nix = "0.26.1"
once_cell = "1.3.1"
openssl = "0.10"
-pam = "0.7"
pam-sys = "0.5"
percent-encoding = "2.1"
pin-utils = "0.1.0"
log = { workspace = true, optional = true }
http = { workspace = true, optional = true }
openssl = { workspace = true, optional = true }
-pam = { workspace = true, optional = true }
pam-sys = { workspace = true, optional = true }
percent-encoding = { workspace = true, optional = true }
regex = { workspace = true, optional = true }
"dep:proxmox-router",
"dep:proxmox-tfa",
]
-pam-authenticator = [ "api", "dep:libc", "dep:log", "dep:pam", "dep:pam-sys" ]
+pam-authenticator = [ "api", "dep:libc", "dep:log", "dep:pam-sys" ]
librust-proxmox-auth-api+api-dev (= ${binary:Version}),
librust-libc-0.2+default-dev (>= 0.2.107-~~),
librust-log-0.4+default-dev (>= 0.4.17-~~),
- librust-pam-0.7+default-dev,
librust-pam-sys-0.5+default-dev
Provides:
librust-proxmox-auth-api-0+pam-authenticator-dev (= ${binary:Version}),
password: &'a str,
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'a>> {
Box::pin(async move {
- let mut auth = pam::Authenticator::with_password(self.service).unwrap();
- auth.get_handler()
- .set_credentials(username.as_str(), password);
- auth.authenticate()?;
+ let mut password_conv = PasswordConv {
+ login: username.as_str(),
+ password,
+ };
+
+ let conv = pam_sys::types::PamConversation {
+ conv: Some(conv_fn),
+ data_ptr: &mut password_conv as *mut _ as *mut c_void,
+ };
+
+ let mut handle = std::ptr::null_mut();
+ let err =
+ pam_sys::wrapped::start(self.service, Some(username.as_str()), &conv, &mut handle);
+ if err != PamReturnCode::SUCCESS {
+ bail!("error opening pam - {err}");
+ }
+ let mut handle = PamGuard {
+ handle: unsafe { &mut *handle },
+ result: PamReturnCode::SUCCESS,
+ };
+
+ handle.result =
+ pam_sys::wrapped::authenticate(handle.handle, pam_sys::types::PamFlag::NONE);
+ if handle.result != PamReturnCode::SUCCESS {
+ bail!("authentication error - {err}");
+ }
+
Ok(())
})
}