Mercurial > crates > nonstick

comparison src/module.rs @ 171:e27c5c667a5a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Create full new types for return code and flags, separate end to end. This plumbs the ReturnCode and RawFlags types through the places where we call into or are called from PAM. Also adds Sun documentation to the project.
author Paul Fisher <paul@pfish.zone>
date Fri, 25 Jul 2025 20:52:14 -0400
parents 2f5913131295
children 46e8ce5cd5d1
comparison
equal deleted inserted replaced
170:f052e2417195 171:e27c5c667a5a
98 /// If an authentication module knows more about the user than just 98 /// If an authentication module knows more about the user than just
99 /// their authentication token, then it uses this function to provide 99 /// their authentication token, then it uses this function to provide
100 /// that information to the application. It should only be called after 100 /// that information to the application. It should only be called after
101 /// authentication but before a session is established. 101 /// authentication but before a session is established.
102 /// 102 ///
103 /// The module should perform the specified `action`.
104 ///
103 /// See [the Module Writer's Guide entry for `pam_sm_setcred`][mwg] 105 /// See [the Module Writer's Guide entry for `pam_sm_setcred`][mwg]
104 /// for more information. 106 /// for more information.
105 ///
106 /// # Valid flags
107 ///
108 /// This function may be called with the following flags set:
109 ///
110 /// - [`Flags::SILENT`]
111 /// - [`Flags::ESTABLISH_CREDENTIALS`]: Initialize credentials for the user.
112 /// - [`Flags::DELETE_CREDENTIALS`]: Delete the credentials associated with this module.
113 /// - [`Flags::REINITIALIZE_CREDENTIALS`]: Re-initialize credentials for this user.
114 /// - [`Flags::REFRESH_CREDENTIALS`]: Extend the lifetime of the user's credentials.
115 /// 107 ///
116 /// # Returns 108 /// # Returns
117 /// 109 ///
118 /// If credentials were set successfully, return `Ok(())`. 110 /// If credentials were set successfully, return `Ok(())`.
119 /// 111 ///
137 // Function for chauthtok modules. 129 // Function for chauthtok modules.
138 130
139 /// Called to set or reset the user's authentication token. 131 /// Called to set or reset the user's authentication token.
140 /// 132 ///
141 /// PAM calls this function twice in succession. 133 /// PAM calls this function twice in succession.
142 /// 1. The first time, [`Flags::PRELIMINARY_CHECK`] will be set. 134 /// 1. The first time, the `action` will be
135 /// [`AuthtokAction::Validate`].
143 /// If the new token is acceptable, return success; 136 /// If the new token is acceptable, return success;
144 /// if not, return [`ErrorCode::TryAgain`] to re-prompt the user. 137 /// if not, return [`ErrorCode::TryAgain`] to re-prompt the user.
145 /// 2. After the preliminary check succeeds, [`Flags::UPDATE_AUTHTOK`] 138 /// 2. After the preliminary check succeeds, you will be called again
146 /// will be set. On this call, actually update the stored auth token. 139 /// with the same password and [`AuthtokAction::Update`].
140 /// When this happens, actually change the authentication token.
141 ///
142 /// The new authentication token will be available in
143 /// [`authtok`](ModuleClient::authtok),
144 /// and the previous authentication token will be available in
145 /// [`old_authtok`](ModuleClient::old_authtok).
147 /// 146 ///
148 /// See [the Module Writer's Guide entry for `pam_sm_chauthtok`][mwg] 147 /// See [the Module Writer's Guide entry for `pam_sm_chauthtok`][mwg]
149 /// for more information. 148 /// for more information.
150 /// 149 ///
151 /// # Returns 150 /// # Returns