From 8141108351def3f35ea8025ff765415ba1a36ec9 Mon Sep 17 00:00:00 2001
From: Dominik George <nik@naturalnet.de>
Date: Thu, 6 May 2021 01:03:40 +0200
Subject: [PATCH] [PAM] Make client_secret and token_url optional

---
 src/pam.rs | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/src/pam.rs b/src/pam.rs
index c6e3eb8..4cf3ba9 100644
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -53,9 +53,25 @@ fn get_or_pam_error(config: &Config, key: &str) -> Result<String, PamError> {
     }
 }
 
+fn get_optional(config: &Config, key: &str) -> Option<String> {
+    match config.get_str(key) {
+        Ok(v) => {
+            debug!("Configuration key found: {} = {}", key, v);
+            return Some(v);
+        },
+        Err(_) => {
+            debug!("Configuration key not found (optional): {}", key);
+            return None;
+        },
+    }
+}
+
 fn do_legacy_auth(username: String, password: String, config: Config) -> Result<BasicTokenResponse, PamError> {
     let client_id = ClientId::new(get_or_pam_error(&config, "pam.client_id")?);
-    let client_secret = ClientSecret::new(get_or_pam_error(&config, "pam.client_secret")?);
+    let client_secret = match get_optional(&config, "pam.client_secret") {
+        Some(v) => Some(ClientSecret::new(v)),
+        None => None,
+    };
     let auth_url = match AuthUrl::new(get_or_pam_error(&config, "pam.auth_url")?) {
         Ok(u) => u,
         _ => {
@@ -63,16 +79,19 @@ fn do_legacy_auth(username: String, password: String, config: Config) -> Result<
             return Err(PamError::SERVICE_ERR);
         },
     };
-    let token_url = match TokenUrl::new(get_or_pam_error(&config, "pam.token_url")?){
-        Ok(u) => u,
-        _ => {
-            error!("Could not parse token URL");
-            return Err(PamError::SERVICE_ERR);
+    let token_url = match get_optional(&config, "pam.token_url") {
+        Some(v) => match TokenUrl::new(v) {
+            Ok(u) => Some(u),
+            Err(_) => {
+                error!("Could not parse token URL");
+                return Err(PamError::SERVICE_ERR);
+            }
         },
+        None => None,
     };
     let scope = get_or_pam_error(&config, "pam.scope")?;
 
-    let client = BasicClient::new(client_id, Some(client_secret), auth_url, Some(token_url));
+    let client = BasicClient::new(client_id, client_secret, auth_url, token_url);
     let result = client
         .exchange_password(
             &ResourceOwnerUsername::new(username),
-- 
GitLab