Trait pam_kanidm::module::PamHooks

pub trait PamHooks {
    // Provided methods
    fn acct_mgmt(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_authenticate(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_chauthtok(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_close_session(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_open_session(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
    fn sm_setcred(
        pamh: &PamHandle,
        args: Vec<&CStr>,
        flags: PamFlag,
    ) -> PamResultCode { ... }
}

Provides functions that are invoked by the entrypoints generated by the pam_hooks! macro.

All of hooks are ignored by PAM dispatch by default given the default return value of PAM_IGNORE. Override any functions that you want to handle with your module. See man pam(3).

Provided Methods

fn acct_mgmt( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of establishing whether the user is permitted to gain access at this time. It should be understood that the user has previously been validated by an authentication module. This function checks for other things. Such things might be: the time of day or the date, the terminal line, remote hostname, etc. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing.

fn sm_authenticate( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of authenticating the user.

fn sm_chauthtok( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is used to (re-)set the authentication token of the user.

The PAM library calls this function twice in succession. The first time with PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is (possibly) changed.

fn sm_close_session( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is called to terminate a session.

fn sm_open_session( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function is called to commence a session.

fn sm_setcred( pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag, ) -> PamResultCode

This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called after the user has been authenticated but before a session has been established.

Object Safety

This trait is not object safe.

Implementors

impl PamHooks for PamKanidm