crates/nonstick: pam-sober/src/lib.rs annotate

annotate pam-sober/src/lib.rs @ 19:d654aa0655e5

Making PamHandle a struct with methods

author	Anthony Nowell <anthony@algorithmia.com>
date	Mon, 25 Sep 2017 23:42:35 -0600
parents	53efbcff805d
children	734ca62159fb

rev	line source
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	1 extern crate pam;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	2 extern crate rand;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	3
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	4 pub mod ffi;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	5
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	6 use pam::module::PamHandle;
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	7 use pam::constants::{PamResultCode, PAM_PROMPT_ECHO_OFF};
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	8 use pam::conv::PamConv;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	9 use rand::Rng;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	10 use std::str::FromStr;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	11
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	12 macro_rules! pam_try {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	13 ($e:expr) => (
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	14 match $e {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	15 Ok(v) => v,
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	16 Err(e) => return e,
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	17 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	18 );
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	19 ($e:expr, $err:expr) => (
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	20 match $e {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	21 Ok(v) => v,
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	22 Err(e) => {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	23 println!("Error: {}", e);
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	24 return $err;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	25 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	26 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	27 );
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	28 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	29
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	30 // This function performs the task of authenticating the user.
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	31 pub fn sm_authenticate(pamh: &PamHandle, args: Vec<String>, silent: bool) -> PamResultCode {
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	32 println!("Let's auth over HTTP");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	33
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	34 /* TODO: use args to change difficulty ;-)
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	35 let args: HashMap<&str, &str> = args.iter().map(\|s\| {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	36 let mut parts = s.splitn(2, "=");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	37 (parts.next().unwrap(), parts.next().unwrap_or(""))
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	38 }).collect();
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	39 */
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	40
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	41 // TODO: maybe we can change difficulty base on user?
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	42 // let user = pam_try!(pam.get_user(None));
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	43
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	44 let conv = match pamh.get_item::<PamConv>() {
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	45 Ok(conv) => conv,
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	46 Err(err) => {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	47 println!("Couldn't get pam_conv");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	48 return err;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	49 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	50 };
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	51
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	52 let mut rng = rand::thread_rng();
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	53 let a = rng.gen::<u32>() % 100;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	54 let b = rng.gen::<u32>() % 100;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	55 let math = format!("{} + {} = ", a, b);
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	56
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	57 // This println kinda helps debugging since the test script doesn't echo
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	58 println!("{}", math);
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	59
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	60 let password = pam_try!(conv.send(PAM_PROMPT_ECHO_OFF, &math));
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	61
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	62 if password.and_then(\|p\| u32::from_str(&p).ok()) == Some(a+b) {
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	63 return PamResultCode::PAM_SUCCESS;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	64 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	65
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	66 println!("You failed the PAM sobriety test.");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	67 return PamResultCode::PAM_AUTH_ERR;
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	68 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	69
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	70 // This function performs the task of altering the credentials of the user with respect to the
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	71 // corresponding authorization scheme. Generally, an authentication module may have access to more
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	72 // information about a user than their authentication token. This function is used to make such
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	73 // information available to the application. It should only be called after the user has been
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	74 // authenticated but before a session has been established.
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	75 pub fn sm_setcred(_pamh: &PamHandle, _args: Vec<String>, _silent: bool) -> PamResultCode {
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	76 println!("set credentials");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	77 PamResultCode::PAM_SUCCESS
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	78 }
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	79
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	80 // This function performs the task of establishing whether the user is permitted to gain access at
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	81 // this time. It should be understood that the user has previously been validated by an
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	82 // authentication module. This function checks for other things. Such things might be: the time of
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	83 // day or the date, the terminal line, remote hostname, etc. This function may also determine
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	84 // things like the expiration on passwords, and respond that the user change it before continuing.
19 d654aa0655e5 Making PamHandle a struct with methods Anthony Nowell <anthony@algorithmia.com> parents: 17 diff changeset	85 pub fn acct_mgmt(_pamh: &PamHandle, _args: Vec<String>, _silent: bool) -> PamResultCode {
17 53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	86 println!("account management");
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	87 PamResultCode::PAM_SUCCESS
53efbcff805d Add pam-sober Anthony Nowell <anthony@algorithmia.com> parents: diff changeset	88 }

Mercurial > crates > nonstick

annotate pam-sober/src/lib.rs @ 19:d654aa0655e5