Respect '--without-infopipe' in 'sssctl' and tests

Makefile.am

@@ -1949,15 +1949,17 @@ sssctl_SOURCES = \
     src/tools/sssctl/sssctl_cache.c \
     src/tools/sssctl/sssctl_data.c \
     src/tools/sssctl/sssctl_logs.c \
-    src/tools/sssctl/sssctl_domains.c \
     src/tools/sssctl/sssctl_config.c \
-    src/tools/sssctl/sssctl_user_checks.c \
+    $(SSSD_TOOLS_OBJ)
+if BUILD_PASSKEY
+sssctl_SOURCES += src/tools/sssctl/sssctl_passkey.c
+endif
+if BUILD_IFP
+sssctl_SOURCES += \
     src/tools/sssctl/sssctl_access_report.c \
     src/tools/sssctl/sssctl_cert.c \
-    $(SSSD_TOOLS_OBJ) \
-    $(NULL)
-if BUILD_PASSKEY
-    sssctl_SOURCES += src/tools/sssctl/sssctl_passkey.c
+    src/tools/sssctl/sssctl_domains.c \
+    src/tools/sssctl/sssctl_user_checks.c
 endif
 sssctl_LDADD = \
     $(TOOLS_LIBS) \

src/tests/dlopen-tests.c

@@ -91,8 +91,10 @@ struct so {
     { "libsss_sbus_sync.so", {NULL} },
     { "libsss_iface.so", {NULL} },
     { "libsss_iface_sync.so", {NULL} },
+#ifdef BUILD_IFP
     { "libifp_iface.so", {NULL} },
     { "libifp_iface_sync.so", {NULL} },
+#endif
     { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so",
                             LIBPFX"libsss_simple.so", NULL } },
 #ifdef BUILD_FILES_PROVIDER

src/tests/intg/Makefile.am

@@ -107,6 +107,12 @@ else
 FILES_PROVIDER = "disabled"
 endif
 
+if BUILD_IFP
+IFP = "enabled"
+else
+IFP = "disabled"
+endif
+
 
 cwrap-dbus-system.conf: data/cwrap-dbus-system.conf.in Makefile
 	$(SED) -e "s!@runstatedir[@]!$(runstatedir)!" \
@@ -237,6 +243,7 @@ intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service
 	SOFTHSM2_TWO_CONF=$(SOFTHSM2_TWO_CONF) \
 	KCM_RENEW=$(KCM_RENEW) \
 	FILES_PROVIDER=$(FILES_PROVIDER) \
+	IFP=$(IFP) \
 	DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \
 	DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \
 	DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \

src/tests/intg/test_infopipe.py

@@ -42,6 +42,14 @@
 INTERACTIVE_TIMEOUT = 4
 
 
+def have_ifp_support():
+    return os.environ['IFP'] == "enabled"
+
+
+pytestmark = pytest.mark.skipif(not have_ifp_support(),
+                                reason="IFP support isn't built, skipping")
+
+
 class DbusDaemon(object):
     def __init__(self):
         self.pid = 0

src/tests/intg/test_pam_responder.py

@@ -39,6 +39,9 @@
 
 LDAP_BASE_DN = "dc=example,dc=com"
 
+def have_ifp_support():
+    return os.environ['IFP'] == "enabled"
+
 def provider_list():
      if os.environ['FILES_PROVIDER'] == "enabled":
          return ('files', 'files_with_policy', 'proxy')
@@ -436,6 +439,8 @@ def pam_prompting_config(request, ldap_conn):
     return None
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 def test_password_prompting_config_global(ldap_conn, pam_prompting_config,
                                           env_for_sssctl):
     """Check global change of the password prompt"""
@@ -461,6 +466,8 @@ def test_password_prompting_config_global(ldap_conn, pam_prompting_config,
     assert err.find("My global prompt") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 def test_password_prompting_config_srv(ldap_conn, pam_prompting_config,
                                        env_for_sssctl):
     """Check change of the password prompt for dedicated service"""
@@ -502,6 +509,8 @@ def env_for_sssctl(request):
     return env_for_sssctl
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl):
 
@@ -527,6 +536,8 @@ def test_sc_auth_wrong_pin(simple_pam_cert_auth, env_for_sssctl):
                     "Authentication failure") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_sc_auth(simple_pam_cert_auth, env_for_sssctl):
 
@@ -551,6 +562,8 @@ def test_sc_auth(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True)
 def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl):
 
@@ -575,6 +588,8 @@ def test_sc_auth_two(simple_pam_cert_auth_two_certs, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth_two_certs', provider_list(), indirect=True)
 def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl):
 
@@ -599,6 +614,8 @@ def test_sc_auth_two_missing_name(simple_pam_cert_auth_two_certs, env_for_sssctl
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password'], indirect=True)
 def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl):
     """
@@ -621,6 +638,8 @@ def test_sc_proxy_password_fallback(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("Password:") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', ['proxy_password_with_sc'],
                          indirect=True)
 def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl):
@@ -651,6 +670,8 @@ def test_sc_proxy_no_password_fallback(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl):
 
@@ -676,6 +697,8 @@ def test_require_sc_auth(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth_no_cert', provider_list(), indirect=True)
 def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl):
 
@@ -712,6 +735,8 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl):
                     "service cannot retrieve authentication info") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl):
 
@@ -738,6 +763,8 @@ def test_try_sc_auth_no_map(simple_pam_cert_auth, env_for_sssctl):
                     "service cannot retrieve authentication info") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl):
 
@@ -763,6 +790,8 @@ def test_try_sc_auth(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl):
     """
@@ -792,6 +821,8 @@ def test_try_sc_auth_root(simple_pam_cert_auth, env_for_sssctl):
                     "service cannot retrieve authentication info") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl):
     """
@@ -820,6 +851,8 @@ def test_sc_auth_missing_name(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth', provider_list(), indirect=True)
 def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl):
     """
@@ -848,6 +881,8 @@ def test_sc_auth_missing_name_whitespace(simple_pam_cert_auth, env_for_sssctl):
     assert err.find("pam_authenticate for user [user1]: Success") != -1
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 @pytest.mark.parametrize('simple_pam_cert_auth_name_format', provider_list(), indirect=True)
 def test_sc_auth_name_format(simple_pam_cert_auth_name_format, env_for_sssctl):
     """
@@ -910,6 +945,8 @@ def setup_krb5(request, kdc_instance, passwd_ops_setup):
     return None
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 def test_krb5_auth(setup_krb5, env_for_sssctl):
     """
     Test basic Kerberos authentication, check for authentication failure when
@@ -976,6 +1013,8 @@ def setup_krb5_domains(request, kdc_instance, passwd_ops_setup):
     return None
 
 
+@pytest.mark.skipif(not have_ifp_support(),
+                    reason="IFP support isn't built, skipping")
 def test_krb5_auth_domains(setup_krb5_domains, env_for_sssctl):
     """
     Test basic Kerberos authentication with pam_sss 'domains' option, make

src/tools/sssctl/sssctl.c

@@ -314,11 +314,15 @@ bool sssctl_restart_sssd(bool force)
 int main(int argc, const char **argv)
 {
     struct sss_route_cmd commands[] = {
+#ifdef BUILD_IFP
         SSS_TOOL_DELIMITER("SSSD Status:"),
         SSS_TOOL_COMMAND("domain-list", "List available domains", 0, sssctl_domain_list),
         SSS_TOOL_COMMAND("domain-status", "Print information about domain", 0, sssctl_domain_status),
         SSS_TOOL_COMMAND_FLAGS("user-checks", "Print information about a user and check authentication", 0, sssctl_user_checks, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
         SSS_TOOL_COMMAND("access-report", "Generate access report for a domain", 0, sssctl_access_report),
+#else
+        SSS_TOOL_DELIMITER("IFP support isn't built, 'sssctl' functionality is limited."),
+#endif /* BUILD_IFP */
         SSS_TOOL_DELIMITER("Information about cached content:"),
         SSS_TOOL_COMMAND("user-show", "Information about cached user", 0, sssctl_user_show),
         SSS_TOOL_COMMAND("group-show", "Information about cached group", 0, sssctl_group_show),
@@ -336,10 +340,12 @@ int main(int argc, const char **argv)
         SSS_TOOL_COMMAND_FLAGS("analyze", "Analyze logged data", 0, sssctl_analyze, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
         SSS_TOOL_DELIMITER("Configuration files tools:"),
         SSS_TOOL_COMMAND_FLAGS("config-check", "Perform static analysis of SSSD configuration", 0, sssctl_config_check, SSS_TOOL_FLAG_SKIP_CMD_INIT),
+#ifdef BUILD_IFP
         SSS_TOOL_DELIMITER("Certificate related tools:"),
         SSS_TOOL_COMMAND_FLAGS("cert-show", "Print information about the certificate", 0, sssctl_cert_show, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
         SSS_TOOL_COMMAND("cert-map", "Show users mapped to the certificate", 0, sssctl_cert_map),
         SSS_TOOL_COMMAND_FLAGS("cert-eval-rule", "Check mapping and matching rule with a certificate", 0, sssctl_cert_eval_rule, SSS_TOOL_FLAG_SKIP_CMD_INIT|SSS_TOOL_FLAG_SKIP_ROOT_CHECK),
+#endif /* BUILD_IFP */
         SSS_TOOL_DELIMITER("GPOs related tools:"),
         SSS_TOOL_COMMAND("gpo-show", "Information about cached GPO", 0, sssctl_gpo_show),
         SSS_TOOL_COMMAND("gpo-list", "Enumerate cached GPOs", 0, sssctl_gpo_list),

src/tools/sssctl/sssctl.h

@@ -61,6 +61,7 @@ errno_t sssctl_systemd_start(void);
 errno_t sssctl_systemd_stop(void);
 errno_t sssctl_systemd_restart(void);
 
+#ifdef BUILD_IFP
 errno_t sssctl_domain_list(struct sss_cmdline *cmdline,
                            struct sss_tool_ctx *tool_ctx,
                            void *pvt);
@@ -69,6 +70,27 @@ errno_t sssctl_domain_status(struct sss_cmdline *cmdline,
                              struct sss_tool_ctx *tool_ctx,
                              void *pvt);
 
+errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
+                           struct sss_tool_ctx *tool_ctx,
+                           void *pvt);
+
+errno_t sssctl_cert_show(struct sss_cmdline *cmdline,
+                         struct sss_tool_ctx *tool_ctx,
+                         void *pvt);
+
+errno_t sssctl_cert_map(struct sss_cmdline *cmdline,
+                        struct sss_tool_ctx *tool_ctx,
+                        void *pvt);
+
+errno_t sssctl_cert_eval_rule(struct sss_cmdline *cmdline,
+                              struct sss_tool_ctx *tool_ctx,
+                              void *pvt);
+
+errno_t sssctl_access_report(struct sss_cmdline *cmdline,
+                             struct sss_tool_ctx *tool_ctx,
+                             void *pvt);
+#endif /* BUILD_IFP */
+
 errno_t sssctl_client_data_backup(struct sss_cmdline *cmdline,
                                   struct sss_tool_ctx *tool_ctx,
                                   void *pvt);
@@ -121,31 +143,12 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
                             struct sss_tool_ctx *tool_ctx,
                             void *pvt);
 
-errno_t sssctl_user_checks(struct sss_cmdline *cmdline,
-                           struct sss_tool_ctx *tool_ctx,
-                           void *pvt);
-
-errno_t sssctl_access_report(struct sss_cmdline *cmdline,
-                             struct sss_tool_ctx *tool_ctx,
-                             void *pvt);
-
-errno_t sssctl_cert_show(struct sss_cmdline *cmdline,
-                         struct sss_tool_ctx *tool_ctx,
-                         void *pvt);
-
-errno_t sssctl_cert_map(struct sss_cmdline *cmdline,
-                        struct sss_tool_ctx *tool_ctx,
-                        void *pvt);
 #ifdef BUILD_PASSKEY
 errno_t sssctl_passkey_register(struct sss_cmdline *cmdline,
                                 struct sss_tool_ctx *tool_ctx,
                                 void *pvt);
 #endif /* BUILD_PASSKEY */
 
-errno_t sssctl_cert_eval_rule(struct sss_cmdline *cmdline,
-                              struct sss_tool_ctx *tool_ctx,
-                              void *pvt);
-
 errno_t sssctl_gpo_show(struct sss_cmdline *cmdline,
                         struct sss_tool_ctx *tool_ctx,
                         void *pvt);

src/tools/sssctl/sssctl_logs.c

@@ -40,7 +40,6 @@
 #include "tools/tools_util.h"
 #include "confdb/confdb.h"
 #include "sss_iface/sss_iface_sync.h"
-#include "responder/ifp/ifp_iface/ifp_iface_sync.h"
 
 #define LOG_FILE(file) " " LOG_PATH "/" file
 #define LOG_FILES LOG_FILE("*.log")