tests: more tests and debug

LeChatP · LeChatP · commit 35136e15db4f · 2025-08-31T18:14:12.000+02:00
diff --git a/rar-common/src/util.rs b/rar-common/src/util.rs
@@ -94,6 +94,24 @@ pub fn with_mutable_config<F, R>(file: &mut File, f: F) -> std::io::Result<R>
 where
     F: FnOnce(&mut File) -> io::Result<R>,
 {
+    let mut val = unlock_immutable(file)?;
+    let res = f(file);
+    val |= FS_IMMUTABLE_FL;
+    lock_immutable(file, val)?;
+    res
+}
+
+pub fn lock_immutable(file: &mut File, mut val: u32) -> Result<(), io::Error> {
+    immutable_required_privileges(file, || {
+        if unsafe { nix::libc::ioctl(file.as_raw_fd(), FS_IOC_SETFLAGS, &mut val) } < 0 {
+            return Err(std::io::Error::last_os_error());
+        }
+        Ok(())
+    })?;
+    Ok(())
+}
+
+pub fn unlock_immutable(file: &mut File) -> Result<u32, io::Error> {
     let mut val = 0;
     if unsafe { nix::libc::ioctl(file.as_raw_fd(), FS_IOC_GETFLAGS, &mut val) } < 0 {
         return Err(std::io::Error::last_os_error());
@@ -109,15 +127,7 @@ where
     } else {
         warn!("Config file was not immutable.");
     }
-    let res = f(file);
-    val |= FS_IMMUTABLE_FL;
-    immutable_required_privileges(file, || {
-        if unsafe { nix::libc::ioctl(file.as_raw_fd(), FS_IOC_SETFLAGS, &mut val) } < 0 {
-            return Err(std::io::Error::last_os_error());
-        }
-        Ok(())
-    })?;
-    res
+    Ok(val)
 }
 
 pub fn warn_if_mutable(file: &File, return_err: bool) -> std::io::Result<()> {
@@ -336,7 +346,7 @@ pub fn open_lock_with_privileges<P: AsRef<Path>>(
             if e.kind() != std::io::ErrorKind::PermissionDenied {
                 return Err(e);
             }
-            debug!("Permission denied while opening file, retrying with privileges",);
+            debug!("Permission denied while opening {} file, retrying with privileges", p.as_ref().display());
             with_privileges(&[Cap::DAC_READ_SEARCH], || options.open(&p)).or_else(|e| {
                 if e.kind() != std::io::ErrorKind::PermissionDenied {
                     return Err(e);
@@ -353,7 +363,7 @@ pub fn read_with_privileges<P: AsRef<Path>>(p: P) -> std::io::Result<File> {
         if e.kind() != std::io::ErrorKind::PermissionDenied {
             return Err(e);
         }
-        debug!("Permission denied while opening file, retrying with privileges",);
+        debug!("Permission denied while opening {} file, retrying with privileges",p.as_ref().display());
         with_privileges(&[Cap::DAC_READ_SEARCH], || std::fs::File::open(&p)).or_else(|e| {
             if e.kind() != std::io::ErrorKind::PermissionDenied {
                 return Err(e);
@@ -368,7 +378,7 @@ pub fn remove_with_privileges<P: AsRef<Path>>(p: P) -> std::io::Result<()> {
         if e.kind() != std::io::ErrorKind::PermissionDenied {
             return Err(e);
         }
-        debug!("Permission denied while removing file, retrying with privileges",);
+        debug!("Permission denied while removing {} file, retrying with privileges",p.as_ref().display());
         with_privileges(&[Cap::DAC_OVERRIDE], || std::fs::remove_file(&p))
     })
 }
@@ -378,7 +388,7 @@ pub fn create_dir_all_with_privileges<P: AsRef<Path>>(p: P) -> std::io::Result<(
         if e.kind() != std::io::ErrorKind::PermissionDenied {
             return Err(e);
         }
-        debug!("Permission denied while creating directory, retrying with privileges",);
+        debug!("Permission denied while creating {} directory, retrying with privileges",p.as_ref().display());
         with_privileges(&[Cap::DAC_OVERRIDE], || std::fs::create_dir_all(p))
     })
 }
diff --git a/src/sr/pam/mod.rs b/src/sr/pam/mod.rs
@@ -267,23 +267,21 @@ mod tests {
 
     #[test]
     fn test_check_auth_required_but_valid_timeout() {
+        if env!("RAR_PAM_SERVICE") == "dosr" {
+            println!("Skipping test_check_auth_required_but_valid_timeout because RAR_PAM_SERVICE is set to original dosr");
+            return;
+        }
         let authentication = SAuthentication::Perform;
         let timeout = create_test_timeout();
         let user = create_test_user();
 
-        // This test depends on the timeout::is_valid implementation
-        // In a real environment, you might want to mock this
-        let result = check_auth(&authentication, &timeout, &user, "Password: ");
-        // Result will depend on whether there's a valid timeout cookie
-        // We're just testing that it doesn't panic
-        assert!(result.is_ok() || result.is_err());
+        let _ = check_auth(&authentication, &timeout, &user, "Password: ");
     }
 
     #[test]
     fn test_conversation_handler_no_interact_flag() {
         let handler = SrConversationHandler::builder().no_interact().build();
 
-        // When no_interact is true, both prompt methods should return ConversationError
         let prompt_result = handler.prompt(OsStr::new("Test prompt"));
         assert!(matches!(prompt_result, Err(ErrorCode::ConversationError)));
 
@@ -299,10 +297,8 @@ mod tests {
         let custom_prompt = "Enter your secret: ";
         let handler = SrConversationHandler::new(custom_prompt);
 
-        // Test that the handler stores the custom prompt
         assert_eq!(handler.prompt, custom_prompt);
 
-        // Test that it recognizes standard PAM prompts
         assert!(handler.is_pam_password_prompt(&"Password:"));
         assert!(handler.is_pam_password_prompt(&"Password: "));
     }
diff --git a/tests/integration_tests.rs b/tests/integration_tests.rs
@@ -275,10 +275,8 @@ mod tests {
     #[test]
     #[serial]
     fn test_dosr_auth() {
-        // check that the /etc/pam.d/dosr_test file exists
-        use std::fs;
-        if fs::metadata("/etc/pam.d/dosr_test").is_err() {
-            eprintln!("Skipping test_dosr_auth: /etc/pam.d/dosr_test not found");
+        if env!("RAR_PAM_SERVICE") == "dosr" {
+            println!("Skipping test_dosr_auth because RAR_PAM_SERVICE is set to original dosr");
             return;
         }
         let runner = get_test_runner().expect("Failed to setup test environment");
@@ -294,11 +292,11 @@ mod tests {
         );
         assert_eq!(result.exit_code, 0);
         // assert that a timestamp cookie was created
-        let path = std::path::Path::new("/var/run/sr/ts").join("0");
+        let path = std::path::Path::new("/var/run/rar/ts").join("0");
         assert!(path.exists(), "Timestamp cookie was not created");
         // run dosr -K to delete the timestamp cookie
         let result = runner
-            .run_dosr(&["-K", "/usr/bin/true"])
+            .run_dosr(&["-K"])
             .fixture_name("tests/fixtures/perform_auth.json")
             .call()
             .expect("Failed to run dosr with auth role");
