Mercurial > crates > nonstick

diff src/module.rs @ 171:e27c5c667a5a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Create full new types for return code and flags, separate end to end. This plumbs the ReturnCode and RawFlags types through the places where we call into or are called from PAM. Also adds Sun documentation to the project.
author Paul Fisher <paul@pfish.zone>
date Fri, 25 Jul 2025 20:52:14 -0400
parents 2f5913131295
children 46e8ce5cd5d1
line wrap: on
line diff
--- a/src/module.rs	Wed Jul 16 18:45:20 2025 -0400
+++ b/src/module.rs	Fri Jul 25 20:52:14 2025 -0400
@@ -100,19 +100,11 @@
     /// that information to the application. It should only be called after
     /// authentication but before a session is established.
     ///
+    /// The module should perform the specified `action`.
+    ///
     /// See [the Module Writer's Guide entry for `pam_sm_setcred`][mwg]
     /// for more information.
     ///
-    /// # Valid flags
-    ///
-    /// This function may be called with the following flags set:
-    ///
-    /// - [`Flags::SILENT`]
-    /// - [`Flags::ESTABLISH_CREDENTIALS`]: Initialize credentials for the user.
-    /// - [`Flags::DELETE_CREDENTIALS`]: Delete the credentials associated with this module.
-    /// - [`Flags::REINITIALIZE_CREDENTIALS`]: Re-initialize credentials for this user.
-    /// - [`Flags::REFRESH_CREDENTIALS`]: Extend the lifetime of the user's credentials.
-    ///
     /// # Returns
     ///
     /// If credentials were set successfully, return `Ok(())`.
@@ -139,11 +131,18 @@
     /// Called to set or reset the user's authentication token.
     ///
     /// PAM calls this function twice in succession.
-    ///  1. The first time, [`Flags::PRELIMINARY_CHECK`] will be set.
+    ///  1. The first time, the `action` will be
+    ///     [`AuthtokAction::Validate`].
     ///     If the new token is acceptable, return success;
     ///     if not, return [`ErrorCode::TryAgain`] to re-prompt the user.
-    ///  2. After the preliminary check succeeds, [`Flags::UPDATE_AUTHTOK`]
-    ///     will be set. On this call, actually update the stored auth token.
+    ///  2. After the preliminary check succeeds, you will be called again
+    ///     with the same password and [`AuthtokAction::Update`].
+    ///     When this happens, actually change the authentication token.
+    ///
+    /// The new authentication token will be available in
+    /// [`authtok`](ModuleClient::authtok),
+    /// and the previous authentication token will be available in
+    /// [`old_authtok`](ModuleClient::old_authtok).
     ///
     /// See [the Module Writer's Guide entry for `pam_sm_chauthtok`][mwg]
     /// for more information.