Mercurial > crates > nonstick
view src/handle.rs @ 152:4d11b2e7da83
fix dumb `use x as x` in question.rs.
| author | Paul Fisher <paul@pfish.zone> |
|---|---|
| date | Mon, 07 Jul 2025 19:05:31 -0400 |
| parents | 1bc52025156b |
| children | 3036f2e6a022 |
line wrap: on
line source
//! The wrapper types and traits for handles into the PAM library. use crate::_doc::{guide, linklist, man7, manbsd, stdlinks}; use crate::constants::{Flags, Result}; use crate::conv::Conversation; use crate::environ::{EnvironMap, EnvironMapMut}; use crate::items::{getter, Items, ItemsMut}; use crate::logging::{Level, Location}; use std::ffi::{OsStr, OsString}; /// Functionality for both PAM applications and PAM modules. /// /// This base trait includes features of a PAM handle that are available /// to both applications and modules. /// /// You probably want [`LibPamTransaction`](crate::libpam::LibPamTransaction). /// This trait is intended to allow creating mock PAM handle types /// to test PAM modules and applications. pub trait PamShared { /// Logs something via this PAM handle. /// /// You probably want to use one of the logging macros, /// like [`error!`](crate::error!), /// [`warn!`](crate::warn!), /// [`info!`](crate::info!), /// or [`debug!`](crate::debug!). /// /// In most PAM implementations, this will go to syslog. /// See [Linux-PAM's `pam_syslog`][man7] or /// [OpenPAM's `openpam_log`][manbsd] for more details. /// /// # Example /// /// ```no_run /// # use nonstick::PamShared; /// use nonstick::logging::Level; /// use nonstick::location; /// # fn _test(pam_hdl: impl PamShared) { /// # let delay_ms = 100; /// # let url = "https://zombo.com"; /// // Usually, instead of calling this manually, just use the macros. /// nonstick::error!(pam_hdl, "something bad happened!"); /// nonstick::warn!(pam_hdl, "loading information took {delay_ms} ms"); /// nonstick::info!(pam_hdl, "using network backend"); /// nonstick::debug!(pam_hdl, "sending GET request to {url}"); /// // But if you really want to, you can call this yourself: /// pam_hdl.log(Level::Warning, location!(), "this is unnecessarily verbose"); /// # } /// ``` #[doc = man7!(3 pam_syslog)] #[doc = manbsd!(3 openpam_log)] fn log(&self, level: Level, loc: Location<'_>, entry: &str); /// Retrieves the name of the user who is authenticating or logging in. /// /// If the username has previously been obtained, this uses that username; /// otherwise it prompts the user with the first of these that is present: /// /// 1. The prompt string passed to this function. /// 2. The string returned by `get_user_prompt_item`. /// 3. The default prompt, `login: `. /// /// # References #[doc = linklist!(pam_get_user: mwg, _std)] /// /// # Example /// /// ```no_run /// # use nonstick::PamShared; /// # fn _doc(handle: &mut impl PamShared) -> Result<(), Box<dyn std::error::Error>> { /// // Get the username using the default prompt. /// let user = handle.username(None)?; /// // Get the username using a custom prompt. /// // If this were actually called right after the above, /// // both user and user_2 would have the same value. /// let user_2 = handle.username(Some("who ARE you even???".as_ref()))?; /// # Ok(()) /// # } /// ``` #[doc = stdlinks!(3 pam_get_user)] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_get_user")] fn username(&mut self, prompt: Option<&OsStr>) -> Result<OsString>; /// The contents of the environment to set for the logged-in user. /// /// # References /// #[doc = linklist!(pam_getenv: adg, mwg, _std)] /// #[doc = stdlinks!(3 pam_getenv)] #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_getenv")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#adg-pam_getenv")] fn environ(&self) -> impl EnvironMap; /// A writable map of the environment to set for the logged-in user. /// /// # References /// #[doc = linklist!(pam_putenv: adg, mwg, _std)] /// #[doc = stdlinks!(3 pam_putenv)] #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_putenv")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#adg-pam_putenv")] fn environ_mut(&mut self) -> impl EnvironMapMut; /// Gets Items, data shared by PAM, the application, and modules. /// /// Certain Items should not be accessed by a PAM application; /// those are available directly on [`ModuleClient`] for use /// by PAM modules only. /// /// # References /// #[doc = linklist!(pam_get_item: mwg, adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_get_item")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_get_item")] #[doc = stdlinks!(3 pam_get_item)] fn items(&self) -> impl Items; /// Read-write access to PAM Items. /// /// # References /// #[doc = linklist!(pam_set_item: mwg, adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")] #[doc = stdlinks!(3 pam_set_item)] fn items_mut(&mut self) -> impl ItemsMut; } /// Functionality of a PAM handle that can be expected by a PAM application. /// /// If you are not writing a PAM client application (e.g., you are writing /// a module), you should not use the functionality exposed by this trait. /// /// Like [`PamShared`], this is intended to allow creating mock implementations /// of PAM for testing PAM applications. pub trait Transaction: PamShared { /// Starts the authentication process for the user. /// /// The application calls this to find out who the user is, and verify that /// they are really that person. If authentication is successful, /// this will return an `Ok(())` [`Result`]. /// /// A PAM module may change the caller's [username](PamShared::username) /// as part of the login process, so be sure to check it after making /// any PAM application call. /// /// # References #[doc = linklist!(pam_authenticate: adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_authenticate")] #[doc = stdlinks!(3 pam_authenticate)] fn authenticate(&mut self, flags: Flags) -> Result<()>; /// Verifies the validity of the user's account (and other stuff). /// /// After [authentication](Self::authenticate), an application should call /// this to ensure that the user's account is still valid. This may check /// for token expiration or that the user's account is not locked. /// /// # References #[doc = linklist!(pam_acct_mgmt: adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_acct_mgmt")] #[doc = stdlinks!(3 pam_acct_mgmt)] fn account_management(&mut self, flags: Flags) -> Result<()>; /// Changes the authentication token. /// /// # References #[doc = linklist!(pam_chauthtok: adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_chauthtok")] #[doc = stdlinks!(3 pam_chauthtok)] fn change_authtok(&mut self, flags: Flags) -> Result<()>; } /// Functionality of a PAM handle that can be expected by a PAM module. /// /// If you are not writing a PAM module (e.g., you are writing an application), /// you should not use any of the functionality exposed by this trait. /// /// Like [`PamShared`], this is intended to allow creating mock implementations /// of PAM for testing PAM modules. pub trait ModuleClient: Conversation + PamShared { /// Retrieves the authentication token from the user. /// /// This should only be used by *authentication* and *password-change* /// PAM modules. /// /// # References /// #[doc = linklist!(pam_get_authtok: man7, manbsd)] /// /// # Example /// /// ```no_run /// # use nonstick::handle::ModuleClient; /// # fn _doc(handle: &mut impl ModuleClient) -> Result<(), Box<dyn std::error::Error>> { /// // Get the user's password using the default prompt. /// let pass = handle.authtok(None)?; /// // Get the user's password using a custom prompt. /// let pass = handle.authtok(Some("Reveal your secrets!".as_ref()))?; /// Ok(()) /// # } /// ``` #[doc = man7!(3 pam_get_authtok)] #[doc = manbsd!(3 pam_get_authtok)] fn authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString>; /// Retrieves the user's old authentication token when changing passwords. /// /// This should only be used by a *password-change* module. /// /// # References /// #[doc = linklist!(pam_get_authtok: man7, manbsd)] /// /// # Example /// /// ```no_run /// # use nonstick::handle::ModuleClient; /// # fn _doc(handle: &mut impl ModuleClient) -> Result<(), Box<dyn std::error::Error>> { /// // Get the user's password using the default prompt. /// let pass = handle.old_authtok(None)?; /// // Get the user's password using a custom prompt. /// let pass = handle.old_authtok(Some("Reveal your secrets!".as_ref()))?; /// Ok(()) /// # } /// ``` /// #[doc = stdlinks!(3 pam_get_authtok)] fn old_authtok(&mut self, prompt: Option<&OsStr>) -> Result<OsString>; getter!( /// Gets the user's authentication token (e.g., password). /// /// This is normally set automatically by PAM through [`Self::authtok`], /// but this will get its value (if set) without prompting the user. /// /// Like `authtok`, this should only ever be called /// by *authentication* and *password-change* PAM modules. /// /// # References /// #[doc = linklist!(pam_set_item: mwg, adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")] #[doc = stdlinks!(3 pam_set_item)] authtok_item("PAM_AUTHTOK", see = Self::authtok) ); getter!( /// Gets the user's old authentication token when changing passwords. /// /// This is normally set automatically by PAM through /// [`Self::old_authtok`], but this will get its value (if set) /// without prompting the user. /// /// This should only ever be called by *password-change* PAM modules. /// /// # References /// #[doc = linklist!(pam_set_item: mwg, adg, _std)] /// #[doc = guide!(adg: "adg-interface-by-app-expected.html#adg-pam_set_item")] #[doc = guide!(mwg: "mwg-expected-by-module-item.html#mwg-pam_set_item")] #[doc = stdlinks!(3 pam_set_item)] old_authtok_item("PAM_OLDAUTHTOK", see = ItemsMut::set_old_authtok) ); }