Mercurial > crates > nonstick

changeset 81:a8f4718fed5d default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
When dynamically linking against the wrong PAM, fail.
author Paul Fisher <paul@pfish.zone>
date Tue, 10 Jun 2025 01:16:39 -0400
parents 5aa1a010f1e8
children
files build.rs src/libpam/pam_ffi.rs
diffstat 2 files changed, 21 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/build.rs	Tue Jun 10 01:09:30 2025 -0400
+++ b/build.rs	Tue Jun 10 01:16:39 2025 -0400
@@ -19,24 +19,36 @@
             .dynamic_link_require_all(true)
             .default_macro_constant_type(MacroTypeVariation::Signed);
 
-        let linux_builder = common_builder.clone().header_contents(
-            "linux-pam.h",
-            r#"
+        let linux_builder = common_builder
+            .clone()
+            // This function is not available in OpenPAM.
+            // We don't use it, but we include it so that if the user
+            // tries to run this against the wrong PAM library, it fails.
+            .allowlist_function("pam_start_confdir")
+            .header_contents(
+                "linux-pam.h",
+                r#"
                 #include <security/_pam_types.h>
                 #include <security/pam_appl.h>
                 #include <security/pam_ext.h>
                 #include <security/pam_modules.h>
                 "#,
-        );
-        let openpam_builder = common_builder.clone().header_contents(
-            "openpam.h",
-            r#"
+            );
+        let openpam_builder = common_builder
+            .clone()
+            // This function is not available in Linux-PAM.
+            // We don't use it, but we include it so that if the user
+            // tries to run this against the wrong PAM library, it fails.
+            .allowlist_function("pam_setenv")
+            .header_contents(
+                "openpam.h",
+                r#"
                 #include <security/openpam.h>
                 #include <security/pam_appl.h>
                 #include <security/pam_constants.h>
                 #include <security/pam_types.h>
                 "#,
-        );
+            );
 
         let (pam_impl, bindings) = {
             let bb = linux_builder.generate();
--- a/src/libpam/pam_ffi.rs	Tue Jun 10 01:09:30 2025 -0400
+++ b/src/libpam/pam_ffi.rs	Tue Jun 10 01:16:39 2025 -0400
@@ -3,9 +3,9 @@
 #![allow(non_camel_case_types)]
 
 use crate::libpam::memory::Immovable;
+use num_enum::{IntoPrimitive, TryFromPrimitive};
 use std::ffi::{c_int, c_void};
 use std::marker::PhantomData;
-use num_enum::{IntoPrimitive, TryFromPrimitive};
 
 /// An opaque structure that a PAM handle points to.
 #[repr(C)]