Mercurial > crates > nonstick
annotate src/handle.rs @ 95:51c9d7e8261a
Return owned strings rather than borrowed strings.
It's going to be irritating to have to work with strings borrowed from the
PAM handle rather than just using your own. They're cheap enough to copy.
| author | Paul Fisher <paul@pfish.zone> |
|---|---|
| date | Mon, 23 Jun 2025 14:03:44 -0400 |
| parents | db167f96ba46 |
| children | efe2f5f8b5b2 |
| rev | line source |
|---|---|
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
1 //! The wrapper types and traits for handles into the PAM library. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
2 |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
3 use crate::constants::Result; |
| 72 | 4 use crate::conv::Conversation; |
|
92
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
5 use crate::logging::Level; |
|
15
27730595f1ea
Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff
changeset
|
6 |
| 72 | 7 macro_rules! trait_item { |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
8 ($(#[$md:meta])* get = $getter:ident, item = $item:literal $(, see = $see:path)?) => { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
9 $(#[$md])* |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
10 #[doc = ""] |
| 72 | 11 #[doc = concat!("Gets the `", $item, "` of the PAM handle.")] |
| 12 $( | |
| 13 #[doc = concat!("See [`", stringify!($see), "`].")] | |
| 14 )? | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
15 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
16 /// Returns a reference to the item's value, owned by PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
17 /// The item is assumed to be valid UTF-8 text. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
18 /// If it is not, `ConversationError` is returned. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
19 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
20 /// See the [`pam_get_item`][man] manual page, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
21 /// [`pam_get_item` in the Module Writers' Guide][mwg], or |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
22 /// [`pam_get_item` in the Application Developers' Guide][adg]. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
23 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
24 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_item.3.html |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
25 /// [adg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/adg-interface-by-app-expected.html#adg-pam_get_item |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
26 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_item |
|
95
51c9d7e8261a
Return owned strings rather than borrowed strings.
Paul Fisher <paul@pfish.zone>
parents:
94
diff
changeset
|
27 fn $getter(&self) -> Result<Option<String>>; |
| 72 | 28 }; |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
29 ($(#[$md:meta])* set = $setter:ident, item = $item:literal $(, see = $see:path)?) => { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
30 $(#[$md])* |
| 72 | 31 #[doc = concat!("Sets the `", $item, "` from the PAM handle.")] |
| 32 $( | |
| 33 #[doc = concat!("See [`", stringify!($see), "`].")] | |
| 34 )? | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
35 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
36 /// Sets the item's value. PAM copies the string's contents. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
37 /// If the string contains a null byte, this will return |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
38 /// a `ConversationError`. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
39 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
40 /// See the [`pam_set_item`][man] manual page, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
41 /// [`pam_set_item` in the Module Writers' Guide][mwg], or |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
42 /// [`pam_set_item` in the Application Developers' Guide][adg]. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
43 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
44 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_set_item.3.html |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
45 /// [adg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/adg-interface-by-app-expected.html#adg-pam_set_item |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
46 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_set_item |
| 72 | 47 fn $setter(&mut self, value: Option<&str>) -> Result<()>; |
| 48 }; | |
| 49 } | |
| 50 | |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
51 /// Functionality for both PAM applications and PAM modules. |
|
56
daa2cde64601
Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents:
51
diff
changeset
|
52 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
53 /// This base trait includes features of a PAM handle that are available |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
54 /// to both applications and modules. |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
55 /// |
|
75
c30811b4afae
rename pam_ffi submodule to libpam.
Paul Fisher <paul@pfish.zone>
parents:
73
diff
changeset
|
56 /// You probably want [`LibPamHandle`](crate::libpam::OwnedLibPamHandle). |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
57 /// This trait is intended to allow creating mock PAM handle types |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
58 /// to test PAM modules and applications. |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
59 pub trait PamShared { |
|
92
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
60 /// Logs something via this PAM handle. |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
61 /// |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
62 /// You probably want to use one of the logging macros, |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
63 /// like [`error!`], [`warning!`], [`info!`], or [`debug!`]. |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
64 /// |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
65 /// In most PAM implementations, this will go to syslog. |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
66 /// |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
67 /// # Example |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
68 /// |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
69 /// ```no_run |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
70 /// # use nonstick::{PamShared}; |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
71 /// # use nonstick::logging::Level; |
|
94
db167f96ba46
Replace todo! with unimplemented! in documentation.
Paul Fisher <paul@pfish.zone>
parents:
92
diff
changeset
|
72 /// # let pam_hdl: Box<dyn PamShared> = unimplemented!(); |
|
92
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
73 /// # let delay_ms = 100; |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
74 /// # let url = "https://zombo.com"; |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
75 /// // Usually, instead of calling this manually, just use the macros. |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
76 /// nonstick::error!(pam_hdl, "something bad happened!"); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
77 /// nonstick::warn!(pam_hdl, "loading information took {delay_ms} ms"); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
78 /// nonstick::info!(pam_hdl, "using network backend"); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
79 /// nonstick::debug!(pam_hdl, "sending GET request to {url}"); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
80 /// // But if you really want to, you can call this yourself: |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
81 /// pam_hdl.log(Level::Warning, "this is unnecessarily verbose"); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
82 /// ``` |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
83 fn log(&self, level: Level, entry: &str); |
|
5ddbcada30f2
Add the ability to log against a PAM handle.
Paul Fisher <paul@pfish.zone>
parents:
91
diff
changeset
|
84 |
|
19
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
85 /// Retrieves the name of the user who is authenticating or logging in. |
|
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
86 /// |
| 72 | 87 /// If the username has previously been obtained, this uses that username; |
| 88 /// otherwise it prompts the user with the first of these that is present: | |
| 89 /// | |
| 90 /// 1. The prompt string passed to this function. | |
| 91 /// 2. The string returned by `get_user_prompt_item`. | |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
92 /// 3. The default prompt, `login: `. |
| 72 | 93 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
94 /// See the [`pam_get_user` manual page][man] |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
95 /// or [`pam_get_user` in the Module Writer's Guide][mwg]. |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
96 /// |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
97 /// # Example |
|
19
d654aa0655e5
Making PamHandle a struct with methods
Anthony Nowell <anthony@algorithmia.com>
parents:
15
diff
changeset
|
98 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
99 /// ```no_run |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
100 /// # use nonstick::PamShared; |
|
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
101 /// # fn _doc(handle: &mut impl PamShared) -> Result<(), Box<dyn std::error::Error>> { |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
102 /// // Get the username using the default prompt. |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
103 /// let user = handle.username(None)?; |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
104 /// // Get the username using a custom prompt. |
| 72 | 105 /// // If this were actually called right after the above, |
| 106 /// // both user and user_2 would have the same value. | |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
107 /// let user_2 = handle.username(Some("who ARE you even???"))?; |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
108 /// # Ok(()) |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
109 /// # } |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
110 /// ``` |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
111 /// |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
112 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_user.3.html |
|
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
113 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_user |
|
95
51c9d7e8261a
Return owned strings rather than borrowed strings.
Paul Fisher <paul@pfish.zone>
parents:
94
diff
changeset
|
114 fn username(&mut self, prompt: Option<&str>) -> Result<String>; |
| 72 | 115 |
| 116 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
117 /// The identity of the user for whom service is being requested. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
118 /// |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
119 /// Unlike [`username`](Self::username), this will simply get |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
120 /// the current state of the user item, and not request the username. |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
121 /// While PAM usually sets this automatically in the `username` call, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
122 /// it may be changed by a module during the PAM transaction. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
123 /// Applications should check it after each step of the PAM process. |
| 72 | 124 get = user_item, |
| 125 item = "PAM_USER", | |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
126 see = Self::username |
| 72 | 127 ); |
| 128 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
129 /// Sets the identity of the logging-in user. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
130 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
131 /// Usually this will be set during the course of |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
132 /// a [`username`](Self::username) call, but you may set it manually |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
133 /// or change it during the PAM process. |
| 72 | 134 set = set_user_item, |
| 135 item = "PAM_USER", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
136 see = Self::user_item |
| 72 | 137 ); |
|
44
50371046c61a
Add support for pam_get_authtok and minor cleanups.
Paul Fisher <paul@pfish.zone>
parents:
34
diff
changeset
|
138 |
| 72 | 139 trait_item!( |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
140 /// The service name, which identifies the PAM stack which is used |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
141 /// to perform authentication. |
| 72 | 142 get = service, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
143 item = "PAM_SERVICE" |
| 72 | 144 ); |
| 145 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
146 /// The service name, which identifies the PAM stack which is used |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
147 /// to perform authentication. It's probably a bad idea to change this. |
| 72 | 148 set = set_service, |
| 149 item = "PAM_SERVICE", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
150 see = Self::service |
| 72 | 151 ); |
| 152 | |
| 153 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
154 /// The string used to prompt for a user's name. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
155 /// By default, this is a localized version of `login: `. |
| 72 | 156 get = user_prompt, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
157 item = "PAM_USER_PROMPT" |
| 72 | 158 ); |
| 159 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
160 /// Sets the string used to prompt for a user's name. |
| 72 | 161 set = set_user_prompt, |
| 162 item = "PAM_USER_PROMPT", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
163 see = Self::user_prompt |
| 72 | 164 ); |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
165 |
| 72 | 166 trait_item!( |
|
91
039aae9a01f7
Improve documentation on TTY functions.
Paul Fisher <paul@pfish.zone>
parents:
90
diff
changeset
|
167 /// The device path of the TTY being used to log in. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
168 /// |
|
91
039aae9a01f7
Improve documentation on TTY functions.
Paul Fisher <paul@pfish.zone>
parents:
90
diff
changeset
|
169 /// This is the terminal the user is logging in on, |
|
039aae9a01f7
Improve documentation on TTY functions.
Paul Fisher <paul@pfish.zone>
parents:
90
diff
changeset
|
170 /// specified as the full device path (e.g. `/dev/tty0`). |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
171 /// Very old applications may use this instead of `PAM_XDISPLAY`. |
| 72 | 172 get = tty_name, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
173 item = "PAM_TTY" |
| 72 | 174 ); |
| 175 trait_item!( | |
|
91
039aae9a01f7
Improve documentation on TTY functions.
Paul Fisher <paul@pfish.zone>
parents:
90
diff
changeset
|
176 /// Sets the path to the terminal where the user is logging on. |
| 72 | 177 set = set_tty_name, |
| 178 item = "PAM_TTY", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
179 see = Self::tty_name |
| 72 | 180 ); |
| 181 | |
| 182 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
183 /// If set, the identity of the remote user logging in. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
184 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
185 /// This is only as trustworthy as the application calling PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
186 /// Also see [`remote_host`](Self::remote_host). |
| 72 | 187 get = remote_user, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
188 item = "PAM_RUSER" |
| 72 | 189 ); |
| 190 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
191 /// Sets the identity of the remote user logging in. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
192 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
193 /// This is usually set by the application before making calls |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
194 /// into a PAM session. (TODO: check this!) |
| 72 | 195 set = set_remote_user, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
196 item = "PAM_RUSER" |
| 72 | 197 ); |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
198 |
| 72 | 199 trait_item!( |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
200 /// If set, the remote location where the user is coming from. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
201 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
202 /// This is only as trustworthy as the application calling PAM. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
203 /// This can be combined with [`Self::remote_user`] to identify |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
204 /// the account the user is attempting to log in from, |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
205 /// with `remote_user@remote_host`. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
206 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
207 /// If unset, "it is unclear where the authentication request |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
208 /// is originating from." |
| 72 | 209 get = remote_host, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
210 item = "PAM_RHOST" |
| 72 | 211 ); |
| 212 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
213 /// Sets the location where the user is coming from. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
214 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
215 /// This is usually set by the application before making calls |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
216 /// into a PAM session. (TODO: check this!) |
| 72 | 217 set = set_remote_host, |
| 218 item = "PAM_RHOST", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
219 see = Self::remote_host |
| 72 | 220 ); |
| 221 | |
| 222 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
223 /// Gets the user's authentication token (e.g., password). |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
224 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
225 /// This is usually set automatically when |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
226 /// [`authtok`](PamHandleModule::authtok) is called, |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
227 /// but can be manually set. |
| 72 | 228 set = set_authtok_item, |
| 229 item = "PAM_AUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
230 see = PamHandleModule::authtok_item |
| 72 | 231 ); |
| 232 | |
| 233 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
234 /// Sets the user's "old authentication token" when changing passwords. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
235 // |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
236 /// This is usually set automatically by PAM. |
| 72 | 237 set = set_old_authtok_item, |
| 238 item = "PAM_OLDAUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
239 see = PamHandleModule::old_authtok_item |
| 72 | 240 ); |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
241 } |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
242 |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
243 /// Functionality of a PAM handle that can be expected by a PAM application. |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
244 /// |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
245 /// If you are not writing a PAM client application (e.g., you are writing |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
246 /// a module), you should not use the functionality exposed by this trait. |
|
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
247 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
248 /// Like [`PamShared`], this is intended to allow creating mock implementations |
|
69
8f3ae0c7ab92
Rework conversation data types and make safe wrappers.
Paul Fisher <paul@pfish.zone>
parents:
66
diff
changeset
|
249 /// of PAM for testing PAM applications. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
250 pub trait PamHandleApplication: PamShared { |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
251 // reserved! |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
252 } |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
253 |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
254 /// Functionality of a PAM handle that can be expected by a PAM module. |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
255 /// |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
256 /// If you are not writing a PAM module (e.g., you are writing an application), |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
257 /// you should not use any of the functionality exposed by this trait. |
|
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
258 /// |
|
73
ac6881304c78
Do conversations, along with way too much stuff.
Paul Fisher <paul@pfish.zone>
parents:
72
diff
changeset
|
259 /// Like [`PamShared`], this is intended to allow creating mock implementations |
|
66
a674799a5cd3
Make `PamHandle` and `PamModuleHandle` traits.
Paul Fisher <paul@pfish.zone>
parents:
64
diff
changeset
|
260 /// of PAM for testing PAM modules. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
261 pub trait PamHandleModule: Conversation + PamShared { |
| 72 | 262 /// Retrieves the authentication token from the user. |
| 263 /// | |
| 264 /// This should only be used by *authentication* and *password-change* | |
| 265 /// PAM modules. | |
| 266 /// | |
| 267 /// See the [`pam_get_authtok` manual page][man] | |
| 268 /// or [`pam_get_item` in the Module Writer's Guide][mwg]. | |
| 269 /// | |
| 270 /// # Example | |
| 271 /// | |
| 272 /// ```no_run | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
273 /// # use nonstick::handle::PamHandleModule; |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
274 /// # fn _doc(handle: &mut impl PamHandleModule) -> Result<(), Box<dyn std::error::Error>> { |
| 72 | 275 /// // Get the user's password using the default prompt. |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
276 /// let pass = handle.authtok(None)?; |
| 72 | 277 /// // Get the user's password using a custom prompt. |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
278 /// let pass = handle.authtok(Some("Reveal your secrets!"))?; |
| 72 | 279 /// Ok(()) |
| 280 /// # } | |
| 281 /// ``` | |
|
64
bbe84835d6db
More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents:
60
diff
changeset
|
282 /// |
| 72 | 283 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_authtok.3.html |
| 284 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_item | |
|
95
51c9d7e8261a
Return owned strings rather than borrowed strings.
Paul Fisher <paul@pfish.zone>
parents:
94
diff
changeset
|
285 fn authtok(&mut self, prompt: Option<&str>) -> Result<String>; |
| 72 | 286 |
| 287 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
288 /// Gets the user's authentication token (e.g., password). |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
289 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
290 /// This is normally set automatically by PAM when calling |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
291 /// [`authtok`](Self::authtok), but can be set explicitly. |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
292 /// |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
293 /// Like `authtok`, this should only ever be called |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
294 /// by *authentication* and *password-change* PAM modules. |
| 72 | 295 get = authtok_item, |
| 296 item = "PAM_AUTHTOK", | |
|
90
f6186e41399b
Miscellaneous fixes and cleanup:
Paul Fisher <paul@pfish.zone>
parents:
80
diff
changeset
|
297 see = Self::authtok |
| 72 | 298 ); |
| 299 | |
| 300 trait_item!( | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
301 /// Gets the user's old authentication token when changing passwords. |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
302 /// |
|
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
303 /// This should only ever be called by *password-change* PAM modules. |
| 72 | 304 get = old_authtok_item, |
| 305 item = "PAM_OLDAUTHTOK", | |
|
80
5aa1a010f1e8
Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents:
78
diff
changeset
|
306 see = PamShared::set_old_authtok_item |
| 72 | 307 ); |
| 308 | |
| 309 /* | |
| 310 TODO: Re-enable this at some point. | |
| 311 /// Gets some pointer, identified by `key`, that has been set previously | |
| 312 /// using [`set_data`](Self::set_data). | |
| 313 /// | |
| 314 /// The data, if present, is still owned by the current PAM session. | |
| 315 /// | |
| 316 /// See the [`pam_get_data` manual page][man] | |
| 317 /// or [`pam_get_data` in the Module Writer's Guide][mwg]. | |
| 318 /// | |
| 319 /// # Safety | |
| 320 /// | |
| 321 /// The data stored under the provided key must be of type `T`, | |
| 322 /// otherwise you'll get back a completely invalid `&T` | |
| 323 /// and further behavior is undefined. | |
| 324 /// | |
| 325 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_get_data.3.html | |
| 326 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_get_data | |
| 327 unsafe fn get_data<T>(&mut self, key: &str) -> Result<Option<&T>>; | |
| 328 | |
| 329 /// Stores a pointer that can be retrieved later with [`get_data`](Self::get_data). | |
| 330 /// | |
| 331 /// This data is accessible to this module and other PAM modules | |
| 332 /// (using the provided `key`), but is *not* accessible to the application. | |
| 333 /// The PAM session takes ownership of the data, and it will be dropped | |
| 334 /// when the session ends. | |
| 335 /// | |
| 336 /// See the [`pam_set_data` manual page][man] | |
| 337 /// or [`pam_set_data` in the Module Writer's Guide][mwg]. | |
| 338 /// | |
| 339 /// [man]: https://www.man7.org/linux/man-pages/man3/pam_set_data.3.html | |
| 340 /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-by-module-item.html#mwg-pam_set_data | |
| 341 fn set_data<T>(&mut self, key: &str, data: Box<T>) -> Result<()>; | |
| 342 */ | |
| 343 } |