Understanding PAM authentication procedure on FreeBSD with security/sssd
Well my premises about the workings of PAM were right.
The pam_sss.so
module was expecting the argument forward_pass
to relay to password for other PAM modules, as the pam_unix.so
module. So just putting this option do the job. The resultant line was:
auth sufficient /usr/local/lib/pam_sss.so forward_pass
Which ended in another problem. If sssd or even then authentication realm of sssd are down you'll be unable to login, since the pam_sss.so
module will no work as and consequently the password will not be forwarded.
So the obvious choice was to put pam_unix.so
before pam_sss.so
and let everything be "sufficient" with a nicely pam_deny.so
at the end. That's the Linux way to solve to problem, but this does not appears to work on FreeBSD.
After some googling through mailing lists the proper way to do this on FreeBSD is using the strange order in PAM:
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient pam_unix.so no_warn
auth sufficient /usr/local/lib/pam_sss.so use_first_pass
auth required pam_unix.so no_warn use_first_pass
So putting pam_unix.so
two times in PAM, the first one as sufficient
and the last one as required
do the trick. I don't know why this happens but it's working and appears to be right way to do.
Related videos on Youtube
EduBw
Updated on September 18, 2022Comments
-
EduBw over 1 year
I want test con Mockito, My controller gets 3 String, 1 File, 1 class
@RequestMapping(value = "/insertExcel", method = RequestMethod.POST, consumes = "multipart/form-data") @ResponseBody public MyMessage insertExcel(@RequestPart("period") String period, @RequestPart("commentary") String commentary, @RequestPart("idProcess") String idProcess, @RequestPart("uploadFile") MultipartFile multipart, @RequestPart("dataUser") DataUser dataUser) { return this.mlService.insertFile(multipart, dataUser, idProcess, period, commentary); }
Then I want simulate this with mockito:
MockMultipartFile file1 = new MockMultipartFile("period", "202001", "text/plain", "202001".getBytes()); MockMultipartFile file2 = new MockMultipartFile("commentary", "comentario", "text/plain", "comentario".getBytes()); MockMultipartFile file3 = new MockMultipartFile("idProcess", "process1", "text/plain", "process1".getBytes()); MockMultipartFile file4 = new MockMultipartFile("uploadFile", "uploadFile", "text/plain", "uploadFile".getBytes()); MockMultipartFile file5 = new MockMultipartFile("dataUser", "as", "text/plain", "{\"createDate\": \"2020\", \"createUser\": \"test\", \"modificationDate\":\"2020\", \"modificationUser\": \"test\" }".getBytes()) ; this.webMvcMock.perform(MockMvcRequestBuilders.fileUpload("/ml/insertExcel") .file(file1) .file(file2) .file(file3) .file(file4) .file(file5)). andExpect(status().isOk());
Error:
java.lang.AssertionError: Status expected:<200> but was:<415> at org.springframework.test.util.AssertionErrors.fail(AssertionErrors.java:54) at org.springframework.test.util.AssertionErrors.assertEquals(AssertionErrors.java:81)
When I run this, I get error 415 why ?? How can I send the data correctly? Thanks
Edit:
I think what I get error 415 because in my controller I have consumes = "multipart/form-data"), so, I add in my test :
this.webMvcMock.perform((RequestBuilder) ((ResultActions) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) ((MockMultipartHttpServletRequestBuilder) MockMvcRequestBuilders.fileUpload("/ml/insertExcel") .file(file1).contentType(MediaType.MULTIPART_FORM_DATA)) .file(file2).contentType(MediaType.MULTIPART_FORM_DATA)) .file(file3).contentType(MediaType.MULTIPART_FORM_DATA)) .file(file4).contentType(MediaType.MULTIPART_FORM_DATA)) .file(file5).contentType(MediaType.MULTIPART_FORM_DATA)). andExpect(status().isOk()));
Now the new error is:
java.lang.ClassCastException: org.springframework.test.web.servlet.request.MockMultipartHttpServletRequestBuilder cannot be cast to org.springframework.test.web.servlet.ResultActions at es.ApplicationTests.insertExcel1(ApplicationTests.java:497) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26) at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75) at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86) at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:252) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:94) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268) at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61) at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70) at org.junit.runners.ParentRunner.run(ParentRunner.java:363) at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:191) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:538) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:760) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:460) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:206)
Edit2:
I modified the call to controller but I now other error:
MockMultipartFile file1 = new MockMultipartFile("period", "202001", "text/plain", "202001".getBytes()); MockMultipartFile file2 = new MockMultipartFile("commentary", "comentario", "text/plain", "comentario".getBytes()); MockMultipartFile file3 = new MockMultipartFile("idProcess", "process1", "text/plain", "process1".getBytes()); MockMultipartFile file4 = new MockMultipartFile("uploadFile", "uploadFile", "text/plain", "uploadFile".getBytes()); MockMultipartFile file5 = new MockMultipartFile("dataUser", "", "text/plain", "{\"createDate\": \"2020\", \"createUser\": \"test\", \"modificationDate\":\"2020\", \"modificationUser\": \"test\" }".getBytes()) ; MockHttpServletRequestBuilder request = post("/ml/insertExcel"); request.content(file1.getBytes()); request.content(file2.getBytes()); request.content(file3.getBytes()); request.content(file4.getBytes()); request.content(file5.getBytes()); request.accept(MediaType.MULTIPART_FORM_DATA); request.contentType(MediaType.MULTIPART_FORM_DATA); this.webMvcMock.perform(request).andExpect(status().isOk());
The now error is 400:
java.lang.AssertionError: Status expected:<200> but was:<400> at org.springframework.test.util.AssertionErrors.fail(AssertionErrors.java:54) at org.springframework.test.util.AssertionErrors.assertEquals(AssertionErrors.java:81)
I don't care how to do it, but I need you to fill in the data to the controller