Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix remaining incorrect uses of the term "challenge" #836

Merged
merged 2 commits into from
Mar 21, 2025
Merged

Fix remaining incorrect uses of the term "challenge" #836

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
20cc7da
Fix remaining incorrect uses of the term "challenge"
adombeck Mar 14, 2025
67396bf
Fix comment
adombeck Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion examplebroker/broker.go
View file
Original file line number Diff line number Diff line change
@@ -656,7 +656,7 @@ func (b *Broker) sleepDuration(in time.Duration) time.Duration {

func (b *Broker) handleIsAuthenticated(ctx context.Context, sessionInfo sessionInfo, authData map[string]string) (access, data string) {
// Decrypt secret if present.
secret, err := decodeRawSecret(b.privateKey, authData["challenge"])
secret, err := decodeRawSecret(b.privateKey, authData["secret"])
if err != nil {
return auth.Retry, fmt.Sprintf(`{"message": "could not decode secret: %v"}`, err)
}
308 changes: 154 additions & 154 deletions internal/proto/authd/authd.pb.go
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion internal/proto/authd/authd.proto
View file
Original file line number Diff line number Diff line change
@@ -104,7 +104,7 @@ message IARequest {

message AuthenticationData {
oneof item {
string challenge = 1;
string secret = 1;
string wait = 2;
string skip = 3;
}
124 changes: 62 additions & 62 deletions pam/integration-tests/gdm_test.go
View file
Original file line number Diff line number Diff line change
@@ -147,8 +147,8 @@ func TestGdmModule(t *testing.T) {
"Authenticates_user": {
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
},
@@ -157,8 +157,8 @@ func TestGdmModule(t *testing.T) {
moduleArgs: []string{"connection_timeout=invalid"},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
},
@@ -167,8 +167,8 @@ func TestGdmModule(t *testing.T) {
pamUser: ptrValue(examplebroker.UserIntegrationAuthModesPrefix + "password-integration-gdm"),
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
},
@@ -177,14 +177,14 @@ func TestGdmModule(t *testing.T) {
wantAuthModeIDs: []string{passwordAuthID, passwordAuthID, passwordAuthID},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "not goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "not goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpasssss",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpasssss",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
},
@@ -205,8 +205,8 @@ func TestGdmModule(t *testing.T) {
wantAuthModeIDs: []string{passwordAuthID, fido1AuthID, phoneAck1ID},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Wait{
Wait: layouts.True,
@@ -232,11 +232,11 @@ func TestGdmModule(t *testing.T) {
wantAuthModeIDs: []string{passwordAuthID, passwordAuthID, fido1AuthID, phoneAck1ID},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "not goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "not goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Wait{
Wait: layouts.True,
@@ -294,11 +294,11 @@ func TestGdmModule(t *testing.T) {
},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "authd2404",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "authd2404",
}),
},
},
@@ -325,28 +325,28 @@ func TestGdmModule(t *testing.T) {
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
// Login with password
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
// Authenticate with fido device
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Wait{
Wait: layouts.True,
}),
// Use bad dictionary password
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "password",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "password",
}),
// Use password not meeting broker criteria
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "noble2404",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "noble2404",
}),
// Use previous one
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
// Finally change the password
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "authd2404",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "authd2404",
}),
},
},
@@ -392,23 +392,23 @@ func TestGdmModule(t *testing.T) {
},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "authd",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "authd",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "password",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "password",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "newpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "newpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "authd2404",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "authd2404",
}),
},
},
@@ -716,23 +716,23 @@ func TestGdmModule(t *testing.T) {
},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "not goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "not goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "another not goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "another not goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "even more not goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "even more not goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "not yet goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "not yet goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "really, it's not a goodpass!",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "really, it's not a goodpass!",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
},
@@ -768,8 +768,8 @@ func TestGdmModule(t *testing.T) {
pamUser: ptrValue("user-unknown"),
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "",
}),
},
},
@@ -790,8 +790,8 @@ func TestGdmModule(t *testing.T) {
wantAuthModeIDs: []string{passwordAuthID, fido1AuthID},
eventPollResponses: map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Wait{}),
},
@@ -981,8 +981,8 @@ func TestGdmModuleAcctMgmtWithoutGdmExtension(t *testing.T) {
gh.selectedAuthModeIDs = []string{passwordAuthID}
gh.eventPollResponses = map[gdm.EventType][]*gdm.EventData{
gdm.EventType_startAuthentication: {
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Challenge{
Challenge: "goodpass",
gdm_test.IsAuthenticatedEvent(&authd.IARequest_AuthenticationData_Secret{
Secret: "goodpass",
}),
},
}
15 changes: 7 additions & 8 deletions pam/internal/adapter/authentication.go
View file
Original file line number Diff line number Diff line change
@@ -215,8 +215,7 @@ func (m *authenticationModel) Update(msg tea.Msg) (authModel authenticationModel
return *m, sendEvent(isAuthenticatedRequestedSend{
ctx: msg.ctx,
isAuthenticatedRequested: isAuthenticatedRequested{
// TODO(UDENG-5844): Rename this to "secret" once all broker installations support the auth data field "secret".
item: &authd.IARequest_AuthenticationData_Challenge{Challenge: msg.password},
item: &authd.IARequest_AuthenticationData_Secret{Secret: msg.password},
},
})
}
@@ -259,9 +258,9 @@ func (m *authenticationModel) Update(msg tea.Msg) (authModel authenticationModel
return *m, func() tea.Msg {
authTracker.waitAndStart(cancelFunc)

secret, hasSecret := msg.item.(*authd.IARequest_AuthenticationData_Challenge)
secret, hasSecret := msg.item.(*authd.IARequest_AuthenticationData_Secret)
if hasSecret && clientType == Gdm && currentLayout == layouts.NewPassword {
return newPasswordCheck{ctx: ctx, password: secret.Challenge}
return newPasswordCheck{ctx: ctx, password: secret.Secret}
}

return isAuthenticatedRequestedSend{msg, ctx}
@@ -487,20 +486,20 @@ func dataToMsg(data string) (string, error) {

func (authData *isAuthenticatedRequestedSend) encryptSecretIfPresent(publicKey *rsa.PublicKey) (*string, error) {
// no password value, pass it as is
secret, ok := authData.item.(*authd.IARequest_AuthenticationData_Challenge)
secret, ok := authData.item.(*authd.IARequest_AuthenticationData_Secret)
if !ok {
return nil, nil
}

ciphertext, err := rsa.EncryptOAEP(sha512.New(), rand.Reader, publicKey, []byte(secret.Challenge), nil)
ciphertext, err := rsa.EncryptOAEP(sha512.New(), rand.Reader, publicKey, []byte(secret.Secret), nil)
if err != nil {
return nil, err
}

// encrypt it to base64 and replace the password with it
base64Encoded := base64.StdEncoding.EncodeToString(ciphertext)
authData.item = &authd.IARequest_AuthenticationData_Challenge{Challenge: base64Encoded}
return &secret.Challenge, nil
authData.item = &authd.IARequest_AuthenticationData_Secret{Secret: base64Encoded}
return &secret.Secret, nil
}

// wait waits for the current authentication to be completed.
4 changes: 2 additions & 2 deletions pam/internal/adapter/formmodel.go
View file
Original file line number Diff line number Diff line change
@@ -88,8 +88,8 @@ func (m formModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
switch entry := entry.(type) {
case *textinputModel:
return m, sendEvent(isAuthenticatedRequested{
item: &authd.IARequest_AuthenticationData_Challenge{
Challenge: entry.Value(),
item: &authd.IARequest_AuthenticationData_Secret{
Secret: entry.Value(),
},
})
}
Loading
Loading