proxmox-mirrors/proxmox
1
0
Fork 1
mirror of https://git.proxmox.com/git/proxmox synced 2025-05-29 19:18:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

auth-api: drop pam crate

Browse Source 
it's too limited

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2023-06-13 09:22:11 +02:00
parent c8433e3219
commit 8f08039e7e
4 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@ -61,7 +61,6 @@ native-tls = "0.2"
nix = "0.26.1" nix = "0.26.1"
once_cell = "1.3.1" once_cell = "1.3.1"
openssl = "0.10" openssl = "0.10"
pam = "0.7"
pam-sys = "0.5" pam-sys = "0.5"
percent-encoding = "2.1" percent-encoding = "2.1"
pin-utils = "0.1.0" pin-utils = "0.1.0"

3
proxmox-auth-api/Cargo.toml
View File

@ -21,7 +21,6 @@ libc = { workspace = true, optional = true }
log = { workspace = true, optional = true } log = { workspace = true, optional = true }
http = { workspace = true, optional = true } http = { workspace = true, optional = true }
openssl = { workspace = true, optional = true } openssl = { workspace = true, optional = true }
pam = { workspace = true, optional = true }
pam-sys = { workspace = true, optional = true } pam-sys = { workspace = true, optional = true }
percent-encoding = { workspace = true, optional = true } percent-encoding = { workspace = true, optional = true }
regex = { workspace = true, optional = true } regex = { workspace = true, optional = true }
@ -50,4 +49,4 @@ api = [
"dep:proxmox-router", "dep:proxmox-router",
"dep:proxmox-tfa", "dep:proxmox-tfa",
] ]
pam-authenticator = [ "api", "dep:libc", "dep:log", "dep:pam", "dep:pam-sys" ] pam-authenticator = [ "api", "dep:libc", "dep:log", "dep:pam-sys" ]

1
proxmox-auth-api/debian/control
View File

@ -90,7 +90,6 @@ Depends:
librust-proxmox-auth-api+api-dev (= ${binary:Version}), librust-proxmox-auth-api+api-dev (= ${binary:Version}),
librust-libc-0.2+default-dev (>= 0.2.107-~~), librust-libc-0.2+default-dev (>= 0.2.107-~~),
librust-log-0.4+default-dev (>= 0.4.17-~~), librust-log-0.4+default-dev (>= 0.4.17-~~),
librust-pam-0.7+default-dev,
librust-pam-sys-0.5+default-dev librust-pam-sys-0.5+default-dev
Provides: Provides:
librust-proxmox-auth-api-0+pam-authenticator-dev (= ${binary:Version}), librust-proxmox-auth-api-0+pam-authenticator-dev (= ${binary:Version}),

31
proxmox-auth-api/src/pam_authenticator.rs
View File

@ -25,10 +25,33 @@ impl crate::api::Authenticator for Pam {
password: &'a str, password: &'a str,
) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'a>> { ) -> Pin<Box<dyn Future<Output = Result<(), Error>> + Send + 'a>> {
Box::pin(async move { Box::pin(async move {
let mut auth = pam::Authenticator::with_password(self.service).unwrap(); let mut password_conv = PasswordConv {
auth.get_handler() login: username.as_str(),
.set_credentials(username.as_str(), password); password,
auth.authenticate()?; };
let conv = pam_sys::types::PamConversation {
conv: Some(conv_fn),
data_ptr: &mut password_conv as *mut _ as *mut c_void,
};
let mut handle = std::ptr::null_mut();
let err =
pam_sys::wrapped::start(self.service, Some(username.as_str()), &conv, &mut handle);
if err != PamReturnCode::SUCCESS {
bail!("error opening pam - {err}");
}
let mut handle = PamGuard {
handle: unsafe { &mut *handle },
result: PamReturnCode::SUCCESS,
};
handle.result =
pam_sys::wrapped::authenticate(handle.handle, pam_sys::types::PamFlag::NONE);
if handle.result != PamReturnCode::SUCCESS {
bail!("authentication error - {err}");
}
Ok(()) Ok(())
}) })
} }