_path; char *ssh_keypath; + char *ssh_plugin_path; int keyslot; int verbose; int debug; @@ -187,6 +198,9 @@ parse_opt (int key, char *arg, struct argp_state *state) { case OPT_KEY_PATH: arguments->ssh_keypath = arg; break; + case OPT_TOKENS_PATH: + arguments->ssh_plugin_path = arg; + break; case OPT_KEY_SLOT: arguments->keyslot = atoi(arg); break; @@ -413,6 +427,7 @@ int main(int argc, char *argv[]) arguments.ssh_user, arguments.ssh_path, arguments.ssh_keypath, + arguments.ssh_plugin_path, arguments.keyslot); if (ret < 0) return EXIT_FAILURE; |