From 60e63a6857b5343f55d76c5d1e90feea8a57c24c Mon Sep 17 00:00:00 2001
From: nevaforget <dom@moonarch.de>
Date: Fri, 27 Mar 2026 23:13:23 +0100
Subject: [PATCH] Fix Rust 2024 unsafe block warnings in PAM callback

Wrap raw pointer operations in explicit unsafe blocks inside
the unsafe extern "C" conv callback, as required by Rust 2024
edition. Remove unused mut binding.
---
 src/auth.rs       | 56 ++++++++++++++++++++++++-----------------------
 src/lockscreen.rs |  2 +-
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/src/auth.rs b/src/auth.rs
index 6a16910..df9e2af 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -64,34 +64,36 @@ unsafe extern "C" fn pam_conv_callback(
     resp: *mut *mut PamResponse,
     appdata_ptr: *mut libc::c_void,
 ) -> libc::c_int {
-    // Safety: appdata_ptr was set to a valid *const CString in authenticate()
-    let password = appdata_ptr as *const CString;
-    if password.is_null() {
-        return 7; // PAM_AUTH_ERR
+    unsafe {
+        // Safety: appdata_ptr was set to a valid *const CString in authenticate()
+        let password = appdata_ptr as *const CString;
+        if password.is_null() {
+            return 7; // PAM_AUTH_ERR
+        }
+
+        // Safety: calloc returns zeroed memory for num_msg PamResponse structs.
+        // PAM owns this memory and will free() it.
+        let resp_array = libc::calloc(
+            num_msg as libc::size_t,
+            std::mem::size_of::<PamResponse>() as libc::size_t,
+        ) as *mut PamResponse;
+
+        if resp_array.is_null() {
+            return 7; // PAM_AUTH_ERR
+        }
+
+        for i in 0..num_msg as isize {
+            // Safety: strdup allocates with malloc — PAM will free() the resp strings.
+            // We dereference password which is valid for the lifetime of authenticate().
+            let resp_ptr = resp_array.offset(i);
+            (*resp_ptr).resp = libc::strdup((*password).as_ptr());
+            (*resp_ptr).resp_retcode = 0;
+        }
+
+        // Safety: resp is a valid pointer provided by PAM
+        *resp = resp_array;
+        PAM_SUCCESS
     }
-
-    // Safety: calloc returns zeroed memory for num_msg PamResponse structs.
-    // PAM owns this memory and will free() it.
-    let resp_array = libc::calloc(
-        num_msg as libc::size_t,
-        std::mem::size_of::<PamResponse>() as libc::size_t,
-    ) as *mut PamResponse;
-
-    if resp_array.is_null() {
-        return 7; // PAM_AUTH_ERR
-    }
-
-    for i in 0..num_msg as isize {
-        // Safety: strdup allocates with malloc — PAM will free() the resp strings.
-        // We dereference password which is valid for the lifetime of authenticate().
-        let resp_ptr = resp_array.offset(i);
-        (*resp_ptr).resp = libc::strdup((*password).as_ptr());
-        (*resp_ptr).resp_retcode = 0;
-    }
-
-    // Safety: resp is a valid pointer provided by PAM
-    *resp = resp_array;
-    PAM_SUCCESS
 }
 
 /// Authenticate a user via PAM.
diff --git a/src/lockscreen.rs b/src/lockscreen.rs
index fa7c8f8..16727f4 100644
--- a/src/lockscreen.rs
+++ b/src/lockscreen.rs
@@ -47,7 +47,7 @@ pub fn create_lockscreen_window(
         }
     };
 
-    let mut fp_listener = FingerprintListener::new();
+    let fp_listener = FingerprintListener::new();
     let fp_available = config.fingerprint_enabled
         && fp_listener.is_available(&user.username);