"Fossies" - the Fresh Open Source Software Archive

Member "sssd-2.4.2/src/responder/pam/pamsrv.h" (19 Feb 2021, 5280 Bytes) of package /linux/misc/sssd-2.4.2.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "pamsrv.h" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 2.4.1_vs_2.4.2.

    1 /*
    2     Authors:
    3         Simo Sorce <ssorce@redhat.com>
    4         Sumit Bose <sbose@redhat.com>
    5 
    6     Copyright (C) 2009 Red Hat
    7 
    8     This program is free software; you can redistribute it and/or modify
    9     it under the terms of the GNU General Public License as published by
   10     the Free Software Foundation; either version 3 of the License, or
   11     (at your option) any later version.
   12 
   13     This program is distributed in the hope that it will be useful,
   14     but WITHOUT ANY WARRANTY; without even the implied warranty of
   15     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   16     GNU General Public License for more details.
   17 
   18     You should have received a copy of the GNU General Public License
   19     along with this program.  If not, see <http://www.gnu.org/licenses/>.
   20 */
   21 
   22 #ifndef __PAMSRV_H__
   23 #define __PAMSRV_H__
   24 
   25 #include <security/pam_appl.h>
   26 #include "util/util.h"
   27 #include "responder/common/responder.h"
   28 #include "responder/common/cache_req/cache_req.h"
   29 #include "lib/certmap/sss_certmap.h"
   30 
   31 struct pam_auth_req;
   32 
   33 typedef void (pam_dp_callback_t)(struct pam_auth_req *preq);
   34 
   35 enum pam_initgroups_scheme {
   36     PAM_INITGR_NEVER,
   37     PAM_INITGR_NO_SESSION,
   38     PAM_INITGR_ALWAYS,
   39     PAM_INITGR_INVALID
   40 };
   41 
   42 struct pam_ctx {
   43     struct resp_ctx *rctx;
   44     time_t id_timeout;
   45     hash_table_t *id_table;
   46     size_t trusted_uids_count;
   47     uid_t *trusted_uids;
   48 
   49     /* List of domains that are accessible even for untrusted users. */
   50     char **public_domains;
   51     int public_domains_count;
   52 
   53     /* What services are permitted to access application domains */
   54     char **app_services;
   55 
   56     bool cert_auth;
   57     char *ca_db;
   58     struct sss_certmap_ctx *sss_certmap_ctx;
   59     char **smartcard_services;
   60 
   61     char **prompting_config_sections;
   62     int num_prompting_config_sections;
   63 
   64     enum pam_initgroups_scheme initgroups_scheme;
   65 
   66     /* List of PAM services that are allowed to authenticate with GSSAPI. */
   67     char **gssapi_services;
   68     /* List of authentication indicators associated with a PAM service */
   69     char **gssapi_indicators_map;
   70     bool gssapi_check_upn;
   71 };
   72 
   73 struct pam_auth_req {
   74     struct cli_ctx *cctx;
   75     struct sss_domain_info *domain;
   76     enum cache_req_dom_type req_dom_type;
   77 
   78     struct pam_data *pd;
   79 
   80     pam_dp_callback_t *callback;
   81 
   82     bool is_uid_trusted;
   83     void *data;
   84     bool use_cached_auth;
   85     /* whether cached authentication was tried and failed */
   86     bool cached_auth_failed;
   87 
   88     struct ldb_message *user_obj;
   89     struct cert_auth_info *cert_list;
   90     struct cert_auth_info *current_cert;
   91     bool cert_auth_local;
   92 };
   93 
   94 struct sss_cmd_table *get_pam_cmds(void);
   95 
   96 errno_t
   97 pam_dp_send_req(struct pam_auth_req *preq);
   98 
   99 int LOCAL_pam_handler(struct pam_auth_req *preq);
  100 
  101 errno_t p11_child_init(struct pam_ctx *pctx);
  102 
  103 struct cert_auth_info;
  104 const char *sss_cai_get_cert(struct cert_auth_info *i);
  105 const char *sss_cai_get_token_name(struct cert_auth_info *i);
  106 const char *sss_cai_get_module_name(struct cert_auth_info *i);
  107 const char *sss_cai_get_key_id(struct cert_auth_info *i);
  108 const char *sss_cai_get_label(struct cert_auth_info *i);
  109 struct cert_auth_info *sss_cai_get_next(struct cert_auth_info *i);
  110 struct ldb_result *sss_cai_get_cert_user_objs(struct cert_auth_info *i);
  111 void sss_cai_set_cert_user_objs(struct cert_auth_info *i,
  112                                 struct ldb_result *cert_user_objs);
  113 void sss_cai_check_users(struct cert_auth_info **list, size_t *_cert_count,
  114                          size_t *_cert_user_count);
  115 
  116 struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
  117                                        struct tevent_context *ev,
  118                                        const char *ca_db,
  119                                        time_t timeout,
  120                                        const char *verify_opts,
  121                                        struct sss_certmap_ctx *sss_certmap_ctx,
  122                                        const char *uri,
  123                                        struct pam_data *pd);
  124 errno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
  125                             struct cert_auth_info **cert_list);
  126 
  127 errno_t add_pam_cert_response(struct pam_data *pd, struct sss_domain_info *dom,
  128                               const char *sysdb_username,
  129                               struct cert_auth_info *cert_info,
  130                               enum response_type type);
  131 
  132 bool may_do_cert_auth(struct pam_ctx *pctx, struct pam_data *pd);
  133 
  134 errno_t p11_refresh_certmap_ctx(struct pam_ctx *pctx,
  135                                 struct sss_domain_info *domains);
  136 
  137 errno_t
  138 pam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain,
  139                                          const char *username,
  140                                          uint64_t value);
  141 
  142 errno_t filter_responses(struct confdb_ctx *cdb,
  143                          struct response_data *resp_list,
  144                          struct pam_data *pd);
  145 
  146 errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd);
  147 
  148 enum pam_initgroups_scheme pam_initgroups_string_to_enum(const char *str);
  149 const char *pam_initgroup_enum_to_string(enum pam_initgroups_scheme scheme);
  150 
  151 int pam_cmd_gssapi_init(struct cli_ctx *cli_ctx);
  152 int pam_cmd_gssapi_sec_ctx(struct cli_ctx *cctx);
  153 
  154 #endif /* __PAMSRV_H__ */