Understanding PAM authentication procedure on FreeBSD with security/sssd

authentication freebsd pam sssd
166

Well my premises about the workings of PAM were right.

The pam_sss.so module was expecting the argument forward_pass to relay to password for other PAM modules, as the pam_unix.somodule. So just putting this option do the job. The resultant line was:

auth            sufficient      /usr/local/lib/pam_sss.so           forward_pass

Which ended in another problem. If sssd or even then authentication realm of sssd are down you'll be unable to login, since the pam_sss.so module will no work as and consequently the password will not be forwarded.

So the obvious choice was to put pam_unix.so before pam_sss.so and let everything be "sufficient" with a nicely pam_deny.so at the end. That's the Linux way to solve to problem, but this does not appears to work on FreeBSD.

After some googling through mailing lists the proper way to do this on FreeBSD is using the strange order in PAM:

auth            sufficient      pam_opie.so                 no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so           no_warn allow_local
auth            sufficient      pam_unix.so                 no_warn
auth            sufficient      /usr/local/lib/pam_sss.so   use_first_pass
auth            required        pam_unix.so                 no_warn use_first_pass

So putting pam_unix.so two times in PAM, the first one as sufficient and the last one as required do the trick. I don't know why this happens but it's working and appears to be right way to do.

Share:
166

Related videos on Youtube

EduBw
Author by

EduBw

Updated on September 18, 2022

Comments

  • EduBw
    EduBw over 1 year

    I want test con Mockito, My controller gets 3 String, 1 File, 1 class

    @RequestMapping(value = "/insertExcel", method = RequestMethod.POST, consumes = "multipart/form-data")
@ResponseBody
public MyMessage insertExcel(@RequestPart("period") String period, @RequestPart("commentary") String commentary,
        @RequestPart("idProcess") String idProcess, @RequestPart("uploadFile") MultipartFile multipart,
        @RequestPart("dataUser") DataUser dataUser) {


    return this.mlService.insertFile(multipart, dataUser, idProcess, period, commentary);
}

    Then I want simulate this with mockito:

         MockMultipartFile file1 = new MockMultipartFile("period", "202001", "text/plain", "202001".getBytes());
     MockMultipartFile file2 = new MockMultipartFile("commentary", "comentario", "text/plain", "comentario".getBytes());
     MockMultipartFile file3 = new MockMultipartFile("idProcess", "process1", "text/plain", "process1".getBytes());
     MockMultipartFile file4 = new MockMultipartFile("uploadFile", "uploadFile", "text/plain", "uploadFile".getBytes());
     MockMultipartFile file5 = new MockMultipartFile("dataUser", "as", "text/plain", "{\"createDate\": \"2020\", \"createUser\": \"test\",   \"modificationDate\":\"2020\", \"modificationUser\": \"test\" }".getBytes()) ;


    this.webMvcMock.perform(MockMvcRequestBuilders.fileUpload("/ml/insertExcel")
            .file(file1)
            .file(file2)
            .file(file3)
            .file(file4)
            .file(file5)).
            andExpect(status().isOk());

    Error:

    java.lang.AssertionError: Status expected:<200> but was:<415>
    at org.springframework.test.util.AssertionErrors.fail(AssertionErrors.java:54)
    at org.springframework.test.util.AssertionErrors.assertEquals(AssertionErrors.java:81)

    When I run this, I get error 415 why ?? How can I send the data correctly? Thanks

    Edit:

    I think what I get error 415 because in my controller I have consumes = "multipart/form-data"), so, I add in my test :

    this.webMvcMock.perform((RequestBuilder) ((ResultActions) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) MockMvcRequestBuilders.fileUpload("/ml/insertExcel")
        .file(file1).contentType(MediaType.MULTIPART_FORM_DATA))
        .file(file2).contentType(MediaType.MULTIPART_FORM_DATA))
        .file(file3).contentType(MediaType.MULTIPART_FORM_DATA))
        .file(file4).contentType(MediaType.MULTIPART_FORM_DATA))
        .file(file5).contentType(MediaType.MULTIPART_FORM_DATA)).
        andExpect(status().isOk()));

    Now the new error is:

    java.lang.ClassCastException: org.springframework.test.web.servlet.request.MockMultipartHttpServletRequestBuilder cannot be cast to org.springframework.test.web.servlet.ResultActions
    at es.ApplicationTests.insertExcel1(ApplicationTests.java:497)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
    at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)
    at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)
    at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:252)
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
    at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
    at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
    at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191)
    at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
    at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460)
    at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)

    Edit2:

    I modified the call to controller but I now other error:

     MockMultipartFile file1 = new MockMultipartFile("period", "202001", "text/plain", "202001".getBytes());
 MockMultipartFile file2 = new MockMultipartFile("commentary", "comentario", "text/plain", "comentario".getBytes());
 MockMultipartFile file3 = new MockMultipartFile("idProcess", "process1", "text/plain", "process1".getBytes());
 MockMultipartFile file4 = new MockMultipartFile("uploadFile", "uploadFile", "text/plain", "uploadFile".getBytes());
 MockMultipartFile file5 = new MockMultipartFile("dataUser", "", "text/plain", "{\"createDate\": \"2020\", \"createUser\": \"test\",   \"modificationDate\":\"2020\", \"modificationUser\": \"test\" }".getBytes()) ;

MockHttpServletRequestBuilder request = post("/ml/insertExcel");
request.content(file1.getBytes());
request.content(file2.getBytes());
request.content(file3.getBytes());
request.content(file4.getBytes());
request.content(file5.getBytes());
request.accept(MediaType.MULTIPART_FORM_DATA);
request.contentType(MediaType.MULTIPART_FORM_DATA);
this.webMvcMock.perform(request).andExpect(status().isOk());

    The now error is 400:

    java.lang.AssertionError: Status expected:<200> but was:<400>
    at org.springframework.test.util.AssertionErrors.fail(AssertionErrors.java:54)
    at org.springframework.test.util.AssertionErrors.assertEquals(AssertionErrors.java:81)

    I don't care how to do it, but I need you to fill in the data to the controller

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to use nginx PAM module?
pam_faillock and AD/CentOS 7.2
pam authentication in python without root privileges
google authenticator for certain users
LDAP/Pam: No passwd entry for user while getent passwd shows all LDAP users
Login on local terminal without password
Why is sssd an unrecognized service, even though it is installed and can be restarted?
SSH authentication: either SSH keys or one time password
how to setup two factor authentication in Ubuntu for Ubuntu users using Google authenticator?
Disable PAM module for group