Add more detailed logs
This commit is contained in:
Bartosz Wieczorek
parent
c47e03f991
commit
8e59ec88f0
@ -14,8 +14,8 @@ set(CMAKE_CXX_EXTENSIONS NO)
|
||||
|
||||
add_compile_options(-Wall -Wextra -Wpedantic -Wno-format-security)
|
||||
|
||||
add_compile_options(-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer)
|
||||
add_link_options(-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer)
|
||||
#add_compile_options(-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer)
|
||||
#add_link_options(-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fno-sanitize=null -fno-sanitize=alignment -fno-omit-frame-pointer)
|
||||
|
||||
option(ENABLE_TESTS "Enable tests" OFF)
|
||||
|
||||
|
||||
@ -51,6 +51,7 @@ class CoreHandler : public CoreHandlerInterface< CoreHandler< HttpHandler > > {
|
||||
}
|
||||
|
||||
tl::expected<Document, Error > validateResponse(RapidJSONPMRAlloc &alloc, const Response & response) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "validateResponse", __LINE__);
|
||||
Document resp{&alloc};
|
||||
resp.Parse(response.body.c_str());
|
||||
|
||||
@ -69,15 +70,19 @@ class CoreHandler : public CoreHandlerInterface< CoreHandler< HttpHandler > > {
|
||||
}
|
||||
|
||||
tl::unexpected< Error > handleCoreException(std::string_view exceptionString) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "handleCoreException", __LINE__);
|
||||
if(exceptionString == "UserBypassedException" or exceptionString == "UserNotFoundException") {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "handleCoreException", __LINE__);
|
||||
return tl::unexpected{Error{PamBaypass{}}};
|
||||
} else {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "handleCoreException", __LINE__);
|
||||
return tl::unexpected{
|
||||
Error{CoreHandlerError{CoreHandlerError::CoreException, std::string{exceptionString.data(), exceptionString.size()}}}};
|
||||
}
|
||||
}
|
||||
|
||||
tl::unexpected< Error > handleHttpError() const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "handleHttpError", __LINE__);
|
||||
if(bypass) {
|
||||
log(LogLevel::Warning, "User login bypass");
|
||||
return tl::unexpected{Error{PamBaypass{}}};
|
||||
@ -88,6 +93,7 @@ class CoreHandler : public CoreHandlerInterface< CoreHandler< HttpHandler > > {
|
||||
}
|
||||
|
||||
tl::expected< Document, Error > handleError(const Error & error) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "handleError", __LINE__);
|
||||
if(error.is< HttpError >() and error.hasClass(HttpError::Error)) {
|
||||
return handleHttpError();
|
||||
}
|
||||
@ -106,7 +112,8 @@ class CoreHandler : public CoreHandlerInterface< CoreHandler< HttpHandler > > {
|
||||
}
|
||||
|
||||
tl::expected< Document, Error > request(RapidJSONPMRAlloc &mr, std::string_view path, const Document & body) const {
|
||||
memory::StrictMonotonic_2k_HeapResource memoryResource;
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "CoreHandler", "validateResponse", __LINE__);
|
||||
memory::StrictMonotonic_4k_HeapResource memoryResource;
|
||||
|
||||
const auto validateSignature = [this](const auto & arg) { return this->validateSignature(arg); };
|
||||
const auto validateResponse = [&](const auto & arg) { return this->validateResponse(mr, arg); };
|
||||
@ -114,6 +121,7 @@ class CoreHandler : public CoreHandlerInterface< CoreHandler< HttpHandler > > {
|
||||
const auto pmrs = [&](auto txt) { return std::pmr::string{txt, &memoryResource}; };
|
||||
|
||||
Request request{&memoryResource};
|
||||
Response response{&memoryResource};
|
||||
|
||||
stringifyTo(body, request.body);
|
||||
|
||||
|
||||
@ -42,10 +42,6 @@ struct Request {
|
||||
|
||||
Request(Request && res) = delete;
|
||||
Request & operator=(Request &&) = delete;
|
||||
|
||||
std::pmr::memory_resource * get_allocator() const noexcept {
|
||||
return _mr;
|
||||
}
|
||||
};
|
||||
|
||||
struct Response {
|
||||
@ -62,10 +58,6 @@ struct Response {
|
||||
|
||||
Response(Response && res) noexcept = default;
|
||||
Response & operator=(Response && res) noexcept = default;
|
||||
|
||||
std::pmr::memory_resource * get_allocator() const noexcept {
|
||||
return _mr;
|
||||
}
|
||||
};
|
||||
|
||||
class CURL {
|
||||
|
||||
@ -16,21 +16,23 @@ class PasscodeBasedAuth : public AuthenticationStep< PasscodeBasedAuth > {
|
||||
constexpr static bool isdigit(char ch) {
|
||||
return std::isdigit(static_cast< unsigned char >(ch));
|
||||
}
|
||||
|
||||
static bool hasDigitsOnly(const std::string & userinput) {
|
||||
|
||||
static bool hasDigitsOnly(std::string_view userinput) {
|
||||
return std::all_of(userinput.cbegin(), userinput.cend(), isdigit);
|
||||
}
|
||||
|
||||
static bool isProperLength(const std::string & userInput) {
|
||||
static bool isProperLength(std::string_view userInput) {
|
||||
return userInput.size() == 6;
|
||||
}
|
||||
|
||||
template < typename PamInfo_t = LinuxPam >
|
||||
tl::expected< std::reference_wrapper< Document >, Error > readPasscode(Document & body, const PamInfo_t & pam) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "PasscodeBasedAuth", "readPasscode", __LINE__);
|
||||
auto & alloc = body.GetAllocator();
|
||||
auto vericode = pam.scan([](const char * userInput) { return std::string{userInput}; }, userMessage);
|
||||
|
||||
if(isProperLength(vericode) and hasDigitsOnly(vericode)) {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "PasscodeBasedAuth", "readPasscode", __LINE__);
|
||||
body.AddMember("vericode", Value{vericode.c_str(), alloc}, alloc);
|
||||
return body;
|
||||
}
|
||||
@ -40,12 +42,14 @@ class PasscodeBasedAuth : public AuthenticationStep< PasscodeBasedAuth > {
|
||||
|
||||
template < typename PamInfo_t = LinuxPam >
|
||||
tl::expected< std::reference_wrapper< Document >, Error > askForPasscodeAgain(Document & body, const PamInfo_t & pam) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "PasscodeBasedAuth", "askForPasscodeAgain", __LINE__);
|
||||
pam.print("passcode has wrong number of digits or illegal characters, please correct");
|
||||
return readPasscode(body, pam);
|
||||
}
|
||||
|
||||
template < typename PamInfo_t = LinuxPam >
|
||||
tl::expected< AuthenticationStatus, Error > checkAuthenticationStatus(const Document & coreResponse, const PamInfo_t & pam) const {
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "PasscodeBasedAuth", "checkAuthenticationStatus", __LINE__);
|
||||
RapidJSONPMRStackAlloc< 1024 > alloc;
|
||||
auto error = JSONPointer{"/result/error", &alloc}.Get(coreResponse);
|
||||
|
||||
@ -66,7 +70,8 @@ class PasscodeBasedAuth : public AuthenticationStep< PasscodeBasedAuth > {
|
||||
|
||||
template < typename Hander_t, typename PamInfo_t = LinuxPam >
|
||||
tl::expected< AuthenticationStatus, Error > handle(const CoreHandlerInterface< Hander_t > & coreHandler, const PamInfo_t & pam) const {
|
||||
RapidJSONPMRStackAlloc< 1024 > alloc{};
|
||||
log(LogLevel::Debug, "TRACE %s::%s:%d", "PasscodeBasedAuth", "handle", __LINE__);
|
||||
RapidJSONPMRStackAlloc< 2048 > alloc{};
|
||||
Document body{rapidjson::kObjectType, &alloc};
|
||||
|
||||
const auto checkCodeValidity = [&](const auto & coreResponse) { return this->checkAuthenticationStatus(coreResponse, pam); };
|
||||
|
||||
@ -50,22 +50,21 @@ pam_sm_authenticate(pam_handle_t * pamh, [[maybe_unused]] int flags, [[maybe_unu
|
||||
|
||||
auto selectMethod = [&](const MethodSelect & selector) { return selector.create(pam); };
|
||||
auto confirmMethod = [&](const PostMethod & confirm) { return confirm.fire(CH); };
|
||||
auto confirmCode = [&](const MethodProxy & method) { return method.fire(CH, pam); };
|
||||
auto confirmCode = [&](const MethodProxy & method) { return method.fire(CH, pam); };
|
||||
|
||||
auto allowLogin = [&](const AuthenticationStatus & status) -> tl::expected< int, Error > {
|
||||
if(status.userAuthorized()) {
|
||||
rublon::log(rublon::LogLevel::Info, "Auth OK");
|
||||
pam.print("RUBLON authentication SUCCESS!\n");
|
||||
return PAM_SUCCESS;
|
||||
}else{
|
||||
} else {
|
||||
rublon::log(rublon::LogLevel::Info, "User unauthorized");
|
||||
pam.print("RUBLON authentication FAILED");
|
||||
return PAM_MAXTRIES;
|
||||
}
|
||||
};
|
||||
|
||||
auto mapError = [&](const Error & error) -> tl::expected<int, Error>
|
||||
{
|
||||
auto mapError = [&](const Error & error) -> tl::expected< int, Error > {
|
||||
rublon::log(
|
||||
LogLevel::Error, "auth problems due to %d class and %d category", error.errorClass(), static_cast< int >(error.category()));
|
||||
if(error.is< PamBaypass >()) {
|
||||
@ -74,16 +73,17 @@ pam_sm_authenticate(pam_handle_t * pamh, [[maybe_unused]] int flags, [[maybe_unu
|
||||
}
|
||||
pam.print("RUBLON authentication FAILED");
|
||||
rublon::log(LogLevel::Warning, "User login failed");
|
||||
|
||||
|
||||
return PAM_MAXTRIES;
|
||||
};
|
||||
|
||||
auto ret = Init{rublonConfig.value()}
|
||||
.fire(CH, pam) //
|
||||
.and_then(selectMethod)
|
||||
.and_then(confirmMethod)
|
||||
.and_then(confirmCode)
|
||||
.and_then(allowLogin).or_else(mapError);
|
||||
.fire(CH, pam) //
|
||||
.and_then(selectMethod)
|
||||
.and_then(confirmMethod)
|
||||
.and_then(confirmCode)
|
||||
.and_then(allowLogin)
|
||||
.or_else(mapError);
|
||||
|
||||
return ret.value_or(PAM_MAXTRIES);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user