Pam random cleanups and fixes #155
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #155 +/- ##
==========================================
- Coverage 82.89% 82.56% -0.34%
==========================================
Files 58 58
Lines 4800 4828 +28
==========================================
+ Hits 3979 3986 +7
- Misses 633 649 +16
- Partials 188 193 +5 ☔ View full report in Codecov by Sentry. |
didrocks
requested changes
Jan 4, 2024
3v1n0
force-pushed
the
pam-random-cleanups
branch
5 times, most recently
from
833b2ca
to
653aa96
Compare
3v1n0
force-pushed
the
pam-random-cleanups
branch
6 times, most recently
from
a03d1a9
to
8396e82
Compare
GabrielNagy
approved these changes
Jan 15, 2024
3v1n0
force-pushed
the
pam-random-cleanups
branch
from
03a6887
to
2d22aef
Compare
|
I'll wait merging this until #173 decision on package name is finalized. |
3v1n0
force-pushed
the
pam-random-cleanups
branch
3 times, most recently
from
a11594b
to
572f2a0
Compare
|
Ok rebased on main. @didrocks this is ready too from my POV, so feel free to merge if you're fine with it too. |
didrocks
requested changes
Jan 17, 2024
There was a problem hiding this comment.
Here we go. I’m surprised by the changes in golden files which make me think that the diff in the previous PR wasn’t really looked at. I suggest a double look at the "weird cases" I am currently spotting now.
Also, ensuring that we don’t stutter the error to the user is important. That could be only the CLI text rendering, but please double check those.
Then, the rest are minor small changes.
pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_switching_broker
Outdated
Show resolved
Hide resolved
pam/integration-tests/testdata/TestCLIIntegration/golden/authenticate_user_with_mfa
Outdated
Show resolved
Hide resolved
...gration-tests/testdata/TestCLIIntegration/golden/deny_authentication_if_max_attempts_reached
Outdated
Show resolved
Hide resolved
pam/integration-tests/testdata/TestCLIIntegration/golden/exit_authd_if_user_sigints
Outdated
Show resolved
Hide resolved
|
I've also added an extra change to introduce
|
didrocks
requested changes
Jan 18, 2024
3v1n0
force-pushed
the
pam-random-cleanups
branch
from
0c45d61
to
4d248c8
Compare
…om the UI This is not happening right now since our UI implements some modes, but it may happen that a remote implementation (gdm) may not.
…ilable We should not ignore the fact that no authentication modes are available so return a proper error instead of ignoring it.
This was supposed to be a logic or, not a bitwise one. As per this, update the golden files to reflect the expected output.
Mimic the behavior that we have with authentication
3v1n0
force-pushed
the
pam-random-cleanups
branch
from
400ff17
to
d7140e0
Compare
didrocks
requested changes
Jan 22, 2024
In some implementations (e.g. gdm) we need to communicate with the UI the stage that is expected to be shown. Since we have the same already defined in the PAM module for local implementation, we can just expose the same values in a newly defined pam protocol so that can be reused by gdm too. As per this, add a Stage enum type to the protocol and reuse these values inside the pam module. We just need to also define an undefined state to have an invalid value.
Avoid repeating the same operations multiple times or handling change stage messages when not needed. To make this to work we need to ensure that the initial state is not marked as user selection. We do not define a new stage value since it would be unused, and that's good that is not.
This makes the output of the golden files clearer and it makes explicit the Pam status code that is returned.
Print it once authenticated so that we are sure that the expected user is passed to the pam stack.
Our model may handle multiple pam client types, and depending on them it could behave differently, so indicate this through an enum instead of a simple boolean, since we will have multiple types not just interactive and non interactive clients. As for now, just return an error if a non-interactive client is used, since that's the only thing we support right now.
If an error occurred we need to also return the model, otherwise we'd end up on a invalid memory address or nil pointer dereference in bubbletea
3v1n0
force-pushed
the
pam-random-cleanups
branch
from
d7140e0
to
b4feed5
Compare
|
Thanks @didrocks, rebased and squashed, so feel free to merge now. |
didrocks
approved these changes
Jan 22, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some cleanups and fixes as prerequisite of bigger gdm changes