use std::error::Error;
use log::{debug, info};
use pam_client::{conv_cli::Conversation, Context, Flag};
use crate::{config, pwd, session, token, tty, user, SESSION_PATH};
pub(crate) fn authentification(
userconf: &config::UserConf,
userdata: &user::User,
) -> Result<(), Box<dyn Error>> {
debug!("Starting verification of {}", &userconf.username);
userdata.verify_user(&userconf.username)?;
debug!(
"User was approved, starting group verification of {}",
userconf.group
);
userdata.verify_group(&userconf.group)?;
Ok(())
}
pub(crate) fn authentification_pam(
conf: &config::Config,
userconf: &config::UserConf,
userdata: &user::User,
) -> Result<Context<Conversation>, Box<dyn Error>> {
debug!("Creating Pam context for Rudo");
let mut context = Context::new(
"rudo",
Some(&userdata.username), Conversation::new(),
)?;
let tty = tty::Terminal::new()?;
debug!("TTY name is: {}", tty.terminal_name);
debug!("Terminal UUID is {}", tty.terminal_uuid);
let token_path = format!(
"{}{}{}",
SESSION_PATH, &userdata.username, tty.terminal_name
);
debug!("token_path has been created: {}", token_path);
debug!("Verifying token_path validity and extracting result");
let result = token::verify_path(&token_path, &tty)?;
debug!("Asking for password if token is invalid or non-existent");
if !result {
info!(
"{} demand authorization to use Rudo, password will be asked",
userdata.username
);
pwd::password_input(userconf.password, &mut context)?;
info!(
"{} has given is password that was validated by Pam",
userdata.username
);
debug!("Validate the account of {}", userdata.username);
context.acct_mgmt(Flag::DISALLOW_NULL_AUTHTOK)?;
debug!("Creating the directory of the token in /run");
session::create_dir_run(&userdata.username)?;
let token = session::Token::new(&tty.terminal_name, &tty.terminal_uuid);
debug!(
"Token was created for {} with UUID: {}",
tty.terminal_name, tty.terminal_uuid
);
debug!("Token will be written to {}", token_path);
token?.create_token_file(&userdata.username)?;
}
context.set_user(Some(conf.rudo.impuser.as_str()))?;
info!("User was change to: {}", conf.rudo.impuser);
Ok(context)
}