annotate src/constants.rs @ 85:5e14bb093851

fix more openpam compat stuff
author Paul Fisher <paul@pfish.zone>
date Tue, 10 Jun 2025 02:42:29 -0400
parents a638a45e5f1f
children 23162cd399aa
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
1 //! Constants and enum values from the PAM library.
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
2
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
3 #[cfg(feature = "link")]
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
4 use crate::libpam::pam_ffi;
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
5 use bitflags::bitflags;
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
6 use libc::c_int;
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
7 use num_enum::{IntoPrimitive, TryFromPrimitive};
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
8 use std::ffi::c_uint;
71
58f9d2a4df38 Reorganize everything again???
Paul Fisher <paul@pfish.zone>
parents: 70
diff changeset
9 use std::result::Result as StdResult;
15
27730595f1ea Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
10
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
11 /// Arbitrary values for PAM constants when not linking against system PAM.
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
12 ///
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
13 /// **The values of these constants are deliberately selected _not_ to match
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
14 /// any PAM implementations. Applications should always use the symbolic value
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
15 /// and not a magic number.**
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
16 #[cfg(not(feature = "link"))]
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
17 mod pam_ffi {
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
18 macro_rules! define {
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
19 ($(#[$attr:meta])* $($name:ident = $value:expr),+) => {
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
20 define!(
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
21 @meta { $(#[$attr])* }
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
22 $(pub const $name: u32 = $value;)+
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
23 );
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
24 };
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
25 (@meta $m:tt $($i:item)+) => { define!(@expand $($m $i)+); };
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
26 (@expand $({ $(#[$m:meta])* } $i:item)+) => {$($(#[$m])* $i)+};
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
27 }
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
28 const fn bit(n: u8) -> u32 {
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
29 1 << n
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
30 }
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
31 define!(
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
32 PAM_SILENT = bit(13),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
33 PAM_DISALLOW_NULL_AUTHTOK = bit(14),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
34 PAM_ESTABLISH_CRED = bit(15),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
35 PAM_DELETE_CRED = bit(16),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
36 PAM_REINITIALIZE_CRED = bit(17),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
37 PAM_REFRESH_CRED = bit(18),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
38 PAM_CHANGE_EXPIRED_AUTHTOK = bit(19),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
39 PAM_PRELIM_CHECK = bit(20),
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
40 PAM_UPDATE_AUTHTOK = bit(21)
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
41 );
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
42
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
43 define!(
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
44 PAM_ABORT = 513,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
45 PAM_ACCT_EXPIRED = 514,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
46 PAM_AUTHINFO_UNAVAIL = 515,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
47 PAM_AUTHTOK_DISABLE_AGING = 516,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
48 PAM_AUTHTOK_ERR = 517,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
49 PAM_AUTHTOK_EXPIRED = 518,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
50 PAM_AUTHTOK_LOCK_BUSY = 519,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
51 PAM_AUTHTOK_RECOVERY_ERR = 520,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
52 PAM_AUTH_ERR = 521,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
53 PAM_BAD_ITEM = 522,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
54 PAM_BUF_ERR = 533,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
55 PAM_CONV_AGAIN = 534,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
56 PAM_CONV_ERR = 535,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
57 PAM_CRED_ERR = 536,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
58 PAM_CRED_EXPIRED = 537,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
59 PAM_CRED_INSUFFICIENT = 538,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
60 PAM_CRED_UNAVAIL = 539,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
61 PAM_IGNORE = 540,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
62 PAM_INCOMPLETE = 541,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
63 PAM_MAXTRIES = 542,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
64 PAM_MODULE_UNKNOWN = 543,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
65 PAM_NEW_AUTHTOK_REQD = 544,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
66 PAM_NO_MODULE_DATA = 545,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
67 PAM_OPEN_ERR = 546,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
68 PAM_PERM_DENIED = 547,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
69 PAM_SERVICE_ERR = 548,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
70 PAM_SESSION_ERR = 549,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
71 PAM_SYMBOL_ERR = 550,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
72 PAM_SYSTEM_ERR = 551,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
73 PAM_TRY_AGAIN = 552,
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
74 PAM_USER_UNKNOWN = 553
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
75 );
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
76 }
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
77
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
78 bitflags! {
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
79 /// The available PAM flags.
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
80 ///
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
81 /// See `/usr/include/security/_pam_types.h` and
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
82 /// See `/usr/include/security/pam_modules.h` for more details.
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
83 #[derive(Debug, PartialEq)]
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
84 #[repr(transparent)]
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
85 pub struct Flags: c_uint {
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
86 /// The module should not generate any messages.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
87 const SILENT = pam_ffi::PAM_SILENT as u32;
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
88
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
89 /// The module should return [ErrorCode::AuthError]
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
90 /// if the user has an empty authentication token
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
91 /// rather than immediately accepting them.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
92 const DISALLOW_NULL_AUTHTOK = pam_ffi::PAM_DISALLOW_NULL_AUTHTOK as u32;
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
93
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
94 // Flag used for `set_credentials`.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
95
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
96 /// Set user credentials for an authentication service.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
97 const ESTABLISH_CREDENTIALS = pam_ffi::PAM_ESTABLISH_CRED as u32;
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
98 /// Delete user credentials associated with
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
99 /// an authentication service.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
100 const DELETE_CREDENTIALS = pam_ffi::PAM_DELETE_CRED as u32;
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
101 /// Reinitialize user credentials.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
102 const REINITIALIZE_CREDENTIALS = pam_ffi::PAM_REINITIALIZE_CRED as u32;
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
103 /// Extend the lifetime of user credentials.
85
5e14bb093851 fix more openpam compat stuff
Paul Fisher <paul@pfish.zone>
parents: 84
diff changeset
104 const REFRESH_CREDENTIALS = pam_ffi::PAM_REFRESH_CRED as u32;
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
105
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
106 // Flags used for password changing.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
107
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
108 /// The password service should only update those passwords
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
109 /// that have aged. If this flag is _not_ passed,
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
110 /// the password service should update all passwords.
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
111 ///
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
112 /// This flag is only used by `change_authtok`.
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
113 const CHANGE_EXPIRED_AUTHTOK = pam_ffi::PAM_CHANGE_EXPIRED_AUTHTOK;
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
114
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
115 /// This is a preliminary check for password changing.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
116 /// The password should not be changed.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
117 ///
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
118 /// This is only used between PAM and a module.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
119 /// Applications may not use this flag.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
120 ///
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
121 /// This flag is only used by `change_authtok`.
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
122 const PRELIMINARY_CHECK = pam_ffi::PAM_PRELIM_CHECK;
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
123 /// The password should actuallyPR be updated.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
124 /// This and [Self::PRELIMINARY_CHECK] are mutually exclusive.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
125 ///
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
126 /// This is only used between PAM and a module.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
127 /// Applications may not use this flag.
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
128 ///
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
129 /// This flag is only used by `change_authtok`.
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
130 const UPDATE_AUTHTOK = pam_ffi::PAM_UPDATE_AUTHTOK;
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
131 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
132 }
15
27730595f1ea Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
133
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
134 /// The Linux-PAM error return values. Success is an Ok [Result].
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
135 ///
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
136 /// Most abbreviations (except `AuthTok` and `Max`) are now full words.
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
137 /// For more detailed information, see
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
138 /// `/usr/include/security/_pam_types.h`.
15
27730595f1ea Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
139 #[allow(non_camel_case_types, dead_code)]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
140 #[derive(Copy, Clone, Debug, PartialEq, thiserror::Error, TryFromPrimitive, IntoPrimitive)]
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
141 #[non_exhaustive] // C might give us anything!
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
142 #[repr(u32)]
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
143 pub enum ErrorCode {
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
144 #[error("dlopen() failure when dynamically loading a service module")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
145 OpenError = pam_ffi::PAM_OPEN_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
146 #[error("symbol not found")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
147 SymbolError = pam_ffi::PAM_SYMBOL_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
148 #[error("error in service module")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
149 ServiceError = pam_ffi::PAM_SERVICE_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
150 #[error("system error")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
151 SystemError = pam_ffi::PAM_SYSTEM_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
152 #[error("memory buffer error")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
153 BufferError = pam_ffi::PAM_BUF_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
154 #[error("permission denied")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
155 PermissionDenied = pam_ffi::PAM_PERM_DENIED,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
156 #[error("authentication failure")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
157 AuthenticationError = pam_ffi::PAM_AUTH_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
158 #[error("cannot access authentication data due to insufficient credentials")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
159 CredentialsInsufficient = pam_ffi::PAM_CRED_INSUFFICIENT,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
160 #[error("underlying authentication service cannot retrieve authentication information")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
161 AuthInfoUnavailable = pam_ffi::PAM_AUTHINFO_UNAVAIL,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
162 #[error("user not known to the underlying authentication module")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
163 UserUnknown = pam_ffi::PAM_USER_UNKNOWN,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
164 #[error("retry limit reached; do not attempt further")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
165 MaxTries = pam_ffi::PAM_MAXTRIES,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
166 #[error("new authentication token required")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
167 NewAuthTokRequired = pam_ffi::PAM_NEW_AUTHTOK_REQD,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
168 #[error("user account has expired")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
169 AccountExpired = pam_ffi::PAM_ACCT_EXPIRED,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
170 #[error("cannot make/remove an entry for the specified session")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
171 SessionError = pam_ffi::PAM_SESSION_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
172 #[error("underlying authentication service cannot retrieve user credentials")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
173 CredentialsUnavailable = pam_ffi::PAM_CRED_UNAVAIL,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
174 #[error("user credentials expired")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
175 CredentialsExpired = pam_ffi::PAM_CRED_EXPIRED,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
176 #[error("failure setting user credentials")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
177 CredentialsError = pam_ffi::PAM_CRED_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
178 #[error("no module-specific data is present")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
179 NoModuleData = pam_ffi::PAM_NO_MODULE_DATA,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
180 #[error("conversation error")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
181 ConversationError = pam_ffi::PAM_CONV_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
182 #[error("authentication token manipulation error")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
183 AuthTokError = pam_ffi::PAM_AUTHTOK_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
184 #[error("authentication information cannot be recovered")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
185 AuthTokRecoveryError = pam_ffi::PAM_AUTHTOK_RECOVERY_ERR,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
186 #[error("authentication token lock busy")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
187 AuthTokLockBusy = pam_ffi::PAM_AUTHTOK_LOCK_BUSY,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
188 #[error("authentication token aging disabled")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
189 AuthTokDisableAging = pam_ffi::PAM_AUTHTOK_DISABLE_AGING,
64
bbe84835d6db More organization; add lots of docs.
Paul Fisher <paul@pfish.zone>
parents: 63
diff changeset
190 #[error("preliminary password check failed")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
191 TryAgain = pam_ffi::PAM_TRY_AGAIN,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
192 #[error("ignore underlying account module, regardless of control flag")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
193 Ignore = pam_ffi::PAM_IGNORE,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
194 #[error("critical error; this module should fail now")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
195 Abort = pam_ffi::PAM_ABORT,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
196 #[error("authentication token has expired")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
197 AuthTokExpired = pam_ffi::PAM_AUTHTOK_EXPIRED,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
198 #[error("module is not known")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
199 ModuleUnknown = pam_ffi::PAM_MODULE_UNKNOWN,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
200 #[error("bad item passed to pam_[whatever]_item")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
201 BadItem = pam_ffi::PAM_BAD_ITEM,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
202 #[error("conversation function is event-driven and data is not available yet")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
203 ConversationAgain = pam_ffi::PAM_CONV_AGAIN,
55
676675c3d434 Make PamResultCode implement Error.
Paul Fisher <paul@pfish.zone>
parents: 45
diff changeset
204 #[error("call this function again to complete authentication stack")]
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
205 Incomplete = pam_ffi::PAM_INCOMPLETE,
15
27730595f1ea Adding pam-http module
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
206 }
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
207
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
208 /// A PAM-specific Result type with an [ErrorCode] error.
71
58f9d2a4df38 Reorganize everything again???
Paul Fisher <paul@pfish.zone>
parents: 70
diff changeset
209 pub type Result<T> = StdResult<T, ErrorCode>;
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
210
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
211 impl ErrorCode {
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
212 /// Converts this [Result] into a C-compatible result code.
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
213 pub fn result_to_c<T>(value: Result<T>) -> c_int {
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
214 match value {
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
215 Ok(_) => 0, // PAM_SUCCESS
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
216 Err(otherwise) => u32::from(otherwise) as i32,
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
217 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
218 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
219
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
220 /// Converts a C result code into a [Result], with success as Ok.
59
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
221 /// Invalid values are returned as a [Self::SystemError].
60
05cc2c27334f The Big Refactor: clean up docs and exports.
Paul Fisher <paul@pfish.zone>
parents: 59
diff changeset
222 pub fn result_from(value: c_int) -> Result<()> {
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
223 match value {
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
224 0 => Ok(()),
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
225 value => Err((value as u32).try_into().unwrap_or(Self::SystemError)),
56
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
226 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
227 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
228 }
daa2cde64601 Big big refactor. Probably should have been multiple changes.
Paul Fisher <paul@pfish.zone>
parents: 55
diff changeset
229
70
9f8381a1c09c Implement low-level conversation primitives.
Paul Fisher <paul@pfish.zone>
parents: 64
diff changeset
230 /// Returned when text that should not have any `\0` bytes in it does.
9f8381a1c09c Implement low-level conversation primitives.
Paul Fisher <paul@pfish.zone>
parents: 64
diff changeset
231 /// Analogous to [`std::ffi::NulError`], but the data it was created from
9f8381a1c09c Implement low-level conversation primitives.
Paul Fisher <paul@pfish.zone>
parents: 64
diff changeset
232 /// is borrowed.
59
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
233 #[cfg(test)]
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
234 mod tests {
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
235 use super::*;
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
236
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
237 #[test]
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
238 fn test_enums() {
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
239 assert_eq!(Ok(()), ErrorCode::result_from(0));
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
240 assert_eq!(
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
241 pam_ffi::PAM_BAD_ITEM as i32,
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
242 ErrorCode::result_to_c::<()>(Err(ErrorCode::BadItem))
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
243 );
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
244 assert_eq!(
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
245 Err(ErrorCode::Abort),
84
a638a45e5f1f do some real irritating i32/u32 juggling to make bindgen happy
Paul Fisher <paul@pfish.zone>
parents: 80
diff changeset
246 ErrorCode::result_from(pam_ffi::PAM_ABORT as i32)
80
5aa1a010f1e8 Start using PAM headers; improve owned/borrowed distinction.
Paul Fisher <paul@pfish.zone>
parents: 77
diff changeset
247 );
59
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
248 assert_eq!(Err(ErrorCode::SystemError), ErrorCode::result_from(423));
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
249 }
3f4a77aa88be Fix string copyting and improve error situation.
Paul Fisher <paul@pfish.zone>
parents: 56
diff changeset
250 }