Mercurial > crates > nonstick
comparison pam-sober/src/lib.rs @ 19:d654aa0655e5
Making PamHandle a struct with methods
| author | Anthony Nowell <anthony@algorithmia.com> |
|---|---|
| date | Mon, 25 Sep 2017 23:42:35 -0600 |
| parents | 53efbcff805d |
| children | 734ca62159fb |
comparison
equal
deleted
inserted
replaced
| 18:0f5e9e8963ae | 19:d654aa0655e5 |
|---|---|
| 1 extern crate pam; | 1 extern crate pam; |
| 2 extern crate rand; | 2 extern crate rand; |
| 3 | 3 |
| 4 pub mod ffi; | 4 pub mod ffi; |
| 5 | 5 |
| 6 use pam::module::{PamHandleT, get_item, get_user}; | 6 use pam::module::PamHandle; |
| 7 use pam::constants::{PamResultCode, PAM_PROMPT_ECHO_OFF}; | 7 use pam::constants::{PamResultCode, PAM_PROMPT_ECHO_OFF}; |
| 8 use pam::conv::PamConv; | 8 use pam::conv::PamConv; |
| 9 use std::collections::HashMap; | |
| 10 use std::time::Duration; | |
| 11 use rand::Rng; | 9 use rand::Rng; |
| 12 use std::str::FromStr; | 10 use std::str::FromStr; |
| 13 | 11 |
| 14 macro_rules! pam_try { | 12 macro_rules! pam_try { |
| 15 ($e:expr) => ( | 13 ($e:expr) => ( |
| 28 } | 26 } |
| 29 ); | 27 ); |
| 30 } | 28 } |
| 31 | 29 |
| 32 // This function performs the task of authenticating the user. | 30 // This function performs the task of authenticating the user. |
| 33 pub fn sm_authenticate(pamh: &PamHandleT, args: Vec<String>, silent: bool) -> PamResultCode { | 31 pub fn sm_authenticate(pamh: &PamHandle, args: Vec<String>, silent: bool) -> PamResultCode { |
| 34 println!("Let's auth over HTTP"); | 32 println!("Let's auth over HTTP"); |
| 35 | 33 |
| 36 /* TODO: use args to change difficulty ;-) | 34 /* TODO: use args to change difficulty ;-) |
| 37 let args: HashMap<&str, &str> = args.iter().map(|s| { | 35 let args: HashMap<&str, &str> = args.iter().map(|s| { |
| 38 let mut parts = s.splitn(2, "="); | 36 let mut parts = s.splitn(2, "="); |
| 39 (parts.next().unwrap(), parts.next().unwrap_or("")) | 37 (parts.next().unwrap(), parts.next().unwrap_or("")) |
| 40 }).collect(); | 38 }).collect(); |
| 41 */ | 39 */ |
| 42 | 40 |
| 43 // TODO: maybe we can change difficulty base on user? | 41 // TODO: maybe we can change difficulty base on user? |
| 44 // let user = pam_try!(get_user(&pamh, None)); | 42 // let user = pam_try!(pam.get_user(None)); |
| 45 | 43 |
| 46 let conv = match get_item::<PamConv>(&pamh) { | 44 let conv = match pamh.get_item::<PamConv>() { |
| 47 Ok(conv) => conv, | 45 Ok(conv) => conv, |
| 48 Err(err) => { | 46 Err(err) => { |
| 49 println!("Couldn't get pam_conv"); | 47 println!("Couldn't get pam_conv"); |
| 50 return err; | 48 return err; |
| 51 } | 49 } |
| 72 // This function performs the task of altering the credentials of the user with respect to the | 70 // This function performs the task of altering the credentials of the user with respect to the |
| 73 // corresponding authorization scheme. Generally, an authentication module may have access to more | 71 // corresponding authorization scheme. Generally, an authentication module may have access to more |
| 74 // information about a user than their authentication token. This function is used to make such | 72 // information about a user than their authentication token. This function is used to make such |
| 75 // information available to the application. It should only be called after the user has been | 73 // information available to the application. It should only be called after the user has been |
| 76 // authenticated but before a session has been established. | 74 // authenticated but before a session has been established. |
| 77 pub fn sm_setcred(_pamh: &PamHandleT, _args: Vec<String>, _silent: bool) -> PamResultCode { | 75 pub fn sm_setcred(_pamh: &PamHandle, _args: Vec<String>, _silent: bool) -> PamResultCode { |
| 78 println!("set credentials"); | 76 println!("set credentials"); |
| 79 PamResultCode::PAM_SUCCESS | 77 PamResultCode::PAM_SUCCESS |
| 80 } | 78 } |
| 81 | 79 |
| 82 // This function performs the task of establishing whether the user is permitted to gain access at | 80 // This function performs the task of establishing whether the user is permitted to gain access at |
| 83 // this time. It should be understood that the user has previously been validated by an | 81 // this time. It should be understood that the user has previously been validated by an |
| 84 // authentication module. This function checks for other things. Such things might be: the time of | 82 // authentication module. This function checks for other things. Such things might be: the time of |
| 85 // day or the date, the terminal line, remote hostname, etc. This function may also determine | 83 // day or the date, the terminal line, remote hostname, etc. This function may also determine |
| 86 // things like the expiration on passwords, and respond that the user change it before continuing. | 84 // things like the expiration on passwords, and respond that the user change it before continuing. |
| 87 pub fn acct_mgmt(_pamh: &PamHandleT, _args: Vec<String>, _silent: bool) -> PamResultCode { | 85 pub fn acct_mgmt(_pamh: &PamHandle, _args: Vec<String>, _silent: bool) -> PamResultCode { |
| 88 println!("account management"); | 86 println!("account management"); |
| 89 PamResultCode::PAM_SUCCESS | 87 PamResultCode::PAM_SUCCESS |
| 90 } | 88 } |