Mercurial > crates > nonstick

annotate pam-sober/src/lib.rs @ 44:50371046c61a default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add support for pam_get_authtok and minor cleanups. This change adds the pam_get_authtok function for PAM modules, as well as performing a few cleanups: - Pattern match in a few more places. - Pull out string-copying into a function. - Format and run clippy. - Replace outdated PAM doc links with man7.org pages.
author Paul Fisher <paul@pfish.zone>
date Sat, 08 Mar 2025 19:29:46 -0500
parents ec70822cbdef
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
1 extern crate pam;
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
2 extern crate rand;
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
3
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
4 use pam::constants::{PamFlag, PamResultCode, PAM_PROMPT_ECHO_ON};
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
5 use pam::conv::Conv;
22
4263c1d83d5b Refactor PamHooks into modules mod
Anthony Nowell <anthony@algorithmia.com>
parents: 20
diff changeset
6 use pam::module::{PamHandle, PamHooks};
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
7 use rand::Rng;
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
8 use std::ffi::CStr;
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
9 use std::str::FromStr;
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
10 use pam::pam_try;
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
11
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
12 struct PamSober;
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
13 pam::pam_hooks!(PamSober);
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
14
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
15 impl PamHooks for PamSober {
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
16 // This function performs the task of authenticating the user.
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
17 fn sm_authenticate(pamh: &mut PamHandle, _args: Vec<&CStr>, _flags: PamFlag) -> PamResultCode {
25
d5c842a50827 Fix pam-sober message (not using HTTP)
Chris Lee <clee@mg8.org>
parents: 22
diff changeset
18 println!("Let's make sure you're sober enough to perform basic addition");
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
19
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
20 /* TODO: use args to change difficulty ;-)
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
21 let args: HashMap<&str, &str> = args.iter().map(|s| {
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
22 let mut parts = s.splitn(2, "=");
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
23 (parts.next().unwrap(), parts.next().unwrap_or(""))
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
24 }).collect();
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
25 */
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
26
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
27 // TODO: maybe we can change difficulty base on user?
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
28 // let user = pam_try!(pam.get_user(None));
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
29
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
30 let conv = match pamh.get_item::<Conv>() {
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
31 Ok(Some(conv)) => conv,
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
32 Ok(None) => todo!(),
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
33 Err(err) => {
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
34 println!("Couldn't get pam_conv");
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
35 return err;
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
36 }
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
37 };
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
38
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
39 let mut rng = rand::thread_rng();
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
40 let a = rng.gen::<u32>() % 100;
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
41 let b = rng.gen::<u32>() % 100;
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
42 let math = format!("{} + {} = ", a, b);
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
43
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
44 // This println kinda helps debugging since the test script doesn't echo
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
45 eprintln!("[DEBUG]: {}{}", math, a + b);
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
46
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
47 let password = pam_try!(conv.send(PAM_PROMPT_ECHO_ON, &math));
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
48
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
49 if let Some(password) = password {
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
50 let password = pam_try!(password.to_str(), PamResultCode::PAM_AUTH_ERR);
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
51 let answer = pam_try!(u32::from_str(password), PamResultCode::PAM_AUTH_ERR);
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
52 if answer == a + b {
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
53 PamResultCode::PAM_SUCCESS
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
54 } else {
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
55 println!("Wrong answer provided {} + {} != {}", a, b, answer);
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
56 PamResultCode::PAM_AUTH_ERR
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
57 }
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
58 } else {
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
59 println!("You failed the PAM sobriety test.");
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
60 PamResultCode::PAM_AUTH_ERR
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
61 }
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
62 }
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
63
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
64 fn sm_setcred(_pamh: &mut PamHandle, _args: Vec<&CStr>, _flags: PamFlag) -> PamResultCode {
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
65 println!("set credentials");
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
66 PamResultCode::PAM_SUCCESS
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
67 }
17
53efbcff805d Add pam-sober
Anthony Nowell <anthony@algorithmia.com>
parents:
diff changeset
68
34
ec70822cbdef Overhaul
Andy Caldwell <andrew.caldwell@metaswitch.com>
parents: 25
diff changeset
69 fn acct_mgmt(_pamh: &mut PamHandle, _args: Vec<&CStr>, _flags: PamFlag) -> PamResultCode {
20
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
70 println!("account management");
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
71 PamResultCode::PAM_SUCCESS
734ca62159fb Refactor exported endpoings into pam_hooks macro
Anthony Nowell <anthony@algorithmia.com>
parents: 19
diff changeset
72 }
25
d5c842a50827 Fix pam-sober message (not using HTTP)
Chris Lee <clee@mg8.org>
parents: 22
diff changeset
73 }