crates/nonstick: src/handle.rs comparison

comparison src/handle.rs @ 146:1bc52025156b

Split PAM items into their own separate struct. To trim down the number of methods on `PamShared`, this puts all the Items into their own struct(s). This also makes the split between authtok/authtok_item easier to understand.

author	Paul Fisher <paul@pfish.zone>
date	Sun, 06 Jul 2025 19:10:26 -0400
parents	56b559b7ecea
children	3036f2e6a022

comparison

equal deleted inserted replaced

-:8f964b701652
+:1bc52025156b
 //! The wrapper types and traits for handles into the PAM library.
+use crate::_doc::{guide, linklist, man7, manbsd, stdlinks};
 use crate::constants::{Flags, Result};
 use crate::conv::Conversation;
 use crate::environ::{EnvironMap, EnvironMapMut};
+use crate::items::{getter, Items, ItemsMut};
 use crate::logging::{Level, Location};
-use crate::{guide, linklist, man7, manbsd, stdlinks};
 use std::ffi::{OsStr, OsString};
-macro_rules! trait_item {
-($(#[$md:meta])* get = $getter:ident, item = $item:literal $(, see = $see:path)?) => {
-$(#[$md])*
-#[doc = ""]
-#[doc = concat!("Gets the `", $item, "` of the PAM handle.")]
-$(
-#[doc = concat!("See [`", stringify!($see), "`].")]
-)?
-///
-/// Returns a reference to the item's value, owned by PAM.
-/// The item is assumed to be valid UTF-8 text.
-/// If it is not, `ConversationError` is returned.
-///
-/// # References
-///
-#[doc = linklist!(pam_get_item: mwg, adg, _std)]
-///
-#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_get_item")]
-#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_get_item")]
-#[doc = stdlinks!(3 pam_get_item)]
-fn $getter(&self) -> Result<Option<OsString>>;
-};
-($(#[$md:meta])* set = $setter:ident, item = $item:literal $(, see = $see:path)?) => {
-$(#[$md])*
-#[doc = ""]
-#[doc = concat!("Sets the `", $item, "` from the PAM handle.")]
-$(
-#[doc = concat!("See [`", stringify!($see), "`].")]
-)?
-///
-/// Sets the item's value. PAM copies the string's contents.
-///
-/// # Panics
-///
-/// If the string contains a nul byte, this will panic.
-///
-/// # References
-///
-#[doc = linklist!(pam_set_item: mwg, adg, _std)]
-///
-#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")]
-#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")]
-#[doc = stdlinks!(3 pam_set_item)]
-fn $setter(&mut self, value: Option<&OsStr>) -> Result<()>;
-};
-}
 /// Functionality for both PAM applications and PAM modules.
 ///
 /// This base trait includes features of a PAM handle that are available
 /// to both applications and modules.
 /// ```
 #[doc = stdlinks!(3 pam_get_user)]
 #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_get_user")]
 fn username(&mut self, prompt: Option<&OsStr>) -> Result<OsString>;
-/// The contents of the environment to set, read-only.
+/// The contents of the environment to set for the logged-in user.
+///
+/// # References
+///
+#[doc = linklist!(pam_getenv: adg, mwg, _std)]
+///
+#[doc = stdlinks!(3 pam_getenv)]
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_getenv")]
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#adg-pam_getenv")]
 fn environ(&self) -> impl EnvironMap;
-/// A writable version of the environment.
+/// A writable map of the environment to set for the logged-in user.
+///
+/// # References
+///
+#[doc = linklist!(pam_putenv: adg, mwg, _std)]
+///
+#[doc = stdlinks!(3 pam_putenv)]
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_putenv")]
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#adg-pam_putenv")]
 fn environ_mut(&mut self) -> impl EnvironMapMut;
-trait_item!(
+/// Gets Items, data shared by PAM, the application, and modules.
-/// The identity of the user for whom service is being requested.
+///
-///
+/// Certain Items should not be accessed by a PAM application;
-/// Unlike [`username`](Self::username), this will simply get
+/// those are available directly on [`ModuleClient`] for use
-/// the current state of the user item, and not request the username.
+/// by PAM modules only.
-/// While PAM usually sets this automatically in the `username` call,
+///
-/// it may be changed by a module during the PAM transaction.
+/// # References
-/// Applications should check it after each step of the PAM process.
+///
-get = user_item,
+#[doc = linklist!(pam_get_item: mwg, adg, _std)]
-item = "PAM_USER",
+///
-see = Self::username
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_get_item")]
-);
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_get_item")]
-trait_item!(
+#[doc = stdlinks!(3 pam_get_item)]
-/// Sets the identity of the logging-in user.
+fn items(&self) -> impl Items;
-///
-/// Usually this will be set during the course of
+/// Read-write access to PAM Items.
-/// a [`username`](Self::username) call, but you may set it manually
+///
-/// or change it during the PAM process.
+/// # References
-set = set_user_item,
+///
-item = "PAM_USER",
+#[doc = linklist!(pam_set_item: mwg, adg, _std)]
-see = Self::user_item
+///
-);
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")]
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")]
-trait_item!(
+#[doc = stdlinks!(3 pam_set_item)]
-/// The service name, which identifies the PAM stack which is used
+fn items_mut(&mut self) -> impl ItemsMut;
-/// to perform authentication.
-get = service,
-item = "PAM_SERVICE"
-);
-trait_item!(
-/// Sets the service name. It's probably a bad idea to change this.
-set = set_service,
-item = "PAM_SERVICE",
-see = Self::service
-);
-trait_item!(
-/// The string used to prompt for a user's name.
-/// By default, this is a localized version of `login: `.
-get = user_prompt,
-item = "PAM_USER_PROMPT"
-);
-trait_item!(
-/// Sets the string used to prompt for a user's name.
-set = set_user_prompt,
-item = "PAM_USER_PROMPT",
-see = Self::user_prompt
-);
-trait_item!(
-/// The device path of the TTY being used to log in.
-///
-/// This is the terminal the user is logging in on,
-/// specified as the full device path (e.g. `/dev/tty0`).
-/// Very old applications may use this instead of `PAM_XDISPLAY`.
-get = tty_name,
-item = "PAM_TTY"
-);
-trait_item!(
-/// Sets the path to the terminal where the user is logging on.
-set = set_tty_name,
-item = "PAM_TTY",
-see = Self::tty_name
-);
-trait_item!(
-/// If set, the identity of the remote user logging in.
-///
-/// This is only as trustworthy as the application calling PAM.
-get = remote_user,
-item = "PAM_RUSER",
-see = Self::remote_host
-);
-trait_item!(
-/// Sets the identity of the remote user logging in.
-///
-/// This may be set by the application before making calls
-/// into a PAM transaction.
-set = set_remote_user,
-item = "PAM_RUSER",
-see = Self::remote_user
-);
-trait_item!(
-/// If set, the remote location where the user is coming from.
-///
-/// This is only as trustworthy as the application calling PAM.
-/// This can be combined with [`Self::remote_user`] to identify
-/// the account the user is attempting to log in from,
-/// with `remote_user@remote_host`.
-///
-/// If unset, "it is unclear where the authentication request
-/// is originating from."
-get = remote_host,
-item = "PAM_RHOST",
-see = Self::remote_user
-);
-trait_item!(
-/// Sets the location where the user is coming from.
-///
-/// This may be set by the application before making calls
-/// into a PAM transaction.
-set = set_remote_host,
-item = "PAM_RHOST",
-see = Self::remote_host
-);
-trait_item!(
-/// Gets the user's authentication token (e.g., password).
-///
-/// This is usually set automatically when
-/// [`authtok`](PamHandleModule::authtok) is called,
-/// but can be manually set.
-set = set_authtok_item,
-item = "PAM_AUTHTOK",
-see = PamHandleModule::authtok_item
-);
-trait_item!(
-/// Sets the user's "old authentication token" when changing passwords.
-///
-/// This is usually set automatically by PAM.
-set = set_old_authtok_item,
-item = "PAM_OLDAUTHTOK",
-see = PamHandleModule::old_authtok_item
-);
 }
 /// Functionality of a PAM handle that can be expected by a PAM application.
 ///
 /// If you are not writing a PAM client application (e.g., you are writing
 /// If you are not writing a PAM module (e.g., you are writing an application),
 /// you should not use any of the functionality exposed by this trait.
 ///
 /// Like [`PamShared`], this is intended to allow creating mock implementations
 /// of PAM for testing PAM modules.
-pub trait PamHandleModule: Conversation + PamShared {
+pub trait ModuleClient: Conversation + PamShared {
 /// Retrieves the authentication token from the user.
 ///
 /// This should only be used by *authentication* and *password-change*
 /// PAM modules.
 ///
 #[doc = linklist!(pam_get_authtok: man7, manbsd)]
 ///
 /// # Example
 ///
 /// ```no_run
-/// # use nonstick::handle::PamHandleModule;
+/// # use nonstick::handle::ModuleClient;
-/// # fn _doc(handle: &mut impl PamHandleModule) -> Result<(), Box<dyn std::error::Error>> {
+/// # fn _doc(handle: &mut impl ModuleClient) -> Result<(), Box<dyn std::error::Error>> {
 /// // Get the user's password using the default prompt.
 /// let pass = handle.authtok(None)?;
 /// // Get the user's password using a custom prompt.
 /// let pass = handle.authtok(Some("Reveal your secrets!".as_ref()))?;
 /// Ok(())
 #[doc = manbsd!(3 pam_get_authtok)]
 fn authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString>;
 /// Retrieves the user's old authentication token when changing passwords.
 ///
-///
+/// This should only be used by a *password-change* module.
+///
+/// # References
+///
+#[doc = linklist!(pam_get_authtok: man7, manbsd)]
+///
+/// # Example
+///
+/// ```no_run
+/// # use nonstick::handle::ModuleClient;
+/// # fn _doc(handle: &mut impl ModuleClient) -> Result<(), Box<dyn std::error::Error>> {
+/// // Get the user's password using the default prompt.
+/// let pass = handle.old_authtok(None)?;
+/// // Get the user's password using a custom prompt.
+/// let pass = handle.old_authtok(Some("Reveal your secrets!".as_ref()))?;
+/// Ok(())
+/// # }
+/// ```
+///
+#[doc = stdlinks!(3 pam_get_authtok)]
 fn old_authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString>;
-trait_item!(
+getter!(
 /// Gets the user's authentication token (e.g., password).
 ///
-/// This is normally set automatically by PAM when calling
+/// This is normally set automatically by PAM through [`Self::authtok`],
-/// [`authtok`](Self::authtok), but can be set explicitly.
+/// but this will get its value (if set) without prompting the user.
 ///
 /// Like `authtok`, this should only ever be called
 /// by *authentication* and *password-change* PAM modules.
-get = authtok_item,
+///
-item = "PAM_AUTHTOK",
+/// # References
-see = Self::authtok
+///
+#[doc = linklist!(pam_set_item: mwg, adg, _std)]
+///
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")]
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")]
+#[doc = stdlinks!(3 pam_set_item)]
+authtok_item("PAM_AUTHTOK", see = Self::authtok)
 );
-trait_item!(
+getter!(
 /// Gets the user's old authentication token when changing passwords.
 ///
-/// This is normally set automatically by PAM when calling
+/// This is normally set automatically by PAM through
-/// [`old_authtok`](Self::old_authtok), but can be set explicitly.
+/// [`Self::old_authtok`], but this will get its value (if set)
+/// without prompting the user.
 ///
 /// This should only ever be called by *password-change* PAM modules.
-get = old_authtok_item,
+///
-item = "PAM_OLDAUTHTOK",
+/// # References
-see = PamShared::set_old_authtok_item
+///
+#[doc = linklist!(pam_set_item: mwg, adg, _std)]
+///
+#[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")]
+#[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")]
+#[doc = stdlinks!(3 pam_set_item)]
+old_authtok_item("PAM_OLDAUTHTOK", see = ItemsMut::set_old_authtok)
 );
 }

Mercurial > crates > nonstick

comparison src/handle.rs @ 146:1bc52025156b