From 4debbb557c79b0bdc7ea179925b0aa91a3c56fe1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 1 Jul 2024 17:24:06 +0200 Subject: [PATCH 1/3] pam/nativemodel: Include URI as info message --- .../authenticate_user_switching_auth_mode | 18 ++++++------- .../golden/authenticate_user_with_qr_code | 18 ++++++------- .../authenticate_user_with_qr_code_in_a_tty | 18 ++++++------- ...nticate_user_with_qr_code_in_a_tty_session | 18 ++++++------- .../authenticate_user_with_qr_code_in_screen | 18 ++++++------- pam/internal/adapter/nativemodel.go | 25 +++++++++++++------ 6 files changed, 63 insertions(+), 52 deletions(-) diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_switching_auth_mode b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_switching_auth_mode index 89826709c..6fca228f0 100644 --- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_switching_auth_mode +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_switching_auth_mode @@ -2449,6 +2449,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -2506,7 +2507,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -2606,6 +2606,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -2663,7 +2664,6 @@ Select authentication mode: - ──────────────────────────────────────────────────────────────────────────────── @@ -2763,6 +2763,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -2820,7 +2821,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -2920,6 +2920,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -2977,7 +2978,6 @@ Select authentication mode: - ──────────────────────────────────────────────────────────────────────────────── @@ -3077,6 +3077,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -3136,7 +3137,6 @@ Select authentication mode: - ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true Username: user-integration-switch-mode @@ -3234,6 +3234,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -3293,7 +3294,6 @@ Select authentication mode: - ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true Username: user-integration-switch-mode @@ -3391,6 +3391,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -3450,7 +3451,6 @@ Enter your pin code: - ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true Username: user-integration-switch-mode @@ -3548,6 +3548,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -3607,7 +3608,6 @@ PAM AcctMgmt() exited with success > - ──────────────────────────────────────────────────────────────────────────────── > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true Username: user-integration-switch-mode @@ -3705,6 +3705,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -3764,5 +3765,4 @@ PAM AcctMgmt() exited with success > - ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code index 5214c58b4..c537c040f 100644 --- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code @@ -354,6 +354,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -421,7 +422,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -461,6 +461,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -485,6 +486,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -526,8 +528,6 @@ Select action: - - @@ -568,6 +568,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -592,6 +593,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -633,8 +635,6 @@ Select action: 1 - - @@ -675,6 +675,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -699,6 +700,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -740,8 +742,6 @@ PAM AcctMgmt() exited with success - - @@ -782,6 +782,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -806,6 +807,7 @@ Scan the qrcode or enter the code in the login page ████▄▄▄▄▄▄▄█▄█▄█▄█▄████▄▄▄▄▄▄████ █████████████████████████████████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -847,8 +849,6 @@ PAM AcctMgmt() exited with success - - diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty index 2a2291a34..74c56b2e4 100644 --- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty @@ -370,6 +370,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -421,7 +422,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -477,6 +477,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -517,6 +518,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -529,8 +531,6 @@ Select action: - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -584,6 +584,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -624,6 +625,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -636,8 +638,6 @@ Select action: 1 - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -691,6 +691,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -731,6 +732,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -743,8 +745,6 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -798,6 +798,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -838,6 +839,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -850,6 +852,4 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty_session b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty_session index 81805b2ac..dd9434aed 100644 --- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty_session +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_a_tty_session @@ -370,6 +370,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -421,7 +422,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -477,6 +477,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -517,6 +518,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -529,8 +531,6 @@ Select action: - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -584,6 +584,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -624,6 +625,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -636,8 +638,6 @@ Select action: 1 - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -691,6 +691,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -731,6 +732,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -743,8 +745,6 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -798,6 +798,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -838,6 +839,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -850,6 +852,4 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_screen b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_screen index 68340ef00..8383bc8a3 100644 --- a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_screen +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_screen @@ -370,6 +370,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -421,7 +422,6 @@ Select action: - ──────────────────────────────────────────────────────────────────────────────── @@ -477,6 +477,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -517,6 +518,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -529,8 +531,6 @@ Select action: - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -584,6 +584,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -624,6 +625,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -636,8 +638,6 @@ Select action: 1 - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -691,6 +691,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -731,6 +732,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -743,8 +745,6 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── > if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi > ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true @@ -798,6 +798,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -838,6 +839,7 @@ Scan the qrcode or enter the code in the login page ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ + https://ubuntu.com 1337 == Qr Code authentication (use 'r' to go back) == @@ -850,6 +852,4 @@ PAM AcctMgmt() exited with success - - ──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/internal/adapter/nativemodel.go b/pam/internal/adapter/nativemodel.go index adbaf797d..248b70f0a 100644 --- a/pam/internal/adapter/nativemodel.go +++ b/pam/internal/adapter/nativemodel.go @@ -595,14 +595,14 @@ func (m nativeModel) handleQrCode() tea.Cmd { return cmd } + firstQrCodeLine := strings.SplitN(qrcode, "\n", 2)[0] + centeredContent := centerString(m.uiLayout.GetContent(), firstQrCodeLine) + if cmd := maybeSendPamError(m.sendInfo(centeredContent)); cmd != nil { + return cmd + } + if code := m.uiLayout.GetCode(); code != "" { - firstLine := strings.SplitN(qrcode, "\n", 2)[0] - sizeDiff := len([]rune(firstLine)) - len(code) - var padding string - if sizeDiff > 0 { - padding = strings.Repeat(" ", sizeDiff/2) - } - if cmd := maybeSendPamError(m.sendInfo(padding + code + padding)); cmd != nil { + if cmd := maybeSendPamError(m.sendInfo(centerString(code, firstQrCodeLine))); cmd != nil { return cmd } } @@ -640,6 +640,17 @@ func (m nativeModel) handleQrCode() tea.Cmd { } } +func centerString(s string, reference string) string { + sizeDiff := len([]rune(reference)) - len(s) + if sizeDiff <= 0 { + return s + } + + // We put padding in both sides, so that it's respected also by non-terminal UIs + padding := strings.Repeat(" ", sizeDiff/2) + return padding + s + padding +} + func (m nativeModel) handleNewPassword() tea.Cmd { if buttonLabel := m.uiLayout.GetButton(); buttonLabel != "" { choices := []choicePair{ From fb9bb812cf4c7c7687b3f6d69fd18d4928e98ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 1 Jul 2024 17:49:29 +0200 Subject: [PATCH 2/3] pam/nativemodel: Send qrcode info as a single info message Send the qrcode info message as a single item so that UIs such as GNOME shell can handle this properly --- pam/internal/adapter/nativemodel.go | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/pam/internal/adapter/nativemodel.go b/pam/internal/adapter/nativemodel.go index 248b70f0a..707b6d0c9 100644 --- a/pam/internal/adapter/nativemodel.go +++ b/pam/internal/adapter/nativemodel.go @@ -586,29 +586,24 @@ func (m nativeModel) handleQrCode() tea.Cmd { }) } - if cmd := maybeSendPamError(m.sendInfo(m.uiLayout.GetLabel())); cmd != nil { - return cmd - } + var qrcodeView []string + qrcodeView = append(qrcodeView, m.uiLayout.GetLabel()) qrcode := m.renderQrCode(qrCode) - if cmd := maybeSendPamError(m.sendInfo(qrcode)); cmd != nil { - return cmd - } + qrcodeView = append(qrcodeView, qrcode) firstQrCodeLine := strings.SplitN(qrcode, "\n", 2)[0] centeredContent := centerString(m.uiLayout.GetContent(), firstQrCodeLine) - if cmd := maybeSendPamError(m.sendInfo(centeredContent)); cmd != nil { - return cmd - } + qrcodeView = append(qrcodeView, centeredContent) if code := m.uiLayout.GetCode(); code != "" { - if cmd := maybeSendPamError(m.sendInfo(centerString(code, firstQrCodeLine))); cmd != nil { - return cmd - } + qrcodeView = append(qrcodeView, centerString(code, firstQrCodeLine)) } // Ass some extra vertical space to improve readability - if cmd := maybeSendPamError(m.sendInfo(" ")); cmd != nil { + qrcodeView = append(qrcodeView, " ") + + if cmd := maybeSendPamError(m.sendInfo(strings.Join(qrcodeView, "\n"))); cmd != nil { return cmd } From cbe6f3b486218473cc26127d652039b69cd41a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= Date: Mon, 1 Jul 2024 18:41:49 +0200 Subject: [PATCH 3/3] pam/nativemodel: Do not render qrcode UI in polkit --- pam/integration-tests/native_test.go | 5 + .../authenticate_user_with_qr_code_in_polkit | 855 ++++++++++++++++++ pam/internal/adapter/nativemodel.go | 34 +- pam/main-cli.go | 6 +- 4 files changed, 895 insertions(+), 5 deletions(-) create mode 100644 pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_polkit diff --git a/pam/integration-tests/native_test.go b/pam/integration-tests/native_test.go index fd7859798..709f60b4e 100644 --- a/pam/integration-tests/native_test.go +++ b/pam/integration-tests/native_test.go @@ -33,6 +33,7 @@ func TestNativeAuthenticate(t *testing.T) { termEnv string sessionEnv string pamUser string + pamServiceName string }{ "Authenticate user successfully": {tape: "simple_auth"}, "Authenticate user successfully with preset user": {tape: "simple_auth_with_preset_user"}, @@ -42,6 +43,7 @@ func TestNativeAuthenticate(t *testing.T) { "Authenticate user with qr code in a TTY": {tape: "qr_code", pamUser: "user-integration-qr-code-tty", termEnv: "linux"}, "Authenticate user with qr code in a TTY session": {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"}, "Authenticate user with qr code in screen": {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"}, + "Authenticate user with qr code in polkit": {tape: "qr_code", pamUser: "user-integration-qr-code-screen", pamServiceName: "polkit-1"}, "Authenticate user and reset password while enforcing policy": {tape: "mandatory_password_reset"}, "Authenticate user and offer password reset": {tape: "optional_password_reset_skip"}, "Authenticate user and accept password reset": {tape: "optional_password_reset_accept"}, @@ -102,6 +104,9 @@ func TestNativeAuthenticate(t *testing.T) { if tc.pamUser != "" { cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_USER=%s", tc.pamUser)) } + if tc.pamServiceName != "" { + cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_SERVICE=%s", tc.pamServiceName)) + } if tc.termEnv != "" { cmd.Env = append(cmd.Env, fmt.Sprintf("AUTHD_PAM_CLI_TERM=%s", tc.termEnv)) } diff --git a/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_polkit b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_polkit new file mode 100644 index 000000000..96d3b3dcf --- /dev/null +++ b/pam/integration-tests/testdata/TestNativeAuthenticate/golden/authenticate_user_with_qr_code_in_polkit @@ -0,0 +1,855 @@ +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: 7 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: 7 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 2 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: 7 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 2 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: 7 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 2 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 1 +PAM Authenticate() for user "user-integration-qr-code-screen" exited with success +PAM AcctMgmt() exited with success +> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── +> if [ -v AUTHD_PAM_CLI_TERM ]; then export TERM=${AUTHD_PAM_CLI_TERM}; fi +> ./pam_authd login socket=${AUTHD_TESTS_CLI_AUTHENTICATE_TESTS_SOCK} force_native_client=true +== Broker selection (use 'r' to go back) == +1 - local +2 - ExampleBroker +Select broker: 2 +Insert 'r' to cancel the request and go back +Gimme your password: +== Authentication mode selection (use 'r' to go back) == +1 - Password authentication +2 - Send URL to user-integration-qr-code-screen@gmail.com +3 - Use your fido device foo +4 - Use your phone +33… +5 - Use your phone +1… +6 - Pin code +7 - Use a QR code +8 - Authentication code +Select authentication mode: 7 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 2 +Scan the qrcode or enter the code in the login page +https://ubuntu.com + 1337 + +== Qr Code authentication (use 'r' to go back) == +1 - Wait for the QR code scan result +2 - Regenerate code +Select action: 1 +PAM Authenticate() for user "user-integration-qr-code-screen" exited with success +PAM AcctMgmt() exited with success +> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +──────────────────────────────────────────────────────────────────────────────── diff --git a/pam/internal/adapter/nativemodel.go b/pam/internal/adapter/nativemodel.go index 707b6d0c9..a9b4ffaed 100644 --- a/pam/internal/adapter/nativemodel.go +++ b/pam/internal/adapter/nativemodel.go @@ -28,11 +28,16 @@ type nativeModel struct { selectedAuthMode string uiLayout *authd.UILayout + serviceName string currentStage proto.Stage busy bool } -const nativeCancelKey = "r" +const ( + nativeCancelKey = "r" + + polkitServiceName = "polkit-1" +) // nativeBrokerSelection is the internal event to notify that a stage change is requested. type nativeChangeStage ChangeStage @@ -63,6 +68,12 @@ var errNotAnInteger = errors.New("parsed value is not an integer") func (m *nativeModel) Init() tea.Cmd { m.currentStage = proto.Stage(-1) + var err error + m.serviceName, err = m.pamMTx.GetItem(pam.Service) + if err != nil { + log.Errorf(context.TODO(), "failed to get the PAM service: %v", err) + } + return func() tea.Msg { required, optional := "required", "optional" supportedEntries := "optional:chars,chars_password,digits,digits_password" @@ -589,10 +600,16 @@ func (m nativeModel) handleQrCode() tea.Cmd { var qrcodeView []string qrcodeView = append(qrcodeView, m.uiLayout.GetLabel()) - qrcode := m.renderQrCode(qrCode) - qrcodeView = append(qrcodeView, qrcode) + var firstQrCodeLine string + if m.isQrcodeRenderingSupported() { + qrcode := m.renderQrCode(qrCode) + qrcodeView = append(qrcodeView, qrcode) + firstQrCodeLine = strings.SplitN(qrcode, "\n", 2)[0] + } + if firstQrCodeLine == "" { + firstQrCodeLine = m.uiLayout.GetContent() + } - firstQrCodeLine := strings.SplitN(qrcode, "\n", 2)[0] centeredContent := centerString(m.uiLayout.GetContent(), firstQrCodeLine) qrcodeView = append(qrcodeView, centeredContent) @@ -635,6 +652,15 @@ func (m nativeModel) handleQrCode() tea.Cmd { } } +func (m nativeModel) isQrcodeRenderingSupported() bool { + switch m.serviceName { + case polkitServiceName: + return false + default: + return true + } +} + func centerString(s string, reference string) string { sizeDiff := len([]rune(reference)) - len(s) if sizeDiff <= 0 { diff --git a/pam/main-cli.go b/pam/main-cli.go index 361ac7ece..ba25490ed 100644 --- a/pam/main-cli.go +++ b/pam/main-cli.go @@ -26,6 +26,7 @@ func main() { cliPath := os.Getenv("AUTHD_PAM_CLI_PATH") testName := os.Getenv("AUTHD_PAM_CLI_TEST_NAME") pamUser := os.Getenv("AUTHD_PAM_CLI_USER") + pamService := os.Getenv("AUTHD_PAM_CLI_SERVICE") tmpDir, err := os.MkdirTemp(os.TempDir(), "pam-cli-tester-") if err != nil { @@ -65,7 +66,10 @@ func main() { action, args := os.Args[1], os.Args[2:] args = append(defaultArgs, args...) - serviceFile, err := pam_test.CreateService(tmpDir, "authd-cli", []pam_test.ServiceLine{ + if pamService == "" { + pamService = "authd-cli" + } + serviceFile, err := pam_test.CreateService(tmpDir, pamService, []pam_test.ServiceLine{ {Action: pam_test.Auth, Control: pam_test.SufficientRequisite, Module: execModule, Args: args}, {Action: pam_test.Auth, Control: pam_test.Sufficient, Module: pam_test.Ignore.String()}, {Action: pam_test.Account, Control: pam_test.SufficientRequisite, Module: execModule, Args: args},