pam-sys-0.5.6/.gitignore010064400017500000144000000002371252071107500133220ustar0000000000000000# Compiled files *.o *.so *.rlib *.dll # Executables *.exe # Generated by Cargo /target/ # Do not check in Cargo.lock since pam-sys is a library Cargo.lock pam-sys-0.5.6/.travis.yml010064400017500000144000000004441324603470700134510ustar0000000000000000language: rust cache: cargo rust: - stable - beta - nightly matrix: allow_failures: - rust: nightly sudo: false addons: apt: packages: - libpam0g-dev script: - cargo build --release --verbose - cargo test --verbose notifications: email: on_success: never pam-sys-0.5.6/CHANGELOG.md010064400017500000144000000067161331722750100131540ustar0000000000000000# Changelog All notable changes to this project will be documented in this file. This project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## [0.5.6] - 2018-07-04 ### Fixed - Fixed NULL pointer usage in wrapped::get_env function when pam_getenv fails ## [0.5.5] - 2018-03-21 ### Added - Implement `pam_get_user` ### Changed - Addded `cache: cargo` directive to speedup CI - Updated `libc` dependency (0.2.33 -> 0.2.39) ## [0.5.4] - 2017-11-30 ### Changed - Only provide official support for Rust stable, beta and nightly (mainly through travis) - Updated `libc` dependency (0.2.20 -> 0.2.33) ### Fixed - Only link `pam_misc` on Linux ## [0.5.3] - 2017-02-18 ### Fixed - Fixed `readonly` flag in `pam_misc_setenv` - Added some `null` checks for some `wrapped` functions ## [0.5.2] - 2017-02-18 ### Fixed - Fixed missing link argument to `pam_misc` ## [0.5.1] - 2017-02-17 ### Fixed - Fixed compilation failure on Rust 1.4.0 - Fixed wrong category ## [0.5.0] - 2017-02-17 ### Added - Added travis-ci badge to `Cargo.toml` - Added categories to `Cargo.toml` ### Changed - Changed `raw::pam_getenvlist`'s return type back to `*const *const c_char` - Made `wrapped` functions safe and changed arguments to use better types ### Fixed - Fixed `raw::pam_misc_dropenv` and `wrapped::misc_dropenv`'s return type ## [0.4.3] - 2017-01-20 ### Added - Added license badge to `README.md` ### Changed - Updated `libc` dependency (0.2.9 -> 0.2.20) - Moved documentation to [docs.rs](https://docs.rs/pam-sys/) ### Removed - Removed obsolete dependencies (`gcc` & `pkg-config`) - Removed `.travis-update-gh-pages.sh` and obsolete rust versions from `.travis.yml` ## [0.4.1] - 2016-04-11 ### Changed - Relicense under MIT/Apache-2.0 ## [0.4.0] - 2016-04-11 ### Added - Better travis-ci integration - Test on 1.4.0-1.6.0, stable, beta and nightly - Use containers for faster builds ### Changed - Updated `libc` dependency (0.2.2 -> 0.2.9) - Changed wrapped/{strerror, getenv} to return `Option<&'static str>` instead of `*const c_char` ## [0.3.0] - 2015-12-08 ### Added - CHANGELOG.md ### Changed - Updated `libc` dependency (0.1.8 -> 0.2.2) - PamHandle from empty struct to zero variant enum (as recommended in [the Rust Book](https://doc.rust-lang.org/nightly/book/ffi.html#representing-opaque-structs)) [Unreleased]: https://github.com/1wilkens/pam-sys/compare/v0.5.6...HEAD [0.5.6]: https://github.com/1wilkens/pam-sys/compare/v0.5.5...v0.5.6 [0.5.5]: https://github.com/1wilkens/pam-sys/compare/v0.5.4...v0.5.5 [0.5.4]: https://github.com/1wilkens/pam-sys/compare/v0.5.3...v0.5.4 [0.5.3]: https://github.com/1wilkens/pam-sys/compare/v0.5.2...v0.5.3 [0.5.2]: https://github.com/1wilkens/pam-sys/compare/v0.5.1...v0.5.2 [0.5.1]: https://github.com/1wilkens/pam-sys/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/1wilkens/pam-sys/compare/v0.4.3...v0.5.0 [0.4.3]: https://github.com/1wilkens/pam-sys/compare/v0.4.1...v0.4.3 [0.4.1]: https://github.com/1wilkens/pam-sys/compare/v0.4.0...v0.4.1 [0.4.0]: https://github.com/1wilkens/pam-sys/compare/v0.3.0...v0.4.0 [0.3.0]: https://github.com/1wilkens/pam-sys/compare/f051f14b76ad1e06be1832604e0ca570743460ac...v0.3.0 pam-sys-0.5.6/Cargo.toml.orig010064400017500000144000000010301331722751200142140ustar0000000000000000[package] name = "pam-sys" version = "0.5.6" authors = ["Florian Wilkens "] description = "FFI wrappers for the Linux Pluggable Authentication Modules (PAM)" repository = "https://github.com/1wilkens/pam-sys" documentation = "https://docs.rs/pam-sys/" readme = "README.md" license = "MIT OR Apache-2.0" categories = ["authentication", "api-bindings", "external-ffi-bindings", "os::unix-apis"] build = "build.rs" links = "pam" [badges] travis-ci = { repository = "1wilkens/pam-sys" } [dependencies] libc = "0.2.39" pam-sys-0.5.6/Cargo.toml0000644000000020410000000000000104670ustar00# THIS FILE IS AUTOMATICALLY GENERATED BY CARGO # # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies # to registry (e.g. crates.io) dependencies # # If you believe there's an error in this file please file an # issue against the rust-lang/cargo repository. If you're # editing this file be aware that the upstream Cargo.toml # will likely look very different (and much more reasonable) [package] name = "pam-sys" version = "0.5.6" authors = ["Florian Wilkens "] build = "build.rs" links = "pam" description = "FFI wrappers for the Linux Pluggable Authentication Modules (PAM)" documentation = "https://docs.rs/pam-sys/" readme = "README.md" categories = ["authentication", "api-bindings", "external-ffi-bindings", "os::unix-apis"] license = "MIT OR Apache-2.0" repository = "https://github.com/1wilkens/pam-sys" [dependencies.libc] version = "0.2.39" [badges.travis-ci] repository = "1wilkens/pam-sys" pam-sys-0.5.6/LICENSE-APACHE010064400017500000144000000250251324603534200132620ustar0000000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS Copyright 2015-2018 The pam-sys Developers Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. pam-sys-0.5.6/LICENSE-MIT010064400017500000144000000020571324603544000127710ustar0000000000000000Copyright (c) 2015-2018 The pam-sys Developers Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. pam-sys-0.5.6/README.md010064400017500000144000000024371324603470700126230ustar0000000000000000# pam-sys [![Version](https://img.shields.io/crates/v/pam-sys.svg)](https://crates.io/crates/pam-sys) [![License](https://img.shields.io/crates/l/pam-sys.svg?branch=master)](https://travis-ci.org/1wilkens/pam-sys) [![Build Status](https://travis-ci.org/1wilkens/pam-sys.svg?branch=master)](https://travis-ci.org/1wilkens/pam-sys) Rust FFI wrappers for the Linux Pluggable Authentication Modules (PAM). [Documentation @ docs.rs](https://docs.rs/pam-sys/) ## Supported Rust versions The library is only continuously built against Rust stable, beta and nightly but as it does not use a lot of new language features it should probably compile on older versions as well. If you encounter problems building on older versions and a small fix can be applied to make the build succeed, consider opening a pull request. ## License Licensed under either of * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) at your option. ### Contribution Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions. pam-sys-0.5.6/build.rs010064400017500000144000000002541324603470700130040ustar0000000000000000fn main() { //TODO: expand this println!("cargo:rustc-link-lib=pam"); if cfg!(target_os = "linux") { println!("cargo:rustc-link-lib=pam_misc"); } } pam-sys-0.5.6/src/lib.rs010064400017500000144000000032441324603470700132440ustar0000000000000000// Copyright (C) 2015-2017 Florian Wilkens // // Permission is hereby granted, free of charge, to any person obtaining a copy of this software and // associated documentation files (the "Software"), to deal in the Software without restriction, // including without limitation the rights to use, copy, modify, merge, publish, distribute, // sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all copies or substantial // portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT // NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES // OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN // CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. //! FFI wrappers for the Linux Pluggable Authentication Modules (PAM) //! //! This crate provides easy access to the Linux-PAM. Both raw and wrapped versions //! of the common functions from `libpam.so` are provided as well as types used in //! these functions. //! //! Note: Not all functions are fully supported yet. For now mainly the ones required //! for authentication with PAM rather than writing a custom PAM module are provided. extern crate libc; pub use types::*; pub use wrapped::*; pub mod raw; #[allow(non_camel_case_types, match_same_arms)] pub mod types; pub mod wrapped; pam-sys-0.5.6/src/raw.rs010064400017500000144000000117531325454532100132710ustar0000000000000000// Copyright (C) 2015-2017 Florian Wilkens // // Permission is hereby granted, free of charge, to any person obtaining a copy of this software and // associated documentation files (the "Software"), to deal in the Software without restriction, // including without limitation the rights to use, copy, modify, merge, publish, distribute, // sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all copies or substantial // portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT // NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES // OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN // CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. //! Raw FFI bindings to Linux-PAM //! //! This modules contains the raw and unchangeg FFI bindings to libpam.so. //! All C-types are mapped to their responding types from `libc` and functions //! names are exactly as exported by `libpam.so` //! //! Note: If possible the wrapped versions of these functions should be preferred, //! since they offer some additional typesafety through the use of the enums defined //! in the [`types`](../types/index.html) module. use libc::{c_char, c_int, c_void}; use types::*; extern "C" { /* ------------------------ pam_appl.h -------------------------- */ /* -------------- The Linux-PAM Framework layer API ------------- */ pub fn pam_start(service_name: *const c_char, user: *const c_char, pam_conversation: *const PamConversation, pamh: *mut *const PamHandle) -> c_int; pub fn pam_end(pamh: *mut PamHandle, pam_status: c_int) -> c_int; /* Authentication APIs */ pub fn pam_authenticate(pamh: *mut PamHandle, flags: c_int) -> c_int; pub fn pam_setcred(pamh: *mut PamHandle, flags: c_int) -> c_int; /* Account Management APIs */ pub fn pam_acct_mgmt(pamh: *mut PamHandle, flags: c_int) -> c_int; /* Session Management APIs */ pub fn pam_open_session(pamh: *mut PamHandle, flags: c_int) -> c_int; pub fn pam_close_session(pamh: *mut PamHandle, flags: c_int) -> c_int; /* Password Management APIs */ pub fn pam_chauthtok(pamh: *mut PamHandle, flags: c_int) -> c_int; /* ------------------------ pam_appl.h -------------------------- */ /* ----------------------- _pam_types.h ------------------------- */ /* ---------- Common Linux-PAM application/module PI ------------ */ pub fn pam_set_item(pamh: *mut PamHandle, item_type: c_int, item: *const c_void) -> c_int; pub fn pam_get_item(pamh: *const PamHandle, item_type: c_int, item: *mut *const c_void) -> c_int; pub fn pam_strerror(pamh: *mut PamHandle, errnum: c_int) -> *const c_char; pub fn pam_putenv(pamh: *mut PamHandle, name_value: *const c_char) -> c_int; pub fn pam_getenv(pamh: *mut PamHandle, name: *const c_char) -> *const c_char; pub fn pam_getenvlist(pamh: *mut PamHandle) -> *const *const c_char; /* ----------------------- _pam_types.h ------------------------- */ /* ----------------------- pam_misc.h --------------------------- */ #[cfg(target_os = "linux")] pub fn pam_misc_paste_env(pamh: *mut PamHandle, user_env: *const *const c_char) -> c_int; #[cfg(target_os = "linux")] pub fn pam_misc_drop_env(env: *mut *mut c_char) -> c_int; #[cfg(target_os = "linux")] pub fn pam_misc_setenv(pamh: *mut PamHandle, name: *const c_char, value: *const c_char, readonly: c_int) -> c_int; /* ----------------------- pam_misc.h --------------------------- */ /* ----------------------- pam_modules.h ------------------------ */ /* -------------------- The Linux-PAM Module PI ----------------- */ pub fn pam_set_data(pamh: *mut PamHandle, module_data_name: *const c_char, data: *mut c_void, cleanup: Option) -> c_int; pub fn pam_get_data(pamh: *const PamHandle, module_data_name: *const c_char, data: *mut *const c_void) -> c_int; pub fn pam_get_user(pamh: *const PamHandle, user: *mut *const c_char, prompt: *const c_char) -> c_int; /* ----------------------- pam_modules.h ------------------------ */ } pam-sys-0.5.6/src/types.rs010064400017500000144000000261261324603470700136460ustar0000000000000000// Copyright (C) 2015-2017 Florian Wilkens // // Permission is hereby granted, free of charge, to any person obtaining a copy of this software and // associated documentation files (the "Software"), to deal in the Software without restriction, // including without limitation the rights to use, copy, modify, merge, publish, distribute, // sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all copies or substantial // portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT // NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES // OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN // CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. //! Types defined by Linux-PAM //! //! This modules contains struct and enum definitions used by `pam-sys`. use libc::{c_char, c_int, c_void}; use std::fmt::{Display, Error, Formatter}; /// Type alias for the PAM "conversation function" used as part of the `PamConversation` struct pub type ConvClosure = (extern "C" fn(c_int, *mut *mut PamMessage, *mut *mut PamResponse, *mut c_void) -> c_int); /// Opaque struct internal to Linux-PAM /// /// From `_pam_types.h`: /// /// "This is a blind structure. Users aren't allowed to see /// inside a `pam_handle_t`, so we don't define struct `pam_handle` here. /// This is defined in a file private to the PAM library. /// (i.e., it's private to PAM service modules, too!)" pub enum PamHandle {} /// Message struct to transfer authentication data to the user /// /// From `_pam_types.h`: /// /// "Used to pass prompting text, error messages, or other informatory text to the user. /// This structure is allocated and freed by the PAM library (or loaded module)." #[repr(C)] #[derive(Clone, Copy, Debug)] pub struct PamMessage { pub msg_style: c_int, pub msg: *const c_char, } /// Response struct to transfer the user's response back to Linux-PAM /// /// From `_pam_types.h`: /// /// "Used to return the user's response to the PAM library. /// This structure is allocated by the application program, /// and free()'d by the Linux-PAM library (or calling module)." #[repr(C)] #[derive(Clone, Copy, Debug)] pub struct PamResponse { pub resp: *mut c_char, /// currently un-used, zero expected pub resp_retcode: c_int, } /// Conversation structure containing the `converse` function and authentication data /// /// From `_pam_types.h`: /// /// "The actual conversation structure itself" #[repr(C)] pub struct PamConversation { /* int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); */ pub conv: Option, pub data_ptr: *mut c_void, } /// Special struct for the `PAM_XAUTHDATA` pam item /// /// From `_pam_types.h`: /// /// "Used by the `PAM_XAUTHDATA` pam item. Contains X authentication /// data used by modules to connect to the user's X display. /// Note: this structure is intentionally compatible with `xcb_auth_info_t`." #[repr(C)] #[derive(Clone, Copy, Debug)] pub struct PamXAuthData { pub namelen: c_int, pub name: *mut c_char, pub datalen: c_int, pub data: *mut c_char, } /// The Linux-PAM return values #[derive(Clone, Copy, Debug, PartialEq)] pub enum PamReturnCode { /// Successful function return SUCCESS = 0, /// dlopen() failure when dynamically loading a service module OPEN_ERR = 1, /// Symbol not found SYMBOL_ERR = 2, /// Error in service module SERVICE_ERR = 3, /// System error SYSTEM_ERR = 4, /// Memory buffer error BUF_ERR = 5, /// Permission denied PERM_DENIED = 6, /// Authentication failure AUTH_ERR = 7, /// Can not access authentication data due to insufficient credentials CRED_INSUFFICIENT = 8, /// Underlying authentication service can not retrieve authentication information AUTHINFO_UNAVAIL = 9, /// User not known to the underlying authentication module USER_UNKNOWN = 10, /// An authentication service has maintained a retry count which has been reached. /// No further retries should be attempted MAXTRIES = 11, /// New authentication token required. /// This is normally returned if the machine security policies require /// that the password should be changed beccause the password is NULL or it has aged NEW_AUTHTOK_REQD = 12, /// User account has expired ACCT_EXPIRED = 13, /// Can not make/remove an entry for the specified session SESSION_ERR = 14, /// Underlying authentication service can not retrieve user credentials unavailable CRED_UNAVAIL = 15, /// User credentials expired CRED_EXPIRED = 16, /// Failure setting user credentials CRED_ERR = 17, /// No module specific data is present NO_MODULE_DATA = 18, /// Conversation error CONV_ERR = 19, /// Authentication token manipulation error AUTHTOK_ERR = 20, /// Authentication information cannot be recovered AUTHTOK_RECOVERY_ERR = 21, /// Authentication token lock busy AUTHTOK_LOCK_BUSY = 22, /// Authentication token aging disabled AUTHTOK_DISABLE_AGING = 23, /// Preliminary check by password service TRY_AGAIN = 24, /// Ignore underlying account module regardless of whether /// the control flag is required, optional, or sufficient IGNORE = 25, /// Critical error (?module fail now request) AUTHTOK_EXPIRED = 27, /// user's authentication token has expired ABORT = 26, /// module is not known MODULE_UNKNOWN = 28, /// Bad item passed to pam_*_item() BAD_ITEM = 29, /// conversation function is event driven and data is not available yet CONV_AGAIN = 30, /// please call this function again to complete authentication stack. /// Before calling again, verify that conversation is completed INCOMPLETE = 31, } impl Display for PamReturnCode { fn fmt(&self, f: &mut Formatter) -> Result<(), Error> { f.write_str(&format!("{:?} ({})", self, *self as i32)) } } impl From for PamReturnCode { fn from(status: i32) -> PamReturnCode { match status { 0 => PamReturnCode::SUCCESS, 1 => PamReturnCode::OPEN_ERR, 2 => PamReturnCode::SYMBOL_ERR, 3 => PamReturnCode::SERVICE_ERR, 4 => PamReturnCode::SYSTEM_ERR, 5 => PamReturnCode::BUF_ERR, 6 => PamReturnCode::PERM_DENIED, 7 => PamReturnCode::AUTH_ERR, 8 => PamReturnCode::CRED_INSUFFICIENT, 9 => PamReturnCode::AUTHINFO_UNAVAIL, 10 => PamReturnCode::USER_UNKNOWN, 11 => PamReturnCode::MAXTRIES, 12 => PamReturnCode::NEW_AUTHTOK_REQD, 13 => PamReturnCode::ACCT_EXPIRED, 14 => PamReturnCode::SESSION_ERR, 15 => PamReturnCode::CRED_UNAVAIL, 16 => PamReturnCode::CRED_EXPIRED, 17 => PamReturnCode::CRED_ERR, 18 => PamReturnCode::NO_MODULE_DATA, 19 => PamReturnCode::CONV_ERR, 20 => PamReturnCode::AUTHTOK_ERR, 21 => PamReturnCode::AUTHTOK_RECOVERY_ERR, 22 => PamReturnCode::AUTHTOK_LOCK_BUSY, 23 => PamReturnCode::AUTHTOK_DISABLE_AGING, 24 => PamReturnCode::TRY_AGAIN, 25 => PamReturnCode::IGNORE, 26 => PamReturnCode::ABORT, 27 => PamReturnCode::AUTHTOK_EXPIRED, 28 => PamReturnCode::MODULE_UNKNOWN, 29 => PamReturnCode::BAD_ITEM, 30 => PamReturnCode::CONV_AGAIN, 31 => PamReturnCode::INCOMPLETE, _ => PamReturnCode::SYSTEM_ERR, } } } /// The Linux-PAM flags #[derive(Clone, Copy, Debug, PartialEq)] pub enum PamFlag { /// Authentication service should not generate any messages SILENT = 0x8000, /// The authentication service should return AUTH_ERROR /// if the user has a null authentication token /// (used by pam_authenticate{,_secondary}()) DISALLOW_NULL_AUTHTOK = 0x0001, /// Set user credentials for an authentication service /// (used for pam_setcred()) ESTABLISH_CRED = 0x0002, /// Delete user credentials associated with an authentication service /// (used for pam_setcred()) DELETE_CRED = 0x0004, /// Reinitialize user credentials /// (used for pam_setcred()) REINITIALIZE_CRED = 0x0008, /// Extend lifetime of user credentials /// (used for pam_setcred()) REFRESH_CRED = 0x0010, /// The password service should only update those passwords that have aged. /// If this flag is not passed, the password service should update all passwords. /// (used by pam_chauthtok) CHANGE_EXPIRED_AUTHTOK = 0x0020, NONE = 0x0000, } impl Display for PamFlag { fn fmt(&self, f: &mut Formatter) -> Result<(), Error> { f.write_str(&format!("{:?} ({})", self, *self as i32)) } } /// The Linux-PAM item types /// /// These defines are used by `pam_set_item()` `and pam_get_item()`. /// Please check the spec which are allowed for use by applications /// and which are only allowed for use by modules. #[derive(Clone, Copy, Debug, PartialEq)] pub enum PamItemType { /// The service name SERVICE = 1, /// The user name USER = 2, /// The tty name TTY = 3, /// The remote host name RHOST = 4, /// The pam_conv structure CONV = 5, /// The authentication token (password) AUTHTOK = 6, /// The old authentication token OLDAUTHTOK = 7, /// The remote user name RUSER = 8, /// the prompt for getting a username Linux-PAM extensions USER_PROMPT = 9, /// app supplied function to override failure delays FAIL_DELAY = 10, /// X display name XDISPLAY = 11, /// X server authentication data XAUTHDATA = 12, /// The type for pam_get_authtok AUTHTOK_TYPE = 13, } impl Display for PamItemType { fn fmt(&self, f: &mut Formatter) -> Result<(), Error> { f.write_str(&format!("{:?} ({})", self, *self as i32)) } } /// The Linux-PAM message styles #[derive(Clone, Copy, Debug, PartialEq)] pub enum PamMessageStyle { PROMPT_ECHO_OFF = 1, PROMPT_ECHO_ON = 2, ERROR_MSG = 3, TEXT_INFO = 4, } impl Display for PamMessageStyle { fn fmt(&self, f: &mut Formatter) -> Result<(), Error> { f.write_str(&format!("{:?} ({})", self, *self as i32)) } } impl From for PamMessageStyle { fn from(style: i32) -> PamMessageStyle { match style { 1 => PamMessageStyle::PROMPT_ECHO_OFF, 2 => PamMessageStyle::PROMPT_ECHO_ON, 3 => PamMessageStyle::ERROR_MSG, 4 => PamMessageStyle::TEXT_INFO, _ => PamMessageStyle::ERROR_MSG, } } } pam-sys-0.5.6/src/wrapped.rs010064400017500000144000000175741331722742100141470ustar0000000000000000// Copyright (C) 2015-2017 Florian Wilkens // // Permission is hereby granted, free of charge, to any person obtaining a copy of this software and // associated documentation files (the "Software"), to deal in the Software without restriction, // including without limitation the rights to use, copy, modify, merge, publish, distribute, // sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is // furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included in all copies or substantial // portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT // NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES // OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN // CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. //! Wrapped FFI bindings to Linux-PAM //! //! This module provides wrapped versions of some of the functions from //! the [`raw`](../raw/index.html) module which use the appropriate enums //! instead of `c_int`. These wrappers should always be preferred as one //! can safely match on their return types and prevent illegal arguments //! from beeing passed to the native library. //! //! Note: These wrappers get added as I need them. Feel free to open an issue //! or PR for the ones that you require which haven't been added yet. use libc::{c_char, c_int, c_void}; use std::ffi::{CStr, CString}; use std::ptr::null; use types::*; use raw::*; /* ------------------------ pam_appl.h -------------------------- */ #[inline] pub fn start(service: &str, user: Option<&str>, conversation: &PamConversation, handle: *mut *mut PamHandle) -> PamReturnCode { if let Ok(service) = CString::new(service) { if let Some(usr) = user { if let Ok(user) = CString::new(usr) { unsafe { From::from(pam_start(service.as_ptr(), user.as_ptr(), conversation, handle as *mut *const PamHandle)) } } else { PamReturnCode::BUF_ERR } } else { unsafe { From::from(pam_start(service.as_ptr(), null(), conversation, handle as *mut *const PamHandle)) } } } else { PamReturnCode::SERVICE_ERR } } #[inline] pub fn end(handle: &mut PamHandle, status: PamReturnCode) -> PamReturnCode { From::from(unsafe { pam_end(handle, status as c_int) }) } #[inline] pub fn authenticate(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_authenticate(handle, flags as c_int) }) } #[inline] pub fn setcred(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_setcred(handle, flags as c_int) }) } #[inline] pub fn acct_mgmt(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_acct_mgmt(handle, flags as c_int) }) } #[inline] pub fn open_session(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_open_session(handle, flags as c_int) }) } #[inline] pub fn close_session(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_close_session(handle, flags as c_int) }) } #[inline] pub fn chauthtok(handle: &mut PamHandle, flags: PamFlag) -> PamReturnCode { From::from(unsafe { pam_chauthtok(handle, flags as c_int) }) } /* ------------------------ pam_appl.h -------------------------- */ /* ----------------------- _pam_types.h ------------------------- */ #[inline] pub fn set_item(handle: &mut PamHandle, item_type: PamItemType, item: &c_void) -> PamReturnCode { From::from(unsafe { pam_set_item(handle, item_type as c_int, item) }) } #[inline] pub fn get_item(handle: &PamHandle, item_type: PamItemType, item: &mut *const c_void) -> PamReturnCode { From::from(unsafe { pam_get_item(handle, item_type as c_int, item) }) } #[inline] pub fn strerror(handle: &mut PamHandle, errnum: PamReturnCode) -> Option<&str> { unsafe { CStr::from_ptr(pam_strerror(handle, errnum as c_int)) }.to_str().ok() } #[inline] pub fn putenv(handle: &mut PamHandle, name_value: &str) -> PamReturnCode { if let Ok(name_value) = CString::new(name_value) { From::from(unsafe { pam_putenv(handle, name_value.as_ptr()) }) } else { // Not sure whether this is the correct return value PamReturnCode::BUF_ERR } } #[inline] pub fn getenv<'a>(handle: &'a mut PamHandle, name: &str) -> Option<&'a str> { use std::ptr; if let Ok(name) = CString::new(name) { let env = unsafe{pam_getenv(handle, name.as_ptr())}; if env != ptr::null(){ unsafe { CStr::from_ptr(env) }.to_str().ok() } else{ None } } else { None } } #[inline] pub fn getenvlist(handle: &mut PamHandle) -> *const *const c_char { //TODO: find a convenient way to handle this with Rust types unsafe { pam_getenvlist(handle) } } /* ----------------------- _pam_types.h ------------------------- */ /* ----------------------- pam_misc.h --------------------------- */ #[inline] #[cfg(target_os = "linux")] pub fn misc_paste_env(handle: &mut PamHandle, user_env: &[&str]) -> PamReturnCode { // Taken from: https://github.com/rust-lang/rust/issues/9564#issuecomment-95354558 let user_env: Vec<_> = user_env.iter() .map(|&env| CString::new(env).unwrap()) .collect(); let env_ptrs: Vec<_> = user_env.iter() .map(|env| env.as_ptr()) .chain(Some(null())) .collect(); From::from(unsafe { pam_misc_paste_env(handle, env_ptrs.as_ptr()) }) } #[inline] #[cfg(target_os = "linux")] pub fn misc_drop_env(env: &mut *mut c_char) -> PamReturnCode { From::from(unsafe { pam_misc_drop_env(env) }) } #[inline] #[cfg(target_os = "linux")] pub fn misc_setenv(handle: &mut PamHandle, name: &str, value: &str, readonly: bool) -> PamReturnCode { if let (Ok(name), Ok(value)) = (CString::new(name), CString::new(value)) { From::from(unsafe { pam_misc_setenv(handle, name.as_ptr(), value.as_ptr(), if readonly { 0 } else { 1 }) }) } else { PamReturnCode::BUF_ERR } } /* ----------------------- pam_misc.h --------------------------- */ /* ----------------------- pam_modules.h ------------------------ */ #[inline] pub fn set_data(handle: &mut PamHandle, module_data_name: &str, data: &mut c_void, cleanup: Option) -> PamReturnCode { if let Ok(module_data_name) = CString::new(module_data_name) { From::from(unsafe { pam_set_data(handle, module_data_name.as_ptr(), data, cleanup) }) } else { PamReturnCode::BUF_ERR } } //pub fn get_data(handle: *const PamHandle, module_data_name: *const c_char, data: *const *const c_void); pub fn get_user(handle: &PamHandle, user: &mut *const c_char, prompt: *const c_char) -> PamReturnCode { From::from( unsafe { pam_get_user( handle, user, prompt ) } ) } /* ----------------------- pam_modules.h ------------------------ */