pam_rs/enums.rs
1#![allow(non_upper_case_globals)]
2
3//! Types defined by Linux-PAM
4//!
5//! This modules contains struct and enum definitions used by `pam-sys`.
6
7use pam_rs_macros::pam_enum;
8
9/// The Linux-PAM return values
10#[pam_enum]
11#[cfg(target_os = "linux")]
12pub enum PamReturnCode {
13 /// System error
14 System_Err,
15
16 /// Successful function return
17 Success,
18
19 /// dlopen() failure when dynamically loading a service module
20 Open_Err,
21
22 /// Symbol not found
23 Symbol_Err,
24
25 /// Error in service module
26 Service_Err,
27
28 /// Memory buffer error
29 Buf_Err,
30
31 /// Permission denied
32 Perm_Denied,
33
34 /// Authentication failure
35 Auth_Err,
36
37 /// Can not access authentication data due to insufficient credentials
38 Cred_Insufficient,
39
40 /// Underlying authentication service can not retrieve authentication information
41 Authinfo_Unavail,
42
43 /// User not known to the underlying authentication module
44 User_Unknown,
45
46 /// An authentication service has maintained a retry count which has been reached.
47 /// No further retries should be attempted
48 MaxTries,
49
50 /// New authentication token required.
51 /// This is normally returned if the machine security policies require
52 /// that the password should be changed beccause the password is NULL or it has aged
53 New_Authtok_Reqd,
54
55 /// User account has expired
56 Acct_Expired,
57
58 /// Can not make/remove an entry for the specified session
59 Session_Err,
60
61 /// Underlying authentication service can not retrieve user credentials unavailable
62 Cred_Unavail,
63
64 /// User credentials expired
65 Cred_Expired,
66
67 /// Failure setting user credentials
68 Cred_Err,
69
70 /// No module specific data is present
71 No_Module_Data,
72
73 /// Conversation error
74 Conv_Err,
75
76 /// Authentication token manipulation error
77 AuthTok_Err,
78
79 /// Authentication information cannot be recovered
80 AuthTok_Recovery_Err,
81
82 /// Authentication token lock busy
83 AuthTok_Lock_Busy,
84
85 /// Authentication token aging disabled
86 AuthTok_Disable_Aging,
87
88 /// Preliminary check by password service
89 Try_Again,
90
91 /// Ignore underlying account module regardless of whether
92 /// the control flag is required, optional, or sufficient
93 Ignore,
94
95 /// Critical error (?module fail now request)
96 AuthTok_Expired,
97
98 /// user's authentication token has expired
99 Abort,
100
101 /// module is not known
102 Module_Unknown,
103
104 /// Bad item passed to pam_*_item()
105 Bad_Item,
106
107 /// conversation function is event driven and data is not available yet
108 Conv_Again,
109
110 /// please call this function again to complete authentication stack.
111 /// Before calling again as isize, verify that conversation is completed
112 Incomplete,
113}
114
115#[pam_enum]
116#[cfg(not(target_os = "linux"))]
117pub enum PamReturnCode {
118 /// System error
119 System_Err,
120
121 /// Successful function return
122 Success,
123
124 /// dlopen() failure when dynamically loading a service module
125 Open_Err,
126
127 /// Symbol not found
128 Symbol_Err,
129
130 /// Error in service module
131 Service_Err,
132
133 /// Memory buffer error
134 Buf_Err,
135
136 /// Permission denied
137 Perm_Denied,
138
139 /// Authentication failure
140 Auth_Err,
141
142 /// Can not access authentication data due to insufficient credentials
143 Cred_Insufficient,
144
145 /// Underlying authentication service can not retrieve authentication information
146 Authinfo_Unavail,
147
148 /// User not known to the underlying authentication module
149 User_Unknown,
150
151 /// An authentication service has maintained a retry count which has been reached.
152 /// No further retries should be attempted
153 MaxTries,
154
155 /// New authentication token required.
156 /// This is normally returned if the machine security policies require
157 /// that the password should be changed beccause the password is NULL or it has aged
158 New_Authtok_Reqd,
159
160 /// User account has expired
161 Acct_Expired,
162
163 /// Can not make/remove an entry for the specified session
164 Session_Err,
165
166 /// Underlying authentication service can not retrieve user credentials unavailable
167 Cred_Unavail,
168
169 /// User credentials expired
170 Cred_Expired,
171
172 /// Failure setting user credentials
173 Cred_Err,
174
175 /// No module specific data is present
176 No_Module_Data,
177
178 /// Conversation error
179 Conv_Err,
180
181 /// Authentication token manipulation error
182 AuthTok_Err,
183
184 /// Authentication information cannot be recovered
185 AuthTok_Recovery_Err,
186
187 /// Authentication token lock busy
188 AuthTok_Lock_Busy,
189
190 /// Authentication token aging disabled
191 AuthTok_Disable_Aging,
192
193 /// Preliminary check by password service
194 Try_Again,
195
196 /// Ignore underlying account module regardless of whether
197 /// the control flag is required, optional, or sufficient
198 Ignore,
199
200 /// Critical error (?module fail now request)
201 AuthTok_Expired,
202
203 /// user's authentication token has expired
204 Abort,
205
206 /// module is not known
207 Module_Unknown,
208
209 /// Bad item passed to pam_*_item()
210 Bad_Item,
211}
212
213impl std::fmt::Display for PamReturnCode {
214 fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
215 f.write_str(&format!("{:?} ({})", self, *self as i32))
216 }
217}
218
219/// The Linux-PAM flags
220#[pam_enum]
221#[cfg(target_os = "linux")]
222pub enum PamFlag {
223 /// Default value, if no specific flags should be passed
224 None = 0,
225
226 /// Authentication service should not generate any messages
227 Silent,
228
229 /// The authentication service should return AUTH_ERROR
230 /// if the user has a null authentication token
231 /// (used by pam_authenticate{,_secondary}())
232 Disallow_Null_AuthTok,
233
234 /// Set user credentials for an authentication service
235 /// (used for pam_setcred())
236 Establish_Cred,
237
238 /// Delete user credentials associated with an authentication service
239 /// (used for pam_setcred())
240 Delete_Cred,
241
242 /// Reinitialize user credentials
243 /// (used for pam_setcred())
244 Reinitialize_Cred,
245
246 /// Extend lifetime of user credentials
247 /// (used for pam_setcred())
248 Refresh_Cred,
249
250 /// The password service should only update those passwords that have aged.
251 /// If this flag is not passed, the password service should update all passwords.
252 /// (used by pam_chauthtok)
253 Change_Expired_AuthTok,
254
255 /// The password service should update passwords Note: PAM_PRELIM_CHECK
256 /// and PAM_UPDATE_AUTHTOK cannot both be set simultaneously!
257 Update_AuthTok,
258
259 /// The following two flags are for use across the Linux-PAM/module
260 /// interface only. The Application is not permitted to use these
261 /// tokens.
262 ///
263 /// The password service should only perform preliminary checks. No
264 /// passwords should be updated.
265 Prelim_Check,
266}
267
268#[pam_enum]
269#[cfg(not(target_os = "linux"))]
270pub enum PamFlag {
271 /// Default value, if no specific flags should be passed
272 None = 0,
273
274 /// Authentication service should not generate any messages
275 Silent,
276
277 /// Set user credentials for an authentication service
278 /// (used for pam_setcred())
279 Establish_Cred,
280
281 /// Delete user credentials associated with an authentication service
282 /// (used for pam_setcred())
283 Delete_Cred,
284
285 /// Reinitialize user credentials
286 /// (used for pam_setcred())
287 Reinitialize_Cred,
288
289 /// Extend lifetime of user credentials
290 /// (used for pam_setcred())
291 Refresh_Cred,
292}
293
294impl std::fmt::Display for PamFlag {
295 fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
296 f.write_str(&format!("{:?} ({})", self, *self as i32))
297 }
298}
299
300/// The Linux-PAM item types
301///
302/// These defines are used by `pam_set_item()` `and pam_get_item()`.
303/// Please check the spec which are allowed for use by applications
304/// and which are only allowed for use by modules.
305#[pam_enum]
306#[cfg(target_os = "linux")]
307pub enum PamItemType {
308 /// The service name
309 Service,
310
311 /// The user name
312 User,
313
314 /// The tty name
315 TTY,
316
317 /// The remote host name
318 RHost,
319
320 /// The pam_conv structure
321 Conv,
322
323 /// The authentication token (password)
324 AuthTok,
325
326 /// The old authentication token
327 OldAuthTok,
328
329 /// The remote user name
330 RUser,
331
332 /// the prompt for getting a username Linux-PAM extensions
333 User_Prompt,
334
335 /// app supplied function to override failure delays
336 Fail_Delay,
337
338 /// X display name
339 XDisplay,
340
341 /// X server authentication data
342 XAuthData,
343
344 /// The type for pam_get_authtok
345 AuthTok_Type,
346}
347
348#[pam_enum]
349#[cfg(not(target_os = "linux"))]
350pub enum PamItemType {
351 /// The service name
352 Service,
353
354 /// The user name
355 User,
356
357 /// The tty name
358 TTY,
359
360 /// The remote host name
361 RHost,
362
363 /// The pam_conv structure
364 Conv,
365
366 /// The authentication token (password)
367 AuthTok,
368
369 /// The old authentication token
370 OldAuthTok,
371
372 /// The remote user name
373 RUser,
374
375 /// the prompt for getting a username Linux-PAM extensions
376 User_Prompt,
377}
378
379impl std::fmt::Display for PamItemType {
380 fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
381 f.write_str(&format!("{:?} ({})", self, *self as i32))
382 }
383}
384
385/// The Linux-PAM message styles
386#[pam_enum]
387pub enum PamMessageStyle {
388 Prompt_Echo_On,
389 Prompt_Echo_Off,
390 Error_Msg,
391 Text_Info,
392}
393
394impl std::fmt::Display for PamMessageStyle {
395 fn fmt(&self, f: &mut std::fmt::Formatter) -> Result<(), std::fmt::Error> {
396 f.write_str(&format!("{:?} ({})", self, *self as i32))
397 }
398}