Mercurial > crates > nonstick

annotate pam-sober/src/lib.rs @ 17:53efbcff805d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add pam-sober
author Anthony Nowell <anthony@algorithmia.com>
date Sun, 24 Sep 2017 00:57:13 -0600
parents
children d654aa0655e5
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
1 extern crate pam;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
2 extern crate rand;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
3
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
4 pub mod ffi;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
5
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
6 use pam::module::{PamHandleT, get_item, get_user};
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
7 use pam::constants::{PamResultCode, PAM_PROMPT_ECHO_OFF};
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
8 use pam::conv::PamConv;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
9 use std::collections::HashMap;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
10 use std::time::Duration;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
11 use rand::Rng;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
12 use std::str::FromStr;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
13
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
14 macro_rules! pam_try {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
15 ($e:expr) => (
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
16 match $e {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
17 Ok(v) => v,
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
18 Err(e) => return e,
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
19 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
20 );
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
21 ($e:expr, $err:expr) => (
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
22 match $e {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
23 Ok(v) => v,
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
24 Err(e) => {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
25 println!("Error: {}", e);
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
26 return $err;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
27 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
28 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
29 );
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
30 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
31
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
32 // This function performs the task of authenticating the user.
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
33 pub fn sm_authenticate(pamh: &PamHandleT, args: Vec<String>, silent: bool) -> PamResultCode {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
34 println!("Let's auth over HTTP");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
35
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
36 /* TODO: use args to change difficulty ;-)
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
37 let args: HashMap<&str, &str> = args.iter().map(|s| {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
38 let mut parts = s.splitn(2, "=");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
39 (parts.next().unwrap(), parts.next().unwrap_or(""))
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
40 }).collect();
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
41 */
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
42
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
43 // TODO: maybe we can change difficulty base on user?
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
44 // let user = pam_try!(get_user(&pamh, None));
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
45
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
46 let conv = match get_item::<PamConv>(&pamh) {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
47 Ok(conv) => conv,
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
48 Err(err) => {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
49 println!("Couldn't get pam_conv");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
50 return err;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
51 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
52 };
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
53
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
54 let mut rng = rand::thread_rng();
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
55 let a = rng.gen::<u32>() % 100;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
56 let b = rng.gen::<u32>() % 100;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
57 let math = format!("{} + {} = ", a, b);
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
58
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
59 // This println kinda helps debugging since the test script doesn't echo
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
60 println!("{}", math);
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
61
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
62 let password = pam_try!(conv.send(PAM_PROMPT_ECHO_OFF, &math));
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
63
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
64 if password.and_then(|p| u32::from_str(&p).ok()) == Some(a+b) {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
65 return PamResultCode::PAM_SUCCESS;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
66 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
67
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
68 println!("You failed the PAM sobriety test.");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
69 return PamResultCode::PAM_AUTH_ERR;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
70 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
71
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
72 // This function performs the task of altering the credentials of the user with respect to the
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
73 // corresponding authorization scheme. Generally, an authentication module may have access to more
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
74 // information about a user than their authentication token. This function is used to make such
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
75 // information available to the application. It should only be called after the user has been
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
76 // authenticated but before a session has been established.
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
77 pub fn sm_setcred(_pamh: &PamHandleT, _args: Vec<String>, _silent: bool) -> PamResultCode {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
78 println!("set credentials");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
79 PamResultCode::PAM_SUCCESS
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
80 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
81
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
82 // This function performs the task of establishing whether the user is permitted to gain access at
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
83 // this time. It should be understood that the user has previously been validated by an
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
84 // authentication module. This function checks for other things. Such things might be: the time of
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
85 // day or the date, the terminal line, remote hostname, etc. This function may also determine
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
86 // things like the expiration on passwords, and respond that the user change it before continuing.
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
87 pub fn acct_mgmt(_pamh: &PamHandleT, _args: Vec<String>, _silent: bool) -> PamResultCode {
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
88 println!("account management");
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
89 PamResultCode::PAM_SUCCESS
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
90 }