Mercurial > crates > nonstick

view src/lib.rs @ 69:8f3ae0c7ab92

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rework conversation data types and make safe wrappers. This removes the old `Conversation` type and reworks the FFI types used for PAM conversations. This creates safe `TestResponse` and `BinaryResponse` structures in `conv`, providing a safe way to pass response messages to PAM Conversations. The internals of these types are allocated on the C heap, as required by PAM. We also remove the Conversation struct, which was specific to the real PAM implementation so that we can introduce a better abstraction. Also splits a new `PamApplicationHandle` trait from `PamHandle`, for the parts of a PAM handle that are specific to the application side of a PAM transaction.
author Paul Fisher <paul@pfish.zone>
date Sun, 01 Jun 2025 01:15:04 -0400
parents a674799a5cd3
children 9f8381a1c09c
line wrap: on
line source

//! A safe, nonstick interface to PAM.
//!
//! This implements a type-safe library to interact with PAM.
//! Currently, it implements a subset of PAM useful for implementing a module.
//!
//! To write a new PAM module using this crate:
//!
//!  1. Create a `dylib` crate.
//!  2. Implement a subset of the functions in the [`PamModule`] trait
//!     corresponding to what you want your module to do.
//!     In the simplest case (for a new password-based authenticator),
//!     this will be the [`PamModule::authenticate`] function.
//!  3. Export your PAM module using the [`pam_hooks!`] macro.
//!  4. Build and install the dynamic library.
//!     This usually entails placing it at
//!     <code>/usr/lib/security/pam_<var>your_module</var>.so</code>,
//!     or maybe
//!     <code>/usr/lib/<var>your-architecture</var>/security/pam_<var>your_module</var>.so</code>.
//!
//! For general information on writing PAM modules, see
//! [The Linux-PAM Module Writers' Guide][module-guide]
//!
//! [module-guide]: https://www.chiark.greenend.org.uk/doc/libpam-doc/html/Linux-PAM_MWG.html

pub mod constants;
#[cfg(feature = "experimental")]
pub mod conv;
pub mod items;
mod module;

mod handle;
mod memory;
mod pam_ffi;

#[doc(inline)]
pub use crate::{
    constants::{ErrorCode, Flags, Result},
    handle::{LibPamHandle, PamApplicationHandle, PamHandle, PamModuleHandle},
    module::PamModule,
};