From a20e9ba296014eb639130541f90403575f211222 Mon Sep 17 00:00:00 2001 From: 34n0 <34n0@immerda.ch> Date: Tue, 30 Jan 2024 14:20:54 +0100 Subject: [PATCH] test login after lockout --- Cargo.lock | 10 +++++----- Cargo.toml | 2 +- crates/lib/src/lib.rs | 5 ++--- crates/lib/src/tally.rs | 1 + tests/test-pam-auth.rs | 19 +++++++++++++++++++ 5 files changed, 28 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1ed6829..a804e69 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -276,7 +276,7 @@ checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" [[package]] name = "cli" -version = "0.9.8" +version = "0.9.9" dependencies = [ "clap", "colored", @@ -553,7 +553,7 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "lib" -version = "0.9.8" +version = "0.9.9" dependencies = [ "chrono", "libc", @@ -695,7 +695,7 @@ checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f" [[package]] name = "pam-authramp" -version = "0.9.8" +version = "0.9.9" dependencies = [ "pam-client", "tempdir", @@ -1277,7 +1277,7 @@ checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a" [[package]] name = "util" -version = "0.9.8" +version = "0.9.9" dependencies = [ "chrono", "log", @@ -1583,7 +1583,7 @@ checksum = "7e2c411759b501fb9501aac2b1b2d287a6e93e5bdcf13c25306b23e1b716dd0e" [[package]] name = "xtask-test-integration" -version = "0.9.8" +version = "0.9.9" dependencies = [ "anyhow", "cli-xtask", diff --git a/Cargo.toml b/Cargo.toml index 97a9749..8f54021 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,7 +4,7 @@ members = [ "crates/lib", "crates/cli", "crates/util", "crates/xtask-test-integr [workspace.package] edition = "2021" -version = "0.9.8" +version = "0.9.9" description = "The AuthRamp PAM module provides an account lockout mechanism based on the number of authentication failures." authors = ["34n0 <34n0@immerda.ch>"] license = "GPL-3.0" diff --git a/crates/lib/src/lib.rs b/crates/lib/src/lib.rs index 7b07b67..ce27967 100644 --- a/crates/lib/src/lib.rs +++ b/crates/lib/src/lib.rs @@ -56,7 +56,6 @@ use pam::module::{PamHandle, PamHooks}; use pam::pam_try; use std::cmp::min; use std::ffi::CStr; -use std::thread::sleep; use util::settings::Settings; use util::types::Actions; use util::{log_error, log_info}; @@ -263,9 +262,9 @@ fn bounce_auth(pamh: &mut PamHandle, settings: &Settings, tally: &Tally) -> PamR } // Wait for one second - sleep(std::time::Duration::from_secs(1)); + // sleep(std::time::Duration::from_secs(1)); + return PamResultCode::PAM_AUTH_ERR; } - return PamResultCode::PAM_AUTH_ERR; } } PamResultCode::PAM_SUCCESS diff --git a/crates/lib/src/tally.rs b/crates/lib/src/tally.rs index 5cba420..313a1a3 100644 --- a/crates/lib/src/tally.rs +++ b/crates/lib/src/tally.rs @@ -196,6 +196,7 @@ impl Tally { match settings.get_action()? { Actions::PREAUTH => Ok(()), Actions::AUTHSUCC => { + log_error!("{}", format!("asdf: {:?}", settings)); // total failures for logging let total_failures = tally.failures_count; diff --git a/tests/test-pam-auth.rs b/tests/test-pam-auth.rs index ac8d8ec..243a55a 100644 --- a/tests/test-pam-auth.rs +++ b/tests/test-pam-auth.rs @@ -55,6 +55,7 @@ mod test_pam_auth { use std::fs; use std::path::Path; + use std::thread::sleep; use tempfile::TempDir; use crate::common::utils::get_pam_context; @@ -193,6 +194,24 @@ mod test_pam_auth { log_str.contains(bounce_message), "Conversation log does not contain expected bounce message" ); + + sleep(std::time::Duration::from_secs(30)); + + ctx = get_pam_context(USER_NAME, USER_PWD); + + // Expect an error during authentication (invalid credentials) + let auth_result = ctx.authenticate(Flag::NONE); + assert!(auth_result.is_ok(), "Authentication failed!"); + + ctx.acct_mgmt(Flag::NONE) + .expect("Account management failed"); + + // Expect tally count to decrease + let toml_content = fs::read_to_string(&tally_file_path).unwrap(); + assert!( + toml_content.contains("count = 0"), + "Expected tally count = 0" + ); }); }