feat(pam/adapter): Add Gdm model implementation (#190)

Add a model to implement the communication between GDM and this pam module using the JSON private protocol. Added tests that mimic the behavior of what GDM ui should do, implementing a pam transaction handler that supports the GDM binary protocol. This does not include fully integration tests yet, to make review _smaller_... UDENG-1372
ubuntu · Feb 23, 2024 · d098b41 · d098b41
2 parents 92112e1 + 9d4b681
commit d098b41
Show file tree

Hide file tree

Showing 23 changed files with 5,071 additions and 86 deletions.
diff --git a/go.mod b/go.mod
@@ -69,4 +69,4 @@ require (
 // FIXME: Use released version once we have one!
 // The branch below includes changes from this upstream PR:
 // - https://github.com/msteinert/pam/pull/13
-replace github.com/msteinert/pam/v2 => github.com/3v1n0/go-pam/v2 v2.0.0-20240119152522-79364f5b2eed
+replace github.com/msteinert/pam/v2 => github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11
diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-github.com/3v1n0/go-pam/v2 v2.0.0-20240119152522-79364f5b2eed h1:s7ioiXl7hgPDHp+dKPAeUDE7g0A7fzy7ikZ/IfJeah8=
-github.com/3v1n0/go-pam/v2 v2.0.0-20240119152522-79364f5b2eed/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc=
+github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11 h1:zGS1p61QyPZKDpk53NMEy50eNhLB3GILQQf6LnEWgr4=
+github.com/3v1n0/go-pam/v2 v2.0.0-20240218173232-e182844e4e11/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=

diff --git a/pam/internal/adapter/authentication.go b/pam/internal/adapter/authentication.go
@@ -64,6 +64,11 @@ type isAuthenticatedResultReceived struct {
 	msg    string
 }
 
+// isAuthenticatedCancelled is the event to cancel the auth request.
+type isAuthenticatedCancelled struct {
+	msg string
+}
+
 // reselectAuthMode signals to restart auth mode selection with the same id (to resend sms or
 // reenable the broker).
 type reselectAuthMode struct{}
@@ -81,7 +86,8 @@ type authenticationComponent interface {
 type authenticationModel struct {
 	focused bool
 
-	client authd.PAMClient
+	client     authd.PAMClient
+	clientType PamClientType
 
 	currentModel          authenticationComponent
 	currentSessionID      string
@@ -103,9 +109,10 @@ type errMsgToDisplay struct {
 }
 
 // newAuthenticationModel initializes a authenticationModel which needs to be Compose then.
-func newAuthenticationModel(client authd.PAMClient) authenticationModel {
+func newAuthenticationModel(client authd.PAMClient, clientType PamClientType) authenticationModel {
 	return authenticationModel{
 		client:                client,
+		clientType:            clientType,
 		cancelIsAuthenticated: func() {},
 	}
 }
@@ -131,11 +138,19 @@ func (m *authenticationModel) Update(msg tea.Msg) (authenticationModel, tea.Cmd)
 		}
 		return *m, sendIsAuthenticated(ctx, m.client, m.currentSessionID, &authd.IARequest_AuthenticationData{Item: msg.item})
 
+	case isAuthenticatedCancelled:
+		m.cancelIsAuthenticated()
+		return *m, nil
+
 	case isAuthenticatedResultReceived:
 		log.Infof(context.TODO(), "isAuthenticatedResultReceived: %v", msg.access)
 		switch msg.access {
 		case brokers.AuthGranted:
-			return *m, sendEvent(PamSuccess{BrokerID: m.currentBrokerID})
+			infoMsg, err := dataToMsg(msg.msg)
+			if err != nil {
+				return *m, sendEvent(pamError{status: pam.ErrSystem, msg: err.Error()})
+			}
+			return *m, sendEvent(PamSuccess{BrokerID: m.currentBrokerID, msg: infoMsg})
 
 		case brokers.AuthRetry:
 			errorMsg, err := dataToMsg(msg.msg)
@@ -168,6 +183,10 @@ func (m *authenticationModel) Update(msg tea.Msg) (authenticationModel, tea.Cmd)
 		return *m, nil
 	}
 
+	if m.clientType != InteractiveTerminal {
+		return *m, nil
+	}
+
 	// interaction events
 	if !m.Focused() {
 		return *m, nil
@@ -217,6 +236,10 @@ func (m *authenticationModel) Compose(brokerID, sessionID string, encryptionKey
 
 	m.errorMsg = ""
 
+	if m.clientType != InteractiveTerminal {
+		return sendEvent(startAuthentication{})
+	}
+
 	switch layout.Type {
 	case "form":
 		form := newFormModel(layout.GetLabel(), layout.GetEntry(), layout.GetButton(), layout.GetWait() == "true")

diff --git a/pam/internal/adapter/authmodeselection.go b/pam/internal/adapter/authmodeselection.go
@@ -19,6 +19,7 @@ type authModeSelectionModel struct {
 	list.Model
 	focused bool
 
+	clientType                PamClientType
 	supportedUILayouts        []*authd.UILayout
 	supportedUILayoutsMu      *sync.Mutex
 	availableAuthModes        []*authd.GAMResponse_AuthenticationMode
@@ -50,7 +51,16 @@ func selectAuthMode(id string) tea.Cmd {
 }
 
 // newAuthModeSelectionModel initializes an empty list with default options of authModeSelectionModel.
-func newAuthModeSelectionModel() authModeSelectionModel {
+func newAuthModeSelectionModel(clientType PamClientType) authModeSelectionModel {
+	// FIXME: decouple UI from data model.
+	if clientType != InteractiveTerminal {
+		return authModeSelectionModel{
+			Model:                list.New(nil, itemLayout{}, 0, 0),
+			clientType:           clientType,
+			supportedUILayoutsMu: &sync.Mutex{},
+		}
+	}
+
 	l := list.New(nil, itemLayout{}, 80, 24)
 	l.Title = "Select your authentication method"
 	l.SetShowStatusBar(false)
@@ -63,14 +73,18 @@ func newAuthModeSelectionModel() authModeSelectionModel {
 
 	return authModeSelectionModel{
 		Model:                l,
+		clientType:           clientType,
 		supportedUILayoutsMu: &sync.Mutex{},
 	}
 }
 
 // Init initializes authModeSelectionModel.
 func (m *authModeSelectionModel) Init() tea.Cmd {
+	if m.clientType == Gdm {
+		// This is handled by the GDM model!
+		return nil
+	}
 	return func() tea.Msg {
-		// TODO: call to 3rd party like gdm, to support dynamic ui layouts
 		required, optional := "required", "optional"
 		supportedEntries := "optional:chars,chars_password"
 		requiredWithBooleans := "required:true,false"
@@ -163,6 +177,10 @@ func (m authModeSelectionModel) Update(msg tea.Msg) (authModeSelectionModel, tea
 		})
 	}
 
+	if m.clientType != InteractiveTerminal {
+		return m, nil
+	}
+
 	// interaction events
 	if !m.focused {
 		return m, nil

diff --git a/pam/internal/adapter/brokerselection.go b/pam/internal/adapter/brokerselection.go
@@ -19,7 +19,8 @@ type brokerSelectionModel struct {
 	list.Model
 	focused bool
 
-	client authd.PAMClient
+	client     authd.PAMClient
+	clientType PamClientType
 
 	availableBrokers []*authd.ABResponse_BrokerInfo
 }
@@ -44,7 +45,7 @@ func selectBroker(brokerID string) tea.Cmd {
 }
 
 // newBrokerSelectionModel initializes an empty list with default options of brokerSelectionModel.
-func newBrokerSelectionModel(client authd.PAMClient) brokerSelectionModel {
+func newBrokerSelectionModel(client authd.PAMClient, clientType PamClientType) brokerSelectionModel {
 	l := list.New(nil, itemLayout{}, 80, 24)
 	l.Title = "Select your provider"
 	l.SetShowStatusBar(false)
@@ -56,8 +57,9 @@ func newBrokerSelectionModel(client authd.PAMClient) brokerSelectionModel {
 	l.Styles.HelpStyle = helpStyle*/
 
 	return brokerSelectionModel{
-		Model:  l,
-		client: client,
+		Model:      l,
+		client:     client,
+		clientType: clientType,
 	}
 }
 
@@ -70,6 +72,12 @@ func (m brokerSelectionModel) Init() tea.Cmd {
 func (m brokerSelectionModel) Update(msg tea.Msg) (brokerSelectionModel, tea.Cmd) {
 	switch msg := msg.(type) {
 	case brokersListReceived:
+		if len(msg.brokers) == 0 {
+			return m, sendEvent(pamError{
+				status: pam.ErrAuthinfoUnavail,
+				msg:    "No brokers available",
+			})
+		}
 		m.availableBrokers = msg.brokers
 
 		var allBrokers []list.Item
@@ -105,6 +113,10 @@ func (m brokerSelectionModel) Update(msg tea.Msg) (brokerSelectionModel, tea.Cmd
 		})
 	}
 
+	if m.clientType != InteractiveTerminal {
+		return m, nil
+	}
+
 	// interaction events
 	if !m.focused {
 		return m, nil