crates/nonstick: src/libpam/answer.rs comparison

comparison src/libpam/answer.rs @ 143:ebb71a412b58

Turn everything into OsString and Just Walk Out! for strings with nul. To reduce the hazard surface of the API, this replaces most uses of &str with &OsStr (and likewise with String/OsString). Also, I've decided that instead of dealing with callers putting `\0` in their parameters, I'm going to follow the example of std::env and Just Walk Out! (i.e., panic!()). This makes things a lot less annoying for both me and (hopefully) users.

author	Paul Fisher <paul@pfish.zone>
date	Sat, 05 Jul 2025 22:12:46 -0400
parents	33b9622ed6d2
children	8f964b701652

comparison

equal deleted inserted replaced

-:5c1e315c18ff
+:ebb71a412b58
 use crate::libpam::conversation::OwnedExchange;
 use crate::libpam::memory;
 use crate::libpam::memory::{CHeapBox, CHeapPayload, CHeapString, Immovable};
 use crate::{ErrorCode, Result};
 use libpam_sys_helpers::memory::BinaryPayload;
-use std::ffi::{c_int, c_void, CStr};
+use std::ffi::{c_int, c_void, CStr, OsStr};
 use std::mem::ManuallyDrop;
 use std::ops::{Deref, DerefMut};
+use std::os::unix::ffi::OsStrExt;
 use std::ptr::NonNull;
 use std::{iter, ptr, slice};
 /// The corridor via which the answer to Messages navigate through PAM.
 #[derive(Debug)]
 };
 // Even if we fail during this process, we still end up freeing
 // all allocated answer memory.
 for (input, output) in iter::zip(value, outputs.iter_mut()) {
 match input {
-OwnedExchange::MaskedPrompt(p) => TextAnswer::fill(output, p.answer()?.as_ref())?,
+OwnedExchange::MaskedPrompt(p) => TextAnswer::fill(output, &p.answer()?)?,
-OwnedExchange::Prompt(p) => TextAnswer::fill(output, &(p.answer()?))?,
+OwnedExchange::Prompt(p) => TextAnswer::fill(output, &p.answer()?)?,
-OwnedExchange::Error(p) => TextAnswer::fill(output, p.answer().map(|_| "")?)?,
+OwnedExchange::Error(p) => {
-OwnedExchange::Info(p) => TextAnswer::fill(output, p.answer().map(|_| "")?)?,
+TextAnswer::fill(output, p.answer().map(|_| "".as_ref())?)?
+}
+OwnedExchange::Info(p) => {
+TextAnswer::fill(output, p.answer().map(|_| "".as_ref())?)?
+}
 // If we're here, that means that we *got* a Linux-PAM
 // question from PAM, so we're OK to answer it.
 OwnedExchange::RadioPrompt(p) => TextAnswer::fill(output, &(p.answer()?))?,
 OwnedExchange::BinaryPrompt(p) => {
 BinaryAnswer::fill(output, (&p.answer()?).into())?
 }
 }
 /// Generic version of answer data.
 ///
-/// This has the same structure as [`BinaryAnswer`](crate::libpam::answer::BinaryAnswer)
+/// This has the same structure as [`BinaryAnswer`] and [`TextAnswer`].
-/// and [`TextAnswer`](crate::libpam::answer::TextAnswer).
 #[repr(C)]
 #[derive(Debug, Default)]
 pub struct Answer {
 /// Owned pointer to the data returned in an answer.
 /// For most answers, this will be a
-/// [`CHeapString`](crate::libpam::memory::CHeapString),
+/// [`CHeapString`](CHeapString), but for
-/// but for [`BinaryQAndA`](crate::conv::BinaryQAndA)s
+/// [`BinaryQAndA`](crate::conv::BinaryQAndA)s (a Linux-PAM extension),
-/// (a Linux-PAM extension), this will be a [`CHeapBox`] of
+/// this will be a [`CHeapBox`] of
 /// [`CBinaryData`](crate::libpam::memory::CBinaryData).
 pub data: Option<CHeapBox<c_void>>,
 /// Unused. Just here for the padding.
 return_code: c_int,
 _marker: Immovable,
 // SAFETY: We're provided a valid reference.
 &mut *(from as *mut Answer).cast::<Self>()
 }
 /// Converts the `Answer` to a `TextAnswer` with the given text.
-fn fill(dest: &mut Answer, text: &str) -> Result<()> {
+fn fill(dest: &mut Answer, text: &OsStr) -> Result<()> {
-let allocated = CHeapString::new(text)?;
+let allocated = CHeapString::new(text.as_bytes());
 let _ = dest
 .data
 .replace(unsafe { CHeapBox::cast(allocated.into_box()) });
 Ok(())
 }
 use super::*;
 use crate::conv::{ErrorMsg, InfoMsg, MaskedQAndA, QAndA};
 macro_rules! answered {
 ($typ:ty, $msg:path, $data:expr) => {{
-let qa = <$typ>::new("");
+let qa = <$typ>::new("".as_ref());
 qa.set_answer(Ok($data));
 $msg(qa)
 }};
 }
 assert_eq!(want, up.contents().unwrap());
 up.zero_contents();
 assert_eq!("", up.contents().unwrap());
 }
-fn round_trip(msgs: Vec<OwnedExchange>) -> Answers {
+fn round_trip(exchanges: Vec<OwnedExchange>) -> Answers {
-let n = msgs.len();
+let n = exchanges.len();
-let sent = Answers::build(msgs).unwrap();
+let sent = Answers::build(exchanges).unwrap();
 unsafe { Answers::from_c_heap(NonNull::new_unchecked(sent.into_ptr()), n) }
 }
 #[test]
 fn test_round_trip() {
 let mut answers = round_trip(vec![
-answered!(QAndA, OwnedExchange::Prompt, "whats going on".to_owned()),
+answered!(QAndA, OwnedExchange::Prompt, "whats going on".into()),
 answered!(MaskedQAndA, OwnedExchange::MaskedPrompt, "well then".into()),
 answered!(ErrorMsg, OwnedExchange::Error, ()),
 answered!(InfoMsg, OwnedExchange::Info, ()),
 ]);
 qa.set_answer(Ok(BinaryData::new(vec![1, 2, 3], 99)));
 OwnedExchange::BinaryPrompt(qa)
 };
 let mut answers = round_trip(vec![
 binary_msg,
-answered!(
+answered!(RadioQAndA, OwnedExchange::RadioPrompt, "beep boop".into()),
-RadioQAndA,
-OwnedExchange::RadioPrompt,
-"beep boop".to_owned()
-),
 ]);
 if let [bin, radio] = &mut answers[..] {
 let up = unsafe { BinaryAnswer::upcast(bin) };
 assert_eq!((&[1, 2, 3][..], 99), up.contents().unwrap());
 }
 #[test]
 fn test_text_answer() {
 let mut answer: CHeapBox<Answer> = CHeapBox::default();
-TextAnswer::fill(&mut answer, "hello").unwrap();
+TextAnswer::fill(&mut answer, "hello".as_ref()).unwrap();
 let zeroth_text = unsafe { TextAnswer::upcast(&mut answer) };
 let data = zeroth_text.contents().expect("valid");
 assert_eq!("hello", data);
 zeroth_text.zero_contents();
 zeroth_text.zero_contents();
-TextAnswer::fill(&mut answer, "hell\0").expect_err("should error; contains nul");
+}
+#[test]
+#[should_panic]
+fn test_text_answer_nul() {
+TextAnswer::fill(&mut CHeapBox::default(), "hell\0".as_ref())
+.expect_err("should error; contains nul");
 }
 #[test]
 fn test_binary_answer() {
 use crate::conv::BinaryData;

Mercurial > crates > nonstick

comparison src/libpam/answer.rs @ 143:ebb71a412b58