crates/nonstick: src/module.rs comparison

comparison src/module.rs @ 193:5074d8e00560

Doc improvements.

author	Paul Fisher <paul@pfish.zone>
date	Sat, 02 Aug 2025 19:49:21 -0400
parents	46e8ce5cd5d1
children

comparison

equal deleted inserted replaced

-:4c39eaa4a5ae
+:5074d8e00560
 //! Functions and types useful for implementing a PAM module.
 // Temporarily allowed until we get the actual conversation functions hooked up.
 #![allow(dead_code)]
+use crate::_doc::{guide, linklist, stdlinks};
 use crate::constants::{
 AuthnFlags, AuthtokAction, AuthtokFlags, BaseFlags, CredAction, ErrorCode, Result,
 };
 use crate::handle::ModuleClient;
 use std::ffi::CStr;
+macro_rules! sm_refs {
+($sym:ident: $guide:literal) => {
+concat!(
+linklist!($sym: mwg, _std),
+"\n\n",
+guide!(mwg: $guide),
+"\n",
+stdlinks!(3 $sym),
+)
+}
+}
 /// A trait for a PAM module to implement.
 ///
 /// The default implementations of all these hooks tell PAM to ignore them
 /// (i.e., behave as if this module does not exist) by returning [`ErrorCode::Ignore`].
 /// Override any functions you wish to handle in your module.
 /// After implementing this trait, use the [`pam_export!`](crate::pam_export!) macro
 /// to make the functions available to PAM.
 ///
-/// For more information, see [`pam(3)`’s root manual page][manpage]
+/// For more information about how to write a module, see "[What is expected
-/// and the [PAM Module Writer’s Guide][mwg].
+/// of a module?][what]" in the Module Writers' Guide.
-///
+#[doc = ""]
-/// [manpage]: https://www.man7.org/linux/man-pages/man3/pam.3.html
+#[doc = guide!(what: "mwg-expected-of-module-overview.html")]
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/Linux-PAM_MWG.html
 #[allow(unused_variables)]
 pub trait PamModule<T: ModuleClient> {
 // Functions for auth modules.
 /// Authenticate the user.
 /// This is probably the first thing you want to implement.
 /// In most cases, you will want to get the user and password,
 /// using [`PamShared::username`](crate::PamShared::username)
 /// and [`ModuleClient::authtok`],
 /// and verify them against something.
-///
-/// See [the Module Writer's Guide entry for `pam_sm_authenticate`][mwg]
-/// for more information.
 ///
 /// # Returns
 ///
 /// If the password check was successful, return `Ok(())`.
 ///
 ///   the authentication information, for instance due to a network failure.
 /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
 /// - [`ErrorCode::MaxTries`]: The user has tried authenticating too many times.
 ///   They should not try again.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-auth.html#mwg-pam_sm_authenticate
+/// # References
+#[doc = sm_refs!(pam_sm_authenticate: "mwg-expected-of-module-auth.html#mwg-pam_sm_authenticate")]
 fn authenticate(handle: &mut T, args: Vec<&CStr>, flags: AuthnFlags) -> Result<()> {
 Err(ErrorCode::Ignore)
 }
 /// Perform "account management".
 /// - Remote host (only let employees log in from the office)
 ///
 /// You can also check things like, e.g., password expiration,
 /// and alert that the user change it before continuing,
 /// or really do whatever you want.
-///
-/// See [the Module Writer's Guide entry for `pam_sm_acct_mgmt`][mwg]
-/// for more information.
 ///
 /// # Returns
 ///
 /// If the user should be allowed to log in, return `Ok(())`.
 ///
 ///   PAM will ask the user to set a new authentication token, which may be handled by
 ///   this module in [`Self::change_authtok`].
 /// - [`ErrorCode::PermissionDenied`]: This one is pretty self-explanatory.
 /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-acct.html#mwg-pam_sm_acct_mgmt
+/// # References
+#[doc = sm_refs!(pam_sm_acct_mgmt: "mwg-expected-of-module-acct.html#mwg-pam_sm_acct_mgmt")]
 fn account_management(handle: &mut T, args: Vec<&CStr>, flags: AuthnFlags) -> Result<()> {
 Err(ErrorCode::Ignore)
 }
 /// Set credentials on this session.
 /// that information to the application. It should only be called after
 /// authentication but before a session is established.
 ///
 /// The module should perform the specified `action`.
 ///
-/// See [the Module Writer's Guide entry for `pam_sm_setcred`][mwg]
-/// for more information.
-///
 /// # Returns
 ///
 /// If credentials were set successfully, return `Ok(())`.
 ///
 /// Sensible error codes to return include:
 /// - [`ErrorCode::CredentialsUnavailable`]: The credentials cannot be retrieved.
 /// - [`ErrorCode::CredentialsExpired`]: The credentials have expired.
 /// - [`ErrorCode::CredentialsError`]: Some other error occurred when setting credentials.
 /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-auth.html#mwg-pam_sm_setcred
+/// # References
+#[doc = sm_refs!(pam_sm_setcred: "mwg-expected-of-module-auth.html#mwg-pam_sm_setcred")]
 fn set_credentials(
 handle: &mut T,
 args: Vec<&CStr>,
 action: CredAction,
 flags: BaseFlags,
 /// The new authentication token will be available in
 /// [`authtok`](ModuleClient::authtok),
 /// and the previous authentication token will be available in
 /// [`old_authtok`](ModuleClient::old_authtok).
 ///
-/// See [the Module Writer's Guide entry for `pam_sm_chauthtok`][mwg]
-/// for more information.
-///
 /// # Returns
 ///
 /// If the authentication token was changed successfully
 /// (or the check passed), return `Ok(())`.
 ///
 /// - [`ErrorCode::PermissionDenied`]: What it says on the tin.
 /// - [`ErrorCode::TryAgain`]: When the preliminary check is unsuccessful,
 ///   ask the user for a new authentication token.
 /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-chauthtok.html#mwg-pam_sm_chauthtok
+/// # References
+#[doc = sm_refs!(pam_sm_chauthtok: "mwg-expected-of-module-acct.html#mwg-pam_sm_chauthtok")]
 fn change_authtok(
 handle: &mut T,
 args: Vec<&CStr>,
 action: AuthtokAction,
 flags: AuthtokFlags,
 // Functions for session modules.
 /// Called when a session is opened.
 ///
-/// See [the Module Writer's Guide entry for `pam_sm_open_session`][mwg]
-/// for more information.
-///
 /// # Returns
 ///
 /// If the session was opened successfully, return `Ok(())`.
 ///
 /// A sensible error code to return is:
 ///
 /// - [`ErrorCode::SessionError`]: Cannot make an entry for this session.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-session.html#mwg-pam_sm_open_session
+/// # References
+#[doc = sm_refs!(pam_sm_open_session: "mwg-expected-of-module-session.html#mwg-pam_sm_open_session")]
 fn open_session(handle: &mut T, args: Vec<&CStr>, flags: BaseFlags) -> Result<()> {
 Err(ErrorCode::Ignore)
 }
 /// Called when a session is being terminated.
 ///
-/// See [the Module Writer's Guide entry for `pam_sm_close_session`][mwg]
-/// for more information.
-///
 /// # Returns
 ///
 /// If the session was closed successfully, return `Ok(())`.
 ///
 /// A sensible error code to return is:
 ///
 /// - [`ErrorCode::SessionError`]: Cannot remove an entry for this session.
 ///
-/// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-session.html#mwg-pam_sm_close_session
+/// # References
+#[doc = sm_refs!(pam_sm_close_session: "mwg-expected-of-module-session.html#mwg-pam_sm_close_session")]
 fn close_session(handle: &mut T, args: Vec<&CStr>, flags: BaseFlags) -> Result<()> {
 Err(ErrorCode::Ignore)
 }
 }

Mercurial > crates > nonstick

comparison src/module.rs @ 193:5074d8e00560