Mercurial > crates > nonstick

changeset 169:77470e45e397

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Set up stuff to work the way Sun expects it to. This sets up PAM to use pam_authtok_get.so on Sun machines.
author Paul Fisher <paul@pfish.zone>
date Tue, 15 Jul 2025 01:32:21 -0400
parents 6642e89d29a2
children f052e2417195
files src/handle.rs src/libpam/handle.rs testharness/Cargo.toml testharness/install-test-harness.sh testharness/nonstick_testharness.conf testharness/src/lib.rs
diffstat 6 files changed, 20 insertions(+), 44 deletions(-) [+]
line wrap: on
line diff
--- a/src/handle.rs	Tue Jul 15 00:56:01 2025 -0400
+++ b/src/handle.rs	Tue Jul 15 01:32:21 2025 -0400
@@ -157,6 +157,13 @@
     /// This should only be used by *authentication* and *password-change*
     /// PAM modules.
     ///
+    /// With Sun's PAM implementation, this works a little bit differently
+    /// than it does everywhere else. Sun's PAM provides for password input
+    /// *exclusively* though module stacking with the
+    /// [`pam_authtok_get` module][pam_authtok_get]. On Sun, this function
+    /// is exactly equivalent to [`Self::authtok_item`], in that it only
+    /// retrieves the existing item.
+    ///
     /// # References
     ///
     #[doc = linklist!(pam_get_authtok: man7, manbsd)]
--- a/src/libpam/handle.rs	Tue Jul 15 00:56:01 2025 -0400
+++ b/src/libpam/handle.rs	Tue Jul 15 01:32:21 2025 -0400
@@ -15,7 +15,6 @@
 use std::any::TypeId;
 use std::cell::Cell;
 use std::ffi::{c_char, c_int, c_void, CString, OsStr, OsString};
-use std::mem::ManuallyDrop;
 use std::os::unix::ffi::OsStrExt;
 use std::ptr::NonNull;
 use std::{any, fmt, ptr};
@@ -139,7 +138,7 @@
     pub fn end_silent(self) {
         #[cfg(pam_impl = "LinuxPam")]
         {
-            let mut me = ManuallyDrop::new(self);
+            let mut me = std::mem::ManuallyDrop::new(self);
             me.end_internal(libpam_sys::PAM_DATA_SILENT);
         }
         // If it's not LinuxPam, we just drop normally.
@@ -494,45 +493,8 @@
     }
 
     #[cfg(pam_impl = "Sun")]
-    fn get_authtok(&mut self, prompt: Option<&OsStr>, item_type: ItemType) -> Result<OsString> {
-        use crate::libpam::memory::CHeapString;
-        use std::os::unix::ffi::OsStringExt;
-        // Sun's __pam_get_authtok function is a little weird and requires
-        // that you specify where you want the authtok to come from.
-        // First we see if there's an authtok already set.
-        let mut output: *mut c_char = ptr::null_mut();
-        let result = unsafe {
-            libpam_sys::__pam_get_authtok(
-                self.inner_mut(),
-                libpam_sys::PAM_HANDLE,
-                item_type.into(),
-                ptr::null(),
-                &mut output,
-            )
-        };
-        let output = unsafe { CHeapString::from_ptr(output) };
-        if result == libpam_sys::PAM_SUCCESS {
-            if let Some(output) = output {
-                return Ok(OsString::from_vec(output.to_bytes().into()));
-            }
-        }
-        drop(output);
-        let mut output: *mut c_char = ptr::null_mut();
-        let prompt = memory::option_cstr_os(prompt);
-        let result = unsafe {
-            libpam_sys::__pam_get_authtok(
-                self.inner_mut(),
-                libpam_sys::PAM_PROMPT,
-                item_type.into(),
-                memory::prompt_ptr(prompt.as_deref()),
-                &mut output,
-            )
-        };
-        let output = unsafe { CHeapString::from_ptr(output) };
-        ErrorCode::result_from(result)?;
-        output
-            .map(|s| OsString::from_vec(s.to_bytes().into()))
-            .ok_or(ErrorCode::ConversationError)
+    fn get_authtok(&mut self, _prompt: Option<&OsStr>, item_type: ItemType) -> Result<OsString> {
+        unsafe { items::get_cstr_item(self, item_type) }?.ok_or(ErrorCode::ConversationError)
     }
 
     /// Gets the `PAM_CONV` item from the handle.
--- a/testharness/Cargo.toml	Tue Jul 15 00:56:01 2025 -0400
+++ b/testharness/Cargo.toml	Tue Jul 15 01:32:21 2025 -0400
@@ -12,6 +12,7 @@
 crate-type = ["cdylib"]
 
 [features]
+default = ["basic-ext"]
 basic-ext = ["nonstick/basic-ext"]
 linux-pam-ext = ["nonstick/linux-pam-ext"]
 openpam-ext = ["nonstick/openpam-ext"]
@@ -19,7 +20,7 @@
 test-install = []
 
 [dependencies]
-nonstick = { path = ".." }
+nonstick = { path = "..", features = ["link"], default-features = false }
 
 [dev-dependencies]
 anyhow = "1.0.98"
--- a/testharness/install-test-harness.sh	Tue Jul 15 00:56:01 2025 -0400
+++ b/testharness/install-test-harness.sh	Tue Jul 15 01:32:21 2025 -0400
@@ -8,7 +8,11 @@
   SRC="$1"
   DST="$2"
   LIB="$3"
-  sed "s#pam_testharness\.so#$LIB#" <"$SRC" >"$DST"
+  SUN_PATCH=""
+  if [ "$(uname -s)" = "SunOS" ]; then
+    SUN_PATCH="s/^#Sun#//"
+  fi
+  sed -e "s#pam_testharness\.so#$LIB#" -e "$SUN_PATCH" <"$SRC" >"$DST"
 }
 
 setup_pam_conf() {
--- a/testharness/nonstick_testharness.conf	Tue Jul 15 00:56:01 2025 -0400
+++ b/testharness/nonstick_testharness.conf	Tue Jul 15 01:32:21 2025 -0400
@@ -1,5 +1,7 @@
 # PAM configuration file for nonstick_testharness
+#Sun#auth required pam_authtok_get.so
 auth required pam_testharness.so param param2
 account required pam_testharness.so
+#Sun#password required pam_authtok_get.so
 password required pam_testharness.so
 session required pam_testharness.so
--- a/testharness/src/lib.rs	Tue Jul 15 00:56:01 2025 -0400
+++ b/testharness/src/lib.rs	Tue Jul 15 01:32:21 2025 -0400
@@ -9,7 +9,7 @@
     error, info, pam_hooks, AuthnFlags, AuthtokAction, AuthtokFlags, ErrorCode, ModuleClient,
     PamModule,
 };
-use std::ffi::{CStr, OsString};
+use std::ffi::CStr;
 use std::os::unix::ffi::OsStrExt;
 
 struct TestHarness;