/*
SSSD
Data Provider, private header file
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __DATA_PROVIDER_H__
#define __DATA_PROVIDER_H__
#include "config.h"
#include <stdint.h>
#include <errno.h>
#include <stdbool.h>
#ifdef USE_KEYRING
#include <keyutils.h>
#endif
#include <talloc.h>
#include <tevent.h>
#include <ldb.h>
#include "sbus/sssd_dbus.h"
#include "sbus/sbus_client.h"
#include "sss_client/sss_cli.h"
#include "providers/data_provider_req.h"
/**
* @defgroup pamHandler PAM DBUS request
* @ingroup sss_pam
*
* The PAM responder send all the data it has received from the PAM client to
* the authentication backend with a DBUS message.
*
* As a response it expects a PAM return value (see pam(3) for details).
* The backend may send any number of additional messages (see ...) which are
* forwarded by the PAM responder to the PAM client.
* @{
*/
/** Then pamHandler Request
*
* The following two functions can help you to pack and unpack the DBUS
* message for a PAM request. If it is necessary to create the DBUS message by
* hand it must have the following elements:
*
* @param DBUS_TYPE_INT32 PAM Command, see #sss_cli_command for allowed values
* @param DBUS_TYPE_STRING User name, this value is send by the PAM client and
* contains the value of the PAM item PAM_USER
* @param DBUS_TYPE_STRING Service name, this value is send by the PAM client
* and contains the value of the PAM item PAM_SERVICE
* @param DBUS_TYPE_STRING TTY name this value is send by the PAM client and
* contains the value of the PAM item PAM_TTY
* @param DBUS_TYPE_STRING Remote user, this value is send by the PAM client
* and contains the value of the PAM item PAM_RUSER
* @param DBUS_TYPE_STRING Remote host, this value is send by the PAM client
* and contains the value of the PAM item PAM_RHOST
* @param DBUS_TYPE_UINT32 Type of the authentication token, see #sss_authtok_type
* for allowed values
* @param DBUS_TYPE_ARRAY__(BYTE) Authentication token, DBUS array which
* contains the authentication token, it is not required that passwords have a
* trailing \\0, this value is send by the PAM client and contains the value of
* the PAM item PAM_AUTHTOK or PAM_OLDAUTHTOK if the PAM command is
* #SSS_PAM_CHAUTHTOK or #SSS_PAM_CHAUTHTOK_PRELIM
* @param DBUS_TYPE_UINT32 Type of the new authentication token, see
* #sss_authtok_type for allowed values
* @param DBUS_TYPE_ARRAY__(BYTE) New authentication token, DBUS array which
* contains the new authentication token for a password change, it is not
* required that passwords have a trailing \\0, this value is send by the PAM
* client and contains the value of the PAM item PAM_AUTHTOK if the PAM
* command is #SSS_PAM_CHAUTHTOK or #SSS_PAM_CHAUTHTOK_PRELIM
* @param DBUS_TYPE_INT32 Privileged flag is set to a non-zero value if the
* PAM client connected to the PAM responder via the privileged pipe, i.e. if
* the PAM client is running with root privileges
* @param DBUS_TYPE_UINT32
*
* @retval DBUS_TYPE_UINT32 PAM return value, PAM_AUTHINFO_UNAVAIL is used to
* indicate that the provider is offline and that the PAM responder should try
* a cached authentication, for all other return value see the man pages for
* the corresponding PAM service functions
* @retval DBUS_TYPE_ARRAY__(STRUCT) Zero or more additional getAccountInfo
* messages, here the DBUS_TYPE_STRUCT is build of a DBUS_TYPE_UINT32 holding
* an identifier (see #response_type) and DBUS_TYPE_G_BYTE_ARRAY with the data
* of the message.
*/
/**
* @}
*/ /* end of group pamHandler */
#define DP_ERR_OK 0
/* sizeof() counts the trailing \0 so we must subtract 1 for the string
* length */
/* AUTH related common data and functions */
} while(0)
struct response_data {
bool do_not_send_to_client;
};
struct pam_data {
int cmd;
char *domain;
char *user;
char *service;
char *tty;
char *ruser;
char *rhost;
char **requested_domains;
char *logon_name;
int pam_status;
int response_delay;
bool offline_auth;
bool last_auth_saved;
int priv;
int account_locked;
#ifdef USE_KEYRING
#endif
};
/* from dp_auth_util.c */
/**
* @brief Create new zero initialized struct pam_data.
*
* @param mem_ctx A memory context use to allocate the internal data
* @return A pointer to new struct pam_data
* NULL on error
*
* NOTE: This function should be the only way, how to create new empty
* struct pam_data, because this function automatically initialize sub
* structures and set destructor to created object.
*/
enum response_type type,
/* from dp_sbus.c */
char **address, const char *domain_name);
/* Reserved filter name for request which waits until the files provider finishes mirroring
* the file content
*/
/* Helpers */
enum dp_opt_type {
};
struct dp_opt_blob {
};
union dp_opt_value {
const char *cstring;
char *string;
int number;
bool boolean;
};
struct dp_option {
const char *opt_name;
};
void dp_option_inherit(char **inherit_opt_list,
int option,
struct dp_option *parent_opts,
struct dp_option *subdom_opts);
struct confdb_ctx *cdb,
const char *conf_path,
int num_opts,
int num_opts,
int num_opts,
const char *s, const char *location);
struct dp_opt_blob b, const char *location);
int i, const char *location);
bool b, const char *location);
/* Generic Data Provider options */
/* Resolver DP options */
enum dp_res_opts {
};
#endif /* __DATA_PROVIDER_ */