diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 15c052d..c957f57 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -9,16 +9,16 @@ jobs: name: lint runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 with: - go-version: '1.21' + go-version: '1.24' cache: false - name: Install PAM run: | sudo apt-get update sudo apt-get install -y libpam-dev - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@v8 with: - version: v1.54 + version: v2.1.6 diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index ff083ab..e25997b 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -4,12 +4,12 @@ jobs: test: strategy: matrix: - go-version: [1.20.x, 1.21.x] + go-version: [1.23.x, 1.24.x] os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - name: Install Go - uses: actions/setup-go@v4 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} - name: Update system diff --git a/.golangci.yaml b/.golangci.yaml index bbfa6b4..eb6e37e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -1,19 +1,13 @@ -# This is for linting. To run it, please use: -# golangci-lint run ${MODULE}/... [--fix] - +version: "2" linters: - # linters to run in addition to default ones enable: - dupl - durationcheck - errname - errorlint - - exportloopref - forbidigo - forcetypeassert - - gci - godot - - gofmt - gosec - misspell - nakedret @@ -24,38 +18,44 @@ linters: - unconvert - unparam - whitespace - -run: - timeout: 5m - -# Get all linter issues, even if duplicated + settings: + forbidigo: + forbid: + - pattern: ioutil\. + - pattern: ^print.*$ + nakedret: + max-func-lines: 1 + nolintlint: + require-explanation: true + require-specific: true + exclusions: + generated: lax + rules: + - path: (.+)\.go$ + text: Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv|w\.Stop). is not checked + - path: (.+)\.go$ + text: (G104|G307) + - path: (.+)\.go$ + text: Potential file inclusion via variable + - path: (.+)\.go$ + text: unused-parameter + - path: (.+)\.go$ + text: if-return + paths: + - third_party$ + - builtin$ + - examples$ issues: - exclude-use-default: false max-issues-per-linter: 0 max-same-issues: 0 - fix: false # we don’t want this in CI - exclude: - # EXC0001 errcheck: most errors are in defer calls, which are safe to ignore and idiomatic Go (would be good to only ignore defer ones though) - - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*print(f|ln)?|os\.(Un)?Setenv|w\.Stop). is not checked' - # EXC0008 gosec: duplicated of errcheck - - (G104|G307) - # EXC0010 gosec: False positive is triggered by 'src, err := ioutil.ReadFile(filename)' - - Potential file inclusion via variable - # We want named parameters even if unused, as they help better document the function - - unused-parameter - # Sometimes it is more readable it do a `if err:=a(); err != nil` tha simpy `return a()` - - if-return - -nolintlint: - require-explanation: true - require-specific: true - -linters-settings: - # Forbid the usage of deprecated ioutil and debug prints - forbidigo: - forbid: - - ioutil\. - - ^print.*$ - # Never have naked return ever - nakedret: - max-func-lines: 1 + fix: false +formatters: + enable: + - gci + - gofmt + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/errors.go b/errors.go index 93124d8..4b6abf1 100644 --- a/errors.go +++ b/errors.go @@ -5,10 +5,10 @@ package pam */ import "C" -// Error is the Type for PAM Return types +// Error represents a PAM error. type Error int -// Pam Return types +// Various errors returned by PAM. const ( // OpenErr indicates a dlopen() failure when dynamically loading a // service module. diff --git a/errors_bsd.go b/errors_bsd.go index ed4d268..9625e29 100644 --- a/errors_bsd.go +++ b/errors_bsd.go @@ -7,7 +7,7 @@ package pam */ import "C" -// Pam Return types +// Various errors returned by PAM. const ( // ErrBadItem indicates a bad item passed to pam_*_item(). ErrBadItem Error = C.PAM_BAD_ITEM diff --git a/errors_linux.go b/errors_linux.go index b83b08a..1d57cc5 100644 --- a/errors_linux.go +++ b/errors_linux.go @@ -7,7 +7,7 @@ package pam */ import "C" -// Pam Return types +// Various errors returned by PAM. const ( // ErrBadItem indicates a bad item passed to pam_*_item(). ErrBadItem Error = C.PAM_BAD_ITEM diff --git a/transaction.go b/transaction.go index 41621ba..edf419e 100644 --- a/transaction.go +++ b/transaction.go @@ -21,6 +21,7 @@ package pam void init_pam_conv(struct pam_conv *conv, uintptr_t); typedef int (*pam_start_confdir_fn)(const char *service_name, const char *user, const struct pam_conv *pam_conversation, const char *confdir, pam_handle_t **pamh); + int pam_start_confdir_wrapper(pam_start_confdir_fn fn, const char *service_name, const char *user, const struct pam_conv *pam_conversation, const char *confdir, pam_handle_t **pamh); */ import "C" @@ -54,8 +55,8 @@ const ( // TextInfo indicates the conversation handler should display some // text. TextInfo Style = C.PAM_TEXT_INFO - // BinaryPrompt indicates the conversation handler that should implement - // the private binary protocol + // BinaryPrompt indicates the conversation handler that should + // implement the private binary protocol. BinaryPrompt Style = C.PAM_BINARY_PROMPT ) @@ -68,9 +69,9 @@ type ConversationHandler interface { RespondPAM(Style, string) (string, error) } -// BinaryPointer exposes the type used for the data in a binary conversation -// it represents a pointer to data that is produced by the module and that -// must be parsed depending on the protocol in use +// BinaryPointer exposes the type used for the data in a binary conversation. +// It represents a pointer to data that is produced by the module and must be +// parsed depending on the protocol in use. type BinaryPointer unsafe.Pointer // BinaryConversationHandler is an interface for objects that can be used as @@ -150,7 +151,8 @@ func (t *Transaction) End() error { C.int(t.lastStatus.Load()))) } -// Allows to call pam functions managing return status +// handlePamStatus stores the last error returned by PAM and converts it to a +// Go error. func (t *Transaction) handlePamStatus(cStatus C.int) error { t.lastStatus.Store(int32(cStatus)) if status := Error(cStatus); status != success { @@ -311,7 +313,7 @@ const ( // Authenticate is used to authenticate the user. // -// Valid flags: Silent, DisallowNullAuthtok +// Valid flags: Silent, DisallowNullAuthtok. func (t *Transaction) Authenticate(f Flags) error { return t.handlePamStatus(C.pam_authenticate(t.handle, C.int(f))) } @@ -319,35 +321,35 @@ func (t *Transaction) Authenticate(f Flags) error { // SetCred is used to establish, maintain and delete the credentials of a // user. // -// Valid flags: EstablishCred, DeleteCred, ReinitializeCred, RefreshCred +// Valid flags: EstablishCred, DeleteCred, ReinitializeCred, RefreshCred. func (t *Transaction) SetCred(f Flags) error { return t.handlePamStatus(C.pam_setcred(t.handle, C.int(f))) } // AcctMgmt is used to determine if the user's account is valid. // -// Valid flags: Silent, DisallowNullAuthtok +// Valid flags: Silent, DisallowNullAuthtok. func (t *Transaction) AcctMgmt(f Flags) error { return t.handlePamStatus(C.pam_acct_mgmt(t.handle, C.int(f))) } // ChangeAuthTok is used to change the authentication token. // -// Valid flags: Silent, ChangeExpiredAuthtok +// Valid flags: Silent, ChangeExpiredAuthtok. func (t *Transaction) ChangeAuthTok(f Flags) error { return t.handlePamStatus(C.pam_chauthtok(t.handle, C.int(f))) } // OpenSession sets up a user session for an authenticated user. // -// Valid flags: Slient +// Valid flags: Silent. func (t *Transaction) OpenSession(f Flags) error { return t.handlePamStatus(C.pam_open_session(t.handle, C.int(f))) } // CloseSession closes a previously opened session. // -// Valid flags: Silent +// Valid flags: Silent. func (t *Transaction) CloseSession(f Flags) error { return t.handlePamStatus(C.pam_close_session(t.handle, C.int(f))) } @@ -401,7 +403,7 @@ func (t *Transaction) GetEnvList() (map[string]string, error) { var once sync.Once var pamStartConfdirPtr C.pam_start_confdir_fn -// CheckPamHasStartConfdir return if pam on system supports pam_system_confdir +// CheckPamHasStartConfdir reports whether PAM supports pam_system_confdir. func CheckPamHasStartConfdir() bool { once.Do(func() { pamStartConfdirPtr = C.pam_start_confdir_fn(C.dlsym(C.RTLD_NEXT, C.CString("pam_start_confdir"))) @@ -409,7 +411,7 @@ func CheckPamHasStartConfdir() bool { return pamStartConfdirPtr != nil } -// CheckPamHasBinaryProtocol return if pam on system supports PAM_BINARY_PROMPT +// CheckPamHasBinaryProtocol reports whether PAM supports PAM_BINARY_PROMPT. func CheckPamHasBinaryProtocol() bool { return C.BINARY_PROMPT_IS_SUPPORTED != 0 } diff --git a/transaction_linux.go b/transaction_linux.go index 1226cfc..d232593 100644 --- a/transaction_linux.go +++ b/transaction_linux.go @@ -11,10 +11,10 @@ import "C" const ( // FailDelay is the app supplied function to override failure delays. FailDelay Item = C.PAM_FAIL_DELAY - // Xdisplay is the X display name + // Xdisplay is the X display name. Xdisplay Item = C.PAM_XDISPLAY // Xauthdata is the X server authentication data. Xauthdata Item = C.PAM_XAUTHDATA - // AuthtokType is the type for pam_get_authtok + // AuthtokType is the type for pam_get_authtok. AuthtokType Item = C.PAM_AUTHTOK_TYPE )