Mercurial > crates > nonstick

--- a/libpam-sys/libpam-sys-consts/build.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/libpam-sys/libpam-sys-consts/build.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -27,8 +27,8 @@
             panic!(
                 "unknown PAM implementation {val:?}. \
                 valid LIBPAMSYS_IMPLs are {:?}, \
-                {INSTALLED:?} to use the OS default, \
-                or unset to detect",
+                {INSTALLED:?} to use the currently-installed version, \
+                or unset to use the OS default",
                 PamImpl::items()
             )
         })),
--- a/src/lib.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/src/lib.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -10,7 +10,7 @@
 //!     corresponding to what you want your module to do.
 //!     In the simplest case (for a new password-based authenticator),
 //!     this will be the [`PamModule::authenticate`] function.
-//!  3. Export your PAM module using the [`pam_hooks!`] macro.
+//!  3. Export your PAM module using the [`pam_export!`] macro.
 //!  4. Build and install the dynamic library.
 //!     This usually entails placing it at
 //!     <code>/usr/lib/security/pam_<var>your_module</var>.so</code>,
@@ -61,9 +61,6 @@
 pub mod logging;

 #[cfg(feature = "link")]
-#[doc(hidden)]
-pub use crate::libpam::ModuleExporter;
-#[cfg(feature = "link")]
 #[doc(inline)]
 pub use crate::libpam::{LibPamHandle, LibPamTransaction, TransactionBuilder};
 #[doc(inline)]
--- a/src/libpam/mod.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/src/libpam/mod.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -12,9 +12,9 @@
 mod handle;
 mod items;
 mod memory;
-mod module;
+#[doc(hidden)]
+pub mod module;
 mod question;

 #[doc(inline)]
 pub use handle::{LibPamHandle, LibPamTransaction, TransactionBuilder};
-pub use module::ModuleExporter;
--- a/src/libpam/module.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/src/libpam/module.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -6,7 +6,7 @@

 /// Generates the dynamic library entry points for a PAM module
 ///
-/// Calling `pam_hooks!(SomeType)` on a type that implements
+/// Calling `pam_export!(SomeType)` on a type that implements
 /// [`PamModule`] will generate the exported
 /// `extern "C"` functions that PAM uses to call into your module.
 ///
@@ -17,14 +17,14 @@
 ///
 /// ```no_run
 /// use nonstick::{
-///     pam_hooks, ConversationAdapter, AuthnFlags, LibPamTransaction, ModuleClient, PamModule,
+///     pam_export, ConversationAdapter, AuthnFlags, LibPamTransaction, ModuleClient, PamModule,
 ///     Result as PamResult,
 /// };
 /// use std::ffi::CStr;
 /// # fn main() {}
 ///
 /// struct MyPamModule;
-/// pam_hooks!(MyPamModule);
+/// pam_export!(MyPamModule);
 ///
 /// impl<T: ModuleClient> PamModule<T> for MyPamModule {
 ///     fn authenticate(handle: &mut T, args: Vec<&CStr>, flags: AuthnFlags) -> PamResult<()> {
@@ -44,12 +44,12 @@
 /// }
 /// ```
 #[macro_export]
-macro_rules! pam_hooks {
+macro_rules! pam_export {
     ($ident:ident) => {
-        mod _pam_hooks_scope {
+        mod __pam_export_scope {
             use std::ffi::{c_char, c_int, c_void};
             use $crate::constants::{RawFlags, ReturnCode};
-            use $crate::ModuleExporter;
+            use $crate::libpam::module;

             macro_rules! export {
                 ($func:ident) => {
@@ -61,7 +61,7 @@
                         argv: *const *const c_char,
                     ) -> c_int {
                         let ret: ReturnCode =
-                            ModuleExporter::$func::<super::$ident>(pamh, flags, argc, argv).into();
+                            module::$func::<super::$ident>(pamh, flags, argc, argv).into();
                         ret.into()
                     }
                 };
@@ -78,78 +78,77 @@
 }

 #[doc(hidden)]
-pub struct ModuleExporter;
+pub unsafe fn pam_sm_acct_mgmt<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let args = extract_argv(argc, argv);
+    M::account_management(handle, args, AuthnFlags::from(flags))
+}

-// All of the below are only intended to be called directly from C.
-#[allow(clippy::missing_safety_doc)]
-impl ModuleExporter {
-    pub unsafe fn pam_sm_acct_mgmt<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let args = extract_argv(argc, argv);
-        M::account_management(handle, args, AuthnFlags::from(flags))
-    }
+#[doc(hidden)]
+pub unsafe fn pam_sm_authenticate<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let args = extract_argv(argc, argv);
+    M::authenticate(handle, args, AuthnFlags::from(flags))
+}

-    pub unsafe fn pam_sm_authenticate<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let args = extract_argv(argc, argv);
-        M::authenticate(handle, args, AuthnFlags::from(flags))
-    }
+#[doc(hidden)]
+pub unsafe fn pam_sm_chauthtok<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let (action, flags) = AuthtokAction::extract(flags)?;
+    let args = extract_argv(argc, argv);
+    M::change_authtok(handle, args, action, flags)
+}

-    pub unsafe fn pam_sm_chauthtok<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let (action, flags) = AuthtokAction::extract(flags)?;
-        let args = extract_argv(argc, argv);
-        M::change_authtok(handle, args, action, flags)
-    }
-
-    pub unsafe fn pam_sm_close_session<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let args = extract_argv(argc, argv);
-        M::close_session(handle, args, BaseFlags::from(flags))
-    }
+#[doc(hidden)]
+pub unsafe fn pam_sm_close_session<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let args = extract_argv(argc, argv);
+    M::close_session(handle, args, BaseFlags::from(flags))
+}

-    pub unsafe fn pam_sm_open_session<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let args = extract_argv(argc, argv);
-        M::open_session(handle, args, BaseFlags::from(flags))
-    }
+#[doc(hidden)]
+pub unsafe fn pam_sm_open_session<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let args = extract_argv(argc, argv);
+    M::open_session(handle, args, BaseFlags::from(flags))
+}

-    pub unsafe fn pam_sm_setcred<M: PamModule<LibPamHandle>>(
-        pamh: *mut c_void,
-        flags: RawFlags,
-        argc: c_int,
-        argv: *const *const c_char,
-    ) -> Result<()> {
-        let handle = wrap(pamh)?;
-        let (action, flags) = CredAction::extract(flags)?;
-        let args = extract_argv(argc, argv);
-        M::set_credentials(handle, args, action, flags)
-    }
+#[doc(hidden)]
+pub unsafe fn pam_sm_setcred<M: PamModule<LibPamHandle>>(
+    pamh: *mut c_void,
+    flags: RawFlags,
+    argc: c_int,
+    argv: *const *const c_char,
+) -> Result<()> {
+    let handle = wrap(pamh)?;
+    let (action, flags) = CredAction::extract(flags)?;
+    let args = extract_argv(argc, argv);
+    M::set_credentials(handle, args, action, flags)
 }

 /// Turns `argc`/`argv` into a [Vec] of [CStr]s.
@@ -182,5 +181,5 @@
     struct Foo;
     impl<T: ModuleClient> PamModule<T> for Foo {}

-    pam_hooks!(Foo);
+    pam_export!(Foo);
 }
--- a/src/module.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/src/module.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -14,7 +14,7 @@
 /// The default implementations of all these hooks tell PAM to ignore them
 /// (i.e., behave as if this module does not exist) by returning [`ErrorCode::Ignore`].
 /// Override any functions you wish to handle in your module.
-/// After implementing this trait, use the [`pam_hooks!`](crate::pam_hooks!) macro
+/// After implementing this trait, use the [`pam_export!`](crate::pam_export!) macro
 /// to make the functions available to PAM.
 ///
 /// For more information, see [`pam(3)`’s root manual page][manpage]
--- a/testharness/src/bin/testharness.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/testharness/src/bin/testharness.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -12,10 +12,18 @@
 use std::ffi::OsString;
 use std::os::unix::ffi::OsStrExt;

+macro_rules! run {
+    ($x:expr) => {
+        eprintln!("START {}", stringify!($x));
+        $x;
+        eprintln!("..END {}", stringify!($x));
+    };
+}
+
 fn main() {
-    test_wrong_user();
-    test_wrong_password();
-    test_correct();
+    run!(test_wrong_user());
+    run!(test_wrong_password());
+    run!(test_correct());
 }

 #[derive(Debug, Default)]
--- a/testharness/src/lib.rs	Fri Jul 25 21:02:53 2025 -0400
+++ b/testharness/src/lib.rs	Tue Jul 29 16:52:32 2025 -0400
@@ -7,7 +7,7 @@

 use nonstick::conv::{ErrorMsg, InfoMsg, MaskedQAndA, QAndA};
 use nonstick::{
-    error, info, pam_hooks, AuthnFlags, AuthtokAction, AuthtokFlags, ErrorCode, ModuleClient,
+    error, info, pam_export, AuthnFlags, AuthtokAction, AuthtokFlags, ErrorCode, ModuleClient,
     PamModule,
 };
 use std::ffi::CStr;
@@ -108,4 +108,4 @@
     }
 }

-pam_hooks!(TestHarness);
+pam_export!(TestHarness);