From 7de47f0cdbdf53d65516299650c43cae88abbaf1 Mon Sep 17 00:00:00 2001
From: Noa Resare <noa@resare.com>
Date: Mon, 31 Jul 2023 18:49:03 +0100
Subject: [PATCH] add an sm_sectcred() implementaion for PamSshAgent

Apparently this is needed to run `doas` without printing a scary
Permission Denied: unknown error
---
 src/lib.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/lib.rs b/src/lib.rs
index a204890..eac142c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -39,6 +39,16 @@ impl PamHooks for PamSshAgent {
             }
         }
     }
+
+    // `doas` calls pam_setcred(), if this is not defined to succeed it prints
+    // a fabulous `doas: pam_setcred(?, PAM_REINITIALIZE_CRED): Permission denied: Unknown error -3`
+    fn sm_setcred(
+        _pam_handle: &mut PamHandle,
+        _args: Vec<&CStr>,
+        _flags: PamFlag,
+    ) -> PamResultCode {
+        PamResultCode::PAM_SUCCESS
+    }
 }
 
 fn do_authenticate(log: &mut SyslogLogger) -> Result<()> {
@@ -53,7 +63,7 @@ fn do_authenticate(log: &mut SyslogLogger) -> Result<()> {
 }
 
 // Just a quick hack to get logging into syslog. Longer term,
-// this should be done pam-bindings: https://github.com/anowell/pam-rs/pull/12
+// this should be done in pam-bindings: https://github.com/anowell/pam-rs/pull/12
 
 const PREFIX: &str = "pam_ssh_agent({}:auth): ";