crates/nonstick: src/libpam/question.rs comparison

comparison src/libpam/question.rs @ 80:5aa1a010f1e8

Start using PAM headers; improve owned/borrowed distinction. - Uses bindgen to generate bindings (only if needed). - Gets the story together on owned vs. borrowed handles. - Reduces number of mutable borrows in handle operation (since `PamHandle` is neither `Send` nor `Sync`, we never have to worry about thread safety. - Improves a bunch of macros so we don't have our own special syntax for docs. - Implement question indirection for standard XSSO PAM implementations.

author	Paul Fisher <paul@pfish.zone>
date	Tue, 10 Jun 2025 01:09:30 -0400
parents	2128123b9406
children	5e14bb093851

comparison

equal deleted inserted replaced

-:2128123b9406
+:5aa1a010f1e8
 //! Data and types dealing with PAM messages.
-use crate::constants::InvalidEnum;
 use crate::conv::{BinaryQAndA, ErrorMsg, InfoMsg, MaskedQAndA, Message, QAndA, RadioQAndA};
 use crate::libpam::conversation::OwnedMessage;
 use crate::libpam::memory;
 use crate::libpam::memory::{CBinaryData, Immovable};
+pub use crate::libpam::pam_ffi::{Question, Style};
 use crate::ErrorCode;
 use crate::Result;
-use num_derive::FromPrimitive;
+use std::ffi::{c_void, CStr};
-use num_traits::FromPrimitive;
-use std::ffi::{c_int, c_void, CStr};
-use std::result::Result as StdResult;
 use std::{iter, ptr, slice};
 /// Abstraction of a collection of questions to be sent in a PAM conversation.
 ///
 /// The PAM C API conversation function looks like this:
 ///                                                  ║ style        ║
 ///                                                  ║ data ┄┄┄┄┄┄┄┄╫┄┄> ...
 ///                                                  ╟──────────────╢
 ///                                                  ║ ...          ║
 /// ```
-///
+pub struct GenericQuestions<I: IndirectTrait> {
-/// ***THIS LIBRARY CURRENTLY SUPPORTS ONLY LINUX-PAM.***
-pub struct Questions {
 /// An indirection to the questions themselves, stored on the C heap.
-indirect: *mut Indirect,
+indirect: *mut I,
 /// The number of questions.
 count: usize,
 }
-impl Questions {
+impl<I: IndirectTrait> GenericQuestions<I> {
 /// Stores the provided questions on the C heap.
 pub fn new(messages: &[Message]) -> Result<Self> {
 let count = messages.len();
 let mut ret = Self {
-indirect: Indirect::alloc(count),
+indirect: I::alloc(count),
 count,
 };
 // Even if we fail partway through this, all our memory will be freed.
 for (question, message) in iter::zip(ret.iter_mut(), messages) {
 question.fill(message)?
 }
 Ok(ret)
 }
 /// The pointer to the thing with the actual list.
-pub fn indirect(&self) -> *const Indirect {
+pub fn indirect(&self) -> *const *const Question {
-self.indirect
+self.indirect.cast()
 }
 pub fn iter(&self) -> impl Iterator<Item = &Question> {
 // SAFETY: we're iterating over an amount we know.
 unsafe { (*self.indirect).iter(self.count) }
 // SAFETY: we're iterating over an amount we know.
 unsafe { (*self.indirect).iter_mut(self.count) }
 }
 }
-impl Drop for Questions {
+impl<I: IndirectTrait> Drop for GenericQuestions<I> {
 fn drop(&mut self) {
 // SAFETY: We are valid and have a valid pointer.
 // Once we're done, everything will be safe.
 unsafe {
 if let Some(indirect) = self.indirect.as_mut() {
-indirect.free(self.count)
+indirect.free_contents(self.count)
 }
 memory::free(self.indirect);
 self.indirect = ptr::null_mut();
 }
 }
 }
+/// The trait that each of the `Indirect` implementations implement.
+///
+/// Basically a slice but with more meat.
+pub trait IndirectTrait {
+/// Converts a pointer into a borrowed `Self`.
+///
+/// # Safety
+///
+/// You have to provide a valid pointer.
+unsafe fn borrow_ptr<'a>(ptr: *const *const Question) -> Option<&'a Self>
+where
+Self: Sized,
+{
+ptr.cast::<Self>().as_ref()
+}
+/// Allocates memory for this indirector and all its members.
+fn alloc(count: usize) -> *mut Self;
+/// Returns an iterator yielding the given number of messages.
+///
+/// # Safety
+///
+/// You have to provide the right count.
+unsafe fn iter(&self, count: usize) -> impl Iterator<Item = &Question>;
+/// Returns a mutable iterator yielding the given number of messages.
+///
+/// # Safety
+///
+/// You have to provide the right count.
+unsafe fn iter_mut(&mut self, count: usize) -> impl Iterator<Item = &mut Question>;
+/// Frees everything this points to.
+///
+/// # Safety
+///
+/// You have to pass the right size.
+unsafe fn free_contents(&mut self, count: usize);
+}
 /// An indirect reference to messages.
 ///
 /// This is kept separate to provide a place where we can separate
 /// the pointer-to-pointer-to-list from pointer-to-list-of-pointers.
+#[cfg(pam_impl = "linux-pam")]
+pub type Indirect = LinuxPamIndirect;
+/// An indirect reference to messages.
+///
+/// This is kept separate to provide a place where we can separate
+/// the pointer-to-pointer-to-list from pointer-to-list-of-pointers.
+#[cfg(not(pam_impl = "linux-pam"))]
+pub type Indirect = XssoIndirect;
+pub type Questions = GenericQuestions<Indirect>;
+/// The XSSO standard version of the indirection layer between Question and Questions.
 #[repr(transparent)]
-pub struct Indirect {
+pub struct StandardIndirect {
+base: *mut Question,
+_marker: Immovable,
+}
+impl IndirectTrait for StandardIndirect {
+fn alloc(count: usize) -> *mut Self {
+let questions = memory::calloc(count);
+let me_ptr: *mut Self = memory::calloc(1);
+// SAFETY: We just allocated this, and we're putting a valid pointer in.
+unsafe {
+let me = &mut *me_ptr;
+me.base = questions;
+}
+me_ptr
+}
+unsafe fn iter(&self, count: usize) -> impl Iterator<Item = &Question> {
+(0..count).map(|idx| &*self.base.add(idx))
+}
+unsafe fn iter_mut(&mut self, count: usize) -> impl Iterator<Item = &mut Question> {
+(0..count).map(|idx| &mut *self.base.add(idx))
+}
+unsafe fn free_contents(&mut self, count: usize) {
+let msgs = slice::from_raw_parts_mut(self.base, count);
+for msg in msgs {
+msg.clear()
+}
+memory::free(self.base);
+self.base = ptr::null_mut()
+}
+}
+/// The Linux version of the indirection layer between Question and Questions.
+#[repr(transparent)]
+pub struct LinuxPamIndirect {
 base: [*mut Question; 0],
 _marker: Immovable,
 }
-impl Indirect {
+impl IndirectTrait for LinuxPamIndirect {
-/// Allocates memory for this indirector and all its members.
 fn alloc(count: usize) -> *mut Self {
 // SAFETY: We're only allocating, and when we're done,
 // everything will be in a known-good state.
-let me_ptr: *mut Indirect = memory::calloc::<Question>(count).cast();
+let me_ptr: *mut Self = memory::calloc::<*mut Question>(count).cast();
 unsafe {
 let me = &mut *me_ptr;
 let ptr_list = slice::from_raw_parts_mut(me.base.as_mut_ptr(), count);
 for entry in ptr_list {
 *entry = memory::calloc(1);
 }
-me
+}
-}
+me_ptr
 }
-/// Returns an iterator yielding the given number of messages.
+unsafe fn iter(&self, count: usize) -> impl Iterator<Item = &Question> {
-///
-/// # Safety
-///
-/// You have to provide the right count.
-pub unsafe fn iter(&self, count: usize) -> impl Iterator<Item = &Question> {
 (0..count).map(|idx| &**self.base.as_ptr().add(idx))
 }
-/// Returns a mutable iterator yielding the given number of messages.
+unsafe fn iter_mut(&mut self, count: usize) -> impl Iterator<Item = &mut Question> {
-///
-/// # Safety
-///
-/// You have to provide the right count.
-pub unsafe fn iter_mut(&mut self, count: usize) -> impl Iterator<Item = &mut Question> {
 (0..count).map(|idx| &mut **self.base.as_mut_ptr().add(idx))
 }
-/// Frees everything this points to.
+unsafe fn free_contents(&mut self, count: usize) {
-///
-/// # Safety
-///
-/// You have to pass the right size.
-unsafe fn free(&mut self, count: usize) {
 let msgs = slice::from_raw_parts_mut(self.base.as_mut_ptr(), count);
 for msg in msgs {
 if let Some(msg) = msg.as_mut() {
 msg.clear();
 }
 *msg = ptr::null_mut();
 }
 }
 }
-/// The C enum values for messages shown to the user.
+impl Default for Question {
-#[derive(Debug, PartialEq, FromPrimitive)]
+fn default() -> Self {
-pub enum Style {
+Self {
-/// Requests information from the user; will be masked when typing.
+style: Default::default(),
-PromptEchoOff = 1,
+data: ptr::null_mut(),
-/// Requests information from the user; will not be masked.
+_marker: Default::default(),
-PromptEchoOn = 2,
+}
-/// An error message.
+}
-ErrorMsg = 3,
-/// An informational message.
-TextInfo = 4,
-/// Yes/No/Maybe conditionals. A Linux-PAM extension.
-RadioType = 5,
-/// For server–client non-human interaction.
-///
-/// NOT part of the X/Open PAM specification.
-/// A Linux-PAM extension.
-BinaryPrompt = 7,
-}
-impl TryFrom<c_int> for Style {
-type Error = InvalidEnum<Self>;
-fn try_from(value: c_int) -> StdResult<Self, Self::Error> {
-Self::from_i32(value).ok_or(value.into())
-}
-}
-impl From<Style> for c_int {
-fn from(val: Style) -> Self {
-val as Self
-}
-}
-/// A question sent by PAM or a module to an application.
-///
-/// PAM refers to this as a "message", but we call it a question
-/// to avoid confusion with [`Message`].
-///
-/// This question, and its internal data, is owned by its creator
-/// (either the module or PAM itself).
-#[repr(C)]
-pub struct Question {
-/// The style of message to request.
-style: c_int,
-/// A description of the data requested.
-///
-/// For most requests, this will be an owned [`CStr`], but for requests
-/// with [`Style::BinaryPrompt`], this will be [`CBinaryData`]
-/// (a Linux-PAM extension).
-data: *mut c_void,
-_marker: Immovable,
 }
 impl Question {
 /// Replaces the contents of this question with the question
 /// from the message.
 pub fn fill(&mut self, msg: &Message) -> Result<()> {
 let (style, data) = copy_to_heap(msg)?;
 self.clear();
-self.style = style as c_int;
+self.style = style.into();
 self.data = data;
 Ok(())
 }
 /// Gets this message's data pointer as a string.
 }
 #[cfg(test)]
 mod tests {
-use super::{MaskedQAndA, Questions, Result};
+use super::{
-use crate::conv::{BinaryQAndA, ErrorMsg, InfoMsg, QAndA, RadioQAndA};
+BinaryQAndA, ErrorMsg, GenericQuestions, IndirectTrait, InfoMsg, LinuxPamIndirect,
-use crate::libpam::conversation::OwnedMessage;
+MaskedQAndA, OwnedMessage, QAndA, RadioQAndA, Result, StandardIndirect,
+};
-#[test]
-fn test_round_trip() {
+macro_rules! assert_matches {
-let interrogation = Questions::new(&[
+($id:ident => $variant:path, $q:expr) => {
-MaskedQAndA::new("hocus pocus").message(),
+if let $variant($id) = $id {
-BinaryQAndA::new((&[5, 4, 3, 2, 1], 66)).message(),
+assert_eq!($q, $id.question());
-QAndA::new("what").message(),
+} else {
-QAndA::new("who").message(),
+panic!("mismatched enum variant {x:?}", x = $id);
-InfoMsg::new("hey").message(),
+}
-ErrorMsg::new("gasp").message(),
+};
-RadioQAndA::new("you must choose").message(),
+}
-])
-.unwrap();
+macro_rules! tests { ($fn_name:ident<$typ:ident>) => {
-let indirect = interrogation.indirect();
+#[test]
+fn $fn_name() {
-let remade = unsafe { indirect.as_ref() }.unwrap();
+let interrogation = GenericQuestions::<$typ>::new(&[
-let messages: Vec<OwnedMessage> = unsafe { remade.iter(interrogation.count) }
+MaskedQAndA::new("hocus pocus").message(),
-.map(TryInto::try_into)
+BinaryQAndA::new((&[5, 4, 3, 2, 1], 66)).message(),
-.collect::<Result<_>>()
+QAndA::new("what").message(),
+QAndA::new("who").message(),
+InfoMsg::new("hey").message(),
+ErrorMsg::new("gasp").message(),
+RadioQAndA::new("you must choose").message(),
+])
 .unwrap();
-let [masked, bin, what, who, hey, gasp, choose] = messages.try_into().unwrap();
+let indirect = interrogation.indirect();
-macro_rules! assert_matches {
-($id:ident => $variant:path, $q:expr) => {
+let remade = unsafe { $typ::borrow_ptr(indirect) }.unwrap();
-if let $variant($id) = $id {
+let messages: Vec<OwnedMessage> = unsafe { remade.iter(interrogation.count) }
-assert_eq!($q, $id.question());
+.map(TryInto::try_into)
-} else {
+.collect::<Result<_>>()
-panic!("mismatched enum variant {x:?}", x = $id);
+.unwrap();
-}
+let [masked, bin, what, who, hey, gasp, choose] = messages.try_into().unwrap();
-};
+assert_matches!(masked => OwnedMessage::MaskedPrompt, "hocus pocus");
-}
+assert_matches!(bin => OwnedMessage::BinaryPrompt, (&[5, 4, 3, 2, 1][..], 66));
-assert_matches!(masked => OwnedMessage::MaskedPrompt, "hocus pocus");
+assert_matches!(what => OwnedMessage::Prompt, "what");
-assert_matches!(bin => OwnedMessage::BinaryPrompt, (&[5, 4, 3, 2, 1][..], 66));
+assert_matches!(who => OwnedMessage::Prompt, "who");
-assert_matches!(what => OwnedMessage::Prompt, "what");
+assert_matches!(hey => OwnedMessage::Info, "hey");
-assert_matches!(who => OwnedMessage::Prompt, "who");
+assert_matches!(gasp => OwnedMessage::Error, "gasp");
-assert_matches!(hey => OwnedMessage::Info, "hey");
+assert_matches!(choose => OwnedMessage::RadioPrompt, "you must choose");
-assert_matches!(gasp => OwnedMessage::Error, "gasp");
+}
-assert_matches!(choose => OwnedMessage::RadioPrompt, "you must choose");
+}}
-}
-}
+tests!(test_xsso<StandardIndirect>);
+tests!(test_linux<LinuxPamIndirect>);
+}

Mercurial > crates > nonstick

comparison src/libpam/question.rs @ 80:5aa1a010f1e8