Merge pull request #46 from 34N0/refactor

refactor: update deps, more concise config, better logging

Cargo.toml

@@ -12,21 +12,21 @@ homepage = "https://github.com/34N0/pam-authramp/"
 repository = "https://github.com/34N0/pam-authramp/"
 
 [workspace.dependencies]
+anyhow = "1.0.75"
 chrono = "0.4.31"
+clap = { version = "4.4.16", features = ["derive"] }
+cli-xtask = { version = "0.8.0", features = ["main", "lib-crate"] }
+colored = "2.1.0"
+log = "0.4"
 pam-bindings = "0.1.1"
+pam-client = "0.5.0"
 sysinfo = "0.30.0"
 syslog = "6.1.0"
-uzers = "0.11.3"
-log = "0.4"
-toml = "0.8.8"
-pam-client = "0.5.0"
-tempfile = "3.8.1"
 tempdir = "0.3.7"
-anyhow = "1.0.75"
-cli-xtask = { version = "0.8.0", features = ["main", "lib-crate"] }
+tempfile = "3.8.1"
+toml = "0.8.8"
+uzers = "0.11.3"
 xshell = "0.2.5"
-clap = { version = "4.4.16", features = ["derive"] }
-colored = "2.1.0"
 
 [workspace.lints.clippy]
 pedantic = { level = "deny" }
@@ -42,8 +42,8 @@ license.workspace = true
 
 [dev-dependencies]
 pam-client.workspace = true
-tempfile.workspace = true
 tempdir.workspace = true
+tempfile.workspace = true
 
 [package.metadata.generate-rpm]
 assets = [

README.md

@@ -54,7 +54,7 @@ Create a configuration file under /etc/security/authramp.conf. This is an exampl
 # AuthRamp Configuration File
 # This file configures the behavior of the AuthRamp PAM module.
 #
-[Settings]
+[Configuration]
 # Directory where tally information is stored.
 # Each user has a separate file in this directory to track authentication failures.
 tally_dir = /var/run/authramp

crates/cli/Cargo.toml

@@ -15,8 +15,8 @@ doc = false
 
 [dependencies]
 clap = { workspace = true, features = ["derive"] }
-log.workspace = true
 colored.workspace = true
+log.workspace = true
 util = { path = "../util" }
 
 [dev-dependencies]

crates/cli/src/cmd/reset.rs

@@ -3,7 +3,7 @@
 //! The `reset` module provides functionality to reset the tally information for a user.
 //! It is used in the context of the `sm_authenticate` PAM hook when the `reset` command is specified.
 //! The tally information is stored in a file, and this module allows resetting the tally for a specific user.
-//! 
+//!
 //! ## License
 //!
 //! pam-authramp

crates/cli/src/main.rs

@@ -26,7 +26,7 @@
 //! - [`ArCliResult`](struct.ArCliResult.html): Represents the result of a command execution in the `AuthRamp` CLI.
 //! - [`Cli`](struct.Cli.html): Represents the main CLI struct.
 //! - [`Command`](enum.Command.html): Represents the available subcommands.
-//! 
+//!
 //! ## License
 //!
 //! pam-authramp

crates/lib/Cargo.toml

@@ -16,11 +16,11 @@ doc = false
 
 [dependencies]
 chrono.workspace = true
+log.workspace = true
 pam-bindings.workspace = true
-uzers.workspace = true
 toml.workspace = true
-log.workspace = true
 util = { path = "../util" }
+uzers.workspace = true
 
 [dev-dependencies]
 tempdir.workspace = true

crates/lib/src/lib.rs

@@ -12,12 +12,12 @@
 //!
 //! ## Configuration
 //!
-//! The behavior of the `AuthRamp` module is configurable through an INI file located at
+//! The behavior of the `AuthRamp` module is configurable through an TOML file located at
 //! `/etc/security/authramp.conf` by default. The configuration file can be customized with settings
 //! such as the tally directory, free tries threshold, base delay, and multiplier.
 //!
 //! ```ini
-//! [Settings]
+//! [Configuration]
 //! tally_dir = /var/run/authramp
 //! free_tries = 6
 //! base_delay_seconds = 30
@@ -57,10 +57,10 @@ use pam::pam_try;
 use std::cmp::min;
 use std::ffi::CStr;
 use std::thread::sleep;
-use uzers::get_user_by_name;
-use util::log_info;
 use util::settings::Settings;
 use util::types::Actions;
+use util::{log_error, log_info};
+use uzers::get_user_by_name;
 
 use tally::Tally;
 
@@ -252,14 +252,22 @@ fn bounce_auth(pamh: &mut PamHandle, settings: &Settings, tally: &Tally) -> PamR
                 let capped_remaining_time = min(remaining_time, Duration::hours(24));
 
                 // Send a message to the conversation function
-                let _ = conv.send(
+                let conv_res = conv.send(
                     PAM_ERROR_MSG,
                     &format!(
                         "Account locked! Unlocking in {}.",
                         format_remaining_time(capped_remaining_time)
                     ),
                 );
 
+                // Log Conversation Error but continue loop
+                match conv_res {
+                    Ok(_) => (),
+                    Err(pam_code) => {
+                        log_error!("{:?}: Error starting PAM conversation.", pam_code);
+                    }
+                }
+
                 // Wait for one second
                 sleep(std::time::Duration::from_secs(1));
             }

crates/lib/src/tally.rs

@@ -43,10 +43,10 @@ use std::{
 
 use chrono::{DateTime, Duration, Utc};
 use pam::constants::PamResultCode;
-use uzers::User;
 use util::settings::Settings;
 use util::types::Actions;
 use util::{log_error, log_info};
+use uzers::User;
 
 /// The `Tally` struct represents the account lockout information, including
 /// the number of authentication failures and the timestamp of the last failure.
@@ -179,7 +179,7 @@ impl Tally {
     /// PREAUTH is ignored;
     ///
     /// # Arguments
-    /// - `fails_section`: A reference to the "Fails" section of the INI file.
+    /// - `fails_section`: A reference to the "Fails" section of the TOML file.
     /// - `tally`: A mutable reference to the `Tally` struct.
     /// - `settings`: A reference to the `Settings` struct.
     ///

crates/util/Cargo.toml

@@ -16,12 +16,12 @@ doc = false
 
 [dependencies]
 chrono.workspace = true
+log.workspace = true
 pam-bindings.workspace = true
 sysinfo.workspace = true
 syslog.workspace = true
-log.workspace = true
-uzers.workspace = true
 toml.workspace = true
+uzers.workspace = true
 
 [dev-dependencies]
 tempdir.workspace = true

crates/util/src/config.rs

@@ -12,7 +12,7 @@
 //! # Structs
 //!
 //! - [`Config`](struct.Config.html): Represents the configuration settings for `AuthRamp`.
-//! 
+//!
 //! ## License
 //!
 //! pam-authramp
@@ -31,10 +31,10 @@
 //! You should have received a copy of the GNU General Public License
 //! along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-
-
 use std::{fs, path::PathBuf};
 
+use crate::log_info;
+
 const DEFAULT_CONFIG_FILE_PATH: &str = "/etc/security/authramp.conf";
 
 #[derive(Debug)]
@@ -65,11 +65,11 @@ impl Default for Config {
 }
 
 impl Config {
-    /// Loads configuration config from an INI file, returning a `Config` instance.
+    /// Loads configuration config from an TOML file, returning a `Config` instance.
     ///
     /// # Arguments
     ///
-    /// * `config_file`: An optional `PathBuf` specifying the path to the INI file. If
+    /// * `config_file`: An optional `PathBuf` specifying the path to the TOML file. If
     ///   not provided, the default configuration file path is used.
     ///
     /// # Returns
@@ -87,33 +87,43 @@ impl Config {
             content.and_then(|c| toml::de::from_str(&c).ok());
 
         // Extract the "Config" section from the TOML table
-        let config = toml_table.and_then(|t| t.get("Settings").cloned());
+        let config = toml_table.and_then(|t| t.get("Configuration").cloned());
 
         // Map the config to the Config struct
-        config
-            .map(|s| Config {
+        config.map_or_else(
+            || {
+                log_info!(
+                    "PAM_SYSTEM_ERR: Error parsing configuration file. Using default values."
+                );
+                Config::default()
+            },
+            |s| Config {
                 tally_dir: s
                     .get("tally_dir")
                     .and_then(|val| val.as_str().map(PathBuf::from))
                     .unwrap_or_else(|| Config::default().tally_dir),
+
                 free_tries: s
                     .get("free_tries")
                     .and_then(toml::Value::as_integer)
                     .map_or_else(|| Config::default().free_tries, |val| val as i32),
+
                 base_delay_seconds: s
                     .get("base_delay_seconds")
                     .and_then(toml::Value::as_integer)
                     .map_or_else(|| Config::default().base_delay_seconds, |val| val as i32),
+
                 ramp_multiplier: s
                     .get("ramp_multiplier")
                     .and_then(toml::Value::as_float)
                     .map_or_else(|| Config::default().ramp_multiplier, |val| val as i32),
+
                 even_deny_root: s
                     .get("even_deny_root")
                     .and_then(toml::Value::as_bool)
                     .unwrap_or_else(|| Config::default().even_deny_root),
-            })
-            .unwrap_or_default()
+            },
+        )
     }
 }
 
@@ -141,7 +151,7 @@ mod tests {
 
         // Create a TOML file with settings
         let toml_content = r#"
-        [Settings]
+        [Configuration]
         tally_dir = "/tmp/tally_dir"
         free_tries = 10
         base_delay_seconds = 15

crates/util/src/settings.rs

@@ -1,14 +1,11 @@
 //! # Settings Module
 //!
 //! The `settings` module is responsible for managing configuration settings related to the
-//! authramp PAM module. It provides a structure `Settings` and functions to load configuration
-//! from an INI file, build settings based on user input, and set default values.
+//! authramp PAM module.
 //!
 //! ## Overview
 //!
 //! The `Settings` structure represents the configuration settings for the authramp PAM module.
-//! It includes fields such as `action`, `user`, `tally_dir`, `free_tries`, `base_delay_seconds`,
-//! and `ramp_multiplier`.
 //!
 //! ## License
 //!
@@ -72,7 +69,7 @@ impl Settings<'_> {
     ///   the PAM session.
     /// * `args`: A vector of `CStr` references representing the PAM module arguments.
     /// * `_flags`: PAM flags indicating the context of the PAM operation (unused).
-    /// * `config_file`: An optional `PathBuf` specifying the path to the INI file. If
+    /// * `config_file`: An optional `PathBuf` specifying the path to the TOML file. If
     ///   not provided, the default configuration file path is used.
     ///
     /// # Returns
@@ -89,7 +86,7 @@ impl Settings<'_> {
         _flags: PamFlag,
         pam_hook: &'a str,
     ) -> Result<Settings<'a>, PamResultCode> {
-        // Load INI file.
+        // Load TOML file.
         let mut settings = Settings::default();
 
         // create possible action collection

crates/util/src/types.rs

@@ -10,7 +10,7 @@
 //! # Enumerations
 //!
 //! - [`Actions`](enum.Actions.html): Represents different actions in the `AuthRamp` library.
-//! 
+//!
 //! ## License
 //!
 //! pam-authramp

crates/xtask-test-integration/Cargo.toml

@@ -5,9 +5,9 @@ version.workspace = true
 publish = false
 
 [dependencies]
+anyhow.workspace = true
 cli-xtask.workspace = true
 xshell.workspace = true
-anyhow.workspace = true
 
 [lints]
 workspace = true

examples/system-auth/authramp.conf

@@ -1,7 +1,7 @@
 # AuthRamp Configuration File
 # This file configures the behavior of the AuthRamp PAM module.
 #
-[Settings]
+[Configuration]
 # Directory where tally information is stored.
 # Each user has a separate file in this directory to track authentication failures.
 # tally_dir = /var/run/authramp

tests/test-pam-auth.rs

@@ -203,7 +203,7 @@ mod test_pam_auth {
 
             // Set the custom tally_dir path in authramp.conf
             let config_content = format!(
-                "[Settings]\n\
+                "[Configuration]\n\
                 tally_dir = \"{}\"\n\
                 free_tries = 6\n\
                 base_delay_seconds = 30\n\