pam/native-model: Do not render qr code in SSH sessions at all (#545)

Do not renderer qrcode in SSH at all, the only clients supporting it are putty and `ssh` provided by ubuntu (>= 24.04), and it's not possible (yet) to detect this from PAM level, so let's just ignore it for now. And add an integration test covering this case. Closes: #497 UDENG-4279
ubuntu · Sep 20, 2024 · 4946962 · 4946962
2 parents e7e07f2 + ab7ab9d
commit 4946962
Show file tree

Hide file tree

Showing 5 changed files with 2,594 additions and 27 deletions.
diff --git a/pam/integration-tests/native_test.go b/pam/integration-tests/native_test.go
@@ -45,6 +45,7 @@ func TestNativeAuthenticate(t *testing.T) {
 		"Authenticate user with qr code in a TTY session":                      {tape: "qr_code", pamUser: "user-integration-qr-code-tty-session", termEnv: "xterm-256color", sessionEnv: "tty"},
 		"Authenticate user with qr code in screen":                             {tape: "qr_code", pamUser: "user-integration-qr-code-screen", termEnv: "screen"},
 		"Authenticate user with qr code in polkit":                             {tape: "qr_code", pamUser: "user-integration-qr-code-screen", pamServiceName: "polkit-1"},
+		"Authenticate user with qr code in ssh":                                {tape: "qr_code", pamUser: "user-integration-pre-check-ssh-service-qr-code", pamServiceName: "sshd"},
 		"Authenticate user and reset password while enforcing policy":          {tape: "mandatory_password_reset"},
 		"Authenticate user with mfa and reset password while enforcing policy": {tape: "mfa_reset_pwquality_auth"},
 		"Authenticate user and offer password reset":                           {tape: "optional_password_reset_skip"},