authy-oidc/src/auth/pamsock.rs

//! Horrible error handling here btw

use std::fmt::{Debug, Display};

use pamsock::prot::ServerResponse;

use super::AuthenticateResponse;

impl From<ServerResponse> for AuthenticateResponse<&'static str> {
    fn from(value: ServerResponse) -> Self {
        use ServerResponse as SR;

        match value {
            SR::ServerError => Self::Failed("unknown server error"),
            SR::Locked => Self::Failed("account locked, too many login attempts"),
            SR::Failed => Self::Failed("wrong credentials"),
            SR::Succeeded => Self::Success,
        }
    }
}

pub async fn authenticate(
    cfg: &crate::args::Args,
    user: &str,
    passwd: &str,
) -> Option<AuthenticateResponse<impl Display + Debug>> {
    use std::os::unix::net::UnixStream;
    use tokio::net::UnixStream as AsyncUnixStream;

    let std_sock = UnixStream::connect_addr(&cfg.pamsock_abstract_name).ok()?;
    std_sock.set_nonblocking(true).ok();
    let async_sock = AsyncUnixStream::from_std(std_sock).ok()?;

    Some(
        pamsock::prot::attempt_login_async(async_sock, user, passwd)
            .await?
            .into(),
    )
}