Mercurial > crates > nonstick

diff pam/src/module.rs @ 22:4263c1d83d5b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Refactor PamHooks into modules mod
author Anthony Nowell <anthony@algorithmia.com>
date Tue, 26 Sep 2017 02:30:03 -0600
parents d654aa0655e5
children ec70822cbdef
line wrap: on
line diff
--- a/pam/src/module.rs	Tue Sep 26 02:15:28 2017 -0600
+++ b/pam/src/module.rs	Tue Sep 26 02:30:03 2017 -0600
@@ -4,7 +4,7 @@
 use std::{mem, ptr};
 use std::ffi::{CStr, CString};
 
-use constants::{PamResultCode, PamItemType};
+use constants::{PamResultCode, PamItemType, PamFlag};
 
 /// Opaque type, used as a pointer when making pam API calls.
 ///
@@ -181,4 +181,55 @@
             Err(res)
         }
     }
+}
+
+/// Provides functions that are invoked by the entrypoints generated by the
+/// [`pam_hooks!` macro](../macro.pam_hooks.html).
+///
+/// All of hooks are ignored by PAM dispatch by default given the default return value of `PAM_IGNORE`.
+/// Override any functions that you want to handle with your module. See `man pam(3)`.
+#[allow(unused_variables)]
+pub trait PamHooks {
+    /// This function performs the task of establishing whether the user is permitted to gain access at
+    /// this time. It should be understood that the user has previously been validated by an
+    /// authentication module. This function checks for other things. Such things might be: the time of
+    /// day or the date, the terminal line, remote hostname, etc. This function may also determine
+    /// things like the expiration on passwords, and respond that the user change it before continuing.
+	fn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
+
+    /// This function performs the task of authenticating the user.
+	fn sm_authenticate(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
+
+	/// This function is used to (re-)set the authentication token of the user.
+	///
+	/// The PAM library calls this function twice in succession. The first time with
+	/// PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with
+	/// PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is
+	/// (possibly) changed.
+	fn sm_chauthtok(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
+
+	/// This function is called to terminate a session.
+	fn sm_close_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
+
+	/// This function is called to commence a session.
+	fn sm_open_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
+
+    /// This function performs the task of altering the credentials of the user with respect to the
+    /// corresponding authorization scheme. Generally, an authentication module may have access to more
+    /// information about a user than their authentication token. This function is used to make such
+    /// information available to the application. It should only be called after the user has been
+    /// authenticated but before a session has been established.
+	fn sm_setcred(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode {
+		PamResultCode::PAM_IGNORE
+	}
 }
\ No newline at end of file