Basic PAM auth

.gitignore

@@ -19,3 +19,10 @@ Cargo.lock
 # Added by cargo
 
 /target
+
+
+# Added by cargo
+#
+# already existing elements were commented out
+
+#/target

Cargo.toml

@@ -1,7 +1,11 @@
 [package]
 name = "breaDM"
 version = "0.1.0"
-edition = "2021"
+edition = "2024"
+
+[[bin]]
+name = "breadm"
+path = "src/main.rs"
 
 [dependencies]
 pam = "0.8.0"

src/auth.rs

@@ -0,0 +1,24 @@
+use pam::Client;
+use std::error::Error;
+
+/// Authenticate a user using PAM.
+///
+/// Arguments
+/// username: login name as typed
+/// password: secret provided by user
+///
+/// Uses the `login` PAM service for now.
+pub fn authenticate(username: &str, password: &str) -> Result<(), Box<dyn Error>> {
+    // Initialize PAM with the login service
+    let mut client = Client::with_password("login")?;
+
+    // Provide credentials to PAM conversation
+    client
+        .conversation_mut()
+        .set_credentials(username.to_owned(), password.to_owned());
+
+    // Authenticate
+    client.authenticate()?;
+
+    Ok(())
+}

src/main.rs

@@ -1,3 +1,22 @@
+mod auth;
+
+use std::io;
+
 fn main() {
-    println!("Hello, world!");
+    let mut username = String::new();
+    let mut password = String::new();
+
+    println!("username:");
+    io::stdin().read_line(&mut username).unwrap();
+
+    println!("password:");
+    io::stdin().read_line(&mut password).unwrap();
+
+    let username = username.trim();
+    let password = password.trim();
+
+    match auth::authenticate(username, password) {
+        Ok(()) => println!("authentication successful"),
+        Err(e) => eprintln!("authentication failed: {e}"),
+    }
 }