-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Redact internal error messages to prevent leaks
This is to mimic a little better the behavior of other PAM modules. They show a generic error message to avoid leaking information that could potentially help attackers.
- Loading branch information
1 parent
25eafef
commit 3228f85
Showing
24 changed files
with
146 additions
and
103 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...ta/TestIsAuthenticated/golden/denies_authentication_when_broker_times_out/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: denied | ||
msg: {"message": "denied by time out"} | ||
msg: {"message":"authentication failure"} | ||
err: <nil> |
2 changes: 1 addition & 1 deletion
2
...m/testdata/TestIsAuthenticated/golden/error_on_empty_data_even_if_granted/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: missing key "userinfo" in returned message, got: {} | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...sAuthenticated/golden/error_on_updating_local_groups_with_unexisting_file/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: failed to update user "TestIsAuthenticated/Error_on_updating_local_groups_with_unexisting_file_separator_success_with_local_groups": could not update local groups for user "TestIsAuthenticated/Error_on_updating_local_groups_with_unexisting_file_separator_success_with_local_groups": could not fetch existing local group: open testdata/TestIsAuthenticated/does_not_exists.group: no such file or directory | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...ervices/pam/testdata/TestIsAuthenticated/golden/error_when_authenticating/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: broker "BrokerMock": IsAuthenticated errored out | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...tdata/TestIsAuthenticated/golden/error_when_broker_returns_invalid_access/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: invalid access authentication key: invalid | ||
err: rpc error: code = Unknown desc = authentication failure |
3 changes: 1 addition & 2 deletions
3
...estdata/TestIsAuthenticated/golden/error_when_broker_returns_invalid_data/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: response returned by the broker is not a valid json: invalid character 'i' looking for beginning of value | ||
Broker returned: invalid | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...ata/TestIsAuthenticated/golden/error_when_broker_returns_invalid_userinfo/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: message is not JSON formatted: json: cannot unmarshal string into Go value of type brokers.userInfo | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...golden/error_when_broker_returns_username_different_than_the_one_selected/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: provided userinfo is invalid: username "different_username" does not match the selected username "TestIsAuthenticated/Error_when_broker_returns_username_different_than_the_one_selected_separator_IA_info_mismatching_user_name" | ||
err: rpc error: code = Unknown desc = authentication failure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
...ces/pam/testdata/TestIsAuthenticated/golden/error_when_sessionid_is_empty/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = InvalidArgument desc = can't check authentication: rpc error: code = InvalidArgument desc = no session ID provided | ||
err: rpc error: code = Unknown desc = authentication failure |
2 changes: 1 addition & 1 deletion
2
...ces/pam/testdata/TestIsAuthenticated/golden/error_when_there_is_no_broker/IsAuthenticated
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
FIRST CALL: | ||
access: | ||
msg: | ||
err: rpc error: code = Unknown desc = can't check authentication: no broker found for session "invalid-session" | ||
err: rpc error: code = Unknown desc = authentication failure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.