crates/nonstick: testharness/src/lib.rs comparison

comparison testharness/src/lib.rs @ 166:2f5913131295

Separate flag/action flags into flags and action. This also individualizes the type of flag for each PAM function, so that you can only call a function with the right flags and values.

author	Paul Fisher <paul@pfish.zone>
date	Tue, 15 Jul 2025 00:32:24 -0400
parents	a75a66cb4181
children	0cabe7b94a4f

comparison

equal deleted inserted replaced

-:c4b1e280463c
+:2f5913131295
 use crate::nonstick::items::ItemsMut;
 use std::cell::Cell;
 extern crate nonstick;
 use nonstick::conv::{ErrorMsg, InfoMsg, MaskedQAndA, QAndA};
-use nonstick::{error, info, pam_hooks, ErrorCode, Flags, ModuleClient, PamModule};
+use nonstick::{
+error, info, pam_hooks, AuthnFlags, AuthtokAction, AuthtokFlags, ErrorCode, ModuleClient,
+PamModule,
+};
 use std::ffi::{CStr, OsString};
 use std::os::unix::ffi::OsStrExt;
 struct TestHarness;
 impl<M: ModuleClient> PamModule<M> for TestHarness {
-fn authenticate(handle: &mut M, args: Vec<&CStr>, _: Flags) -> nonstick::Result<()> {
+fn authenticate(handle: &mut M, args: Vec<&CStr>, _: AuthnFlags) -> nonstick::Result<()> {
 let strings: Vec<_> = args.iter().map(|&a| Vec::from(a.to_bytes())).collect();
 if strings != vec![Vec::from(b"param"), Vec::from(b"param2")] {
 return Err(ErrorCode::SystemError);
 }
 let username = handle.username(None)?;
 } else {
 Err(ErrorCode::Abort)
 }
 }
-fn account_management(handle: &mut M, _: Vec<&CStr>, _: Flags) -> nonstick::Result<()> {
+fn account_management(handle: &mut M, _: Vec<&CStr>, _: AuthnFlags) -> nonstick::Result<()> {
 let value: &Cell<i32> = match handle.username(None)?.as_bytes() {
 b"initial" => return Err(ErrorCode::AccountExpired),
 b"updated-in-process" => handle.get_module_data("florgus"),
 _ => return Err(ErrorCode::UserUnknown),
 }
 } else {
 Ok(())
 }
 }
-fn change_authtok(handle: &mut M, _: Vec<&CStr>, flags: Flags) -> nonstick::Result<()> {
+fn change_authtok(
-if flags.contains(Flags::PRELIMINARY_CHECK) {
+handle: &mut M,
-let password = handle.authtok(None)?;
+_: Vec<&CStr>,
-if password.as_bytes() != b"acceptable" {
+action: AuthtokAction,
-return Err(ErrorCode::PermissionDenied);
+_flags: AuthtokFlags,
+) -> nonstick::Result<()> {
+match action {
+AuthtokAction::PreliminaryCheck => {
+let password = handle.authtok(None)?;
+if password.as_bytes() != b"acceptable" {
+return Err(ErrorCode::PermissionDenied);
+}
+handle.set_module_data("checked_pass", password)
 }
-handle.set_module_data("checked_pass", password)
+AuthtokAction::Update => {
-} else if flags.contains(Flags::UPDATE_AUTHTOK) {
+let password = handle.authtok(None)?;
-let password = handle.authtok(None)?;
+let checked: &OsString = handle
-let checked: &OsString = handle
+.get_module_data("checked_pass")
-.get_module_data("checked_pass")
+.ok_or(ErrorCode::SystemError)?;
-.ok_or(ErrorCode::SystemError)?;
+if password != *checked {
-if password != *checked {
+error!(handle, "password mismatch? {password:?} {checked:?}");
-error!(handle, "password mismatch? {password:?} {checked:?}");
+return Err(ErrorCode::AuthenticationError);
-return Err(ErrorCode::AuthenticationError);
+}
+Ok(())
 }
-Ok(())
-} else {
-error!(handle, "invalid flag state: {flags:?}");
-Err(ErrorCode::SystemError)
 }
 }
 }
 pam_hooks!(TestHarness);

Mercurial > crates > nonstick

comparison testharness/src/lib.rs @ 166:2f5913131295