Mercurial > crates > nonstick

diff src/module.rs @ 166:2f5913131295

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Separate flag/action flags into flags and action. This also individualizes the type of flag for each PAM function, so that you can only call a function with the right flags and values.
author Paul Fisher <paul@pfish.zone>
date Tue, 15 Jul 2025 00:32:24 -0400
parents 1bc52025156b
children e27c5c667a5a
line wrap: on
line diff
--- a/src/module.rs	Mon Jul 14 18:56:55 2025 -0400
+++ b/src/module.rs	Tue Jul 15 00:32:24 2025 -0400
@@ -3,7 +3,9 @@
 // Temporarily allowed until we get the actual conversation functions hooked up.
 #![allow(dead_code)]
 
-use crate::constants::{ErrorCode, Flags, Result};
+use crate::constants::{
+    AuthnFlags, AuthtokAction, AuthtokFlags, BaseFlags, CredAction, ErrorCode, Result,
+};
 use crate::handle::ModuleClient;
 use std::ffi::CStr;
 
@@ -35,13 +37,6 @@
     /// See [the Module Writer's Guide entry for `pam_sm_authenticate`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// This function may be called with the following flags set:
-    ///
-    /// - [`Flags::SILENT`]
-    /// - [`Flags::DISALLOW_NULL_AUTHTOK`]
-    ///
     /// # Returns
     ///
     /// If the password check was successful, return `Ok(())`.
@@ -59,7 +54,7 @@
     ///   They should not try again.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-auth.html#mwg-pam_sm_authenticate
-    fn authenticate(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn authenticate(handle: &mut T, args: Vec<&CStr>, flags: AuthnFlags) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 
@@ -79,13 +74,6 @@
     /// See [the Module Writer's Guide entry for `pam_sm_acct_mgmt`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// This function may be called with the following flags set:
-    ///
-    /// - [`Flags::SILENT`]
-    /// - [`Flags::DISALLOW_NULL_AUTHTOK`]
-    ///
     /// # Returns
     ///
     /// If the user should be allowed to log in, return `Ok(())`.
@@ -101,7 +89,7 @@
     /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-acct.html#mwg-pam_sm_acct_mgmt
-    fn account_management(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn account_management(handle: &mut T, args: Vec<&CStr>, flags: AuthnFlags) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 
@@ -137,7 +125,12 @@
     /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-auth.html#mwg-pam_sm_setcred
-    fn set_credentials(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn set_credentials(
+        handle: &mut T,
+        args: Vec<&CStr>,
+        action: CredAction,
+        flags: BaseFlags,
+    ) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 
@@ -155,18 +148,6 @@
     /// See [the Module Writer's Guide entry for `pam_sm_chauthtok`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// This function may be called with the following flags set:
-    ///
-    /// - [`Flags::SILENT`]
-    /// - [`Flags::CHANGE_EXPIRED_AUTHTOK`]: This module should only change
-    ///   any expired passwords, and leave non-expired passwords alone.
-    ///   If present, it _must_ be combined with one of the following.
-    /// - [`Flags::PRELIMINARY_CHECK`]: Don't actually change the password,
-    ///   just check if the new one is valid.
-    /// - [`Flags::UPDATE_AUTHTOK`]: Do actually change the password.
-    ///
     /// # Returns
     ///
     /// If the authentication token was changed successfully
@@ -185,7 +166,12 @@
     /// - [`ErrorCode::UserUnknown`]: The supplied username is not known by this service.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-chauthtok.html#mwg-pam_sm_chauthtok
-    fn change_authtok(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn change_authtok(
+        handle: &mut T,
+        args: Vec<&CStr>,
+        action: AuthtokAction,
+        flags: AuthtokFlags,
+    ) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 
@@ -196,10 +182,6 @@
     /// See [the Module Writer's Guide entry for `pam_sm_open_session`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// The only valid flag is [`Flags::SILENT`].
-    ///
     /// # Returns
     ///
     /// If the session was opened successfully, return `Ok(())`.
@@ -209,7 +191,7 @@
     /// - [`ErrorCode::SessionError`]: Cannot make an entry for this session.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-session.html#mwg-pam_sm_open_session
-    fn open_session(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn open_session(handle: &mut T, args: Vec<&CStr>, flags: BaseFlags) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 
@@ -218,10 +200,6 @@
     /// See [the Module Writer's Guide entry for `pam_sm_close_session`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// The only valid flag is [`Flags::SILENT`].
-    ///
     /// # Returns
     ///
     /// If the session was closed successfully, return `Ok(())`.
@@ -231,7 +209,7 @@
     /// - [`ErrorCode::SessionError`]: Cannot remove an entry for this session.
     ///
     /// [mwg]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/mwg-expected-of-module-session.html#mwg-pam_sm_close_session
-    fn close_session(handle: &mut T, args: Vec<&CStr>, flags: Flags) -> Result<()> {
+    fn close_session(handle: &mut T, args: Vec<&CStr>, flags: BaseFlags) -> Result<()> {
         Err(ErrorCode::Ignore)
     }
 }