Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: update deps, more concise config, better logging #46

Merged
merged 1 commit into from
Jan 21, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

20 changes: 10 additions & 10 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -12,21 +12,21 @@ homepage = "https://github.com/34N0/pam-authramp/"
repository = "https://github.com/34N0/pam-authramp/"

[workspace.dependencies]
anyhow = "1.0.75"
chrono = "0.4.31"
clap = { version = "4.4.16", features = ["derive"] }
cli-xtask = { version = "0.8.0", features = ["main", "lib-crate"] }
colored = "2.1.0"
log = "0.4"
pam-bindings = "0.1.1"
pam-client = "0.5.0"
sysinfo = "0.30.0"
syslog = "6.1.0"
uzers = "0.11.3"
log = "0.4"
toml = "0.8.8"
pam-client = "0.5.0"
tempfile = "3.8.1"
tempdir = "0.3.7"
anyhow = "1.0.75"
cli-xtask = { version = "0.8.0", features = ["main", "lib-crate"] }
tempfile = "3.8.1"
toml = "0.8.8"
uzers = "0.11.3"
xshell = "0.2.5"
clap = { version = "4.4.16", features = ["derive"] }
colored = "2.1.0"

[workspace.lints.clippy]
pedantic = { level = "deny" }
Expand All @@ -42,8 +42,8 @@ license.workspace = true

[dev-dependencies]
pam-client.workspace = true
tempfile.workspace = true
tempdir.workspace = true
tempfile.workspace = true

[package.metadata.generate-rpm]
assets = [
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ Create a configuration file under /etc/security/authramp.conf. This is an exampl
# AuthRamp Configuration File
# This file configures the behavior of the AuthRamp PAM module.
#
[Settings]
[Configuration]
# Directory where tally information is stored.
# Each user has a separate file in this directory to track authentication failures.
tally_dir = /var/run/authramp
Expand Down
2 changes: 1 addition & 1 deletion crates/cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ doc = false

[dependencies]
clap = { workspace = true, features = ["derive"] }
log.workspace = true
colored.workspace = true
log.workspace = true
util = { path = "../util" }

[dev-dependencies]
Expand Down
2 changes: 1 addition & 1 deletion crates/cli/src/cmd/reset.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
//! The `reset` module provides functionality to reset the tally information for a user.
//! It is used in the context of the `sm_authenticate` PAM hook when the `reset` command is specified.
//! The tally information is stored in a file, and this module allows resetting the tally for a specific user.
//!
//!
//! ## License
//!
//! pam-authramp
Expand Down
2 changes: 1 addition & 1 deletion crates/cli/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
//! - [`ArCliResult`](struct.ArCliResult.html): Represents the result of a command execution in the `AuthRamp` CLI.
//! - [`Cli`](struct.Cli.html): Represents the main CLI struct.
//! - [`Command`](enum.Command.html): Represents the available subcommands.
//!
//!
//! ## License
//!
//! pam-authramp
Expand Down
4 changes: 2 additions & 2 deletions crates/lib/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ doc = false

[dependencies]
chrono.workspace = true
log.workspace = true
pam-bindings.workspace = true
uzers.workspace = true
toml.workspace = true
log.workspace = true
util = { path = "../util" }
uzers.workspace = true

[dev-dependencies]
tempdir.workspace = true
Expand Down
18 changes: 13 additions & 5 deletions crates/lib/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@
//!
//! ## Configuration
//!
//! The behavior of the `AuthRamp` module is configurable through an INI file located at
//! The behavior of the `AuthRamp` module is configurable through an TOML file located at
//! `/etc/security/authramp.conf` by default. The configuration file can be customized with settings
//! such as the tally directory, free tries threshold, base delay, and multiplier.
//!
//! ```ini
//! [Settings]
//! [Configuration]
//! tally_dir = /var/run/authramp
//! free_tries = 6
//! base_delay_seconds = 30
Expand Down Expand Up @@ -57,10 +57,10 @@ use pam::pam_try;
use std::cmp::min;
use std::ffi::CStr;
use std::thread::sleep;
use uzers::get_user_by_name;
use util::log_info;
use util::settings::Settings;
use util::types::Actions;
use util::{log_error, log_info};
use uzers::get_user_by_name;

use tally::Tally;

Expand Down Expand Up @@ -252,14 +252,22 @@ fn bounce_auth(pamh: &mut PamHandle, settings: &Settings, tally: &Tally) -> PamR
let capped_remaining_time = min(remaining_time, Duration::hours(24));

// Send a message to the conversation function
let _ = conv.send(
let conv_res = conv.send(
PAM_ERROR_MSG,
&format!(
"Account locked! Unlocking in {}.",
format_remaining_time(capped_remaining_time)
),
);

// Log Conversation Error but continue loop
match conv_res {
Ok(_) => (),
Err(pam_code) => {
log_error!("{:?}: Error starting PAM conversation.", pam_code);
}
}

// Wait for one second
sleep(std::time::Duration::from_secs(1));
}
Expand Down
4 changes: 2 additions & 2 deletions crates/lib/src/tally.rs
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,10 @@ use std::{

use chrono::{DateTime, Duration, Utc};
use pam::constants::PamResultCode;
use uzers::User;
use util::settings::Settings;
use util::types::Actions;
use util::{log_error, log_info};
use uzers::User;

/// The `Tally` struct represents the account lockout information, including
/// the number of authentication failures and the timestamp of the last failure.
Expand Down Expand Up @@ -179,7 +179,7 @@ impl Tally {
/// PREAUTH is ignored;
///
/// # Arguments
/// - `fails_section`: A reference to the "Fails" section of the INI file.
/// - `fails_section`: A reference to the "Fails" section of the TOML file.
/// - `tally`: A mutable reference to the `Tally` struct.
/// - `settings`: A reference to the `Settings` struct.
///
Expand Down
4 changes: 2 additions & 2 deletions crates/util/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ doc = false

[dependencies]
chrono.workspace = true
log.workspace = true
pam-bindings.workspace = true
sysinfo.workspace = true
syslog.workspace = true
log.workspace = true
uzers.workspace = true
toml.workspace = true
uzers.workspace = true

[dev-dependencies]
tempdir.workspace = true
Expand Down
32 changes: 21 additions & 11 deletions crates/util/src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
//! # Structs
//!
//! - [`Config`](struct.Config.html): Represents the configuration settings for `AuthRamp`.
//!
//!
//! ## License
//!
//! pam-authramp
Expand All @@ -31,10 +31,10 @@
//! You should have received a copy of the GNU General Public License
//! along with this program. If not, see <http://www.gnu.org/licenses/>.



use std::{fs, path::PathBuf};

use crate::log_info;

const DEFAULT_CONFIG_FILE_PATH: &str = "/etc/security/authramp.conf";

#[derive(Debug)]
Expand Down Expand Up @@ -65,11 +65,11 @@ impl Default for Config {
}

impl Config {
/// Loads configuration config from an INI file, returning a `Config` instance.
/// Loads configuration config from an TOML file, returning a `Config` instance.
///
/// # Arguments
///
/// * `config_file`: An optional `PathBuf` specifying the path to the INI file. If
/// * `config_file`: An optional `PathBuf` specifying the path to the TOML file. If
/// not provided, the default configuration file path is used.
///
/// # Returns
Expand All @@ -87,33 +87,43 @@ impl Config {
content.and_then(|c| toml::de::from_str(&c).ok());

// Extract the "Config" section from the TOML table
let config = toml_table.and_then(|t| t.get("Settings").cloned());
let config = toml_table.and_then(|t| t.get("Configuration").cloned());

// Map the config to the Config struct
config
.map(|s| Config {
config.map_or_else(
|| {
log_info!(
"PAM_SYSTEM_ERR: Error parsing configuration file. Using default values."
);
Config::default()
},
|s| Config {
tally_dir: s
.get("tally_dir")
.and_then(|val| val.as_str().map(PathBuf::from))
.unwrap_or_else(|| Config::default().tally_dir),

free_tries: s
.get("free_tries")
.and_then(toml::Value::as_integer)
.map_or_else(|| Config::default().free_tries, |val| val as i32),

base_delay_seconds: s
.get("base_delay_seconds")
.and_then(toml::Value::as_integer)
.map_or_else(|| Config::default().base_delay_seconds, |val| val as i32),

ramp_multiplier: s
.get("ramp_multiplier")
.and_then(toml::Value::as_float)
.map_or_else(|| Config::default().ramp_multiplier, |val| val as i32),

even_deny_root: s
.get("even_deny_root")
.and_then(toml::Value::as_bool)
.unwrap_or_else(|| Config::default().even_deny_root),
})
.unwrap_or_default()
},
)
}
}

Expand Down Expand Up @@ -141,7 +151,7 @@ mod tests {

// Create a TOML file with settings
let toml_content = r#"
[Settings]
[Configuration]
tally_dir = "/tmp/tally_dir"
free_tries = 10
base_delay_seconds = 15
Expand Down
9 changes: 3 additions & 6 deletions crates/util/src/settings.rs
Original file line number Diff line number Diff line change
@@ -1,14 +1,11 @@
//! # Settings Module
//!
//! The `settings` module is responsible for managing configuration settings related to the
//! authramp PAM module. It provides a structure `Settings` and functions to load configuration
//! from an INI file, build settings based on user input, and set default values.
//! authramp PAM module.
//!
//! ## Overview
//!
//! The `Settings` structure represents the configuration settings for the authramp PAM module.
//! It includes fields such as `action`, `user`, `tally_dir`, `free_tries`, `base_delay_seconds`,
//! and `ramp_multiplier`.
//!
//! ## License
//!
Expand Down Expand Up @@ -72,7 +69,7 @@ impl Settings<'_> {
/// the PAM session.
/// * `args`: A vector of `CStr` references representing the PAM module arguments.
/// * `_flags`: PAM flags indicating the context of the PAM operation (unused).
/// * `config_file`: An optional `PathBuf` specifying the path to the INI file. If
/// * `config_file`: An optional `PathBuf` specifying the path to the TOML file. If
/// not provided, the default configuration file path is used.
///
/// # Returns
Expand All @@ -89,7 +86,7 @@ impl Settings<'_> {
_flags: PamFlag,
pam_hook: &'a str,
) -> Result<Settings<'a>, PamResultCode> {
// Load INI file.
// Load TOML file.
let mut settings = Settings::default();

// create possible action collection
Expand Down
2 changes: 1 addition & 1 deletion crates/util/src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
//! # Enumerations
//!
//! - [`Actions`](enum.Actions.html): Represents different actions in the `AuthRamp` library.
//!
//!
//! ## License
//!
//! pam-authramp
Expand Down
2 changes: 1 addition & 1 deletion crates/xtask-test-integration/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ version.workspace = true
publish = false

[dependencies]
anyhow.workspace = true
cli-xtask.workspace = true
xshell.workspace = true
anyhow.workspace = true

[lints]
workspace = true
2 changes: 1 addition & 1 deletion examples/system-auth/authramp.conf
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# AuthRamp Configuration File
# This file configures the behavior of the AuthRamp PAM module.
#
[Settings]
[Configuration]
# Directory where tally information is stored.
# Each user has a separate file in this directory to track authentication failures.
# tally_dir = /var/run/authramp
Expand Down
2 changes: 1 addition & 1 deletion tests/test-pam-auth.rs
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ mod test_pam_auth {

// Set the custom tally_dir path in authramp.conf
let config_content = format!(
"[Settings]\n\
"[Configuration]\n\
tally_dir = \"{}\"\n\
free_tries = 6\n\
base_delay_seconds = 30\n\
Expand Down
Loading