8 Commits

Author SHA1 Message Date
javalsai 6de737ae07 fix: syntax 2026-05-14 00:10:55 +02:00
javalsai b660956c4f security: override CURL env parameters 2026-05-11 03:02:02 +02:00
javalsai 875fb215bf feat: ignore passwd verification if ruid == root 2026-05-11 03:01:28 +02:00
javalsai 9463c26036 feat!: implement complete password auth chain (+)
This is a final implementation, it completely works, is safe and
audited. There are several changes overall (most explained in the
README):
- Added `debuggable` cargo feature to disable debug ability, reducing a
  bit library size.
- Completed README with setup, concernsm, features and more.
- Add `asdeny` argument to behave as a PAM barrier. Updated nixos
  configuration accordingly.
- Modularity, separated config from API client and CURL client, each can
  take a `debug` option for a clean function call interface.
- Unified logging methods, there is a current `e/println!` call in all
  the codebase, behind a macro, to allow for consistent log formatting.
- Readability, separated and broke down cognitive complicated structures
  for ease of readability, methods are as simple as I could get them to
  be and reusable across `authentication` and `password` flows.
- HTTP headers now are macro'ed to prevent typos and have unified casing
  and representations.
- Simplified CURL interface so it integrates perfectly with rust type
  system for just what's necessary, it's more readable and loggable.
- Checked PAM returned errors to see if they are sensible enough.
- Checked this interacts with `pam_unix.so` as expected.
2026-05-11 01:56:48 +02:00
javalsai bf952a5dc4 feat: password change (+)
This works, however there's still stuff to do.

The configuration.nix pam stack is broken, still defaults back to
pam_unix.so if this fails.

The code is now a small mess, I need to make `Client` structs and more
separation.

And I still have to fully understand keycloak and properly use the
clients or configure them.
2026-05-10 18:48:54 +02:00
javalsai 0cf366d8ff chore: add cargo metadata 2026-05-09 20:07:25 +02:00
javalsai 0f736b1fc4 feat: add group configuration (+)
will only check users of such group

also cleaned some code:
- Input doesn't need to be UTF-8 valid.
- Main fuction is dead-simple, very readable.
- Added some modularity.
- Add some docs on behavior details.
2026-05-09 19:57:50 +02:00
javalsai d2a2baebc8 initial commit
- login works
- basic documentation
2026-05-09 18:06:35 +02:00