From 8f1e862c12b9168c61471dc061f0c6af4e7e60f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 22:31:59 +0000 Subject: [PATCH 1/2] build(deps): bump pam-bindings from 0.1.2 to 0.2.1 Bumps [pam-bindings](https://github.com/lvkv/pam-rs) from 0.1.2 to 0.2.1. - [Release notes](https://github.com/lvkv/pam-rs/releases) - [Commits](https://github.com/lvkv/pam-rs/compare/v0.1.2...v0.2.1) --- updated-dependencies: - dependency-name: pam-bindings dependency-version: 0.2.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Cargo.lock | 4 ++-- pam/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 019bd6a4..e48a318d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1965,9 +1965,9 @@ dependencies = [ [[package]] name = "pam-bindings" -version = "0.1.2" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ebcdd98d8b23979d48652df6a126a5ee7f389b8ce9e821ae626dcf27b8e2fad" +checksum = "702856d628a09bbdc2b9b2dadd608193ae46ab4b081b6d1fd5baec1251a92057" dependencies = [ "libc", ] diff --git a/pam/Cargo.toml b/pam/Cargo.toml index b204f251..abf78259 100644 --- a/pam/Cargo.toml +++ b/pam/Cargo.toml @@ -20,7 +20,7 @@ gethostname = "1.1.0" hex = "0.4.3" libc = "0.2.186" log = "0.4.31" -pam-bindings = "0.1.2" +pam-bindings = "0.2.1" serde = "1.0.228" serde_json = "1.0.150" whoami = "2.1.0" From c040e61ebccdf685a0000b773848620e722860a4 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 4 Jun 2026 01:09:38 +0200 Subject: [PATCH 2/2] fix --- pam/src/auth.rs | 4 ++-- pam/src/auth/fido.rs | 26 +++++++++++++++----------- pam/src/auth/interactive.rs | 4 ++-- 3 files changed, 19 insertions(+), 15 deletions(-) diff --git a/pam/src/auth.rs b/pam/src/auth.rs index e62047a3..53cadad3 100644 --- a/pam/src/auth.rs +++ b/pam/src/auth.rs @@ -72,7 +72,7 @@ pub fn authenticate_impl( "failed to send prompt" ) { Some(password) => match password.to_str() { - Ok(t) => t, + Ok(t) => t.to_owned(), Err(_) => { log::warn!("failed to convert password"); return PamResultCode::PAM_AUTH_ERR; @@ -102,7 +102,7 @@ pub fn authenticate_impl( log::debug!("Token authentication"); let raw_token = password .strip_prefix(PW_PREFIX) - .unwrap_or(password) + .unwrap_or(&password) .to_string(); let decoded = match decode_pb::(raw_token) { Ok(t) => t, diff --git a/pam/src/auth/fido.rs b/pam/src/auth/fido.rs index 76d920cb..e6b11946 100644 --- a/pam/src/auth/fido.rs +++ b/pam/src/auth/fido.rs @@ -30,25 +30,29 @@ pub fn fido2(raw: String, conv: &Conv<'_>) -> Result = if req.uv { match conv.send(PAM_PROMPT_ECHO_OFF, "Input Security key PIN: ") { Ok(c) => match c { - Some(c) => match c.to_str() { - Ok(cc) => { - assertion_args.pin = Some(cc); - assertion_args.uv = None; - } - Err(e) => return Err(Box::from(e)), - }, + Some(c) => Some(c), None => { log::warn!("Failed to get PIN"); return Err(Box::from("failed to get pin")); } }, - Err(_) => { - return Err(Box::from("failed to get pin")); + Err(_) => return Err(Box::from("failed to get pin")), + } + } else { + None + }; + + if let Some(ref pc) = pin_cstring { + match pc.to_str() { + Ok(cc) => { + assertion_args.pin = Some(cc); + assertion_args.uv = None; } - }; + Err(e) => return Err(Box::from(e)), + } } pam_print_user(conv, "Touch your security key..."); diff --git a/pam/src/auth/interactive.rs b/pam/src/auth/interactive.rs index bae115c4..97b3331e 100644 --- a/pam/src/auth/interactive.rs +++ b/pam/src/auth/interactive.rs @@ -132,7 +132,7 @@ pub fn auth_interactive( let credential = match conv.send(style, &challenge.prompt) { Ok(c) => match c { Some(c) => match c.to_str() { - Ok(cc) => cc, + Ok(cc) => cc.to_owned(), Err(_) => { log::warn!("failed to convert PAM Conversation response to string"); return Err(PamResultCode::PAM_ABORT); @@ -152,7 +152,7 @@ pub fn auth_interactive( return Err(e); } }; - req_inner.value = credential.to_owned(); + req_inner.value = credential; } Err(_) => { log::warn!(