crates/nonstick: src/libpam/handle.rs comparison

comparison src/libpam/handle.rs @ 143:ebb71a412b58

Turn everything into OsString and Just Walk Out! for strings with nul. To reduce the hazard surface of the API, this replaces most uses of &str with &OsStr (and likewise with String/OsString). Also, I've decided that instead of dealing with callers putting `\0` in their parameters, I'm going to follow the example of std::env and Just Walk Out! (i.e., panic!()). This makes things a lot less annoying for both me and (hopefully) users.

author	Paul Fisher <paul@pfish.zone>
date	Sat, 05 Jul 2025 22:12:46 -0400
parents	a508a69c068a
children	56b559b7ecea

comparison

equal deleted inserted replaced

-:5c1e315c18ff
+:ebb71a412b58
 PamHandleModule,
 };
 use libpam_sys_helpers::constants;
 use num_enum::{IntoPrimitive, TryFromPrimitive};
 use std::cell::Cell;
-use std::ffi::{c_char, c_int, CString};
+use std::ffi::{c_char, c_int, CString, OsStr, OsString};
 use std::mem::ManuallyDrop;
+use std::os::unix::ffi::OsStrExt;
 use std::ptr;
 use std::ptr::NonNull;
 /// An owned PAM handle.
 pub struct OwnedLibPamHandle<C: Conversation> {
 conversation: Box<OwnedConversation<C>>,
 }
 #[derive(Debug, PartialEq)]
 pub struct HandleBuilder {
-service_name: String,
+service_name: OsString,
-username: Option<String>,
+username: Option<OsString>,
 }
 impl HandleBuilder {
 /// Updates the service name.
-pub fn service_name(mut self, service_name: String) -> Self {
+pub fn service_name(mut self, service_name: OsString) -> Self {
 self.service_name = service_name;
 self
 }
 /// Sets the username. Setting this will avoid the need for an extra
 /// round trip through the conversation and may otherwise improve
 /// the login experience.
-pub fn username(mut self, username: String) -> Self {
+pub fn username(mut self, username: OsString) -> Self {
 self.username = Some(username);
 self
 }
 /// Builds a PAM handle and starts the transaction.
 pub fn build(self, conv: impl Conversation) -> Result<OwnedLibPamHandle<impl Conversation>> {
 /// # References
 #[doc = linklist!(pam_start: adg, _std)]
 ///
 #[doc = stdlinks!(3 pam_start)]
 #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_start")]
-pub fn build_with_service(service_name: String) -> HandleBuilder {
+pub fn build_with_service(service_name: OsString) -> HandleBuilder {
 HandleBuilder {
 service_name,
 username: None,
 }
 }
-fn start(service_name: String, username: Option<String>, conversation: C) -> Result<Self> {
+fn start(service_name: OsString, username: Option<OsString>, conversation: C) -> Result<Self> {
 let conv = Box::new(OwnedConversation::new(conversation));
-let service_cstr = CString::new(service_name).map_err(|_| ErrorCode::ConversationError)?;
+let service_cstr = CString::new(service_name.as_bytes()).expect("null is forbidden");
-let username_cstr = memory::prompt_ptr(memory::option_cstr(username.as_deref())?.as_ref());
+let username_cstr = memory::option_cstr_os(username.as_deref());
+let username_cstr = memory::prompt_ptr(username_cstr.as_deref());
 let mut handle: *mut libpam_sys::pam_handle = ptr::null_mut();
 // SAFETY: We've set everything up properly to call `pam_start`.
 // The returned value will be a valid pointer provided the result is OK.
 let result = unsafe {
 self.handle.$meth($($param),*)
 }
 };
 // Then have item getters / setters
 (get = $get:ident$(, set = $set:ident)?) => {
-delegate!(fn $get(&self) -> Result<Option<String>>);
+delegate!(fn $get(&self) -> Result<Option<OsString>>);
 $(delegate!(set = $set);)?
 };
 (set = $set:ident) => {
-delegate!(fn $set(&mut self, value: Option<&str>) -> Result<()>);
+delegate!(fn $set(&mut self, value: Option<&OsStr>) -> Result<()>);
 };
 }
 fn split<T>(result: &Result<T>) -> Result<()> {
 result.as_ref().map(drop).map_err(|&e| e)
 impl<C: Conversation> PamShared for OwnedLibPamHandle<C> {
 delegate!(fn log(&self, level: Level, location: Location<'_>, entry: &str) -> ());
 delegate!(fn environ(&self) -> impl EnvironMap);
 delegate!(fn environ_mut(&mut self) -> impl EnvironMapMut);
-delegate!(fn username(&mut self, prompt: Option<&str>) -> Result<String>);
+delegate!(fn username(&mut self, prompt: Option<&OsStr>) -> Result<OsString>);
 delegate!(get = user_item, set = set_user_item);
 delegate!(get = service, set = set_service);
 delegate!(get = user_prompt, set = set_user_prompt);
 delegate!(get = tty_name, set = set_tty_name);
 delegate!(get = remote_user, set = set_remote_user);
 }
 /// Macro to implement getting/setting a CStr-based item.
 macro_rules! cstr_item {
 (get = $getter:ident, item = $item_type:path) => {
-fn $getter(&self) -> Result<Option<String>> {
+fn $getter(&self) -> Result<Option<OsString>> {
 unsafe { self.get_cstr_item($item_type) }
 }
 };
 (set = $setter:ident, item = $item_type:path) => {
-fn $setter(&mut self, value: Option<&str>) -> Result<()> {
+fn $setter(&mut self, value: Option<&OsStr>) -> Result<()> {
 unsafe { self.set_cstr_item($item_type, value) }
 }
 };
 }
 fn log(&self, level: Level, loc: Location<'_>, entry: &str) {
 let entry = match CString::new(entry).or_else(|_| CString::new(dbg!(entry))) {
 Ok(cstr) => cstr,
 _ => return,
 };
-#[cfg(pam_impl = "linux-pam")]
+#[cfg(pam_impl = "LinuxPam")]
 {
 _ = loc;
 // SAFETY: We're calling this function with a known value.
 unsafe {
 libpam_sys::pam_syslog(self, level as c_int, "%s\0".as_ptr().cast(), entry.as_ptr())
 }
 }
-#[cfg(pam_impl = "openpam")]
+#[cfg(pam_impl = "OpenPam")]
 {
 let func = CString::new(loc.function).unwrap_or(CString::default());
 // SAFETY: We're calling this function with a known value.
 unsafe {
 libpam_sys::_openpam_log(
 }
 }
 fn log(&self, _level: Level, _loc: Location<'_>, _entry: &str) {}
-fn username(&mut self, prompt: Option<&str>) -> Result<String> {
+fn username(&mut self, prompt: Option<&OsStr>) -> Result<OsString> {
-let prompt = memory::option_cstr(prompt)?;
+let prompt = memory::option_cstr_os(prompt);
 let mut output: *const c_char = ptr::null();
 let ret = unsafe {
 libpam_sys::pam_get_user(
 self.raw_mut(),
 &mut output,
-memory::prompt_ptr(prompt.as_ref()),
+memory::prompt_ptr(prompt.as_deref()),
 )
 };
 ErrorCode::result_from(ret)?;
-unsafe { memory::copy_pam_string(output) }
+Ok(unsafe { memory::copy_pam_string(output).ok_or(ErrorCode::ConversationError)? })
-.transpose()
-.unwrap_or(Err(ErrorCode::ConversationError))
 }
 fn environ(&self) -> impl EnvironMap {
 LibPamEnviron::new(self)
 }
 }
 }
 }
 impl PamHandleModule for RawPamHandle {
-fn authtok(&mut self, prompt: Option<&str>) -> Result<String> {
+fn authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString> {
 self.get_authtok(prompt, ItemType::AuthTok)
 }
-fn old_authtok(&mut self, prompt: Option<&str>) -> Result<String> {
+fn old_authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString> {
 self.get_authtok(prompt, ItemType::OldAuthTok)
 }
 cstr_item!(get = authtok_item, item = ItemType::AuthTok);
 cstr_item!(get = old_authtok_item, item = ItemType::OldAuthTok);
 }
 // Implementations of internal functions.
 impl RawPamHandle {
 #[cfg(any(pam_impl = "LinuxPam", pam_impl = "OpenPam"))]
-fn get_authtok(&mut self, prompt: Option<&str>, item_type: ItemType) -> Result<String> {
+fn get_authtok(&mut self, prompt: Option<&OsStr>, item_type: ItemType) -> Result<OsString> {
-let prompt = memory::option_cstr(prompt)?;
+let prompt = memory::option_cstr_os(prompt);
 let mut output: *const c_char = ptr::null_mut();
 // SAFETY: We're calling this with known-good values.
 let res = unsafe {
 libpam_sys::pam_get_authtok(
 self.raw_mut(),
 item_type.into(),
 &mut output,
-memory::prompt_ptr(prompt.as_ref()),
+memory::prompt_ptr(prompt.as_deref()),
 )
 };
 ErrorCode::result_from(res)?;
 // SAFETY: We got this string from PAM.
-unsafe { memory::copy_pam_string(output) }
+unsafe { memory::copy_pam_string(output) }.ok_or(ErrorCode::ConversationError)
-.transpose()
-.unwrap_or(Err(ErrorCode::ConversationError))
 }
 #[cfg(not(any(pam_impl = "LinuxPam", pam_impl = "OpenPam")))]
 fn get_authtok(&mut self, prompt: Option<&str>, item_type: ItemType) -> Result<String> {
 Err(ErrorCode::ConversationError)
 /// Gets a C string item.
 ///
 /// # Safety
 ///
 /// You better be requesting an item which is a C string.
-unsafe fn get_cstr_item(&self, item_type: ItemType) -> Result<Option<String>> {
+unsafe fn get_cstr_item(&self, item_type: ItemType) -> Result<Option<OsString>> {
 let mut output = ptr::null();
 let ret =
 unsafe { libpam_sys::pam_get_item(self.raw_ref(), item_type as c_int, &mut output) };
 ErrorCode::result_from(ret)?;
-memory::copy_pam_string(output.cast())
+Ok(memory::copy_pam_string(output.cast()))
 }
 /// Sets a C string item.
 ///
 /// # Safety
 ///
 /// You better be setting an item which is a C string.
-unsafe fn set_cstr_item(&mut self, item_type: ItemType, data: Option<&str>) -> Result<()> {
+unsafe fn set_cstr_item(&mut self, item_type: ItemType, data: Option<&OsStr>) -> Result<()> {
-let data_str = memory::option_cstr(data)?;
+let data_str = memory::option_cstr_os(data);
 let ret = unsafe {
 libpam_sys::pam_set_item(
 self.raw_mut(),
 item_type as c_int,
-memory::prompt_ptr(data_str.as_ref()).cast(),
+memory::prompt_ptr(data_str.as_deref()).cast(),
 )
 };
 ErrorCode::result_from(ret)
 }

Mercurial > crates > nonstick

comparison src/libpam/handle.rs @ 143:ebb71a412b58