Mercurial > crates > nonstick
view pam/src/hooks.rs @ 21:aa7e8bd083ef
add more docs and other cleanup
| author | Anthony Nowell <anthony@algorithmia.com> |
|---|---|
| date | Tue, 26 Sep 2017 02:15:28 -0600 |
| parents | 734ca62159fb |
| children |
line wrap: on
line source
use module::{PamHandle}; use constants::{PamFlag, PamResultCode}; use std::ffi::CStr; /// Provides functions that are invoked by the entrypoints generated by the /// [`pam_hooks!` macro](../macro.pam_hooks.html). /// /// All of hooks are ignored by PAM dispatch by default given the default return value of `PAM_IGNORE`. /// Override any functions that you want to handle with your module. See `man pam(3)`. #[allow(unused_variables)] pub trait PamHooks { /// This function performs the task of establishing whether the user is permitted to gain access at /// this time. It should be understood that the user has previously been validated by an /// authentication module. This function checks for other things. Such things might be: the time of /// day or the date, the terminal line, remote hostname, etc. This function may also determine /// things like the expiration on passwords, and respond that the user change it before continuing. fn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } /// This function performs the task of authenticating the user. fn sm_authenticate(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } /// This function is used to (re-)set the authentication token of the user. /// /// The PAM library calls this function twice in succession. The first time with /// PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with /// PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is /// (possibly) changed. fn sm_chauthtok(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } /// This function is called to terminate a session. fn sm_close_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } /// This function is called to commence a session. fn sm_open_session(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } /// This function performs the task of altering the credentials of the user with respect to the /// corresponding authorization scheme. Generally, an authentication module may have access to more /// information about a user than their authentication token. This function is used to make such /// information available to the application. It should only be called after the user has been /// authenticated but before a session has been established. fn sm_setcred(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { PamResultCode::PAM_IGNORE } } /// Macro to generate the `extern "C"` entrypoint bindings needed by PAM /// /// You can call `pam_hooks!(SomeType);` for any type that implements `PamHooks` /// /// ## Examples: /// /// Here is full example of a PAM module that would authenticate and authorize everybody: /// /// ``` /// #[macro_use] extern crate pam; /// /// use pam::hooks::PamHooks; /// use pam::module::PamHandle; /// use pam::constants::{PamResultCode, PamFlag}; /// use std::ffi::CStr; /// /// # fn main() {} /// struct MyPamModule; /// pam_hooks!(MyPamModule); /// /// impl PamHooks for MyPamModule { /// fn sm_authenticate(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { /// println!("Everybody is authenticated!"); /// PamResultCode::PAM_SUCCESS /// } /// /// fn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode { /// println!("Everybody is authorized!"); /// PamResultCode::PAM_SUCCESS /// } /// } /// ``` #[macro_export] macro_rules! pam_hooks { ($ident:ident) => ( pub use self::pam_hooks_scope::*; mod pam_hooks_scope { use $crate::module::PamHandle; use $crate::constants::{PamFlag, PamResultCode}; use $crate::hooks::PamHooks; use std::ffi::CStr; use std::os::raw::{c_char, c_int}; fn extract_argv<'a>(argc: c_int, argv: *const *const c_char) -> Vec<&'a CStr> { (0..argc) .map(|o| unsafe { CStr::from_ptr(*argv.offset(o as isize) as *const c_char) }) .collect() } #[no_mangle] pub extern "C" fn pam_sm_acct_mgmt( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::acct_mgmt(pamh, args, flags) } #[no_mangle] pub extern "C" fn pam_sm_authenticate( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::sm_authenticate(pamh, args, flags) } #[no_mangle] pub extern "C" fn pam_sm_chauthtok( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::sm_chauthtok(pamh, args, flags) } #[no_mangle] pub extern "C" fn pam_sm_close_session( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::sm_close_session(pamh, args, flags) } #[no_mangle] pub extern "C" fn pam_sm_open_session( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::sm_open_session(pamh, args, flags) } #[no_mangle] pub extern "C" fn pam_sm_setcred( pamh: &PamHandle, flags: PamFlag, argc: c_int, argv: *const *const c_char, ) -> PamResultCode { let args = extract_argv(argc, argv); super::$ident::sm_setcred(pamh, args, flags) } } ) } #[cfg(test)] pub mod test { use super::PamHooks; struct Foo; impl PamHooks for Foo {} pam_hooks!(Foo); }