Mercurial > crates > nonstick
annotate testharness/src/lib.rs @ 189:b2456d274576 default tip
Add line breaks that rustfmt ate back to documentation.
| author | Paul Fisher <paul@pfish.zone> |
|---|---|
| date | Thu, 31 Jul 2025 15:42:12 -0400 |
| parents | 42f747774d94 |
| children |
| rev | line source |
|---|---|
|
184
42f747774d94
Really get documentation stuff squared away.
Paul Fisher <paul@pfish.zone>
parents:
182
diff
changeset
|
1 //! Test module for nonstick. This works with the `testharness` binary |
|
42f747774d94
Really get documentation stuff squared away.
Paul Fisher <paul@pfish.zone>
parents:
182
diff
changeset
|
2 //! to test the end-to-end behavior of nonstick (i.e., that it plumbs everything |
|
42f747774d94
Really get documentation stuff squared away.
Paul Fisher <paul@pfish.zone>
parents:
182
diff
changeset
|
3 //! from the application through PAM to the module properly). |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
4 |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
5 use crate::nonstick::items::ItemsMut; |
|
172
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
6 use crate::nonstick::EnvironMapMut; |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
7 use std::cell::Cell; |
|
104
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
8 extern crate nonstick; |
|
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
9 |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
10 use nonstick::conv::{ErrorMsg, InfoMsg, MaskedQAndA, QAndA}; |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
11 use nonstick::{ |
|
173
46e8ce5cd5d1
Miscellaneous doc and code cleanups.
Paul Fisher <paul@pfish.zone>
parents:
172
diff
changeset
|
12 error, info, pam_export, AuthnFlags, AuthtokAction, AuthtokFlags, ErrorCode, ModuleClient, |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
13 PamModule, |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
14 }; |
|
169
77470e45e397
Set up stuff to work the way Sun expects it to.
Paul Fisher <paul@pfish.zone>
parents:
168
diff
changeset
|
15 use std::ffi::CStr; |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
16 use std::os::unix::ffi::OsStrExt; |
|
104
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
17 |
|
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
18 struct TestHarness; |
|
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
19 |
|
146
1bc52025156b
Split PAM items into their own separate struct.
Paul Fisher <paul@pfish.zone>
parents:
127
diff
changeset
|
20 impl<M: ModuleClient> PamModule<M> for TestHarness { |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
21 fn authenticate(handle: &mut M, args: Vec<&CStr>, _: AuthnFlags) -> nonstick::Result<()> { |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
22 let strings: Vec<_> = args.iter().map(|&a| Vec::from(a.to_bytes())).collect(); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
23 if strings != vec![Vec::from(b"param"), Vec::from(b"param2")] { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
24 return Err(ErrorCode::SystemError); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
25 } |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
26 let username = handle.username(None)?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
27 if username != "initial" { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
28 return Err(ErrorCode::UserUnknown); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
29 } |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
30 handle |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
31 .items_mut() |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
32 .set_user(Some("updated-in-process".as_ref()))?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
33 handle.set_module_data("florgus", Cell::new(99))?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
34 let authtok = handle.authtok(Some("custom".as_ref()))?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
35 if authtok.as_bytes() != b"valid" { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
36 return Err(ErrorCode::AuthenticationError); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
37 } |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
38 let info = InfoMsg::new("Watch out!".as_ref()); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
39 let err = ErrorMsg::new("It's broken!".as_ref()); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
40 let public = QAndA::new("How many?".as_ref()); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
41 let private = MaskedQAndA::new("Where?".as_ref()); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
42 let msgs = &[ |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
43 info.exchange(), |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
44 err.exchange(), |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
45 public.exchange(), |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
46 private.exchange(), |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
47 ]; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
48 handle.communicate(msgs); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
49 let public = public.answer()?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
50 info!(handle, "public question: {:?}", public); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
51 let private = private.answer()?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
52 info!(handle, "private question: {:?}", private); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
53 if public.as_bytes() == b"123" && private.as_bytes() == b"abc" { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
54 Ok(()) |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
55 } else { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
56 Err(ErrorCode::Abort) |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
57 } |
|
104
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
58 } |
|
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
59 |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
60 fn account_management(handle: &mut M, _: Vec<&CStr>, _: AuthnFlags) -> nonstick::Result<()> { |
|
172
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
61 match handle.username(None)?.as_bytes() { |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
62 b"initial" => return Err(ErrorCode::AccountExpired), |
|
172
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
63 b"updated-in-process" => (), |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
64 _ => return Err(ErrorCode::UserUnknown), |
|
172
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
65 }; |
|
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
66 let value: &Cell<i32> = handle |
|
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
67 .get_module_data("florgus") |
|
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
68 .ok_or(ErrorCode::SessionError)?; |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
69 let florgus_str: Option<&i32> = handle.get_module_data("florgus"); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
70 if let Some(s) = florgus_str { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
71 error!( |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
72 handle, |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
73 "module_data type mismatch: florgus = <{s}> but should not be set" |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
74 ) |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
75 } |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
76 if value.get() != 99 { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
77 error!(handle, "wrong value! {}", value.get()); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
78 return Err(ErrorCode::AuthTokError); |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
79 } |
|
172
6727cbe56f4a
Test environment variable setting; minor cleanup.
Paul Fisher <paul@pfish.zone>
parents:
171
diff
changeset
|
80 handle.environ_mut().insert("nin", "nine inch nails"); |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
81 let password = handle.authtok(None)?; |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
82 if password.as_bytes() == b"valid" { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
83 Err(ErrorCode::NewAuthTokRequired) |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
84 } else { |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
85 Ok(()) |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
86 } |
|
104
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
87 } |
|
159
634cd5f2ac8b
Separate logging into its own trait apart from the rest of PAM.
Paul Fisher <paul@pfish.zone>
parents:
146
diff
changeset
|
88 |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
89 fn change_authtok( |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
90 handle: &mut M, |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
91 _: Vec<&CStr>, |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
92 action: AuthtokAction, |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
93 _flags: AuthtokFlags, |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
94 ) -> nonstick::Result<()> { |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
95 match action { |
|
171
e27c5c667a5a
Create full new types for return code and flags, separate end to end.
Paul Fisher <paul@pfish.zone>
parents:
169
diff
changeset
|
96 AuthtokAction::Validate => { |
|
182
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
97 let expected: &[u8] = if cfg!(pam_impl = "Sun") { |
|
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
98 b"valid" |
|
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
99 } else { |
|
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
100 b"old token!" |
|
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
101 }; |
|
346dc13724ce
Check for Sun-specific password change behavior.
Paul Fisher <paul@pfish.zone>
parents:
173
diff
changeset
|
102 if handle.old_authtok(None)?.as_bytes() != expected { |
|
167
0cabe7b94a4f
Check for old_authtok in change_authtok to emulate real behavior.
Paul Fisher <paul@pfish.zone>
parents:
166
diff
changeset
|
103 return Err(ErrorCode::AuthenticationError); |
|
0cabe7b94a4f
Check for old_authtok in change_authtok to emulate real behavior.
Paul Fisher <paul@pfish.zone>
parents:
166
diff
changeset
|
104 } |
|
168
6642e89d29a2
more closely follow real password change flow
Paul Fisher <paul@pfish.zone>
parents:
167
diff
changeset
|
105 Ok(()) |
|
6642e89d29a2
more closely follow real password change flow
Paul Fisher <paul@pfish.zone>
parents:
167
diff
changeset
|
106 } |
|
6642e89d29a2
more closely follow real password change flow
Paul Fisher <paul@pfish.zone>
parents:
167
diff
changeset
|
107 AuthtokAction::Update => { |
|
166
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
108 let password = handle.authtok(None)?; |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
109 if password.as_bytes() != b"acceptable" { |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
110 return Err(ErrorCode::PermissionDenied); |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
111 } |
|
2f5913131295
Separate flag/action flags into flags and action.
Paul Fisher <paul@pfish.zone>
parents:
163
diff
changeset
|
112 Ok(()) |
|
163
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
113 } |
|
a75a66cb4181
Add end-to-end tests; fix issues found by tests.
Paul Fisher <paul@pfish.zone>
parents:
159
diff
changeset
|
114 } |
|
159
634cd5f2ac8b
Separate logging into its own trait apart from the rest of PAM.
Paul Fisher <paul@pfish.zone>
parents:
146
diff
changeset
|
115 } |
|
104
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
116 } |
|
a2676475e86b
Create the very start of a test suite.
Paul Fisher <paul@pfish.zone>
parents:
diff
changeset
|
117 |
|
173
46e8ce5cd5d1
Miscellaneous doc and code cleanups.
Paul Fisher <paul@pfish.zone>
parents:
172
diff
changeset
|
118 pam_export!(TestHarness); |