pam_sss: refactoring, use struct cert_auth_info Similar as in the PAM responder this patch replaces the individual certificate authentication related attributes by a struct which can be used as a list. With the pam_sss can handle multiple SSS_PAM_CERT_INFO message and place the data in individual list items. If multiple certificates are returned before prompting for the PIN a dialog to select a certificate is shown to the users. If available a GDM PAM extension is used to let the user choose from a list. All coded needed at runtime to check if the extension is available and handle the data is provided by GDM as macros. This means that there are no additional run-time requirements. Related to https://pagure.io/SSSD/sssd/issue/3560 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Tested-by: Scott Poore <spoore@redhat.com>

pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT The new response type SSS_PAM_CERT_INFO_WITH_HINT is equivalent to SSS_PAM_CERT_INFO but tells pam_sss to prompt for an option user name as well. Resolves: https://pagure.io/SSSD/sssd/issue/3395 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

p11: return name of PKCS#11 module and key id to pam_sss Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

PAM/KRB5: optional otp and password prompting Depending on the available Kerberos pre-authentication methods pam_sss will prompt the user for a password, 2 authentication factors or both. Resolves https://fedorahosted.org/sssd/ticket/2988 Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

pam_sss: add sc support Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sss_client: Fix warning "_" redefined "enum sss_authtok_type" is defined in sss_client/pam_message.h So it's better to include it instead of "util/authtok.h". "util/authtok.h" includes many header files including "util/util.h" CC src/util/crypto/nss/libsss_crypt_la-nss_base64.lo src/sss_client/pam_sss.c:48:0: error: "_" redefined [-Werror] #define _(STRING) dgettext (PACKAGE, STRING) ^ In file included from ../sssd/src/util/authtok.h:23:0, from ../sssd/src/sss_client/pam_message.h:29, from ../sssd/src/sss_client/pam_sss.c:43: src/util/util.h:55:0: note: this is the location of the previous definition #define _(STRING) gettext (STRING) ^ Reviewed-by: Pavel Březina <pbrezina@redhat.com>

sss_client: Fix mixed enums Error: PW.MIXED_ENUM_TYPE: [#def4] sssd-1.12.90/src/sss_client/pam_message.c:159: mixed_enum_type: enumerated type mixed with another type # 157| &buf[rp]); # 158| # 159|-> rp += add_authtok_item(SSS_PAM_ITEM_AUTHTOK, pi->pam_authtok_type, # 160| pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); # 161| Error: PW.MIXED_ENUM_TYPE: [#def5] sssd-1.12.90/src/sss_client/pam_message.c:162: mixed_enum_type: enumerated type mixed with another type # 160| pi->pam_authtok, pi->pam_authtok_size, &buf[rp]); # 161| # 162|-> rp += add_authtok_item(SSS_PAM_ITEM_NEWAUTHTOK, pi->pam_newauthtok_type, # 163| pi->pam_newauthtok, pi->pam_newauthtok_size, # 164| Reviewed-by: Pavel Reichl <preichl@redhat.com>

pam_sss: move message encoding into separate file Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>