Trait pam_kanidm::module::PamHooks
source · pub trait PamHooks {
fn acct_mgmt(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
fn sm_authenticate(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
fn sm_chauthtok(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
fn sm_close_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
fn sm_open_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
fn sm_setcred(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode { ... }
}Expand description
Provides functions that are invoked by the entrypoints generated by the
pam_hooks! macro.
All of hooks are ignored by PAM dispatch by default given the default return value of PAM_IGNORE.
Override any functions that you want to handle with your module. See man pam(3).
Provided Methods§
sourcefn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode
fn acct_mgmt(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode
This function performs the task of establishing whether the user is permitted to gain access at this time. It should be understood that the user has previously been validated by an authentication module. This function checks for other things. Such things might be: the time of day or the date, the terminal line, remote hostname, etc. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing.
sourcefn sm_authenticate(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
fn sm_authenticate(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
This function performs the task of authenticating the user.
sourcefn sm_chauthtok(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
fn sm_chauthtok(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
This function is used to (re-)set the authentication token of the user.
The PAM library calls this function twice in succession. The first time with PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is (possibly) changed.
sourcefn sm_close_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
fn sm_close_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
This function is called to terminate a session.
sourcefn sm_open_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
fn sm_open_session(
pamh: &PamHandle,
args: Vec<&CStr>,
flags: PamFlag
) -> PamResultCode
This function is called to commence a session.
sourcefn sm_setcred(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode
fn sm_setcred(pamh: &PamHandle, args: Vec<&CStr>, flags: PamFlag) -> PamResultCode
This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called after the user has been authenticated but before a session has been established.