crates/nonstick: src/libpam/handle.rs comparison

comparison src/libpam/handle.rs @ 130:80c07e5ab22f

Transfer over (almost) completely to using libpam-sys. This reimplements everything in nonstick on top of the new -sys crate. We don't yet use libpam-sys's helpers for binary message payloads. Soon.

author	Paul Fisher <paul@pfish.zone>
date	Tue, 01 Jul 2025 06:11:43 -0400
parents	39760dfc9b3b
children	a632a8874131

comparison

equal deleted inserted replaced

-:5b2de52dd8b2
+:80c07e5ab22f
 use super::conversation::LibPamConversation;
 use crate::constants::{ErrorCode, Result};
-use crate::conv::Message;
+use crate::conv::Exchange;
 use crate::environ::EnvironMapMut;
 use crate::handle::PamShared;
 use crate::libpam::environ::{LibPamEnviron, LibPamEnvironMut};
-pub use crate::libpam::pam_ffi::LibPamHandle;
+use crate::libpam::memory;
-use crate::libpam::{memory, pam_ffi};
 use crate::logging::{Level, Location};
 use crate::{
 guide, linklist, stdlinks, Conversation, EnvironMap, Flags, PamHandleApplication,
 PamHandleModule,
 };
 use num_enum::{IntoPrimitive, TryFromPrimitive};
 use std::cell::Cell;
 use std::ffi::{c_char, c_int, CString};
-use std::ops::{Deref, DerefMut};
 use std::ptr;
+use std::ptr::NonNull;
+use libpam_sys::cfg_pam_impl;
 /// Owner for a PAM handle.
-struct HandleWrap(*mut LibPamHandle);
+pub struct LibPamHandle(pub NonNull<libpam_sys::pam_handle>);
-impl Deref for HandleWrap {
+impl AsRef<libpam_sys::pam_handle> for LibPamHandle {
-type Target = LibPamHandle;
+fn as_ref(&self) -> &libpam_sys::pam_handle {
-fn deref(&self) -> &Self::Target {
+unsafe { self.0.as_ref() }
-unsafe { &*self.0 }
+}
 }
-}
+impl AsMut<libpam_sys::pam_handle> for LibPamHandle {
-impl DerefMut for HandleWrap {
+fn as_mut(&mut self) -> &mut libpam_sys::pam_handle {
-fn deref_mut(&mut self) -> &mut Self::Target {
+unsafe { self.0.as_mut() }
-unsafe { &mut *self.0 }
 }
 }
 /// An owned PAM handle.
 pub struct OwnedLibPamHandle<'a> {
 /// The handle itself.
-handle: HandleWrap,
+handle: LibPamHandle,
 /// The last return value from the handle.
 last_return: Cell<Result<()>>,
 /// If set, the Conversation that this PAM handle owns.
 ///
 /// We have to hold on to this because the PAM specification doesn't
 ) -> Result<Self> {
 let conv = Box::new(LibPamConversation::wrap(conversation));
 let service_cstr = CString::new(service_name).map_err(|_| ErrorCode::ConversationError)?;
 let username_cstr = memory::prompt_ptr(memory::option_cstr(username.as_deref())?.as_ref());
-let mut handle: *mut LibPamHandle = ptr::null_mut();
+let mut handle: *mut libpam_sys::pam_handle = ptr::null_mut();
 // SAFETY: We've set everything up properly to call `pam_start`.
 // The returned value will be a valid pointer provided the result is OK.
 let result = unsafe {
-pam_ffi::pam_start(
+libpam_sys::pam_start(
 service_cstr.as_ptr(),
 username_cstr,
-conv.as_ref(),
+(conv.as_ref() as *const LibPamConversation)
+.cast_mut()
+.cast(),
 &mut handle,
 )
 };
 ErrorCode::result_from(result)?;
+let handle = NonNull::new(handle).ok_or(ErrorCode::BufferError)?;
 Ok(Self {
-handle: HandleWrap(handle),
+handle: LibPamHandle(handle),
 last_return: Cell::new(Ok(())),
 conversation: Some(conv),
 })
 }
 }
 impl PamHandleApplication for OwnedLibPamHandle<'_> {
 fn authenticate(&mut self, flags: Flags) -> Result<()> {
-let ret = unsafe { pam_ffi::pam_authenticate(self.handle.0, flags.bits() as c_int) };
+let ret =
+unsafe { libpam_sys::pam_authenticate(self.handle.as_mut(), flags.bits() as c_int) };
 let result = ErrorCode::result_from(ret);
 self.last_return.set(result);
 result
 }
 fn account_management(&mut self, flags: Flags) -> Result<()> {
-let ret = unsafe { pam_ffi::pam_acct_mgmt(self.handle.0, flags.bits() as c_int) };
+let ret = unsafe { libpam_sys::pam_acct_mgmt(self.handle.as_mut(), flags.bits() as c_int) };
 let result = ErrorCode::result_from(ret);
 self.last_return.set(result);
 result
 }
 fn change_authtok(&mut self, flags: Flags) -> Result<()> {
-let ret = unsafe { pam_ffi::pam_chauthtok(self.handle.0, flags.bits() as c_int) };
+let ret = unsafe { libpam_sys::pam_chauthtok(self.handle.as_mut(), flags.bits() as c_int) };
 let result = ErrorCode::result_from(ret);
 self.last_return.set(result);
 result
 }
 }
 ///
 #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_end")]
 #[doc = stdlinks!(3 pam_end)]
 fn drop(&mut self) {
 unsafe {
-pam_ffi::pam_end(
+libpam_sys::pam_end(
-self.handle.0,
+self.handle.as_mut(),
 ErrorCode::result_to_c(self.last_return.get()),
 );
 }
 }
 }
 }
 };
 }
 impl PamShared for LibPamHandle {
+#[cfg(any())]
 fn log(&self, level: Level, loc: Location<'_>, entry: &str) {
 let entry = match CString::new(entry).or_else(|_| CString::new(dbg!(entry))) {
 Ok(cstr) => cstr,
 _ => return,
 };
 #[cfg(pam_impl = "linux-pam")]
 {
 _ = loc;
 // SAFETY: We're calling this function with a known value.
 unsafe {
-pam_ffi::pam_syslog(self, level as c_int, "%s\0".as_ptr().cast(), entry.as_ptr())
+libpam_sys::pam_syslog(self, level as c_int, "%s\0".as_ptr().cast(), entry.as_ptr())
 }
 }
 #[cfg(pam_impl = "openpam")]
 {
 let func = CString::new(loc.function).unwrap_or(CString::default());
 // SAFETY: We're calling this function with a known value.
 unsafe {
-pam_ffi::_openpam_log(
+libpam_sys::_openpam_log(
 level as c_int,
 func.as_ptr(),
 "%s\0".as_ptr().cast(),
 entry.as_ptr(),
 )
 }
 }
 }
+fn log(&self, _level: Level, _loc: Location<'_>, _entry: &str) {}
 fn username(&mut self, prompt: Option<&str>) -> Result<String> {
 let prompt = memory::option_cstr(prompt)?;
 let mut output: *const c_char = ptr::null();
 let ret = unsafe {
-pam_ffi::pam_get_user(self, &mut output, memory::prompt_ptr(prompt.as_ref()))
+libpam_sys::pam_get_user(
+self.as_mut(),
+&mut output,
+memory::prompt_ptr(prompt.as_ref()),
+)
 };
 ErrorCode::result_from(ret)?;
 unsafe { memory::copy_pam_string(output) }
 .transpose()
 .unwrap_or(Err(ErrorCode::ConversationError))
 cstr_item!(set = set_authtok_item, item = ItemType::AuthTok);
 cstr_item!(set = set_old_authtok_item, item = ItemType::OldAuthTok);
 }
 impl Conversation for LibPamHandle {
-fn communicate(&self, messages: &[Message]) {
+fn communicate(&self, messages: &[Exchange]) {
 match self.conversation_item() {
 Ok(conv) => conv.communicate(messages),
 Err(e) => {
 for msg in messages {
 msg.set_error(e)
 }
 }
 }
 impl PamHandleModule for LibPamHandle {
+#[cfg_pam_impl(any("LinuxPam", "OpenPam"))]
 fn authtok(&mut self, prompt: Option<&str>) -> Result<String> {
 let prompt = memory::option_cstr(prompt)?;
 let mut output: *const c_char = ptr::null_mut();
 // SAFETY: We're calling this with known-good values.
 let res = unsafe {
-pam_ffi::pam_get_authtok(
+libpam_sys::pam_get_authtok(
-self,
+self.as_mut(),
 ItemType::AuthTok.into(),
 &mut output,
 memory::prompt_ptr(prompt.as_ref()),
 )
 };
 ErrorCode::result_from(res)?;
 // SAFETY: We got this string from PAM.
 unsafe { memory::copy_pam_string(output) }
 .transpose()
 .unwrap_or(Err(ErrorCode::ConversationError))
+}
+#[cfg_pam_impl(not(any("LinuxPam", "OpenPam")))]
+fn authtok(&mut self, prompt: Option<&str>) -> Result<String> {
+Err(ErrorCode::ConversationError)
 }
 cstr_item!(get = authtok_item, item = ItemType::AuthTok);
 cstr_item!(get = old_authtok_item, item = ItemType::OldAuthTok);
 }
 /// # Safety
 ///
 /// You better be requesting an item which is a C string.
 unsafe fn get_cstr_item(&self, item_type: ItemType) -> Result<Option<String>> {
 let mut output = ptr::null();
-let ret = unsafe { pam_ffi::pam_get_item(self, item_type as c_int, &mut output) };
+let ret =
+unsafe { libpam_sys::pam_get_item(self.as_ref(), item_type as c_int, &mut output) };
 ErrorCode::result_from(ret)?;
 memory::copy_pam_string(output.cast())
 }
 /// Sets a C string item.
 ///
 /// You better be setting an item which is a C string.
 unsafe fn set_cstr_item(&mut self, item_type: ItemType, data: Option<&str>) -> Result<()> {
 let data_str = memory::option_cstr(data)?;
 let ret = unsafe {
-pam_ffi::pam_set_item(
+libpam_sys::pam_set_item(
-self,
+self.as_mut(),
 item_type as c_int,
 memory::prompt_ptr(data_str.as_ref()).cast(),
 )
 };
 ErrorCode::result_from(ret)
 /// Gets the `PAM_CONV` item from the handle.
 fn conversation_item(&self) -> Result<&mut LibPamConversation<'_>> {
 let output: *mut LibPamConversation = ptr::null_mut();
 let result = unsafe {
-pam_ffi::pam_get_item(
+libpam_sys::pam_get_item(
-self,
+self.as_ref(),
 ItemType::Conversation.into(),
 &mut output.cast_const().cast(),
 )
 };
 ErrorCode::result_from(result)?;

Mercurial > crates > nonstick

comparison src/libpam/handle.rs @ 130:80c07e5ab22f