Skip to content

Commit

Permalink
pam/qrcodemodel: Use normal-size Qr code when in simple terminals (#393)
Browse files Browse the repository at this point in the history
If the terminal is not advanced enough to support the more complex utf-8
characters needed to print the small qrcode, just use the simpler
implementation via the big qrcode that uses characters that seems to be
supported everywhere.

In fact bigger qrcode use two times the character `█` to do a square,
and
this is supported by the normal tty fonts:

    getunimap | grep █ 0x0db	U+2588	# █
    setfont -v -ou /dev/stdout | grep 0x0db

Without having to go through building one via `#`'s.

In theory we can inspect for font support on that, but it's not
something we want to
implement for now.

UDENG-3109

Closes: #361
  • Loading branch information
3v1n0 authored Jun 25, 2024
2 parents e3a273f + 4017b7c commit fa868ac
Show file tree
Hide file tree
Showing 9 changed files with 1,326 additions and 4 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ require (
github.com/godbus/dbus/v5 v5.1.0
github.com/google/uuid v1.6.0
github.com/msteinert/pam/v2 v2.0.0
github.com/muesli/termenv v0.15.2
github.com/sirupsen/logrus v1.9.3
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
github.com/spf13/cobra v1.8.1
Expand Down Expand Up @@ -49,7 +50,6 @@ require (
github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect
github.com/muesli/cancelreader v0.2.2 // indirect
github.com/muesli/reflow v0.3.0 // indirect
github.com/muesli/termenv v0.15.2 // indirect
github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/rivo/uniseg v0.4.7 // indirect
Expand Down
23 changes: 22 additions & 1 deletion pam/go-exec/module.c
Original file line number Diff line number Diff line change
Expand Up @@ -945,6 +945,16 @@ handle_module_options (int argc,
return TRUE;
}

static void
maybe_replicate_env (GPtrArray *envp,
const char *env)
{
const char *value = g_getenv (env);

if (value)
g_ptr_array_add (envp, g_strdup_printf ("%s=%s", env, value));
}

static int
do_pam_action_thread (pam_handle_t *pamh,
ActionType action,
Expand Down Expand Up @@ -1114,7 +1124,18 @@ do_pam_action_thread (pam_handle_t *pamh,

envp = g_ptr_array_new_full (2, g_free);
if (interactive_mode)
g_ptr_array_add (envp, g_strdup_printf ("TERM=%s", g_getenv ("TERM")));
{
maybe_replicate_env (envp, "COLORTERM");
maybe_replicate_env (envp, "COLORFGBG");
maybe_replicate_env (envp, "NO_COLOR");
maybe_replicate_env (envp, "FORCE_COLOR");
maybe_replicate_env (envp, "TERM");
maybe_replicate_env (envp, "TERM_PROGRAM");
maybe_replicate_env (envp, "TERM_PROGRAM_VERSION");
maybe_replicate_env (envp, "XDG_SESSION_TYPE");
maybe_replicate_env (envp, "SHELL");
}

for (int i = 0; env_variables && env_variables[i]; ++i)
g_ptr_array_add (envp, g_strdup (env_variables[i]));
g_ptr_array_add (envp, g_strdup_printf ("AUTHD_PAM_SERVER_ADDRESS=%s",
Expand Down
11 changes: 11 additions & 0 deletions pam/integration-tests/cli_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,17 @@ func TestCLIAuthenticate(t *testing.T) {
tape string

currentUserNotRoot bool
termEnv string
sessionEnv string
}{
"Authenticate user successfully": {tape: "simple_auth"},
"Authenticate user successfully with preset user": {tape: "simple_auth_with_preset_user"},
"Authenticate user with mfa": {tape: "mfa_auth"},
"Authenticate user with form mode with button": {tape: "form_with_button"},
"Authenticate user with qr code": {tape: "qr_code"},
"Authenticate user with qr code in a TTY": {tape: "qr_code", termEnv: "linux"},
"Authenticate user with qr code in a TTY session": {tape: "qr_code", termEnv: "xterm-256color", sessionEnv: "tty"},
"Authenticate user with qr code in screen": {tape: "qr_code", termEnv: "screen"},
"Authenticate user and reset password while enforcing policy": {tape: "mandatory_password_reset"},
"Authenticate user and offer password reset": {tape: "optional_password_reset"},
"Authenticate user switching auth mode": {tape: "switch_auth_mode"},
Expand Down Expand Up @@ -89,6 +94,12 @@ func TestCLIAuthenticate(t *testing.T) {
fmt.Sprintf("%s=%s", socketPathEnv, socketPath),
fmt.Sprintf("AUTHD_PAM_CLI_LOG_DIR=%s", filepath.Dir(cliLog)),
fmt.Sprintf("AUTHD_PAM_CLI_TEST_NAME=%s", t.Name()))
if tc.termEnv != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_TERM=%s", tc.termEnv))
}
if tc.sessionEnv != "" {
cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_SESSION_TYPE=%s", tc.sessionEnv))
}
cmd.Dir = outDir

out, err := cmd.CombinedOutput()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ Username: user name












Expand All @@ -31,6 +37,7 @@ Username: user name


────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Username: user-integration-qr-code

Expand All @@ -56,6 +63,12 @@ Username: user-integration-qr-code












Expand All @@ -64,6 +77,7 @@ Username: user-integration-qr-code


────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Select your provider

Expand All @@ -89,6 +103,12 @@ Username: user-integration-qr-code












Expand All @@ -97,6 +117,7 @@ Username: user-integration-qr-code


────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Gimme your password
>
Expand All @@ -122,6 +143,12 @@ Gimme your password












Expand All @@ -130,6 +157,7 @@ Gimme your password


────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Select your authentication method

Expand All @@ -155,6 +183,12 @@ Gimme your password












Expand All @@ -163,6 +197,7 @@ Gimme your password


────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Scan the qrcode or enter the code in the login page

Expand Down Expand Up @@ -195,7 +230,14 @@ Scan the qrcode or enter the code in the login page









────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Scan the qrcode or enter the code in the login page

Expand Down Expand Up @@ -228,7 +270,14 @@ Scan the qrcode or enter the code in the login page









────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Scan the qrcode or enter the code in the login page

Expand Down Expand Up @@ -261,7 +310,14 @@ Scan the qrcode or enter the code in the login page









────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Scan the qrcode or enter the code in the login page

Expand Down Expand Up @@ -294,7 +350,14 @@ PAM AcctMgmt() exited with success









────────────────────────────────────────────────────────────────────────────────
> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi
> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK}
Scan the qrcode or enter the code in the login page

Expand Down Expand Up @@ -327,4 +390,10 @@ PAM AcctMgmt() exited with success









────────────────────────────────────────────────────────────────────────────────
Loading

0 comments on commit fa868ac

Please sign in to comment.