transaction: Add tests for all the possible Status (and error) values

Use pam_debug.so to generate pam configurations at test time and check if the returned values expect the ones we want.
author: Marco Trevisan (Treviño) <[email protected]> 2023-09-22 18:26:02 +0200
committer: Marco Trevisan (Treviño) <[email protected]> 2023-11-30 01:16:39 +0100
commit: ea51cc0fe42e421ba0eaedded96bfe6448cbc43c (patch)
tree: 99a78b5a3e57050f801c184aa5fc67d2f64ba944
parent: 6bb315c571d62ac8b55b6c088d02411ec5844cc1 (diff)
1 files changed, 120 insertions, 0 deletions
diff --git a/transaction_test.go b/transaction_test.go
index 94aa9c1..809364c 100644
--- a/transaction_test.go
+++ b/transaction_test.go
@@ -2,7 +2,10 @@ package pam
 
 import (
 	"errors"
+	"fmt"
+	"os"
 	"os/user"
+	"path/filepath"
 	"testing"
 )
 
@@ -164,6 +167,9 @@ func TestPAM_007(t *testing.T) {
 	if len(s) == 0 {
 		t.Fatalf("error #expected an error message")
 	}
+	if tx.Error() != ErrAuth.Error() {
+		t.Fatalf("error #unexpected status %v", tx.Error())
+	}
 }
 
 func TestPAM_ConfDir(t *testing.T) {
@@ -242,6 +248,9 @@ func TestPAM_ConfDir_Deny(t *testing.T) {
 	if len(s) == 0 {
 		t.Fatalf("error #expected an error message")
 	}
+	if tx.Error() != ErrAuth.Error() {
+		t.Fatalf("error #unexpected status %v", tx.Error())
+	}
 }
 
 func TestPAM_ConfDir_PromptForUserName(t *testing.T) {
@@ -288,6 +297,9 @@ func TestPAM_ConfDir_WrongUserName(t *testing.T) {
 	if len(s) == 0 {
 		t.Fatalf("error #expected an error message")
 	}
+	if tx.Error() != ErrAuth.Error() {
+		t.Fatalf("error #unexpected status %v", tx.Error())
+	}
 }
 
 func TestItem(t *testing.T) {
@@ -390,6 +402,114 @@ func TestEnv(t *testing.T) {
 	}
 }
 
+func Test_Error(t *testing.T) {
+	t.Parallel()
+	if !CheckPamHasStartConfdir() {
+		t.Skip("this requires PAM with Conf dir support")
+	}
+
+	statuses := map[string]error{
+		"success":               Error(success),
+		"open_err":              ErrOpen,
+		"symbol_err":            ErrSymbol,
+		"service_err":           ErrService,
+		"system_err":            ErrSystem,
+		"buf_err":               ErrBuf,
+		"perm_denied":           ErrPermDenied,
+		"auth_err":              ErrAuth,
+		"cred_insufficient":     ErrCredInsufficient,
+		"authinfo_unavail":      ErrAuthinfoUnavail,
+		"user_unknown":          ErrUserUnknown,
+		"maxtries":              ErrMaxtries,
+		"new_authtok_reqd":      ErrNewAuthtokReqd,
+		"acct_expired":          ErrAcctExpired,
+		"session_err":           ErrSession,
+		"cred_unavail":          ErrCredUnavail,
+		"cred_expired":          ErrCredExpired,
+		"cred_err":              ErrCred,
+		"no_module_data":        ErrNoModuleData,
+		"conv_err":              ErrConv,
+		"authtok_err":           ErrAuthtok,
+		"authtok_recover_err":   ErrAuthtokRecovery,
+		"authtok_lock_busy":     ErrAuthtokLockBusy,
+		"authtok_disable_aging": ErrAuthtokDisableAging,
+		"try_again":             ErrTryAgain,
+		"ignore":                Error(success), /* Ignore can't be returned */
+		"abort":                 ErrAbort,
+		"authtok_expired":       ErrAuthtokExpired,
+		"module_unknown":        ErrModuleUnknown,
+		"bad_item":              ErrBadItem,
+		"conv_again":            ErrConvAgain,
+		"incomplete":            ErrIncomplete,
+	}
+
+	type Action int
+	const (
+		account Action = iota + 1
+		auth
+		password
+		session
+	)
+	actions := map[string]Action{
+		"account":  account,
+		"auth":     auth,
+		"password": password,
+		"session":  session,
+	}
+
+	c := Credentials{}
+
+	servicePath := t.TempDir()
+
+	for ret, expected := range statuses {
+		ret := ret
+		expected := expected
+		for actionName, action := range actions {
+			actionName := actionName
+			action := action
+			t.Run(fmt.Sprintf("%s %s", ret, actionName), func(t *testing.T) {
+				t.Parallel()
+				serviceName := ret + "-" + actionName
+				serviceFile := filepath.Join(servicePath, serviceName)
+				contents := fmt.Sprintf("%[1]s requisite pam_debug.so "+
+					"auth=%[2]s cred=%[2]s acct=%[2]s prechauthtok=%[2]s "+
+					"chauthtok=%[2]s open_session=%[2]s close_session=%[2]s\n"+
+					"%[1]s requisite pam_permit.so\n", actionName, ret)
+
+				if err := os.WriteFile(serviceFile,
+					[]byte(contents), 0600); err != nil {
+					t.Fatalf("can't create service file %v: %v", serviceFile, err)
+				}
+
+				tx, err := StartConfDir(serviceName, "user", c, servicePath)
+				if err != nil {
+					t.Fatalf("start #error: %v", err)
+				}
+
+				switch action {
+				case account:
+					err = tx.AcctMgmt(0)
+				case auth:
+					err = tx.Authenticate(0)
+				case password:
+					err = tx.ChangeAuthTok(0)
+				case session:
+					err = tx.OpenSession(0)
+				}
+
+				if tx.Error() != expected.Error() {
+					t.Fatalf("error #unexpected status %v", tx.Error())
+				}
+				if tx.Error() == Error(success).Error() && err != nil {
+					t.Fatalf("error #unexpected: %v", err)
+				} else if tx.Error() != Error(success).Error() && err == nil {
+					t.Fatalf("error #expected an error message")
+				}
+			})
+		}
+	}
+}
+
 func TestFailure_001(t *testing.T) {
 	tx := Transaction{}
 	_, err := tx.GetEnvList()
author	Marco Trevisan (Treviño) <[email protected]>	2023-09-22 18:26:02 +0200
committer	Marco Trevisan (Treviño) <[email protected]>	2023-11-30 01:16:39 +0100
commit	ea51cc0fe42e421ba0eaedded96bfe6448cbc43c (patch)
tree	99a78b5a3e57050f801c184aa5fc67d2f64ba944
parent	6bb315c571d62ac8b55b6c088d02411ec5844cc1 (diff)