pam 0.8.0

Safe Rust wrappers for PAM authentication
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

//! Functions and structures that can be used to implement a PAM module
//!
//! Inspired by anowell/pam-rs

use crate::{PamHandle, PamReturnCode};
use std::ffi::CStr;
use std::os::raw::c_uint;

// FIXME: Find a solution for the flags containing ORed integers
#[allow(unused_variables)]
/// Trait representing a PAM module.
///
/// Modules should override the desired functions and call the macro `impl_pam_module`.
/// This exports the respective functions at the expected symbols prefixed with `pam_sm_`.
///
/// ```no_run
/// use pam::{PamModule, export_pam_module};
///
/// pub struct MyModule;
/// impl PamModule for MyModule {}
///
/// // FIXME: Currently gets E0433: failed to resolve for `MyModule`
/// //export_pam_module!(MyModule);
/// ```
pub trait PamModule {
    fn account_management(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
    fn authenticate(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
    fn change_auth_token(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
    fn close_session(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
    fn open_session(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
    fn set_credentials(handle: &PamHandle, args: Vec<&CStr>, flags: c_uint) -> PamReturnCode {
        PamReturnCode::Ignore
    }
}

#[macro_export]
/// Export the given struct as a PAM module by wiring up the respective extern "C" functions
macro_rules! export_pam_module {
    ($struct:ident) => {
        pub use _pam_module_::*;
        mod _pam_module_ {
            use std::ffi::CStr;
            use std::os::raw::{c_char, c_int, c_uint};
            use $crate::{PamHandle, PamModule, PamReturnCode};

            fn convert_args<'a>(argc: c_int, argv: *const *const c_char) -> Vec<&'a CStr> {
                (0..argc)
                    .map(|i| unsafe { CStr::from_ptr(*argv.offset(i as isize)) })
                    .collect()
            }

            #[no_mangle]
            pub extern "C" fn pam_sm_acct_mgmt(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::account_management(handle, args, flags)
            }
            #[no_mangle]
            pub extern "C" fn pam_sm_authenticate(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::authenticate(handle, args, flags)
            }
            #[no_mangle]
            pub extern "C" fn pam_sm_chauthtok(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::change_auth_token(handle, args, flags)
            }
            #[no_mangle]
            pub extern "C" fn pam_sm_close_session(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::close_session(handle, args, flags)
            }
            #[no_mangle]
            pub extern "C" fn pam_sm_open_session(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::open_session(handle, args, flags)
            }
            #[no_mangle]
            pub extern "C" fn pam_sm_setcred(
                handle: &PamHandle,
                flags: c_uint,
                argc: c_int,
                argv: *const *const c_char,
            ) -> PamReturnCode {
                let args = convert_args(argc, argv);
                super::$struct::set_credentials(handle, args, flags)
            }
        }
    };
}

#[cfg(test)]
pub mod test {
    use super::PamModule;
    use crate::export_pam_module;

    pub struct TestModule;
    impl PamModule for TestModule {}

    export_pam_module!(TestModule);
}