pam_kanidm::module

Trait PamHooks

source
pub trait PamHooks {
    // Provided methods
    fn acct_mgmt(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_authenticate(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_chauthtok(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_close_session(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_open_session(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_setcred(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
}
Expand description

Provides functions that are invoked by the entrypoints generated by the pam_hooks! macro.

All of hooks are ignored by PAM dispatch by default given the default return value of PAM_IGNORE. Override any functions that you want to handle with your module. See man pam(3).

Provided Methods§

source

fn acct_mgmt( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of establishing whether the user is permitted to gain access at this time. It should be understood that the user has previously been validated by an authentication module. This function checks for other things. Such things might be: the time of day or the date, the terminal line, remote hostname, etc. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing.

source

fn sm_authenticate( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of authenticating the user.

source

fn sm_chauthtok( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is used to (re-)set the authentication token of the user.

The PAM library calls this function twice in succession. The first time with PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is (possibly) changed.

source

fn sm_close_session( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is called to terminate a session.

source

fn sm_open_session( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is called to commence a session.

source

fn sm_setcred( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called after the user has been authenticated but before a session has been established.

Object Safety§

This trait is not object safe.

Implementors§