crates/nonstick: src/libpam/question.rs comparison

comparison src/libpam/question.rs @ 143:ebb71a412b58

Turn everything into OsString and Just Walk Out! for strings with nul. To reduce the hazard surface of the API, this replaces most uses of &str with &OsStr (and likewise with String/OsString). Also, I've decided that instead of dealing with callers putting `\0` in their parameters, I'm going to follow the example of std::env and Just Walk Out! (i.e., panic!()). This makes things a lot less annoying for both me and (hopefully) users.

author	Paul Fisher <paul@pfish.zone>
date	Sat, 05 Jul 2025 22:12:46 -0400
parents	a508a69c068a
children	4b3a5095f68c

comparison

equal deleted inserted replaced

-:5c1e315c18ff
+:ebb71a412b58
 use crate::conv::{ErrorMsg, Exchange, InfoMsg, MaskedQAndA, QAndA};
 use crate::libpam::conversation::OwnedExchange;
 use crate::libpam::memory;
 use crate::ErrorCode;
 use crate::Result;
-use libpam_sys_helpers::memory as pammem;
+use libpam_sys_helpers::memory as pam_mem;
 use num_enum::{IntoPrimitive, TryFromPrimitive};
-use std::ffi::{c_int, c_void, CStr};
+use std::ffi::{c_int, c_void, CStr, OsStr};
+use std::os::unix::ffi::OsStrExt;
 use std::ptr::NonNull;
 mod style_const {
 pub use libpam_sys::*;
 #[cfg(not(feature = "link"))]
 /// Gets this message's data pointer as a string.
 ///
 /// # Safety
 ///
 /// It's up to you to pass this only on types with a string value.
-unsafe fn string_data(&self) -> Result<&str> {
+unsafe fn string_data(&self) -> &OsStr {
 match self.data.as_ref() {
-None => Ok(""),
+None => "".as_ref(),
-Some(data) => CStr::from_ptr(data.as_ptr().cast())
+Some(data) => OsStr::from_bytes(CStr::from_ptr(data.as_ptr().cast()).to_bytes()),
-.to_str()
-.map_err(|_| ErrorCode::ConversationError),
 }
 }
 /// Gets this message's data pointer as borrowed binary data.
 unsafe fn binary_data(&self) -> (&[u8], u8) {
 self.data
 .as_ref()
-.map(|data| pammem::BinaryPayload::contents(data.as_ptr().cast()))
+.map(|data| pam_mem::BinaryPayload::contents(data.as_ptr().cast()))
 .unwrap_or_default()
 }
 }
 impl TryFrom<&Exchange<'_>> for Question {
 type Error = ErrorCode;
 fn try_from(msg: &Exchange) -> Result<Self> {
-let alloc = |style, text| -> Result<_> {
+let alloc = |style, text: &OsStr| -> Result<_> {
 Ok((style, unsafe {
-memory::CHeapBox::cast(memory::CHeapString::new(text)?.into_box())
+memory::CHeapBox::cast(memory::CHeapString::new(text.as_bytes()).into_box())
 }))
 };
 // We will only allocate heap data if we have a valid input.
 let (style, data): (_, memory::CHeapBox<c_void>) = match *msg {
 Exchange::MaskedPrompt(p) => alloc(Style::PromptEchoOff, p.question()),
 let _ = match style {
 #[cfg(feature = "linux-pam-ext")]
 Style::BinaryPrompt => self
 .data
 .as_mut()
-.map(|p| pammem::BinaryPayload::zero(p.as_ptr().cast())),
+.map(|p| pam_mem::BinaryPayload::zero(p.as_ptr().cast())),
 #[cfg(feature = "linux-pam-ext")]
 Style::RadioType => self
 .data
 .as_mut()
 .map(|p| memory::CHeapString::zero(p.cast())),
 // SAFETY: In all cases below, we're creating questions based on
 // known types that we get from PAM and the inner types it should have.
 let prompt = unsafe {
 match style {
 Style::PromptEchoOff => {
-Self::MaskedPrompt(MaskedQAndA::new(question.string_data()?))
+Self::MaskedPrompt(MaskedQAndA::new(question.string_data()))
 }
-Style::PromptEchoOn => Self::Prompt(QAndA::new(question.string_data()?)),
+Style::PromptEchoOn => Self::Prompt(QAndA::new(question.string_data())),
-Style::ErrorMsg => Self::Error(ErrorMsg::new(question.string_data()?)),
+Style::ErrorMsg => Self::Error(ErrorMsg::new(question.string_data())),
-Style::TextInfo => Self::Info(InfoMsg::new(question.string_data()?)),
+Style::TextInfo => Self::Info(InfoMsg::new(question.string_data())),
 #[cfg(feature = "linux-pam-ext")]
 Style::RadioType => {
-Self::RadioPrompt(crate::conv::RadioQAndA::new(question.string_data()?))
+Self::RadioPrompt(crate::conv::RadioQAndA::new(question.string_data()))
 }
 #[cfg(feature = "linux-pam-ext")]
 Style::BinaryPrompt => {
 Self::BinaryPrompt(crate::conv::BinaryQAndA::new(question.binary_data()))
 }
 Ok(prompt)
 }
 }
 #[cfg(feature = "linux-pam-ext")]
-impl From<pammem::TooBigError> for ErrorCode {
+impl From<pam_mem::TooBigError> for ErrorCode {
-fn from(_: pammem::TooBigError) -> Self {
+fn from(_: pam_mem::TooBigError) -> Self {
 ErrorCode::BufferError
 }
 }
 #[cfg(test)]
 #[test]
 fn standard() {
 assert_matches!(
 (Exchange::MaskedPrompt, "hocus pocus"),
-MaskedQAndA::new("hocus pocus")
+MaskedQAndA::new("hocus pocus".as_ref())
 );
-assert_matches!((Exchange::Prompt, "what"), QAndA::new("what"));
+assert_matches!((Exchange::Prompt, "what"), QAndA::new("what".as_ref()));
-assert_matches!((Exchange::Prompt, "who"), QAndA::new("who"));
+assert_matches!((Exchange::Prompt, "who"), QAndA::new("who".as_ref()));
-assert_matches!((Exchange::Info, "hey"), InfoMsg::new("hey"));
+assert_matches!((Exchange::Info, "hey"), InfoMsg::new("hey".as_ref()));
-assert_matches!((Exchange::Error, "gasp"), ErrorMsg::new("gasp"));
+assert_matches!((Exchange::Error, "gasp"), ErrorMsg::new("gasp".as_ref()));
 }
 #[test]
 #[cfg(feature = "linux-pam-ext")]
 fn linux_extensions() {
 (Exchange::BinaryPrompt, (&[5, 4, 3, 2, 1][..], 66)),
 BinaryQAndA::new((&[5, 4, 3, 2, 1], 66))
 );
 assert_matches!(
 (Exchange::RadioPrompt, "you must choose"),
-RadioQAndA::new("you must choose")
+RadioQAndA::new("you must choose".as_ref())
 );
 }
 }

Mercurial > crates > nonstick

comparison src/libpam/question.rs @ 143:ebb71a412b58