2 changed files with 35 additions and 26 deletions
--- a/src/error.rs
+++ b/src/error.rs
@ -70,6 +70,12 @@ impl From<io::Error> for AskPassError {
    }
 }

+impl From<AskPassError> for Fido2LuksError {
+    fn from(cause: AskPassError) -> Self {
+        Fido2LuksError::AskPassError { cause }
+    }
+}
+
 #[derive(Debug, Fail)]
 pub enum LuksError {
    #[fail(display = "This feature requires to the LUKS device to be formatted as LUKS 2")]
--- a/src/lib.rs
+++ b/src/lib.rs
@ -146,35 +146,38 @@ impl PamFido2Luks {

 impl PamServiceModule for PamFido2Luks {
    fn authenticate(pamh: Pam, _flag: PamFlag, args: Vec<String>) -> PamError {
-        let user = match pamh.get_cached_user() {
-            Err(_) => return dbg!(PamError::AUTH_ERR),
-            Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
+        let perfrom_authenticate = move || -> Fido2LuksResult<()> {
+            let user = match pamh.get_cached_user() {
+                Err(e) => Err(AskPassError::Pam(e))?,
+                Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
+            };
+            let mut password = match pamh.get_authtok(None) {
+                Err(e) => Err(AskPassError::Pam(e))?,
+                Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
+            };
+            if let Some(user) = user {
+                PamFido2Luks.open(
+                    user,
+                    move || match password.take() {
+                        Some(pass) => Ok(pass),
+                        None => pamh
+                            .conv(Some("Fido2 salt: "), PamMsgStyle::PROMPT_ECHO_OFF)
+                            .map(|s| s.map(|s| s.to_str().unwrap()).unwrap_or("").to_string()),
+                    },
+                    args
+                )
+            } else {
+                Err(AskPassError::Pam(PamError::AUTH_ERR))?
+            }
        };
-        let mut password = match pamh.get_authtok(None) {
-            Err(_) => return dbg!(PamError::AUTH_ERR),
-            Ok(p) => p.map(|s| s.to_str().map(str::to_string).unwrap()),
-        };
-        if let Some(user) = user {
-            match PamFido2Luks.open(
-                user,
-                move || match password.take() {
-                    Some(pass) => Ok(pass),
-                    None => pamh
-                        .conv(Some("Fido2 salt: "), PamMsgStyle::PROMPT_ECHO_OFF)
-                        .map(|s| s.map(|s| s.to_str().unwrap()).unwrap_or("").to_string()),
-                },
-                args,
-            ) {
-                Ok(_) => PamError::SUCCESS,
-                Err(e) => {
-                    eprintln!("{}", e);
-                    match e {
-                        _ => PamError::AUTH_ERR,
-                    }
+        match perfrom_authenticate() {
+            Ok(_) => PamError::SUCCESS,
+            Err(e) => {
+                eprintln!("{}", e);
+                match e {
+                    _ => PamError::AUTH_ERR,
                }
            }
-        } else {
-            PamError::AUTH_ERR
        }
    }
 }