Mercurial > crates > nonstick
comparison src/constants.rs @ 64:bbe84835d6db v0.0.5
More organization; add lots of docs.
- moves `PamHandle` to its own module, since it will be used
by both modules and clients.
- adds a ton of documentation to the `PamModule` trait
and reorders methods to most-interesting-first.
- adds more flag values from pam_modules.h.
- other misc cleanup.
| author | Paul Fisher <paul@pfish.zone> |
|---|---|
| date | Thu, 22 May 2025 01:52:32 -0400 |
| parents | a7aa5ca0d00d |
| children | 9f8381a1c09c |
comparison
equal
deleted
inserted
replaced
| 63:a7aa5ca0d00d | 64:bbe84835d6db |
|---|---|
| 8 use std::marker::PhantomData; | 8 use std::marker::PhantomData; |
| 9 | 9 |
| 10 bitflags! { | 10 bitflags! { |
| 11 /// The available PAM flags. | 11 /// The available PAM flags. |
| 12 /// | 12 /// |
| 13 /// See `/usr/include/security/_pam_types.h` for more details. | 13 /// See `/usr/include/security/_pam_types.h` and |
| 14 /// See `/usr/include/security/pam_modules.h` for more details. | |
| 14 #[derive(Debug, PartialEq)] | 15 #[derive(Debug, PartialEq)] |
| 15 #[repr(transparent)] | 16 #[repr(transparent)] |
| 16 pub struct Flags: c_uint { | 17 pub struct Flags: c_uint { |
| 17 /// Authentication service should not generate any messages. | 18 /// The module should not generate any messages. |
| 18 const SILENT = 0x8000; | 19 const SILENT = 0x8000; |
| 19 /// The service should return [ErrorCode::AuthError] if the user | 20 |
| 20 /// has a null authentication token. | 21 /// The module should return [ErrorCode::AuthError] |
| 22 /// if the user has an empty authentication token | |
| 23 /// rather than immediately accepting them. | |
| 21 const DISALLOW_NULL_AUTHTOK = 0x0001; | 24 const DISALLOW_NULL_AUTHTOK = 0x0001; |
| 25 | |
| 26 // Flag used for `set_credentials`. | |
| 27 | |
| 22 /// Set user credentials for an authentication service. | 28 /// Set user credentials for an authentication service. |
| 23 const ESTABLISH_CRED = 0x0002; | 29 const ESTABLISH_CREDENTIALS = 0x0002; |
| 24 /// Delete user credentials associated with | 30 /// Delete user credentials associated with |
| 25 /// an authentication service. | 31 /// an authentication service. |
| 26 const DELETE_CRED = 0x0004; | 32 const DELETE_CREDENTIALS = 0x0004; |
| 27 /// Reinitialize user credentials. | 33 /// Reinitialize user credentials. |
| 28 const REINITIALIZE_CRED = 0x0008; | 34 const REINITIALIZE_CREDENTIALS = 0x0008; |
| 29 /// Extend the lifetime of user credentials. | 35 /// Extend the lifetime of user credentials. |
| 30 const REFRESH_CRED = 0x0010; | 36 const REFRESH_CREDENTIALS = 0x0010; |
| 37 | |
| 38 // Flags used for password changing. | |
| 39 | |
| 31 /// The password service should only update those passwords | 40 /// The password service should only update those passwords |
| 32 /// that have aged. If this flag is _not_ passed, | 41 /// that have aged. If this flag is _not_ passed, |
| 33 /// the password service should update all passwords. | 42 /// the password service should update all passwords. |
| 43 /// | |
| 44 /// This flag is only used by `change_authtok`. | |
| 34 const CHANGE_EXPIRED_AUTHTOK = 0x0020; | 45 const CHANGE_EXPIRED_AUTHTOK = 0x0020; |
| 46 | |
| 47 /// This is a preliminary check for password changing. | |
| 48 /// The password should not be changed. | |
| 49 /// | |
| 50 /// This is only used between PAM and a module. | |
| 51 /// Applications may not use this flag. | |
| 52 /// | |
| 53 /// This flag is only used by `change_authtok`. | |
| 54 const PRELIMINARY_CHECK = 0x4000; | |
| 55 /// The password should actuallyPR be updated. | |
| 56 /// This and [Self::PRELIMINARY_CHECK] are mutually exclusive. | |
| 57 /// | |
| 58 /// This is only used between PAM and a module. | |
| 59 /// Applications may not use this flag. | |
| 60 /// | |
| 61 /// This flag is only used by `change_authtok`. | |
| 62 const UPDATE_AUTHTOK = 0x2000; | |
| 35 } | 63 } |
| 36 } | 64 } |
| 37 | 65 |
| 38 /// The Linux-PAM error return values. Success is an Ok [Result]. | 66 /// The Linux-PAM error return values. Success is an Ok [Result]. |
| 39 /// | 67 /// |
| 88 AuthTokRecoveryError = 21, | 116 AuthTokRecoveryError = 21, |
| 89 #[error("authentication token lock busy")] | 117 #[error("authentication token lock busy")] |
| 90 AuthTokLockBusy = 22, | 118 AuthTokLockBusy = 22, |
| 91 #[error("authentication token aging disabled")] | 119 #[error("authentication token aging disabled")] |
| 92 AuthTokDisableAging = 23, | 120 AuthTokDisableAging = 23, |
| 93 #[error("preliminary check by password service")] | 121 #[error("preliminary password check failed")] |
| 94 TryAgain = 24, | 122 TryAgain = 24, |
| 95 #[error("ignore underlying account module, regardless of control flag")] | 123 #[error("ignore underlying account module, regardless of control flag")] |
| 96 Ignore = 25, | 124 Ignore = 25, |
| 97 #[error("critical error; this module should fail now")] | 125 #[error("critical error; this module should fail now")] |
| 98 Abort = 26, | 126 Abort = 26, |