Mercurial > crates > nonstick

comparison src/constants.rs @ 136:efbc235f01d3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Separate libpam-sys-helpers from libpam-sys. This separates the parts of libpam-sys that don't need linking against libpam from the parts that do need to link against libpam.
author Paul Fisher <paul@pfish.zone>
date Thu, 03 Jul 2025 14:28:04 -0400
parents a632a8874131
children
comparison
equal deleted inserted replaced
135:b52594841480 136:efbc235f01d3
16 /// Values for constants not provided by certain PAM implementations. 16 /// Values for constants not provided by certain PAM implementations.
17 /// 17 ///
18 /// **The values of these constants are deliberately selected _not_ to match 18 /// **The values of these constants are deliberately selected _not_ to match
19 /// any PAM implementations. Applications should always use the symbolic value 19 /// any PAM implementations. Applications should always use the symbolic value
20 /// and not a magic number.** 20 /// and not a magic number.**
21 mod pam_ffi { 21 mod pam_constants {
22 pub use libpam_sys::*; 22 pub use libpam_sys_helpers::constants::*;
23 23
24 macro_rules! define { 24 macro_rules! define {
25 ($(#[$attr:meta])* $($name:ident = $value:expr;)+) => { 25 ($(#[$attr:meta])* $($name:ident = $value:expr;)+) => {
26 define!( 26 define!(
27 @meta { $(#[$attr])* } 27 @meta { $(#[$attr])* }
32 (@expand $({ $(#[$m:meta])* } $i:item)+) => {$($(#[$m])* $i)+}; 32 (@expand $({ $(#[$m:meta])* } $i:item)+) => {$($(#[$m])* $i)+};
33 } 33 }
34 34
35 define!( 35 define!(
36 /// A fictitious constant for testing purposes. 36 /// A fictitious constant for testing purposes.
37 #[cfg(not(feature = "link"))] 37 #[cfg(not(pam_impl = "OpenPam"))]
38 #[cfg_pam_impl(not("OpenPam"))]
39 PAM_BAD_CONSTANT = 513; 38 PAM_BAD_CONSTANT = 513;
40 PAM_BAD_FEATURE = 514; 39 PAM_BAD_FEATURE = 514;
41 ); 40 );
42 41
43 define!( 42 define!(
44 /// A fictitious constant for testing purposes. 43 /// A fictitious constant for testing purposes.
45 #[cfg(not(feature = "link"))] 44 #[cfg(not(any(pam_impl = "LinuxPam", pam_impl = "OpenPam")))]
46 #[cfg_pam_impl(not(any("LinuxPam", "OpenPam")))]
47 PAM_BAD_ITEM = 515; 45 PAM_BAD_ITEM = 515;
48 PAM_MODULE_UNKNOWN = 516; 46 PAM_MODULE_UNKNOWN = 516;
49 ); 47 );
50 48
51 define!( 49 define!(
52 /// A fictitious constant for testing purposes. 50 /// A fictitious constant for testing purposes.
53 #[cfg(not(feature = "link"))] 51 #[cfg(not(pam_impl = "LinuxPam"))]
54 #[cfg_pam_impl(not("LinuxPam"))]
55 PAM_CONV_AGAIN = 517; 52 PAM_CONV_AGAIN = 517;
56 PAM_INCOMPLETE = 518; 53 PAM_INCOMPLETE = 518;
57 ); 54 );
58 } 55 }
59 56
64 /// See `/usr/include/security/pam_modules.h` for more details. 61 /// See `/usr/include/security/pam_modules.h` for more details.
65 #[derive(Debug, Default, PartialEq)] 62 #[derive(Debug, Default, PartialEq)]
66 #[repr(transparent)] 63 #[repr(transparent)]
67 pub struct Flags: c_int { 64 pub struct Flags: c_int {
68 /// The module should not generate any messages. 65 /// The module should not generate any messages.
69 const SILENT = libpam_sys::PAM_SILENT; 66 const SILENT = pam_constants::PAM_SILENT;
70 67
71 /// The module should return [ErrorCode::AuthError] 68 /// The module should return [ErrorCode::AuthError]
72 /// if the user has an empty authentication token 69 /// if the user has an empty authentication token
73 /// rather than immediately accepting them. 70 /// rather than immediately accepting them.
74 const DISALLOW_NULL_AUTHTOK = libpam_sys::PAM_DISALLOW_NULL_AUTHTOK; 71 const DISALLOW_NULL_AUTHTOK = pam_constants::PAM_DISALLOW_NULL_AUTHTOK;
75 72
76 // Flag used for `set_credentials`. 73 // Flag used for `set_credentials`.
77 74
78 /// Set user credentials for an authentication service. 75 /// Set user credentials for an authentication service.
79 const ESTABLISH_CREDENTIALS = libpam_sys::PAM_ESTABLISH_CRED; 76 const ESTABLISH_CREDENTIALS = pam_constants::PAM_ESTABLISH_CRED;
80 /// Delete user credentials associated with 77 /// Delete user credentials associated with
81 /// an authentication service. 78 /// an authentication service.
82 const DELETE_CREDENTIALS = libpam_sys::PAM_DELETE_CRED; 79 const DELETE_CREDENTIALS = pam_constants::PAM_DELETE_CRED;
83 /// Reinitialize user credentials. 80 /// Reinitialize user credentials.
84 const REINITIALIZE_CREDENTIALS = libpam_sys::PAM_REINITIALIZE_CRED; 81 const REINITIALIZE_CREDENTIALS = pam_constants::PAM_REINITIALIZE_CRED;
85 /// Extend the lifetime of user credentials. 82 /// Extend the lifetime of user credentials.
86 const REFRESH_CREDENTIALS = libpam_sys::PAM_REFRESH_CRED; 83 const REFRESH_CREDENTIALS = pam_constants::PAM_REFRESH_CRED;
87 84
88 // Flags used for password changing. 85 // Flags used for password changing.
89 86
90 /// The password service should only update those passwords 87 /// The password service should only update those passwords
91 /// that have aged. If this flag is _not_ passed, 88 /// that have aged. If this flag is _not_ passed,
92 /// the password service should update all passwords. 89 /// the password service should update all passwords.
93 /// 90 ///
94 /// This flag is only used by `change_authtok`. 91 /// This flag is only used by `change_authtok`.
95 const CHANGE_EXPIRED_AUTHTOK = libpam_sys::PAM_CHANGE_EXPIRED_AUTHTOK; 92 const CHANGE_EXPIRED_AUTHTOK = pam_constants::PAM_CHANGE_EXPIRED_AUTHTOK;
96 /// This is a preliminary check for password changing. 93 /// This is a preliminary check for password changing.
97 /// The password should not be changed. 94 /// The password should not be changed.
98 /// 95 ///
99 /// This is only used between PAM and a module. 96 /// This is only used between PAM and a module.
100 /// Applications may not use this flag. 97 /// Applications may not use this flag.
101 /// 98 ///
102 /// This flag is only used by `change_authtok`. 99 /// This flag is only used by `change_authtok`.
103 const PRELIMINARY_CHECK = libpam_sys::PAM_PRELIM_CHECK; 100 const PRELIMINARY_CHECK = pam_constants::PAM_PRELIM_CHECK;
104 /// The password should actuallyPR be updated. 101 /// The password should actuallyPR be updated.
105 /// This and [Self::PRELIMINARY_CHECK] are mutually exclusive. 102 /// This and [Self::PRELIMINARY_CHECK] are mutually exclusive.
106 /// 103 ///
107 /// This is only used between PAM and a module. 104 /// This is only used between PAM and a module.
108 /// Applications may not use this flag. 105 /// Applications may not use this flag.
109 /// 106 ///
110 /// This flag is only used by `change_authtok`. 107 /// This flag is only used by `change_authtok`.
111 const UPDATE_AUTHTOK = libpam_sys::PAM_UPDATE_AUTHTOK; 108 const UPDATE_AUTHTOK = pam_constants::PAM_UPDATE_AUTHTOK;
112 } 109 }
113 } 110 }
114 111
115 /// The PAM error return codes. 112 /// The PAM error return codes.
116 /// 113 ///
129 #[allow(non_camel_case_types, dead_code)] 126 #[allow(non_camel_case_types, dead_code)]
130 #[derive(Copy, Clone, Debug, PartialEq, TryFromPrimitive, IntoPrimitive)] 127 #[derive(Copy, Clone, Debug, PartialEq, TryFromPrimitive, IntoPrimitive)]
131 #[non_exhaustive] // C might give us anything! 128 #[non_exhaustive] // C might give us anything!
132 #[repr(i32)] 129 #[repr(i32)]
133 pub enum ErrorCode { 130 pub enum ErrorCode {
134 OpenError = pam_ffi::PAM_OPEN_ERR, 131 OpenError = pam_constants::PAM_OPEN_ERR,
135 SymbolError = pam_ffi::PAM_SYMBOL_ERR, 132 SymbolError = pam_constants::PAM_SYMBOL_ERR,
136 ServiceError = pam_ffi::PAM_SERVICE_ERR, 133 ServiceError = pam_constants::PAM_SERVICE_ERR,
137 SystemError = pam_ffi::PAM_SYSTEM_ERR, 134 SystemError = pam_constants::PAM_SYSTEM_ERR,
138 BufferError = pam_ffi::PAM_BUF_ERR, 135 BufferError = pam_constants::PAM_BUF_ERR,
139 PermissionDenied = pam_ffi::PAM_PERM_DENIED, 136 PermissionDenied = pam_constants::PAM_PERM_DENIED,
140 AuthenticationError = pam_ffi::PAM_AUTH_ERR, 137 AuthenticationError = pam_constants::PAM_AUTH_ERR,
141 CredentialsInsufficient = pam_ffi::PAM_CRED_INSUFFICIENT, 138 CredentialsInsufficient = pam_constants::PAM_CRED_INSUFFICIENT,
142 AuthInfoUnavailable = pam_ffi::PAM_AUTHINFO_UNAVAIL, 139 AuthInfoUnavailable = pam_constants::PAM_AUTHINFO_UNAVAIL,
143 UserUnknown = pam_ffi::PAM_USER_UNKNOWN, 140 UserUnknown = pam_constants::PAM_USER_UNKNOWN,
144 MaxTries = pam_ffi::PAM_MAXTRIES, 141 MaxTries = pam_constants::PAM_MAXTRIES,
145 NewAuthTokRequired = pam_ffi::PAM_NEW_AUTHTOK_REQD, 142 NewAuthTokRequired = pam_constants::PAM_NEW_AUTHTOK_REQD,
146 AccountExpired = pam_ffi::PAM_ACCT_EXPIRED, 143 AccountExpired = pam_constants::PAM_ACCT_EXPIRED,
147 SessionError = pam_ffi::PAM_SESSION_ERR, 144 SessionError = pam_constants::PAM_SESSION_ERR,
148 CredentialsUnavailable = pam_ffi::PAM_CRED_UNAVAIL, 145 CredentialsUnavailable = pam_constants::PAM_CRED_UNAVAIL,
149 CredentialsExpired = pam_ffi::PAM_CRED_EXPIRED, 146 CredentialsExpired = pam_constants::PAM_CRED_EXPIRED,
150 CredentialsError = pam_ffi::PAM_CRED_ERR, 147 CredentialsError = pam_constants::PAM_CRED_ERR,
151 NoModuleData = pam_ffi::PAM_NO_MODULE_DATA, 148 NoModuleData = pam_constants::PAM_NO_MODULE_DATA,
152 ConversationError = pam_ffi::PAM_CONV_ERR, 149 ConversationError = pam_constants::PAM_CONV_ERR,
153 AuthTokError = pam_ffi::PAM_AUTHTOK_ERR, 150 AuthTokError = pam_constants::PAM_AUTHTOK_ERR,
154 AuthTokRecoveryError = pam_ffi::PAM_AUTHTOK_RECOVERY_ERR, 151 AuthTokRecoveryError = pam_constants::PAM_AUTHTOK_RECOVERY_ERR,
155 AuthTokLockBusy = pam_ffi::PAM_AUTHTOK_LOCK_BUSY, 152 AuthTokLockBusy = pam_constants::PAM_AUTHTOK_LOCK_BUSY,
156 AuthTokDisableAging = pam_ffi::PAM_AUTHTOK_DISABLE_AGING, 153 AuthTokDisableAging = pam_constants::PAM_AUTHTOK_DISABLE_AGING,
157 TryAgain = pam_ffi::PAM_TRY_AGAIN, 154 TryAgain = pam_constants::PAM_TRY_AGAIN,
158 Ignore = pam_ffi::PAM_IGNORE, 155 Ignore = pam_constants::PAM_IGNORE,
159 Abort = pam_ffi::PAM_ABORT, 156 Abort = pam_constants::PAM_ABORT,
160 AuthTokExpired = pam_ffi::PAM_AUTHTOK_EXPIRED, 157 AuthTokExpired = pam_constants::PAM_AUTHTOK_EXPIRED,
161 #[cfg(feature = "basic-ext")] 158 #[cfg(feature = "basic-ext")]
162 ModuleUnknown = pam_ffi::PAM_MODULE_UNKNOWN, 159 ModuleUnknown = pam_constants::PAM_MODULE_UNKNOWN,
163 #[cfg(feature = "basic-ext")] 160 #[cfg(feature = "basic-ext")]
164 BadItem = pam_ffi::PAM_BAD_ITEM, 161 BadItem = pam_constants::PAM_BAD_ITEM,
165 #[cfg(feature = "linux-pam-ext")] 162 #[cfg(feature = "linux-pam-ext")]
166 ConversationAgain = pam_ffi::PAM_CONV_AGAIN, 163 ConversationAgain = pam_constants::PAM_CONV_AGAIN,
167 #[cfg(feature = "linux-pam-ext")] 164 #[cfg(feature = "linux-pam-ext")]
168 Incomplete = pam_ffi::PAM_INCOMPLETE, 165 Incomplete = pam_constants::PAM_INCOMPLETE,
169 } 166 }
170 167
171 /// A PAM-specific Result type with an [ErrorCode] error. 168 /// A PAM-specific Result type with an [ErrorCode] error.
172 pub type Result<T> = StdResult<T, ErrorCode>; 169 pub type Result<T> = StdResult<T, ErrorCode>;
173 170
233 230
234 #[test] 231 #[test]
235 fn test_enums() { 232 fn test_enums() {
236 assert_eq!(Ok(()), ErrorCode::result_from(0)); 233 assert_eq!(Ok(()), ErrorCode::result_from(0));
237 assert_eq!( 234 assert_eq!(
238 pam_ffi::PAM_SESSION_ERR as i32, 235 pam_constants::PAM_SESSION_ERR as i32,
239 ErrorCode::result_to_c::<()>(Err(ErrorCode::SessionError)) 236 ErrorCode::result_to_c::<()>(Err(ErrorCode::SessionError))
240 ); 237 );
241 assert_eq!( 238 assert_eq!(
242 Err(ErrorCode::Abort), 239 Err(ErrorCode::Abort),
243 ErrorCode::result_from(pam_ffi::PAM_ABORT as i32) 240 ErrorCode::result_from(pam_constants::PAM_ABORT as i32)
244 ); 241 );
245 assert_eq!(Err(ErrorCode::SystemError), ErrorCode::result_from(423)); 242 assert_eq!(Err(ErrorCode::SystemError), ErrorCode::result_from(423));
246 } 243 }
247 } 244 }