Mercurial > crates > nonstick
annotate src/handle.rs @ 87:05291b601f0a
Well and truly separate the Linux extensions.
This separates the Linux extensions on the libpam side,
and disables the two enums on the interface side.
Users can still call the Linux extensions from non-Linux PAM impls,
but they'll get a conversation error back.
| author | Paul Fisher <paul@pfish.zone> |
|---|---|
| date | Tue, 10 Jun 2025 04:40:01 -0400 |
| parents | 5aa1a010f1e8 |
| children |
| rev | line source |
|---|---|
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
1 //! The wrapper types and traits for handles into the PAM library. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
2 |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
3 use crate::constants::Result; |
| 72 | 4 use crate::conv::Conversation; |
|
15
27730595f1ea
Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff
changeset
|
5 |
| 72 | 6 macro_rules! trait_item { |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
7 ($(#[$md:meta])* get = $getter:ident, item = $item:literal $(, see = $see:path)?) => { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
8 $(#[$md])* |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
9 #[doc = ""] |
| 72 | 10 #[doc = concat!("Gets the `", $item, "` of the PAM handle.")] |
| 11 $( | |
| 12 #[doc = concat!("See [`", stringify!($see), "`].")] | |
| 13 )? | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
14 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
15 /// Returns a reference to the item's value, owned by PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
16 /// The item is assumed to be valid UTF-8 text. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
17 /// If it is not, `ConversationError` is returned. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
18 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
19 /// See the [`pam_get_item`][man] manual page, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
20 /// [`pam_get_item` in the Module Writers' Guide][mwg], or |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
21 /// [`pam_get_item` in the Application Developers' Guide][adg]. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
22 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
23 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_item.3.html |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
24 /// [adg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/adg-interface-by-app-expected.html#adg-pam_get_item |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
25 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_item |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
26 fn $getter(&self) -> Result<Option<&str>>; |
| 72 | 27 }; |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
28 ($(#[$md:meta])* set = $setter:ident, item = $item:literal $(, see = $see:path)?) => { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
29 $(#[$md])* |
| 72 | 30 #[doc = concat!("Sets the `", $item, "` from the PAM handle.")] |
| 31 $( | |
| 32 #[doc = concat!("See [`", stringify!($see), "`].")] | |
| 33 )? | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
34 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
35 /// Sets the item's value. PAM copies the string's contents. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
36 /// If the string contains a null byte, this will return |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
37 /// a `ConversationError`. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
38 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
39 /// See the [`pam_set_item`][man] manual page, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
40 /// [`pam_set_item` in the Module Writers' Guide][mwg], or |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
41 /// [`pam_set_item` in the Application Developers' Guide][adg]. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
42 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
43 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_set_item.3.html |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
44 /// [adg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/adg-interface-by-app-expected.html#adg-pam_set_item |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
45 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_set_item |
| 72 | 46 fn $setter(&mut self, value: Option<&str>) -> Result<()>; |
| 47 }; | |
| 48 } | |
| 49 | |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
50 /// Functionality for both PAM applications and PAM modules. |
|
56
daa2cde64601
Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents:
51
diff
changeset
|
51 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
52 /// This base trait includes features of a PAM handle that are available |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
53 /// to both applications and modules. |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
54 /// |
|
75
c30811b4afae
rename pam_ffi submodule to libpam.
Paul Fisher <paul@pfish.zone>
parents:
73
diff
changeset
|
55 /// You probably want [`LibPamHandle`](crate::libpam::OwnedLibPamHandle). |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
56 /// This trait is intended to allow creating mock PAM handle types |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
57 /// to test PAM modules and applications. |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
58 pub trait PamShared { |
|
19
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
59 /// Retrieves the name of the user who is authenticating or logging in. |
|
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
60 /// |
| 72 | 61 /// If the username has previously been obtained, this uses that username; |
| 62 /// otherwise it prompts the user with the first of these that is present: | |
| 63 /// | |
| 64 /// 1. The prompt string passed to this function. | |
| 65 /// 2. The string returned by `get_user_prompt_item`. | |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
66 /// 3. The default prompt, `login: `. |
| 72 | 67 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
68 /// See the [`pam_get_user` manual page][man] |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
69 /// or [`pam_get_user` in the Module Writer's Guide][mwg]. |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
70 /// |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
71 /// # Example |
|
19
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
72 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
73 /// ```no_run |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
74 /// # use nonstick::PamShared; |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
75 /// # fn _doc(handle: &mut impl PamShared) -> Result<(), Box<dyn std::error::Error>> { |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
76 /// // Get the username using the default prompt. |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
77 /// let user = handle.get_user(None)?; |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
78 /// // Get the username using a custom prompt. |
| 72 | 79 /// // If this were actually called right after the above, |
| 80 /// // both user and user_2 would have the same value. | |
| 81 /// let user_2 = handle.get_user(Some("who ARE you even???"))?; | |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
82 /// # Ok(()) |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
83 /// # } |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
84 /// ``` |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
85 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
86 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_user.3.html |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
87 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_user |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
88 fn get_user(&mut self, prompt: Option<&str>) -> Result<&str>; |
| 72 | 89 |
| 90 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
91 /// The identity of the user for whom service is being requested. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
92 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
93 /// Unlike [`get_user`](Self::get_user), this will simply get |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
94 /// the current state of the user item, and not request the username. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
95 /// While PAM usually sets this automatically in the `get_user` call, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
96 /// it may be changed by a module during the PAM transaction. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
97 /// Applications should check it after each step of the PAM process. |
| 72 | 98 get = user_item, |
| 99 item = "PAM_USER", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
100 see = Self::get_user |
| 72 | 101 ); |
| 102 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
103 /// Sets the identity of the logging-in user. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
104 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
105 /// Usually this will be set during the course of |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
106 /// a [`get_user`](Self::get_user) call, but you may set it manually |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
107 /// or change it during the PAM process. |
| 72 | 108 set = set_user_item, |
| 109 item = "PAM_USER", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
110 see = Self::user_item |
| 72 | 111 ); |
|
44
50371046c61a
Add support for pam_get_authtok and minor cleanups.
Paul Fisher <paul@pfish.zone>
parents:
34
diff
changeset
|
112 |
| 72 | 113 trait_item!( |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
114 /// The service name, which identifies the PAM stack which is used |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
115 /// to perform authentication. |
| 72 | 116 get = service, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
117 item = "PAM_SERVICE" |
| 72 | 118 ); |
| 119 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
120 /// The service name, which identifies the PAM stack which is used |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
121 /// to perform authentication. It's probably a bad idea to change this. |
| 72 | 122 set = set_service, |
| 123 item = "PAM_SERVICE", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
124 see = Self::service |
| 72 | 125 ); |
| 126 | |
| 127 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
128 /// The string used to prompt for a user's name. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
129 /// By default, this is a localized version of `login: `. |
| 72 | 130 get = user_prompt, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
131 item = "PAM_USER_PROMPT" |
| 72 | 132 ); |
| 133 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
134 /// Sets the string used to prompt for a user's name. |
| 72 | 135 set = set_user_prompt, |
| 136 item = "PAM_USER_PROMPT", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
137 see = Self::user_prompt |
| 72 | 138 ); |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
139 |
| 72 | 140 trait_item!( |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
141 /// "The terminal name prefixed by /dev/ for device files." |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
142 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
143 /// This is the terminal the user is logging in on. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
144 /// Very old applications may use this instead of `PAM_XDISPLAY`. |
| 72 | 145 get = tty_name, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
146 item = "PAM_TTY" |
| 72 | 147 ); |
| 148 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
149 /// Sets the terminal name. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
150 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
151 /// (TODO: See if libpam sets this itself or if the application does.) |
| 72 | 152 set = set_tty_name, |
| 153 item = "PAM_TTY", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
154 see = Self::tty_name |
| 72 | 155 ); |
| 156 | |
| 157 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
158 /// If set, the identity of the remote user logging in. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
159 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
160 /// This is only as trustworthy as the application calling PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
161 /// Also see [`remote_host`](Self::remote_host). |
| 72 | 162 get = remote_user, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
163 item = "PAM_RUSER" |
| 72 | 164 ); |
| 165 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
166 /// Sets the identity of the remote user logging in. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
167 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
168 /// This is usually set by the application before making calls |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
169 /// into a PAM session. (TODO: check this!) |
| 72 | 170 set = set_remote_user, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
171 item = "PAM_RUSER" |
| 72 | 172 ); |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
173 |
| 72 | 174 trait_item!( |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
175 /// If set, the remote location where the user is coming from. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
176 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
177 /// This is only as trustworthy as the application calling PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
178 /// This can be combined with [`Self::remote_user`] to identify |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
179 /// the account the user is attempting to log in from, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
180 /// with `remote_user@remote_host`. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
181 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
182 /// If unset, "it is unclear where the authentication request |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
183 /// is originating from." |
| 72 | 184 get = remote_host, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
185 item = "PAM_RHOST" |
| 72 | 186 ); |
| 187 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
188 /// Sets the location where the user is coming from. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
189 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
190 /// This is usually set by the application before making calls |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
191 /// into a PAM session. (TODO: check this!) |
| 72 | 192 set = set_remote_host, |
| 193 item = "PAM_RHOST", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
194 see = Self::remote_host |
| 72 | 195 ); |
| 196 | |
| 197 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
198 /// Gets the user's authentication token (e.g., password). |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
199 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
200 /// This is usually set automatically when |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
201 /// [`get_authtok`](PamHandleModule::get_authtok) is called, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
202 /// but can be manually set. |
| 72 | 203 set = set_authtok_item, |
| 204 item = "PAM_AUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
205 see = PamHandleModule::authtok_item |
| 72 | 206 ); |
| 207 | |
| 208 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
209 /// Sets the user's "old authentication token" when changing passwords. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
210 // |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
211 /// This is usually set automatically by PAM. |
| 72 | 212 set = set_old_authtok_item, |
| 213 item = "PAM_OLDAUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
214 see = PamHandleModule::old_authtok_item |
| 72 | 215 ); |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
216 } |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
217 |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
218 /// Functionality of a PAM handle that can be expected by a PAM application. |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
219 /// |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
220 /// If you are not writing a PAM client application (e.g., you are writing |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
221 /// a module), you should not use the functionality exposed by this trait. |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
222 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
223 /// Like [`PamShared`], this is intended to allow creating mock implementations |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
224 /// of PAM for testing PAM applications. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
225 pub trait PamHandleApplication: PamShared { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
226 // reserved! |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
227 } |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
228 |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
229 /// Functionality of a PAM handle that can be expected by a PAM module. |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
230 /// |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
231 /// If you are not writing a PAM module (e.g., you are writing an application), |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
232 /// you should not use any of the functionality exposed by this trait. |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
233 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
234 /// Like [`PamShared`], this is intended to allow creating mock implementations |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
235 /// of PAM for testing PAM modules. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
236 pub trait PamHandleModule: Conversation + PamShared { |
| 72 | 237 /// Retrieves the authentication token from the user. |
| 238 /// | |
| 239 /// This should only be used by *authentication* and *password-change* | |
| 240 /// PAM modules. | |
| 241 /// | |
| 242 /// See the [`pam_get_authtok` manual page][man] | |
| 243 /// or [`pam_get_item` in the Module Writer's Guide][mwg]. | |
| 244 /// | |
| 245 /// # Example | |
| 246 /// | |
| 247 /// ```no_run | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
248 /// # use nonstick::handle::PamHandleModule; |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
249 /// # fn _doc(handle: &mut impl PamHandleModule) -> Result<(), Box<dyn std::error::Error>> { |
| 72 | 250 /// // Get the user's password using the default prompt. |
| 251 /// let pass = handle.get_authtok(None)?; | |
| 252 /// // Get the user's password using a custom prompt. | |
| 253 /// let pass = handle.get_authtok(Some("Reveal your secrets!"))?; | |
| 254 /// Ok(()) | |
| 255 /// # } | |
| 256 /// ``` | |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
257 /// |
| 72 | 258 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_authtok.3.html |
| 259 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_item | |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
260 fn get_authtok(&mut self, prompt: Option<&str>) -> Result<&str>; |
| 72 | 261 |
| 262 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
263 /// Gets the user's authentication token (e.g., password). |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
264 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
265 /// This is normally set automatically by PAM when calling |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
266 /// [`get_authtok`](Self::get_authtok), but can be set explicitly. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
267 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
268 /// Like `get_authtok`, this should only ever be called |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
269 /// by *authentication* and *password-change* PAM modules. |
| 72 | 270 get = authtok_item, |
| 271 item = "PAM_AUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
272 see = Self::get_authtok |
| 72 | 273 ); |
| 274 | |
| 275 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
276 /// Gets the user's old authentication token when changing passwords. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
277 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
278 /// This should only ever be called by *password-change* PAM modules. |
| 72 | 279 get = old_authtok_item, |
| 280 item = "PAM_OLDAUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
281 see = PamShared::set_old_authtok_item |
| 72 | 282 ); |
| 283 | |
| 284 /* | |
| 285 TODO: Re-enable this at some point. | |
| 286 /// Gets some pointer, identified by `key`, that has been set previously | |
| 287 /// using [`set_data`](Self::set_data). | |
| 288 /// | |
| 289 /// The data, if present, is still owned by the current PAM session. | |
| 290 /// | |
| 291 /// See the [`pam_get_data` manual page][man] | |
| 292 /// or [`pam_get_data` in the Module Writer's Guide][mwg]. | |
| 293 /// | |
| 294 /// # Safety | |
| 295 /// | |
| 296 /// The data stored under the provided key must be of type `T`, | |
| 297 /// otherwise you'll get back a completely invalid `&T` | |
| 298 /// and further behavior is undefined. | |
| 299 /// | |
| 300 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_data.3.html | |
| 301 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_data | |
| 302 unsafe fn get_data<T>(&mut self, key: &str) -> Result<Option<&T>>; | |
| 303 | |
| 304 /// Stores a pointer that can be retrieved later with [`get_data`](Self::get_data). | |
| 305 /// | |
| 306 /// This data is accessible to this module and other PAM modules | |
| 307 /// (using the provided `key`), but is *not* accessible to the application. | |
| 308 /// The PAM session takes ownership of the data, and it will be dropped | |
| 309 /// when the session ends. | |
| 310 /// | |
| 311 /// See the [`pam_set_data` manual page][man] | |
| 312 /// or [`pam_set_data` in the Module Writer's Guide][mwg]. | |
| 313 /// | |
| 314 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_set_data.3.html | |
| 315 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_set_data | |
| 316 fn set_data<T>(&mut self, key: &str, data: Box<T>) -> Result<()>; | |
| 317 */ | |
| 318 } |