From f02106f72688880961916072fd833bdffab2c7bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Thu, 11 Jan 2024 18:10:10 +0100 Subject: [PATCH] pam/main-cli: Include pam error codes in error messages This makes the output of the golden files clearer and it makes explicit the Pam status code that is returned. --- ...uthenticate_user_and_add_it_to_local_group | 8 ++--- ...authenticate_user_and_offer_password_reset | 8 ++--- .../authenticate_user_and_reset_password | 8 ++--- .../golden/authenticate_user_successfully | 8 ++--- .../authenticate_user_switching_auth_mode | 8 ++--- .../golden/authenticate_user_switching_broker | 8 ++--- .../authenticate_user_switching_username | 8 ++--- ...thenticate_user_with_form_mode_with_button | 8 ++--- .../golden/authenticate_user_with_mfa | 20 ++++++------ .../golden/authenticate_user_with_qr_code | 8 ++--- ...eny_authentication_if_max_attempts_reached | 8 ++--- ...deny_authentication_if_user_does_not_exist | 4 +-- .../exit_authd_if_local_broker_is_selected | 8 ++--- .../golden/exit_authd_if_user_sigints | 8 ++--- .../remember_last_successful_broker_and_mode | 32 +++++++++---------- pam/main-cli.go | 20 +++++++++--- 16 files changed, 92 insertions(+), 80 deletions(-) diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_add_it_to_local_group b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_add_it_to_local_group index 338698537..65c304cb3 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_add_it_to_local_group +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_add_it_to_local_group @@ -132,8 +132,8 @@ Gimme your password ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -165,8 +165,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_offer_password_reset b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_offer_password_reset index 0b3cf38ee..fd691735c 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_offer_password_reset +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_offer_password_reset @@ -201,8 +201,8 @@ Enter your new password (3 days until mandatory) > > -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -234,8 +234,8 @@ Enter your new password (3 days until mandatory) > > -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_reset_password b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_reset_password index c043e94b9..7e21d0c13 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_reset_password +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_and_reset_password @@ -232,8 +232,8 @@ Enter your new password > ./pam_authd socket=/tmp/pam-cli-tests.sock Enter your new password > ******* -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -265,8 +265,8 @@ Acct mgmt return: > ./pam_authd socket=/tmp/pam-cli-tests.sock Enter your new password > ******* -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_successfully b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_successfully index 61c6c0392..7873ca661 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_successfully +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_successfully @@ -132,8 +132,8 @@ Gimme your password ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -165,8 +165,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_auth_mode b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_auth_mode index b6022764c..11ca0f62a 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_auth_mode +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_auth_mode @@ -330,8 +330,8 @@ Gimme your password ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -363,8 +363,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_broker b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_broker index 6d6c42135..495c16774 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_broker +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_broker @@ -225,8 +225,8 @@ Gimme your password -Auth return: The return value should be ignored by PAM dispatch: -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (25): The return value should be ignored by PAM dispatch: +AcctMgmt error (25): The return value should be ignored by PAM dispatch > ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock @@ -258,7 +258,7 @@ Acct mgmt return: The return value should be ignored by PAM dispatch -Auth return: The return value should be ignored by PAM dispatch: -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (25): The return value should be ignored by PAM dispatch: +AcctMgmt error (25): The return value should be ignored by PAM dispatch > ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_username b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_username index 520c1e02f..fdfb615aa 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_username +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_username @@ -198,8 +198,8 @@ Gimme your password ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -231,8 +231,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_form_mode_with_button b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_form_mode_with_button index 4479d4269..840bd7dbd 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_form_mode_with_button +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_form_mode_with_button @@ -266,8 +266,8 @@ Enter your one time credential Enter your one time credential > temporary pass00 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -299,8 +299,8 @@ Acct mgmt return: Enter your one time credential > temporary pass00 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_mfa b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_mfa index 160e92b22..ece46c77f 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_mfa +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_mfa @@ -296,8 +296,8 @@ Unlock your phone +33… or accept request on web interface: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -329,8 +329,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -362,8 +362,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -395,8 +395,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -428,8 +428,8 @@ Acct mgmt return: ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_qr_code b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_qr_code index a14c3778a..778af23d9 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_qr_code +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_qr_code @@ -284,8 +284,8 @@ Enter the following code after flashing the address: 1337 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -317,8 +317,8 @@ Enter the following code after flashing the address: 1337 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_max_attempts_reached b/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_max_attempts_reached index d4b4b957f..ef8e8f6c8 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_max_attempts_reached +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_max_attempts_reached @@ -266,8 +266,8 @@ invalid password, should be goodpass Gimme your password > PAM ERROR: invalid password, should be goodpass -Auth return: Authentication failure: invalid password, should be goodpass -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (7): Authentication failure: invalid password, should be goodpass +AcctMgmt error (25): The return value should be ignored by PAM dispatch > @@ -299,8 +299,8 @@ Acct mgmt return: The return value should be ignored by PAM dispatch Gimme your password > PAM ERROR: invalid password, should be goodpass -Auth return: Authentication failure: invalid password, should be goodpass -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (7): Authentication failure: invalid password, should be goodpass +AcctMgmt error (25): The return value should be ignored by PAM dispatch > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_user_does_not_exist b/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_user_does_not_exist index f8137f861..d994c36e9 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_user_does_not_exist +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_user_does_not_exist @@ -128,7 +128,7 @@ Username: user-unexistent PAM ERROR: can't select broker: rpc error: code = Unknown desc = can't start authentication tran saction: user "user-unexistent" does not exist -Auth return: System error: can't select broker: rpc error: code = Unknown desc = can't start aut +Auth error (4): System error: can't select broker: rpc error: code = Unknown desc = can't start ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock Select your provider @@ -161,5 +161,5 @@ Auth return: System error: can't select broker: rpc error: code = Unknown desc = PAM ERROR: can't select broker: rpc error: code = Unknown desc = can't start authentication tran saction: user "user-unexistent" does not exist -Auth return: System error: can't select broker: rpc error: code = Unknown desc = can't start aut +Auth error (4): System error: can't select broker: rpc error: code = Unknown desc = can't start ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_local_broker_is_selected b/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_local_broker_is_selected index d7e3fc7e8..c3a620d2e 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_local_broker_is_selected +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_local_broker_is_selected @@ -126,8 +126,8 @@ Username: user-local-broker -Auth return: The return value should be ignored by PAM dispatch: -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (25): The return value should be ignored by PAM dispatch: +AcctMgmt error (25): The return value should be ignored by PAM dispatch > ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd socket=/tmp/pam-cli-tests.sock @@ -159,7 +159,7 @@ Acct mgmt return: The return value should be ignored by PAM dispatch -Auth return: The return value should be ignored by PAM dispatch: -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (25): The return value should be ignored by PAM dispatch: +AcctMgmt error (25): The return value should be ignored by PAM dispatch > ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_user_sigints b/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_user_sigints index 97912d833..0f0db0b12 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_user_sigints +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_user_sigints @@ -133,8 +133,8 @@ Gimme your password > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password PAM ERROR: cancel requested -Auth return: Critical error - immediate abort: cancel requested -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (26): Critical error - immediate abort: cancel requested +AcctMgmt error (25): The return value should be ignored by PAM dispatch > @@ -166,8 +166,8 @@ Acct mgmt return: The return value should be ignored by PAM dispatch > ./pam_authd socket=/tmp/pam-cli-tests.sock Gimme your password PAM ERROR: cancel requested -Auth return: Critical error - immediate abort: cancel requested -Acct mgmt return: The return value should be ignored by PAM dispatch +Auth error (26): Critical error - immediate abort: cancel requested +AcctMgmt error (25): The return value should be ignored by PAM dispatch > diff --git a/pam/integration-tests/testdata/TestCLIIntegration/golden/remember_last_successful_broker_and_mode b/pam/integration-tests/testdata/TestCLIIntegration/golden/remember_last_successful_broker_and_mode index bd32c0326..e0c793f57 100644 --- a/pam/integration-tests/testdata/TestCLIIntegration/golden/remember_last_successful_broker_and_mode +++ b/pam/integration-tests/testdata/TestCLIIntegration/golden/remember_last_successful_broker_and_mode @@ -167,8 +167,8 @@ Enter your one time credential Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -200,8 +200,8 @@ Acct mgmt return: Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > ./pam_authd socket=/tmp/pam-cli-tests.sock Username: user name @@ -233,8 +233,8 @@ Username: user name Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > ./pam_authd socket=/tmp/pam-cli-tests.sock Username: user-integration-remember-mode @@ -266,8 +266,8 @@ Username: user-integration-remember-mode Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > ./pam_authd socket=/tmp/pam-cli-tests.sock Enter your one time credential > @@ -299,14 +299,14 @@ Enter your one time credential Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > ./pam_authd socket=/tmp/pam-cli-tests.sock Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > @@ -332,14 +332,14 @@ Acct mgmt return: Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > ./pam_authd socket=/tmp/pam-cli-tests.sock Enter your one time credential > temporary pass0 -Auth return: -Acct mgmt return: +Auth success +AcctMgmt success > diff --git a/pam/main-cli.go b/pam/main-cli.go index d4590aa1d..a158ad6a8 100644 --- a/pam/main-cli.go +++ b/pam/main-cli.go @@ -3,6 +3,7 @@ package main import ( + "errors" "fmt" "os" @@ -36,10 +37,21 @@ func main() { return "", nil })) - authResult := module.Authenticate(mTx, pam.Flags(0), os.Args) - fmt.Println("Auth return:", authResult) + printResult("Auth", module.Authenticate(mTx, pam.Flags(0), os.Args)) // Simulate setting auth broker as default. - accMgmtResult := module.AcctMgmt(mTx, pam.Flags(0), os.Args) - fmt.Println("Acct mgmt return:", accMgmtResult) + printResult("AcctMgmt", module.AcctMgmt(mTx, pam.Flags(0), os.Args)) +} + +func printResult(action string, result error) { + var pamErr pam.Error + if errors.As(result, &pamErr) { + fmt.Printf("%s error (%d): %v\n", action, pamErr, result) + return + } + if result != nil { + fmt.Printf("%s error:\n", action, result) + return + } + fmt.Printf("%s success\n", action) }