pamsrv.h revision 57cefea8305a57c1c0491afb739813b7f17d5a25
/*
Authors:
Simo Sorce <ssorce@redhat.com>
Sumit Bose <sbose@redhat.com>
Copyright (C) 2009 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __PAMSRV_H__
#define __PAMSRV_H__
#include <security/pam_appl.h>
#include "sbus/sssd_dbus.h"
#include "responder/common/responder.h"
#include "responder/common/cache_req/cache_req.h"
#include "lib/certmap/sss_certmap.h"
struct pam_auth_req;
struct pam_ctx {
/* List of domains that are accessible even for untrusted users. */
char **public_domains;
int public_domains_count;
/* What services are permitted to access application domains */
char **app_services;
bool cert_auth;
int p11_child_debug_fd;
char *nss_db;
struct sss_certmap_ctx *sss_certmap_ctx;
};
struct pam_auth_dp_req {
struct pam_auth_req *preq;
};
struct pam_auth_req {
struct sss_domain_info *domain;
bool is_uid_trusted;
void *data;
bool use_cached_auth;
/* whether cached authentication was tried and failed */
bool cached_auth_failed;
struct pam_auth_dp_req *dpreq_spy;
struct ldb_message *user_obj;
struct cert_auth_info *cert_list;
struct cert_auth_info *current_cert;
bool cert_auth_local;
};
struct sss_cmd_table *get_pam_cmds(void);
struct cert_auth_info;
const char *sss_cai_get_cert(struct cert_auth_info *i);
const char *sss_cai_get_token_name(struct cert_auth_info *i);
const char *sss_cai_get_module_name(struct cert_auth_info *i);
const char *sss_cai_get_key_id(struct cert_auth_info *i);
const char *sss_cai_get_label(struct cert_auth_info *i);
void sss_cai_set_cert_user_objs(struct cert_auth_info *i,
struct ldb_result *cert_user_objs);
struct tevent_context *ev,
int child_debug_fd,
const char *nss_db,
const char *verify_opts,
struct sss_certmap_ctx *sss_certmap_ctx,
struct cert_auth_info **cert_list);
struct cert_auth_info *cert_info,
enum response_type type);
struct certmap_info **certmap_list);
const char *username,
struct response_data *resp_list,
#endif /* __PAMSRV_H__ */