--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/libpam/mod.rs	Fri Jun 06 22:35:08 2025 -0400
@@ -0,0 +1,65 @@
+//! The PAM library FFI and helpers for managing it.
+//!
+//! This includes the functions provided by PAM and the data structures
+//! used by PAM, as well as a few low-level abstractions for dealing with
+//! those data structures.
+//!
+//! Everything in here is hazmat.
+//!
+
+#![allow(dead_code)]
+
+mod conversation;
+mod handle;
+mod memory;
+mod message;
+mod module;
+mod response;
+
+pub use handle::{LibPamHandle, OwnedLibPamHandle};
+use std::ffi::{c_char, c_int, c_void};
+
+#[link(name = "pam")]
+extern "C" {
+    fn pam_get_data(
+        pamh: *mut LibPamHandle,
+        module_data_name: *const c_char,
+        data: &mut *const c_void,
+    ) -> c_int;
+
+    fn pam_set_data(
+        pamh: *mut LibPamHandle,
+        module_data_name: *const c_char,
+        data: *const c_void,
+        cleanup: extern "C" fn(pamh: *const c_void, data: *mut c_void, error_status: c_int),
+    ) -> c_int;
+
+    fn pam_get_item(pamh: *mut LibPamHandle, item_type: c_int, item: &mut *const c_void) -> c_int;
+
+    fn pam_set_item(pamh: *mut LibPamHandle, item_type: c_int, item: *const c_void) -> c_int;
+
+    fn pam_get_user(
+        pamh: *mut LibPamHandle,
+        user: &mut *const c_char,
+        prompt: *const c_char,
+    ) -> c_int;
+
+    fn pam_get_authtok(
+        pamh: *mut LibPamHandle,
+        item_type: c_int,
+        data: &mut *const c_char,
+        prompt: *const c_char,
+    ) -> c_int;
+
+    fn pam_end(pamh: *mut LibPamHandle, status: c_int) -> c_int;
+
+    // TODO: pam_authenticate - app
+    //       pam_setcred - app
+    //       pam_acct_mgmt - app
+    //       pam_chauthtok - app
+    //       pam_open_session - app
+    //       pam_close_session - app
+    //       pam_putenv - shared
+    //       pam_getenv - shared
+    //       pam_getenvlist - shared
+}