go/msteinert-go-pam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

module-transaction: Add support for initiating PAM Conversations

Browse Source 
Modules have the ability to start PAM conversations, so while the
transaction code can handle them we did not have a way to init them.
Yet.

So add some APIs allowing this, making it easier from the go side to
handle the conversations.

In this commit we only support text-based conversations, but code is
designed with the idea of supporting binary cases too.

Added the integration tests using the module that is now able to both
start conversation and handle them using Go only.
This commit is contained in:
Marco Trevisan (Treviño)
2023-10-04 23:34:20 +02:00
parent 7a073f5ba0
commit 883dc86533
8 changed files with 790 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

205
cmd/pam-moduler/tests/integration-tester-module/integration-tester-module_test.go
View File

@@ -630,6 +630,194 @@ func Test_Moduler_IntegrationTesterModule(t *testing.T) {
},
},
},
"start-conv-no-conv-set": {
expectedError: pam.ErrConv,
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.TextInfo,
"hello PAM!",
}),
exp: []interface{}{nil, pam.ErrConv},
},
{
r: NewRequest("StartStringConv", pam.TextInfo, "hello PAM!"),
exp: []interface{}{nil, pam.ErrConv},
},
},
},
"start-conv-prompt-text-info": {
credentials: utils.Credentials{
ExpectedMessage: "hello PAM!",
ExpectedStyle: pam.TextInfo,
TextInfo: "nice to see you, Go!",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.TextInfo,
"hello PAM!",
}),
exp: []interface{}{SerializableStringConvResponse{
pam.TextInfo,
"nice to see you, Go!",
}, nil},
},
{
r: NewRequest("StartStringConv", pam.TextInfo, "hello PAM!"),
exp: []interface{}{SerializableStringConvResponse{
pam.TextInfo,
"nice to see you, Go!",
}, nil},
},
{
r: NewRequest("StartStringConvf", pam.TextInfo, "hello %s!", "PAM"),
exp: []interface{}{SerializableStringConvResponse{
pam.TextInfo,
"nice to see you, Go!",
}, nil},
},
},
},
"start-conv-prompt-error-msg": {
credentials: utils.Credentials{
ExpectedMessage: "This is wrong, PAM!",
ExpectedStyle: pam.ErrorMsg,
ErrorMsg: "ops, sorry...",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.ErrorMsg,
"This is wrong, PAM!",
}),
exp: []interface{}{SerializableStringConvResponse{
pam.ErrorMsg,
"ops, sorry...",
}, nil},
},
{
r: NewRequest("StartStringConv", pam.ErrorMsg,
"This is wrong, PAM!",
),
exp: []interface{}{SerializableStringConvResponse{
pam.ErrorMsg,
"ops, sorry...",
}, nil},
},
{
r: NewRequest("StartStringConvf", pam.ErrorMsg,
"This is wrong, %s!", "PAM",
),
exp: []interface{}{SerializableStringConvResponse{
pam.ErrorMsg,
"ops, sorry...",
}, nil},
},
},
},
"start-conv-prompt-echo-on": {
credentials: utils.Credentials{
ExpectedMessage: "Give me your non-private infos",
ExpectedStyle: pam.PromptEchoOn,
EchoOn: "here's my public data",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.PromptEchoOn,
"Give me your non-private infos",
}),
exp: []interface{}{SerializableStringConvResponse{
pam.PromptEchoOn,
"here's my public data",
}, nil},
},
{
r: NewRequest("StartStringConv", pam.PromptEchoOn,
"Give me your non-private infos",
),
exp: []interface{}{SerializableStringConvResponse{
pam.PromptEchoOn,
"here's my public data",
}, nil},
},
},
},
"start-conv-prompt-echo-off": {
credentials: utils.Credentials{
ExpectedMessage: "Give me your super-secret data",
ExpectedStyle: pam.PromptEchoOff,
EchoOff: "here's my private token",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.PromptEchoOff,
"Give me your super-secret data",
}),
exp: []interface{}{SerializableStringConvResponse{
pam.PromptEchoOff,
"here's my private token",
}, nil},
},
{
r: NewRequest("StartStringConv", pam.PromptEchoOff,
"Give me your super-secret data",
),
exp: []interface{}{SerializableStringConvResponse{
pam.PromptEchoOff,
"here's my private token",
}, nil},
},
},
},
"start-conv-text-info-handle-failure-message-mismatch": {
expectedError: pam.ErrConv,
credentials: utils.Credentials{
ExpectedMessage: "This is an info message",
ExpectedStyle: pam.TextInfo,
TextInfo: "And this is what is returned",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.TextInfo,
"This should have been an info message, but is not",
}),
exp: []interface{}{nil, pam.ErrConv},
},
{
r: NewRequest("StartStringConv", pam.TextInfo,
"This should have been an info message, but is not",
),
exp: []interface{}{nil, pam.ErrConv},
},
},
},
"start-conv-text-info-handle-failure-style-mismatch": {
expectedError: pam.ErrConv,
credentials: utils.Credentials{
ExpectedMessage: "This is an info message",
ExpectedStyle: pam.PromptEchoOff,
TextInfo: "And this is what is returned",
},
checkedRequests: []checkedRequest{
{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.TextInfo,
"This is an info message",
}),
exp: []interface{}{nil, pam.ErrConv},
},
{
r: NewRequest("StartStringConv", pam.TextInfo,
"This is an info message",
),
exp: []interface{}{nil, pam.ErrConv},
},
},
},
}
for name, tc := range tests {
@@ -880,6 +1068,23 @@ func Test_Moduler_IntegrationTesterModule_Authenticate(t *testing.T) {
},
},
},
"StartConv": {
expectedError: pam.ErrSystem,
checkedRequests: []checkedRequest{{
r: NewRequest("StartConv", SerializableStringConvRequest{
pam.TextInfo,
"hello PAM!",
}),
exp: []interface{}{nil, pam.ErrSystem},
}},
},
"StartStringConv": {
expectedError: pam.ErrSystem,
checkedRequests: []checkedRequest{{
r: NewRequest("StartStringConv", pam.TextInfo, "hello PAM!"),
exp: []interface{}{nil, pam.ErrSystem},
}},
},
}
for name, tc := range tests {