Mercurial > crates > nonstick

diff src/constants.rs @ 64:bbe84835d6db v0.0.5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
More organization; add lots of docs. - moves `PamHandle` to its own module, since it will be used by both modules and clients. - adds a ton of documentation to the `PamModule` trait and reorders methods to most-interesting-first. - adds more flag values from pam_modules.h. - other misc cleanup.
author Paul Fisher <paul@pfish.zone>
date Thu, 22 May 2025 01:52:32 -0400
parents a7aa5ca0d00d
children
line wrap: on
line diff
--- a/src/constants.rs	Wed May 21 23:19:43 2025 -0400
+++ b/src/constants.rs	Thu May 22 01:52:32 2025 -0400
@@ -10,28 +10,56 @@
 bitflags! {
     /// The available PAM flags.
     ///
-    /// See `/usr/include/security/_pam_types.h` for more details.
+    /// See `/usr/include/security/_pam_types.h` and
+    /// See `/usr/include/security/pam_modules.h` for more details.
     #[derive(Debug, PartialEq)]
     #[repr(transparent)]
     pub struct Flags: c_uint {
-        /// Authentication service should not generate any messages.
+        /// The module should not generate any messages.
         const SILENT = 0x8000;
-        /// The service should return [ErrorCode::AuthError] if the user
-        /// has a null authentication token.
+
+        /// The module should return [ErrorCode::AuthError]
+        /// if the user has an empty authentication token
+        /// rather than immediately accepting them.
         const DISALLOW_NULL_AUTHTOK = 0x0001;
+
+        // Flag used for `set_credentials`.
+
         /// Set user credentials for an authentication service.
-        const ESTABLISH_CRED = 0x0002;
+        const ESTABLISH_CREDENTIALS = 0x0002;
         /// Delete user credentials associated with
         /// an authentication service.
-        const DELETE_CRED = 0x0004;
+        const DELETE_CREDENTIALS = 0x0004;
         /// Reinitialize user credentials.
-        const REINITIALIZE_CRED = 0x0008;
+        const REINITIALIZE_CREDENTIALS = 0x0008;
         /// Extend the lifetime of user credentials.
-        const REFRESH_CRED = 0x0010;
+        const REFRESH_CREDENTIALS = 0x0010;
+
+        // Flags used for password changing.
+
         /// The password service should only update those passwords
         /// that have aged. If this flag is _not_ passed,
         /// the password service should update all passwords.
+        ///
+        /// This flag is only used by `change_authtok`.
         const CHANGE_EXPIRED_AUTHTOK = 0x0020;
+
+        /// This is a preliminary check for password changing.
+        /// The password should not be changed.
+        ///
+        /// This is only used between PAM and a module.
+        /// Applications may not use this flag.
+        ///
+        /// This flag is only used by `change_authtok`.
+        const PRELIMINARY_CHECK = 0x4000;
+        /// The password should actuallyPR be updated.
+        /// This and [Self::PRELIMINARY_CHECK] are mutually exclusive.
+        ///
+        /// This is only used between PAM and a module.
+        /// Applications may not use this flag.
+        ///
+        /// This flag is only used by `change_authtok`.
+        const UPDATE_AUTHTOK = 0x2000;
     }
 }
 
@@ -90,7 +118,7 @@
     AuthTokLockBusy = 22,
     #[error("authentication token aging disabled")]
     AuthTokDisableAging = 23,
-    #[error("preliminary check by password service")]
+    #[error("preliminary password check failed")]
     TryAgain = 24,
     #[error("ignore underlying account module, regardless of control flag")]
     Ignore = 25,