crates/nonstick: src/constants.rs comparison

comparison src/constants.rs @ 171:e27c5c667a5a

Create full new types for return code and flags, separate end to end. This plumbs the ReturnCode and RawFlags types through the places where we call into or are called from PAM. Also adds Sun documentation to the project.

author	Paul Fisher <paul@pfish.zone>
date	Fri, 25 Jul 2025 20:52:14 -0400
parents	f052e2417195
children	6727cbe56f4a

comparison

equal deleted inserted replaced

-:f052e2417195
+:e27c5c667a5a
 //! Constants and enum values from the PAM library.
-use crate::_doc::{linklist, man7, manbsd, xsso};
+use crate::_doc::{linklist, man7, manbsd, mansun, xsso};
 use bitflags::bitflags;
-use num_enum::{IntoPrimitive, TryFromPrimitive};
 use std::error::Error;
 use std::ffi::c_int;
 use std::fmt;
 use std::fmt::{Display, Formatter};
 use std::result::Result as StdResult;
-#[cfg(features = "link")]
+macro_rules! wrapper {
-use libpam_sys_consts::constants as pam_constants;
+(
+$(#[$m:meta])*
+$viz:vis $name:ident($wraps:ty);
-/// The union of constants available in all versions of PAM.
+) => {
-/// The values here are fictitious and should not be used.
+$(#[$m])*
-#[cfg(not(features = "link"))]
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
-mod pam_constants {
+#[repr(transparent)]
-pub const PAM_SUCCESS: i32 = 0;
+$viz struct $name(i32);
-/// Generates a sequence of values.
+impl From<i32> for $name {
-macro_rules! c_enum {
+fn from(value: i32) -> Self {
-($first:ident = $value:expr, $($rest:ident,)*) => {
+Self(value)
-c_enum!(($value) $first, $($rest,)*);
+}
-};
+}
-(($value:expr) $first:ident, $($rest:ident,)*) => {
+impl From<$name> for i32 {
-pub const $first: i32 = $value;
+fn from(value: $name) -> Self {
-c_enum!(($value+1) $($rest,)*);
+value.0
-};
+}
-(($value:expr)) => {};
+}
 }
+}
-// Since all these values are fictitious, we can start them wherever.
-// All the items.
+wrapper! {
-c_enum!(
+/// Type of the flags that PAM passes to us (or that we pass to PAM).
-PAM_SERVICE = 64,
+pub RawFlags(c_int);
-PAM_USER,
+}
-PAM_TTY,
+wrapper! {
-PAM_RHOST,
+/// The error code that we return to PAM.
-PAM_CONV,
+pub ReturnCode(c_int);
-PAM_AUTHTOK,
+}
-PAM_OLDAUTHTOK,
-PAM_RUSER,
+impl ReturnCode {
-PAM_USER_PROMPT,
+/// A successful return.
-// Linux-only items.
+pub const SUCCESS: Self = Self(0);
-PAM_FAIL_DELAY,
+}
-PAM_XDISPLAY,
-PAM_XAUTHDATA,
-PAM_AUTHTOK_TYPE,
-// OpenPAM-only items.
-PAM_REPOSITORY,
-PAM_AUTHTOK_PROMPT,
-PAM_OLDAUTHTOK_PROMPT,
-PAM_HOST,
-// Sun-only items.
-PAM_RESOURCE,
-PAM_AUSER,
-);
-// Prompt types.
-c_enum!(
-PAM_PROMPT_ECHO_OFF = 96,
-PAM_PROMPT_ECHO_ON,
-PAM_ERROR_MSG,
-PAM_TEXT_INFO,
-PAM_RADIO_TYPE,
-PAM_BINARY_PROMPT,
-);
-// Errors.
-c_enum!(
-PAM_OPEN_ERR = 128,
-PAM_SYMBOL_ERR,
-PAM_SERVICE_ERR,
-PAM_SYSTEM_ERR,
-PAM_BUF_ERR,
-PAM_PERM_DENIED,
-PAM_AUTH_ERR,
-PAM_CRED_INSUFFICIENT,
-PAM_AUTHINFO_UNAVAIL,
-PAM_USER_UNKNOWN,
-PAM_MAXTRIES,
-PAM_NEW_AUTHTOK_REQD,
-PAM_ACCT_EXPIRED,
-PAM_SESSION_ERR,
-PAM_CRED_UNAVAIL,
-PAM_CRED_EXPIRED,
-PAM_CRED_ERR,
-PAM_NO_MODULE_DATA,
-PAM_CONV_ERR,
-PAM_AUTHTOK_ERR,
-PAM_AUTHTOK_RECOVERY_ERR,
-PAM_AUTHTOK_LOCK_BUSY,
-PAM_AUTHTOK_DISABLE_AGING,
-PAM_TRY_AGAIN,
-PAM_IGNORE,
-PAM_ABORT,
-PAM_AUTHTOK_EXPIRED,
-PAM_MODULE_UNKNOWN,
-PAM_BAD_ITEM,
-PAM_CONV_AGAIN,
-PAM_INCOMPLETE,
-// OpenPAM-only errors.
-PAM_DOMAIN_UNKNOWN,
-PAM_BAD_HANDLE,
-PAM_BAD_FEATURE,
-PAM_BAD_CONSTANT,
-);
-macro_rules! flag_enum {
-($first:ident = $value:expr, $($rest:ident,)*) => {
-flag_enum!(($value) $first, $($rest,)*);
-};
-(($value:expr) $first:ident, $($rest:ident,)*) => {
-pub const $first: i32 = $value;
-flag_enum!(($value*2) $($rest,)*);
-};
-(($value:expr)) => {};
-}
-flag_enum!(
-PAM_SILENT = 256,
-PAM_DISALLOW_NULL_AUTHTOK,
-PAM_ESTABLISH_CRED,
-PAM_DELETE_CRED,
-PAM_REINITIALIZE_CRED,
-PAM_REFRESH_CRED,
-PAM_CHANGE_EXPIRED_AUTHTOK,
-PAM_PRELIM_CHECK,
-PAM_UPDATE_AUTHTOK,
-PAM_DATA_REPLACE,
-PAM_DATA_SILENT,
-);
-}
-/// Creates a bitflags! macro, with an extra SILENT element.
 macro_rules! pam_flags {
 (
 $(#[$m:meta])*
 $name:ident {
-$($inner:tt)*
+$(
+$(#[$m_ident:ident $($m_arg:tt)*])*
+const $item_name:ident = (link = $value_value:expr, else = $other_value:expr);
+)*
 }
 ) => {
 bitflags! {
+#[derive(Clone, Copy, Debug, Default, PartialEq)]
 $(#[$m])*
-#[derive(Clone, Copy, Debug, Default, PartialEq)]
+pub struct $name: u16 {
-#[repr(transparent)]
+$(
-pub struct $name: c_int {
+$(#[$m_ident $($m_arg)*])*
-/// The module should not generate any messages.
+const $item_name = $other_value;
-const SILENT = pam_constants::PAM_SILENT;
+)*
-$($inner)*
+}
+}
+#[cfg(feature = "link")]
+impl From<RawFlags> for $name {
+#[allow(unused_doc_comments)]
+fn from(value: RawFlags) -> Self {
+eprintln!(concat!(stringify!($name), " FROM RAW FLAGS"));
+let value: c_int = value.into();
+let result = Self::empty();
+$(
+$(#[$m_ident $($m_arg)*])*
+let result = result | if value & $value_value == 0 {
+eprintln!(concat!("checked against ", stringify!($value_value)));
+Self::empty()
+} else {
+eprintln!(concat!("checked against ", stringify!($value_value), " success"));
+Self::$item_name
+};
+)*
+result
+}
+}
+#[cfg(feature = "link")]
+impl From<$name> for RawFlags {
+#[allow(unused_doc_comments)]
+fn from(value: $name) -> Self {
+eprintln!(concat!("RAW FLAGS FROM ", stringify!($name)));
+let result = 0;
+$(
+$(#[$m_ident $($m_arg)*])*
+let result = result | if value.contains($name::$item_name) {
+eprintln!(concat!("checked against ", stringify!($item_name), " success"));
+$value_value
+} else {
+eprintln!(concat!("checked against ", stringify!($item_name)));
+0
+};
+)*
+Self(result)
 }
 }
 }
 }
 pam_flags! {
 /// Flags for authentication and account management.
 AuthnFlags {
+/// The PAM module should not generate any messages.
+const SILENT = (link = libpam_sys::PAM_SILENT, else = 0x8000);
 /// The module should return [AuthError](ErrorCode::AuthError)
 /// if the user has an empty authentication token, rather than
 /// allowing them to log in.
-const DISALLOW_NULL_AUTHTOK = pam_constants::PAM_DISALLOW_NULL_AUTHTOK;
+const DISALLOW_NULL_AUTHTOK = (link = libpam_sys::PAM_DISALLOW_NULL_AUTHTOK, else = 0b1);
 }
 }
 pam_flags! {
 /// Flags for changing the authentication token.
 AuthtokFlags {
+/// The PAM module should not generate any messages.
+const SILENT = (link = libpam_sys::PAM_SILENT, else = 0x8000);
 /// Indicates that the user's authentication token should
 /// only be changed if it is expired. If not passed,
 /// the authentication token should be changed unconditionally.
-const CHANGE_EXPIRED_AUTHTOK = pam_constants::PAM_CHANGE_EXPIRED_AUTHTOK;
+const CHANGE_EXPIRED_AUTHTOK = (link = libpam_sys::PAM_CHANGE_EXPIRED_AUTHTOK, else = 0b10);
 /// Don't check if the password is any good (Sun only).
 #[cfg(pam_impl = "Sun")]
-const NO_AUTHTOK_CHECK = pam_constants::PAM_NO_AUTHTOK_CHECK;
+const NO_AUTHTOK_CHECK = (link = libpam_sys::PAM_NO_AUTHTOK_CHECK, else = 0b100);
 }
 }
 pam_flags! {
 /// Common flag(s) shared by all PAM actions.
-BaseFlags {}
+BaseFlags {
+/// The PAM module should not generate any messages.
+const SILENT = (link = libpam_sys::PAM_SILENT, else = 0x8000);
+}
 }
 #[cfg(feature = "openpam-ext")]
 const BAD_CONST: ErrorCode = ErrorCode::BadConstant;
 #[cfg(not(feature = "openpam-ext"))]
 (
 $(#[$m:meta])*
 $name:ident {
 $(
 $(#[$item_m:meta])*
-$item_name:ident = $item_value:expr,
+$item_name:ident = $item_value:path,
 )*
 }
 ) => {
 $(#[$m])*
-#[derive(Clone, Copy, Debug, PartialEq, TryFromPrimitive, IntoPrimitive)]
+#[derive(Clone, Copy, Debug, PartialEq)]
-#[repr(i32)]
 pub enum $name {
 $(
 $(#[$item_m])*
-$item_name = $item_value,
+$item_name,
 )*
 }
+#[cfg(feature = "link")]
+impl TryFrom<RawFlags> for $name {
+type Error = ErrorCode;
+fn try_from(value: RawFlags) -> Result<$name> {
+match value.0 {
+$(
+$item_value => Ok(Self::$item_name),
+)*
+_ => Err(BAD_CONST),
+}
+}
+}
+#[cfg(feature = "link")]
+impl From<$name> for RawFlags {
+fn from(value: $name) -> Self {
+match value {
+$(
+$name::$item_name => $item_value.into(),
+)*
+}
+}
+}
+#[cfg(feature = "link")]
 impl $name {
 const ALL_VALUES: i32 = 0 $( | $item_value)*;
-fn split(value: i32) -> Result<(Option<Self>, i32)> {
+fn split(value: RawFlags) -> Result<(Option<Self>, RawFlags)> {
-let me = value & Self::ALL_VALUES;
+let me = value.0 & Self::ALL_VALUES;
-let them = value & !Self::ALL_VALUES;
+let them = (value.0 & !Self::ALL_VALUES).into();
-let me = match me {
+let me = match RawFlags(me) {
-0 => None,
+RawFlags(0) => None,
-n => Some(Self::try_from(n).map_err(|_| BAD_CONST)?),
+other => Some(Self::try_from(other).map_err(|_| BAD_CONST)?),
 };
 Ok((me, them))
 }
 }
 }
 flag_enum! {
 /// The credential management action that should take place.
 CredAction {
 /// Set the user's credentials from this module. Default if unspecified.
-Establish = pam_constants::PAM_ESTABLISH_CRED,
+Establish = libpam_sys::PAM_ESTABLISH_CRED,
 /// Revoke the user's credentials established by this module.
-Delete = pam_constants::PAM_DELETE_CRED,
+Delete = libpam_sys::PAM_DELETE_CRED,
 /// Fully reinitialize the user's credentials from this module.
-Reinitialize = pam_constants::PAM_REINITIALIZE_CRED,
+Reinitialize = libpam_sys::PAM_REINITIALIZE_CRED,
 /// Extend the lifetime of the user's credentials from this module.
-Refresh = pam_constants::PAM_REFRESH_CRED,
+Refresh = libpam_sys::PAM_REFRESH_CRED,
 }
 }
+#[cfg(feature = "link")]
 impl CredAction {
 /// Separates this enum from the remaining [`BaseFlags`].
-pub fn extract(value: i32) -> Result<(Self, BaseFlags)> {
+pub(crate) fn extract(value: RawFlags) -> Result<(Self, BaseFlags)> {
-Self::split(value)
+Self::split(value).map(|(act, rest)| (act.unwrap_or_default(), BaseFlags::from(rest)))
-.map(|(act, rest)| (act.unwrap_or_default(), BaseFlags::from_bits_retain(rest)))
 }
 }
 impl Default for CredAction {
 fn default() -> Self {
 }
 }
 flag_enum! {
 AuthtokAction {
-/// This is a preliminary call to check if we're ready to change passwords
+/// On this call, just validate that the password is acceptable
-/// and that the new password is acceptable.
+/// and that you have all the resources you need to change it.
-PreliminaryCheck = pam_constants::PAM_PRELIM_CHECK,
+///
-/// You should actually update the password.
+/// This corresponds to the constant `PAM_PRELIM_CHECK`.
-Update = pam_constants::PAM_UPDATE_AUTHTOK,
+Validate = libpam_sys::PAM_PRELIM_CHECK,
-}
+/// Actually perform the update.
-}
+///
+/// This corresponds to the constant `PAM_UPDATE_AUTHTOK`.
+Update = libpam_sys::PAM_UPDATE_AUTHTOK,
+}
+}
+#[cfg(feature = "link")]
 impl AuthtokAction {
 /// Separates this enum from the remaining [`AuthtokFlags`].
-pub fn extract(value: i32) -> Result<(Self, AuthtokFlags)> {
+pub(crate) fn extract(value: RawFlags) -> Result<(Self, AuthtokFlags)> {
 match Self::split(value)? {
-(Some(act), rest) => Ok((act, AuthtokFlags::from_bits_retain(rest))),
+(Some(act), rest) => Ok((act, AuthtokFlags::from(rest))),
 (None, _) => Err(BAD_CONST),
 }
 }
 }
-/// The PAM error return codes.
+/// Constructs an enum which has the values if it's linked
-///
+macro_rules! linky_enum {
-/// These are returned by most PAM functions if an error of some kind occurs.
+(
-///
+$(#[$om:meta])*
-/// Instead of being an error code, success is represented by an Ok [`Result`].
+pub enum $name:ident($wrap:ty) {
-///
+$(
-/// # References
+$(#[$im:meta])*
-///
+$key:ident = $value:path,
-#[doc = linklist!(pam: man7, manbsd)]
+)*
-/// - [X/SSO error code specification][xsso]
+}
-///
+) => {
-#[doc = man7!(3 pam "RETURN_VALUES")]
+$(#[$om])*
-#[doc = manbsd!(3 pam "RETURN%20VALUES")]
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
-#[doc = xsso!("chap5.htm#tagcjh_06_02")]
+pub enum $name {
-#[allow(non_camel_case_types, dead_code)]
+$(
-#[derive(Copy, Clone, Debug, PartialEq, TryFromPrimitive, IntoPrimitive)]
+$(#[$im])*
-#[non_exhaustive] // C might give us anything!
+$key,
-#[repr(i32)]
+)*
-pub enum ErrorCode {
+}
-OpenError = pam_constants::PAM_OPEN_ERR,
-SymbolError = pam_constants::PAM_SYMBOL_ERR,
+#[cfg(feature = "link")]
-ServiceError = pam_constants::PAM_SERVICE_ERR,
+impl TryFrom<$wrap> for $name {
-SystemError = pam_constants::PAM_SYSTEM_ERR,
+type Error = ErrorCode;
-BufferError = pam_constants::PAM_BUF_ERR,
+fn try_from(value: $wrap) -> Result<Self> {
-PermissionDenied = pam_constants::PAM_PERM_DENIED,
+match value.into() {
-AuthenticationError = pam_constants::PAM_AUTH_ERR,
+$(
-CredentialsInsufficient = pam_constants::PAM_CRED_INSUFFICIENT,
+$(#[$im])*
-AuthInfoUnavailable = pam_constants::PAM_AUTHINFO_UNAVAIL,
+$value => Ok(Self::$key),
-UserUnknown = pam_constants::PAM_USER_UNKNOWN,
+)*
-MaxTries = pam_constants::PAM_MAXTRIES,
+_ => Err(BAD_CONST),
-NewAuthTokRequired = pam_constants::PAM_NEW_AUTHTOK_REQD,
+}
-AccountExpired = pam_constants::PAM_ACCT_EXPIRED,
+}
-SessionError = pam_constants::PAM_SESSION_ERR,
+}
-CredentialsUnavailable = pam_constants::PAM_CRED_UNAVAIL,
-CredentialsExpired = pam_constants::PAM_CRED_EXPIRED,
+#[cfg(feature = "link")]
-CredentialsError = pam_constants::PAM_CRED_ERR,
+impl From<$name> for $wrap {
-NoModuleData = pam_constants::PAM_NO_MODULE_DATA,
+fn from(value: $name) -> Self {
-ConversationError = pam_constants::PAM_CONV_ERR,
+match value {
-AuthTokError = pam_constants::PAM_AUTHTOK_ERR,
+$(
-AuthTokRecoveryError = pam_constants::PAM_AUTHTOK_RECOVERY_ERR,
+$(#[$im])*
-AuthTokLockBusy = pam_constants::PAM_AUTHTOK_LOCK_BUSY,
+$name::$key => $value.into(),
-AuthTokDisableAging = pam_constants::PAM_AUTHTOK_DISABLE_AGING,
+)*
-TryAgain = pam_constants::PAM_TRY_AGAIN,
+}
-Ignore = pam_constants::PAM_IGNORE,
+}
-Abort = pam_constants::PAM_ABORT,
+}
-AuthTokExpired = pam_constants::PAM_AUTHTOK_EXPIRED,
+}
-#[cfg(feature = "basic-ext")]
+}
-ModuleUnknown = pam_constants::PAM_MODULE_UNKNOWN,
-#[cfg(feature = "basic-ext")]
+linky_enum! {
-BadItem = pam_constants::PAM_BAD_ITEM,
+/// The PAM error return codes.
-#[cfg(feature = "linux-pam-ext")]
+///
-ConversationAgain = pam_constants::PAM_CONV_AGAIN,
+/// These are returned by most PAM functions if an error of some kind occurs.
-#[cfg(feature = "linux-pam-ext")]
+///
-Incomplete = pam_constants::PAM_INCOMPLETE,
+/// Instead of being an error code, success is represented by an Ok [`Result`].
-#[cfg(feature = "openpam-ext")]
+///
-DomainUnknown = pam_constants::PAM_DOMAIN_UNKNOWN,
+/// **Do not depend upon the numerical value of these error codes,
-#[cfg(feature = "openpam-ext")]
+/// or the enum's representation type.
-BadHandle = pam_constants::PAM_BAD_HANDLE,
+/// The available codes and their values will vary depending upon
-#[cfg(feature = "openpam-ext")]
+/// PAM implementation.**
-BadFeature = pam_constants::PAM_BAD_FEATURE,
+///
-#[cfg(feature = "openpam-ext")]
+/// # References
-BadConstant = pam_constants::PAM_BAD_CONSTANT,
+///
+#[doc = linklist!(pam: man7, manbsd, mansun)]
+/// - [X/SSO error code specification][xsso]
+///
+#[doc = man7!(3 pam "RETURN_VALUES")]
+#[doc = manbsd!(3 pam "RETURN%20VALUES")]
+#[doc = mansun!([3 "pam"] pam "return-values")]
+#[doc = xsso!("chap5.htm#tagcjh_06_02")]
+#[allow(non_camel_case_types, dead_code)]
+#[non_exhaustive] // Different PAMs have different error code sets.
+pub enum ErrorCode(ReturnCode) {
+OpenError = libpam_sys::PAM_OPEN_ERR,
+SymbolError = libpam_sys::PAM_SYMBOL_ERR,
+ServiceError = libpam_sys::PAM_SERVICE_ERR,
+SystemError = libpam_sys::PAM_SYSTEM_ERR,
+BufferError = libpam_sys::PAM_BUF_ERR,
+PermissionDenied = libpam_sys::PAM_PERM_DENIED,
+AuthenticationError = libpam_sys::PAM_AUTH_ERR,
+CredentialsInsufficient = libpam_sys::PAM_CRED_INSUFFICIENT,
+AuthInfoUnavailable = libpam_sys::PAM_AUTHINFO_UNAVAIL,
+UserUnknown = libpam_sys::PAM_USER_UNKNOWN,
+MaxTries = libpam_sys::PAM_MAXTRIES,
+NewAuthTokRequired = libpam_sys::PAM_NEW_AUTHTOK_REQD,
+AccountExpired = libpam_sys::PAM_ACCT_EXPIRED,
+SessionError = libpam_sys::PAM_SESSION_ERR,
+CredentialsUnavailable = libpam_sys::PAM_CRED_UNAVAIL,
+CredentialsExpired = libpam_sys::PAM_CRED_EXPIRED,
+CredentialsError = libpam_sys::PAM_CRED_ERR,
+NoModuleData = libpam_sys::PAM_NO_MODULE_DATA,
+ConversationError = libpam_sys::PAM_CONV_ERR,
+AuthTokError = libpam_sys::PAM_AUTHTOK_ERR,
+AuthTokRecoveryError = libpam_sys::PAM_AUTHTOK_RECOVERY_ERR,
+AuthTokLockBusy = libpam_sys::PAM_AUTHTOK_LOCK_BUSY,
+AuthTokDisableAging = libpam_sys::PAM_AUTHTOK_DISABLE_AGING,
+TryAgain = libpam_sys::PAM_TRY_AGAIN,
+Ignore = libpam_sys::PAM_IGNORE,
+Abort = libpam_sys::PAM_ABORT,
+AuthTokExpired = libpam_sys::PAM_AUTHTOK_EXPIRED,
+#[cfg(feature = "basic-ext")]
+ModuleUnknown = libpam_sys::PAM_MODULE_UNKNOWN,
+#[cfg(feature = "basic-ext")]
+BadItem = libpam_sys::PAM_BAD_ITEM,
+#[cfg(feature = "linux-pam-ext")]
+ConversationAgain = libpam_sys::PAM_CONV_AGAIN,
+#[cfg(feature = "linux-pam-ext")]
+Incomplete = libpam_sys::PAM_INCOMPLETE,
+#[cfg(feature = "openpam-ext")]
+DomainUnknown = libpam_sys::PAM_DOMAIN_UNKNOWN,
+#[cfg(feature = "openpam-ext")]
+BadHandle = libpam_sys::PAM_BAD_HANDLE,
+#[cfg(feature = "openpam-ext")]
+BadFeature = libpam_sys::PAM_BAD_FEATURE,
+#[cfg(feature = "openpam-ext")]
+BadConstant = libpam_sys::PAM_BAD_CONSTANT,
+}
 }
 /// A PAM-specific Result type with an [ErrorCode] error.
 pub type Result<T> = StdResult<T, ErrorCode>;
 impl Display for ErrorCode {
+#[cfg(all(
+feature = "link",
+any(pam_impl = "LinuxPam", pam_impl = "OpenPam", pam_impl = "Sun")
+))]
 fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
-match strerror((*self).into()) {
+use std::ffi::CStr;
-Some(err) => f.write_str(err),
+use std::ptr;
-None => self.fmt_internal(f),
+// SAFETY: PAM impls don't care about the PAM handle and always return
-}
+// static strings.
+let got = unsafe { libpam_sys::pam_strerror(ptr::null(), *self as c_int) };
+if got.is_null() {
+// This shouldn't happen.
+write!(f, "PAM error: {self:?} ({:?})", *self as c_int)
+} else {
+// SAFETY: We just got this back from PAM and we checked if it's null.
+f.write_str(&unsafe { CStr::from_ptr(got) }.to_string_lossy())
+}
+}
+#[cfg(not(all(
+feature = "link",
+any(pam_impl = "LinuxPam", pam_impl = "OpenPam", pam_impl = "Sun")
+)))]
+fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+fmt::Debug::fmt(self, f)
 }
 }
 impl Error for ErrorCode {}
+#[cfg(feature = "link")]
 impl ErrorCode {
-/// Converts this [Result] into a C-compatible result code.
+pub(crate) fn result_from(ret: c_int) -> Result<()> {
-pub fn result_to_c<T>(value: Result<T>) -> c_int {
+match ret {
+0 => Ok(()),
+value => Err(ReturnCode(value).try_into().unwrap_or(BAD_CONST)),
+}
+}
+}
+impl<T> From<Result<T>> for ReturnCode {
+fn from(value: Result<T>) -> Self {
 match value {
-Ok(_) => 0, // PAM_SUCCESS
+Ok(_) => ReturnCode::SUCCESS,
-Err(otherwise) => otherwise.into(),
+Err(otherwise) => otherwise.into()
 }
 }
+}
-/// Converts a C result code into a [Result], with success as Ok.
-/// Invalid values are returned as a [Self::SystemError].
+#[cfg(all(test, feature = "link"))]
-pub fn result_from(value: c_int) -> Result<()> {
-match value {
-0 => Ok(()),
-value => Err(value.try_into().unwrap_or(Self::SystemError)),
-}
-}
-/// A basic Display implementation for if we don't link against PAM.
-fn fmt_internal(self, f: &mut Formatter<'_>) -> fmt::Result {
-let n: c_int = self.into();
-write!(f, "PAM error: {self:?} ({n})")
-}
-}
-/// Gets a string version of an error message.
-#[cfg(feature = "link")]
-pub fn strerror(code: c_int) -> Option<&'static str> {
-use std::ffi::CStr;
-use std::ptr;
-// SAFETY: PAM impls don't care about the PAM handle and always return
-// static strings.
-let strerror = unsafe { libpam_sys::pam_strerror(ptr::null(), code as c_int) };
-// SAFETY: We just got this back from PAM and we checked if it's null.
-(!strerror.is_null())
-.then(|| unsafe { CStr::from_ptr(strerror) }.to_str().ok())
-.flatten()
-}
-/// Dummy implementation of strerror so that it always returns None.
-#[cfg(not(feature = "link"))]
-pub fn strerror(_: c_int) -> Option<&'static str> {
-None
-}
-#[cfg(test)]
 mod tests {
 use super::*;
 #[test]
 fn test_enums() {
 assert_eq!(Ok(()), ErrorCode::result_from(0));
 assert_eq!(
-pam_constants::PAM_SESSION_ERR,
+ReturnCode(libpam_sys::PAM_SESSION_ERR),
-ErrorCode::result_to_c::<()>(Err(ErrorCode::SessionError))
+Result::<()>::Err(ErrorCode::SessionError).into()
 );
 assert_eq!(
-Err(ErrorCode::Abort),
+Result::<()>::Err(ErrorCode::Abort),
-ErrorCode::result_from(pam_constants::PAM_ABORT)
+ErrorCode::result_from(libpam_sys::PAM_ABORT)
 );
-assert_eq!(Err(ErrorCode::SystemError), ErrorCode::result_from(423));
+assert_eq!(Err(BAD_CONST), ErrorCode::result_from(423));
+}
+#[test]
+fn test_flags() {
+assert_eq!(
+AuthtokFlags::CHANGE_EXPIRED_AUTHTOK | AuthtokFlags::SILENT,
+AuthtokFlags::from(RawFlags(
+libpam_sys::PAM_SILENT | libpam_sys::PAM_CHANGE_EXPIRED_AUTHTOK
+))
+);
+assert_eq!(
+RawFlags(libpam_sys::PAM_DISALLOW_NULL_AUTHTOK),
+AuthnFlags::DISALLOW_NULL_AUTHTOK.into()
+);
+assert_eq!(
+RawFlags(libpam_sys::PAM_SILENT | libpam_sys::PAM_CHANGE_EXPIRED_AUTHTOK),
+(AuthtokFlags::SILENT | AuthtokFlags::CHANGE_EXPIRED_AUTHTOK).into()
+);
+}
+#[test]
+#[cfg(pam_impl = "Sun")]
+fn test_flags_sun() {
+assert_eq!(
+AuthtokFlags::NO_AUTHTOK_CHECK,
+AuthtokFlags::from(RawFlags(libpam_sys::PAM_NO_AUTHTOK_CHECK))
+);
+assert_eq!(
+RawFlags(
+libpam_sys::PAM_SILENT
+| libpam_sys::PAM_CHANGE_EXPIRED_AUTHTOK
+| libpam_sys::PAM_NO_AUTHTOK_CHECK
+),
+(AuthtokFlags::SILENT
+| AuthtokFlags::CHANGE_EXPIRED_AUTHTOK
+| AuthtokFlags::NO_AUTHTOK_CHECK)
+.into()
+);
 }
 #[test]
 fn test_flag_enums() {
-AuthtokAction::extract(-1).expect_err("too many set");
+AuthtokAction::extract((-1).into()).expect_err("too many set");
-AuthtokAction::extract(0).expect_err("too few set");
+AuthtokAction::extract(0.into()).expect_err("too few set");
 assert_eq!(
-Ok((
+Ok((AuthtokAction::Update, AuthtokFlags::SILENT,)),
-AuthtokAction::Update,
+AuthtokAction::extract(
-AuthtokFlags::from_bits_retain(0x7f000000)
+(libpam_sys::PAM_SILENT | libpam_sys::PAM_UPDATE_AUTHTOK).into()
-)),
+)
-AuthtokAction::extract(0x7f000000 | pam_constants::PAM_UPDATE_AUTHTOK)
+);
-);
+CredAction::extract(0xffff.into()).expect_err("too many set");
-CredAction::extract(0xffff).expect_err("too many set");
 assert_eq!(
 Ok((CredAction::Establish, BaseFlags::empty())),
-CredAction::extract(0)
+CredAction::extract(0.into())
 );
 assert_eq!(
-Ok((CredAction::Delete, BaseFlags::from_bits_retain(0x55000000))),
+Ok((CredAction::Delete, BaseFlags::SILENT)),
-CredAction::extract(0x55000000 | pam_constants::PAM_DELETE_CRED)
+CredAction::extract((libpam_sys::PAM_SILENT | libpam_sys::PAM_DELETE_CRED).into())
 );
 }
 }

Mercurial > crates > nonstick

comparison src/constants.rs @ 171:e27c5c667a5a