Mercurial > crates > nonstick

diff src/libpam/question.rs @ 98:b87100c5eed4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Start on environment variables, and make pointers nicer. This starts work on the PAM environment handling, and in so doing, introduces the CHeapBox and CHeapString structs. These are analogous to Box and CString, but they're located on the C heap rather than being Rust-managed memory. This is because environment variables deal with even more pointers and it turns out we can lose a lot of manual freeing using homemade smart pointers.
author Paul Fisher <paul@pfish.zone>
date Tue, 24 Jun 2025 04:25:25 -0400
parents efc2b56c8928
children 94b51fa4f797
line wrap: on
line diff
--- a/src/libpam/question.rs	Mon Jun 23 19:10:34 2025 -0400
+++ b/src/libpam/question.rs	Tue Jun 24 04:25:25 2025 -0400
@@ -4,15 +4,14 @@
 use crate::conv::{BinaryQAndA, RadioQAndA};
 use crate::conv::{ErrorMsg, InfoMsg, MaskedQAndA, Message, QAndA};
 use crate::libpam::conversation::OwnedMessage;
-use crate::libpam::memory::{CBinaryData, Immovable};
+use crate::libpam::memory::{CBinaryData, CHeapBox, CHeapString, Immovable};
+use crate::libpam::pam_ffi;
 pub use crate::libpam::pam_ffi::Question;
-use crate::libpam::{memory, pam_ffi};
 use crate::ErrorCode;
 use crate::Result;
 use num_enum::{IntoPrimitive, TryFromPrimitive};
 use std::ffi::{c_void, CStr};
-use std::ptr::NonNull;
-use std::{ptr, slice};
+use std::slice;
 
 /// Abstraction of a collection of questions to be sent in a PAM conversation.
 ///
@@ -204,20 +203,19 @@
     ///
     /// It's up to you to pass this only on types with a string value.
     unsafe fn string_data(&self) -> Result<&str> {
-        if self.data.is_null() {
-            Ok("")
-        } else {
-            CStr::from_ptr(self.data.cast())
+        match self.data.as_ref() {
+            None => Ok(""),
+            Some(data) => CStr::from_ptr(CHeapBox::as_ptr(data).cast().as_ptr())
                 .to_str()
-                .map_err(|_| ErrorCode::ConversationError)
+                .map_err(|_| ErrorCode::ConversationError),
         }
     }
 
     /// Gets this message's data pointer as borrowed binary data.
     unsafe fn binary_data(&self) -> (&[u8], u8) {
-        NonNull::new(self.data)
-            .map(|nn| nn.cast())
-            .map(|ptr| CBinaryData::data(ptr))
+        self.data
+            .as_ref()
+            .map(|data| CBinaryData::data(CHeapBox::as_ptr(data).cast()))
             .unwrap_or_default()
     }
 }
@@ -225,9 +223,13 @@
 impl TryFrom<&Message<'_>> for Question {
     type Error = ErrorCode;
     fn try_from(msg: &Message) -> Result<Self> {
-        let alloc = |style, text| Ok((style, memory::malloc_str(text)?.cast()));
+        let alloc = |style, text| -> Result<_> {
+            Ok((style, unsafe {
+                CHeapBox::cast(CHeapString::new(text)?.into_box())
+            }))
+        };
         // We will only allocate heap data if we have a valid input.
-        let (style, data): (_, NonNull<c_void>) = match *msg {
+        let (style, data): (_, CHeapBox<c_void>) = match *msg {
             Message::MaskedPrompt(p) => alloc(Style::PromptEchoOff, p.question()),
             Message::Prompt(p) => alloc(Style::PromptEchoOn, p.question()),
             Message::Error(p) => alloc(Style::ErrorMsg, p.question()),
@@ -235,16 +237,15 @@
             #[cfg(feature = "linux-pam-extensions")]
             Message::RadioPrompt(p) => alloc(Style::RadioType, p.question()),
             #[cfg(feature = "linux-pam-extensions")]
-            Message::BinaryPrompt(p) => Ok((
-                Style::BinaryPrompt,
-                CBinaryData::alloc(p.question())?.cast(),
-            )),
+            Message::BinaryPrompt(p) => Ok((Style::BinaryPrompt, unsafe {
+                CHeapBox::cast(CBinaryData::alloc(p.question())?)
+            })),
             #[cfg(not(feature = "linux-pam-extensions"))]
             Message::RadioPrompt(_) | Message::BinaryPrompt(_) => Err(ErrorCode::ConversationError),
         }?;
         Ok(Self {
             style: style.into(),
-            data: data.as_ptr(),
+            data: Some(data),
             _marker: Default::default(),
         })
     }
@@ -258,23 +259,26 @@
             // This is nice-to-have. We'll try to zero out the data
             // in the Question. If it's not a supported format, we skip it.
             if let Ok(style) = Style::try_from(self.style) {
-                match style {
+                let _ = match style {
                     #[cfg(feature = "linux-pam-extensions")]
-                    Style::BinaryPrompt => {
-                        if let Some(d) = NonNull::new(self.data) {
-                            CBinaryData::zero_contents(d.cast())
-                        }
-                    }
+                    Style::BinaryPrompt => self
+                        .data
+                        .as_ref()
+                        .map(|p| CBinaryData::zero_contents(CHeapBox::as_ptr(p).cast())),
                     #[cfg(feature = "linux-pam-extensions")]
-                    Style::RadioType => memory::zero_c_string(self.data.cast()),
+                    Style::RadioType => self
+                        .data
+                        .as_ref()
+                        .map(|p| CHeapString::zero(CHeapBox::as_ptr(p).cast())),
                     Style::TextInfo
                     | Style::ErrorMsg
                     | Style::PromptEchoOff
-                    | Style::PromptEchoOn => memory::zero_c_string(self.data.cast()),
-                }
+                    | Style::PromptEchoOn => self
+                        .data
+                        .as_ref()
+                        .map(|p| CHeapString::zero(CHeapBox::as_ptr(p).cast())),
+                };
             };
-            memory::free(self.data);
-            self.data = ptr::null_mut();
         }
     }
 }