diff --git a/src/cache.rs b/src/cache.rs
index 470325ae8a7bd3cccbae887cd2f535f2158ba326..63e792e0f16928c9316118f3af30470a2ac2fcbf 100644
--- a/src/cache.rs
+++ b/src/cache.rs
@@ -78,7 +78,7 @@ impl UserInfo {
///
/// Will fill the `passwd` slot on success, or return an error if not successful.
/// This method will only attempt resolution if calling `getpwnam`/`getpwuid` is
- /// currently considered safe, i.e. the `is_getpwnam_safe` flag has not been set
+ /// currently considered safe, i.e. the `IS_GETPWNAM_SAFE` flag has not been set
/// to `false`. It will be set to false if another resolution is currently running,
/// because libc will call back into our backend and we need to break the loop.
/// This means that e.g. home directory resolution is impossible during an NSS
@@ -123,7 +123,7 @@ impl UserInfo {
/// attempting NSS resolution before doing so (in case only username is filled)
pub fn get_uid(&mut self) -> Result<uid_t, io::Error> {
if self.uid.is_none() && self.passwd.is_none() {
- self.try_resolve();
+ self.try_resolve().ok();
}
match &self.passwd {
Some(passwd) => Ok(passwd.pw_uid),
@@ -142,7 +142,7 @@ impl UserInfo {
if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_uid != uid {
// Invalidate passwd because UID does not match anymore
self.passwd = None;
- self.try_resolve();
+ self.try_resolve().ok();
}
self.username = match &self.passwd {
Some(p) => Some(p.pw_name.to_string()),
@@ -154,7 +154,7 @@ impl UserInfo {
/// attempting NSS resolution before doing so (in case only uid is filled)
pub fn get_username(&mut self) -> Result<String, io::Error> {
if self.username.is_none() && self.passwd.is_none() {
- self.try_resolve();
+ self.try_resolve().ok();
}
match &self.passwd {
Some(passwd) => Ok(passwd.pw_name.to_string()),
@@ -173,7 +173,7 @@ impl UserInfo {
if self.passwd.is_some() && self.passwd.as_ref().unwrap().pw_name != self.username.as_ref().unwrap().to_string() {
// Invalidate passwd because UID does not match anymore
self.passwd = None;
- self.try_resolve();
+ self.try_resolve().ok();
}
self.uid = match &self.passwd {
Some(p) => Some(p.pw_uid),
@@ -192,7 +192,7 @@ impl UserInfo {
/// attempting NSS resolution before doing so
pub fn get_home_directory(&mut self) -> Result<String, io::Error> {
if self.passwd.is_none() {
- self.try_resolve();
+ self.try_resolve().ok();
}
match &self.passwd {
Some(passwd) => Ok(passwd.pw_dir.clone()),
@@ -359,15 +359,15 @@ fn save_json<O: Serialize>(path: PathBuf, obj: O) -> Result<(), io::Error> {
fs::write(path, json)
}
-static mut is_getpwnam_safe: bool = true;
+static mut IS_GETPWNAM_SAFE: bool = true;
fn get_is_getpwnam_safe() -> bool {
unsafe {
- is_getpwnam_safe
+ IS_GETPWNAM_SAFE
}
}
pub fn set_is_getpwnam_safe(v: bool) {
unsafe {
- is_getpwnam_safe = v
+ IS_GETPWNAM_SAFE = v
}
}
@@ -390,16 +390,16 @@ fn restore_privileges() {
}
}
-static mut original_euid: uid_t = uid_t::MAX;
-static mut original_euid_set: bool = false;
+static mut ORIGINAL_EUID: uid_t = uid_t::MAX;
+static mut ORIGINAL_EUID_SET: bool = false;
fn get_original_euid() -> uid_t {
unsafe {
- if !original_euid_set {
- original_euid = geteuid();
- debug!("Original EUID stored as {}", original_euid);
- original_euid_set = true;
+ if !ORIGINAL_EUID_SET {
+ ORIGINAL_EUID = geteuid();
+ debug!("Original EUID stored as {}", ORIGINAL_EUID);
+ ORIGINAL_EUID_SET = true;
}
- original_euid
+ ORIGINAL_EUID
}
}
diff --git a/src/oauth.rs b/src/oauth.rs
index ab18fe36b732d1b1228365a5785e51bed3ff05a1..5ca4323b746f6c29620b3964aa2e05ea077b751f 100644
--- a/src/oauth.rs
+++ b/src/oauth.rs
@@ -157,7 +157,7 @@ pub fn get_access_token_password<E: Copy>(conf: &Config, prefix: &str, username:
///
/// Takes the same arguments as `get_data_jq`.
fn get_data(conf: &Config, prefix: &str, endpoint: &str, param: String, token: &BasicTokenResponse) -> Result<String, Box<dyn error::Error>> {
- /// Extract token as string from deserialized access token
+ // Extract token as string from deserialized access token
let access_token = token.access_token().secret();
let token_type = "Bearer".to_string(); // FIXME Probably we need to handle other token types
diff --git a/src/pam.rs b/src/pam.rs
index 487caae9654a65c5477e838713dc412130ae6251..589398942d3c21c13255f361ef0ba16ea74b3e6d 100644
--- a/src/pam.rs
+++ b/src/pam.rs
@@ -104,14 +104,14 @@ impl PamServiceModule for PamOidc {
set_is_getpwnam_safe(false);
// 2. ...store the access token (will not go through to $HOME, as getpwnam
// is locked)
- get_context_user().set_access_token(t.clone());
+ get_context_user().set_access_token(t.clone()).ok();
// 3. ...call getpwnam ourselves without having the cache object locked
let passwd = getpwnam_safe(username.to_string());
if passwd.is_ok() {
// 4. ...if getpwnam was successful, store the token again (this time,
// modulo other errors, it will go through to $HOME)
get_context_user().set_passwd(passwd.unwrap());
- get_context_user().set_access_token(t.clone());
+ get_context_user().set_access_token(t.clone()).ok();
}
// 5. ...unlock getpwnam again (somewhat unnecessary)
set_is_getpwnam_safe(true);