Mercurial > crates > nonstick

annotate build.rs @ 100:3f11b8d30f63

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement environment variable management. This actually wires up the environment variable handling to libpam, so that applications and modules can manage the environment through the authentication process.
author Paul Fisher <paul@pfish.zone>
date Tue, 24 Jun 2025 17:08:01 -0400
parents efe2f5f8b5b2
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
1 use bindgen::MacroTypeVariation;
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
2 use std::env;
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
3 use std::path::PathBuf;
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
4
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
5 fn main() {
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
6 if cfg!(feature = "link") {
90
f6186e41399b Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
7 println!("cargo::rustc-link-lib=pam");
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
8 println!("cargo::rustc-check-cfg=cfg(pam_impl, values(\"linux-pam\",\"openpam\"))");
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
9 let common_builder = bindgen::Builder::default()
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
10 .merge_extern_blocks(true)
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
11 .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
12 .blocklist_type("pam_handle")
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
13 .blocklist_type("pam_conv")
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
14 .allowlist_var(".*")
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
15 .allowlist_function("pam_start")
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
16 .allowlist_function("pam_[gs]et_item")
100
3f11b8d30f63 Implement environment variable management.
Paul Fisher <paul@pfish.zone>
parents: 97
diff changeset
17 .allowlist_function("pam_get_(user|authtok)")
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
18 .allowlist_function("pam_end")
90
f6186e41399b Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
19 .allowlist_function("pam_strerror")
97
efe2f5f8b5b2 Implement "stateless" application-side PAM calls.
Paul Fisher <paul@pfish.zone>
parents: 92
diff changeset
20 .allowlist_function("pam_authenticate")
efe2f5f8b5b2 Implement "stateless" application-side PAM calls.
Paul Fisher <paul@pfish.zone>
parents: 92
diff changeset
21 .allowlist_function("pam_chauthtok")
efe2f5f8b5b2 Implement "stateless" application-side PAM calls.
Paul Fisher <paul@pfish.zone>
parents: 92
diff changeset
22 .allowlist_function("pam_acct_mgmt")
100
3f11b8d30f63 Implement environment variable management.
Paul Fisher <paul@pfish.zone>
parents: 97
diff changeset
23 .allowlist_function("pam_(ge|pu)tenv(list)?")
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 83
diff changeset
24 .default_macro_constant_type(MacroTypeVariation::Unsigned);
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
25
81
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
26 let linux_builder = common_builder
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
27 .clone()
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
28 // This function is not available in OpenPAM.
92
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
29 // That means if somebody tries to run a binary compiled for
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
30 // Linux-PAM against a different impl, it will fail.
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
31 .allowlist_function("pam_syslog")
81
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
32 .header_contents(
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
33 "linux-pam.h",
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
34 r#"
92
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
35 #include <syslog.h> // for log levels
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
36 #include <security/_pam_types.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
37 #include <security/pam_appl.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
38 #include <security/pam_ext.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
39 #include <security/pam_modules.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
40 "#,
81
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
41 );
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
42 let openpam_builder = common_builder
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
43 .clone()
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
44 // This function is not available in Linux-PAM.
92
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
45 // That means if somebody tries to run a binary compiled for
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
46 // OpenPAM against a different impl, it will fail.
5ddbcada30f2 Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents: 90
diff changeset
47 .allowlist_function("openpam_log")
81
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
48 .header_contents(
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
49 "openpam.h",
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
50 r#"
83
9fc778c03bff Reorder pam_types to work on BSD.
Paul Fisher <paul@pfish.zone>
parents: 82
diff changeset
51 #include <security/pam_types.h>
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
52 #include <security/openpam.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
53 #include <security/pam_appl.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
54 #include <security/pam_constants.h>
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
55 "#,
81
a8f4718fed5d When dynamically linking against the wrong PAM, fail.
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
56 );
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
57
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
58 let (pam_impl, bindings) = {
82
73c3f8e3b49d Don't immediately fail when running build.rs.
Paul Fisher <paul@pfish.zone>
parents: 81
diff changeset
59 if let Ok(bindings) = linux_builder.generate() {
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
60 ("linux-pam", bindings)
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
61 } else if let Ok(bindings) = openpam_builder.generate() {
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
62 ("openpam", bindings)
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
63 } else {
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
64 panic!("unrecognized PAM implementation")
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
65 }
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
66 };
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
67 println!("cargo::rustc-cfg=pam_impl={pam_impl:?}");
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
68 let out_path = PathBuf::from(env::var("OUT_DIR").unwrap());
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
69 bindings
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
70 .write_to_file(out_path.join("bindings.rs"))
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
71 .unwrap();
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
72 }
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
diff changeset
73 }