Fix most warnings

cff0538f · Nik | Klampfradler · 8f6a46fa · cff0538f · cff0538f · cff0538f
Verified Commit cff0538f authored 3 years ago by Nik | Klampfradler
--- a/src/cache.rs
+++ b/src/cache.rs
@@ -78,7 +78,7 @@ impl UserInfo {
    ///
    /// Will fill the `passwd` slot on success, or return an error if not successful.
    /// This method will only attempt resolution if calling `getpwnam`/`getpwuid` is
-    /// currently considered safe, i.e. the `is_getpwnam_safe` flag has not been set
+    /// currently considered safe, i.e. the `IS_GETPWNAM_SAFE` flag has not been set
    /// to `false`. It will be set to false if another resolution is currently running,
    /// because libc will call back into our backend and we need to break the loop.
    /// This means that e.g. home directory resolution is impossible during an NSS
@@ -123,7 +123,7 @@ impl UserInfo {
    /// attempting NSS resolution before doing so (in case only username is filled)
    pub fn get_uid(&mut self) -> Result<uid_t, io::Error> {
        if self.uid.is_none() && self.passwd.is_none() {
-            self.try_resolve();
+            self.try_resolve().ok();
        }
        match &self.passwd {
            Some(passwd) => Ok(passwd.pw_uid),
@@ -142,7 +142,7 @@ impl UserInfo {
        if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_uid != uid {
            // Invalidate passwd because UID does not match anymore
            self.passwd = None;
-            self.try_resolve();
+            self.try_resolve().ok();
        }
        self.username = match &self.passwd {
            Some(p) => Some(p.pw_name.to_string()),
@@ -154,7 +154,7 @@ impl UserInfo {
    /// attempting NSS resolution before doing so (in case only uid is filled)
    pub fn get_username(&mut self) -> Result<String, io::Error> {
        if self.username.is_none() && self.passwd.is_none() {
-            self.try_resolve();
+            self.try_resolve().ok();
        }
        match &self.passwd {
            Some(passwd) => Ok(passwd.pw_name.to_string()),
@@ -173,7 +173,7 @@ impl UserInfo {
        if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap().to_string() {
            // Invalidate passwd because UID does not match anymore
            self.passwd = None;
-            self.try_resolve();
+            self.try_resolve().ok();
        }
        self.uid = match &self.passwd {
            Some(p) => Some(p.pw_uid),
@@ -192,7 +192,7 @@ impl UserInfo {
    /// attempting NSS resolution before doing so
    pub fn get_home_directory(&mut self) -> Result<String, io::Error> {
        if self.passwd.is_none() {
-            self.try_resolve();
+            self.try_resolve().ok();
        }
        match &self.passwd {
            Some(passwd) => Ok(passwd.pw_dir.clone()),
@@ -359,15 +359,15 @@ fn save_json<O: Serialize>(path: PathBuf, obj: O) -> Result<(), io::Error> {
    fs::write(path, json)
 }
-static mut is_getpwnam_safe: bool = true;
+static mut IS_GETPWNAM_SAFE: bool = true;
 fn get_is_getpwnam_safe() -> bool {
    unsafe {
-        is_getpwnam_safe
+        IS_GETPWNAM_SAFE
    }
 }
 pub fn set_is_getpwnam_safe(v: bool) {
    unsafe {
-        is_getpwnam_safe = v
+        IS_GETPWNAM_SAFE = v
    }
 }
@@ -390,16 +390,16 @@ fn restore_privileges() {
    }
 }
-static mut original_euid: uid_t = uid_t::MAX;
+static mut ORIGINAL_EUID: uid_t = uid_t::MAX;
-static mut original_euid_set: bool = false;
+static mut ORIGINAL_EUID_SET: bool = false;
 fn get_original_euid() -> uid_t {
    unsafe {
-        if !original_euid_set {
+        if !ORIGINAL_EUID_SET {
-            original_euid = geteuid();
+            ORIGINAL_EUID = geteuid();
-            debug!("Original EUID stored as {}", original_euid);
+            debug!("Original EUID stored as {}", ORIGINAL_EUID);
-            original_euid_set = true;
+            ORIGINAL_EUID_SET = true;
        }
-        original_euid
+        ORIGINAL_EUID
    }
 }

--- a/src/oauth.rs
+++ b/src/oauth.rs
@@ -157,7 +157,7 @@ pub fn get_access_token_password<E: Copy>(conf: &Config, prefix: &str, username:
 ///
 /// Takes the same arguments as `get_data_jq`.
 fn get_data(conf: &Config, prefix: &str, endpoint: &str, param: String, token: &BasicTokenResponse) -> Result<String, Box<dyn error::Error>> {
-    /// Extract token as string from deserialized access token
+    // Extract token as string from deserialized access token
    let access_token = token.access_token().secret();
    let token_type = "Bearer".to_string();  // FIXME Probably we need to handle other token types

--- a/src/pam.rs
+++ b/src/pam.rs
@@ -104,14 +104,14 @@ impl PamServiceModule for PamOidc {
                    set_is_getpwnam_safe(false);
                    // 2. ...store the access token (will not go through to $HOME, as getpwnam
                    //    is locked)
-                    get_context_user().set_access_token(t.clone());
+                    get_context_user().set_access_token(t.clone()).ok();
                    // 3. ...call getpwnam ourselves without having the cache object locked
                    let passwd = getpwnam_safe(username.to_string());
                    if passwd.is_ok() {
                        // 4. ...if getpwnam was successful, store the token again (this time,
                        //    modulo other errors, it will go through to $HOME)
                        get_context_user().set_passwd(passwd.unwrap());
-                        get_context_user().set_access_token(t.clone());
+                        get_context_user().set_access_token(t.clone()).ok();
                    }
                    // 5. ...unlock getpwnam again (somewhat unnecessary)
                    set_is_getpwnam_safe(true);