Mercurial > crates > nonstick

comparison pam/src/module.rs @ 22:4263c1d83d5b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Refactor PamHooks into modules mod
author Anthony Nowell <anthony@algorithmia.com>
date Tue, 26 Sep 2017 02:30:03 -0600
parents d654aa0655e5
children ec70822cbdef
comparison
equal deleted inserted replaced
21:aa7e8bd083ef 22:4263c1d83d5b
2 2
3 use libc::c_char; 3 use libc::c_char;
4 use std::{mem, ptr}; 4 use std::{mem, ptr};
5 use std::ffi::{CStr, CString}; 5 use std::ffi::{CStr, CString};
6 6
7 use constants::{PamResultCode, PamItemType}; 7 use constants::{PamResultCode, PamItemType, PamFlag};
8 8
9 /// Opaque type, used as a pointer when making pam API calls. 9 /// Opaque type, used as a pointer when making pam API calls.
10 /// 10 ///
11 /// A module is invoked via an external function such as `pam_sm_authenticate`. 11 /// A module is invoked via an external function such as `pam_sm_authenticate`.
12 /// Such a call provides a pam handle pointer. The same pointer should be given 12 /// Such a call provides a pam handle pointer. The same pointer should be given
180 } else { 180 } else {
181 Err(res) 181 Err(res)
182 } 182 }
183 } 183 }
184 } 184 }
185
186 /// Provides functions that are invoked by the entrypoints generated by the
187 /// [`pam_hooks!` macro](../macro.pam_hooks.html).
188 ///
189 /// All of hooks are ignored by PAM dispatch by default given the default return value of `PAM_IGNORE`.
190 /// Override any functions that you want to handle with your module. See `man pam(3)`.
191 #[allow(unused_variables)]
192 pub trait PamHooks {
193 /// This function performs the task of establishing whether the user is permitted to gain access at
194 /// this time. It should be understood that the user has previously been validated by an
195 /// authentication module. This function checks for other things. Such things might be: the time of
196 /// day or the date, the terminal line, remote hostname, etc. This function may also determine
197 /// things like the expiration on passwords, and respond that the user change it before continuing.
198 fn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
199 PamResultCode::PAM_IGNORE
200 }
201
202 /// This function performs the task of authenticating the user.
203 fn sm_authenticate(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
204 PamResultCode::PAM_IGNORE
205 }
206
207 /// This function is used to (re-)set the authentication token of the user.
208 ///
209 /// The PAM library calls this function twice in succession. The first time with
210 /// PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with
211 /// PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is
212 /// (possibly) changed.
213 fn sm_chauthtok(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
214 PamResultCode::PAM_IGNORE
215 }
216
217 /// This function is called to terminate a session.
218 fn sm_close_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
219 PamResultCode::PAM_IGNORE
220 }
221
222 /// This function is called to commence a session.
223 fn sm_open_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
224 PamResultCode::PAM_IGNORE
225 }
226
227 /// This function performs the task of altering the credentials of the user with respect to the
228 /// corresponding authorization scheme. Generally, an authentication module may have access to more
229 /// information about a user than their authentication token. This function is used to make such
230 /// information available to the application. It should only be called after the user has been
231 /// authenticated but before a session has been established.
232 fn sm_setcred(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
233 PamResultCode::PAM_IGNORE
234 }
235 }