Skip to content

Commit

Permalink
Merge pull request #59 from 34N0/fix-persistent-lockout
Browse files Browse the repository at this point in the history
test login after lockout
  • Loading branch information
34N0 authored Jan 30, 2024
2 parents 1ffb7d0 + a20e9ba commit 2ce74b7
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 9 deletions.
10 changes: 5 additions & 5 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ members = [ "crates/lib", "crates/cli", "crates/util", "crates/xtask-test-integr

[workspace.package]
edition = "2021"
version = "0.9.8"
version = "0.9.9"
description = "The AuthRamp PAM module provides an account lockout mechanism based on the number of authentication failures."
authors = ["34n0 <[email protected]>"]
license = "GPL-3.0"
Expand Down
5 changes: 2 additions & 3 deletions crates/lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ use pam::module::{PamHandle, PamHooks};
use pam::pam_try;
use std::cmp::min;
use std::ffi::CStr;
use std::thread::sleep;
use util::settings::Settings;
use util::types::Actions;
use util::{log_error, log_info};
Expand Down Expand Up @@ -263,9 +262,9 @@ fn bounce_auth(pamh: &mut PamHandle, settings: &Settings, tally: &Tally) -> PamR
}

// Wait for one second
sleep(std::time::Duration::from_secs(1));
// sleep(std::time::Duration::from_secs(1));
return PamResultCode::PAM_AUTH_ERR;
}
return PamResultCode::PAM_AUTH_ERR;
}
}
PamResultCode::PAM_SUCCESS
Expand Down
1 change: 1 addition & 0 deletions crates/lib/src/tally.rs
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ impl Tally {
match settings.get_action()? {
Actions::PREAUTH => Ok(()),
Actions::AUTHSUCC => {
log_error!("{}", format!("asdf: {:?}", settings));
// total failures for logging
let total_failures = tally.failures_count;

Expand Down
19 changes: 19 additions & 0 deletions tests/test-pam-auth.rs
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ mod test_pam_auth {

use std::fs;
use std::path::Path;
use std::thread::sleep;
use tempfile::TempDir;

use crate::common::utils::get_pam_context;
Expand Down Expand Up @@ -193,6 +194,24 @@ mod test_pam_auth {
log_str.contains(bounce_message),
"Conversation log does not contain expected bounce message"
);

sleep(std::time::Duration::from_secs(30));

ctx = get_pam_context(USER_NAME, USER_PWD);

// Expect an error during authentication (invalid credentials)
let auth_result = ctx.authenticate(Flag::NONE);
assert!(auth_result.is_ok(), "Authentication failed!");

ctx.acct_mgmt(Flag::NONE)
.expect("Account management failed");

// Expect tally count to decrease
let toml_content = fs::read_to_string(&tally_file_path).unwrap();
assert!(
toml_content.contains("count = 0"),
"Expected tally count = 0"
);
});
}

Expand Down

0 comments on commit 2ce74b7

Please sign in to comment.