responder/pam/pamsrv.h

	pamsrv.h revision c8fe1d922b254aa92e74f428135ada3c8bde87a1
816bf6f8088b162b681101d93fd450127a0e586fJulian Kornberger/*
a847d9812b328c048773e705606b10875a929034Eugen Kuksa    Authors:
5e2a6a8992b4e9e77be3a94fc87af4dc14b0c8c4henning mueller        Simo Sorce <ssorce@redhat.com>
a4344d37747b6733bbd0d8df738b614cb385316cTim Reddehase        Sumit Bose <sbose@redhat.com>
d1f0cb74e8bc61e9185488a431b86816cb1cc7edSascha Graef
c273fbbb7863507673f695bc85709c0cb715011fTim Reddehase    Copyright (C) 2009 Red Hat
c273fbbb7863507673f695bc85709c0cb715011fTim Reddehase
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehase    This program is free software; you can redistribute it and/or modify
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehase    it under the terms of the GNU General Public License as published by
98ba1c38b1cce99ecc61117259f2ae05ffe98469Tim Reddehase    the Free Software Foundation; either version 3 of the License, or
5ec1c6ff5da427d945d7fb708567ce3526c4c741Tim Reddehase    (at your option) any later version.
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    This program is distributed in the hope that it will be useful,
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    but WITHOUT ANY WARRANTY; without even the implied warranty of
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase    GNU General Public License for more details.
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase
6f84d8dbc4edca35b7e69c8296a257ea17e3b74fTim Reddehase    You should have received a copy of the GNU General Public License
6f84d8dbc4edca35b7e69c8296a257ea17e3b74fTim Reddehase    along with this program.  If not, see <http://www.gnu.org/licenses/>.
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase*/
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#ifndef __PAMSRV_H__
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#define __PAMSRV_H__
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#include <security/pam_appl.h>
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#include "util/util.h"
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#include "sbus/sssd_dbus.h"
10be32b36246121321399ec3ab26d4d723d550e3Tim Reddehase#include "responder/common/responder.h"
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehasestruct pam_auth_req;
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehasetypedef void (pam_dp_callback_t)(struct pam_auth_req *preq);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasestruct pam_ctx {
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct resp_ctx *rctx;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    time_t id_timeout;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    hash_table_t *id_table;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    size_t trusted_uids_count;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    uid_t *trusted_uids;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    /* List of domains that are accessible even for untrusted users. */
81a6387a4ab56a24194ecbabd6609c6bcca568b7Tim Reddehase    char **public_domains;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    int public_domains_count;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    bool cert_auth;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    int p11_child_debug_fd;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    char *nss_db;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehasestruct pam_auth_dp_req {
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase    struct pam_auth_req *preq;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasestruct pam_auth_req {
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct cli_ctx *cctx;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct sss_domain_info *domain;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct pam_data *pd;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    pam_dp_callback_t *callback;
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    bool is_uid_trusted;
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase    bool check_provider;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    void *data;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    bool use_cached_auth;
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase    /* whether cached authentication was tried and failed */
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    bool cached_auth_failed;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct pam_auth_dp_req *dpreq_spy;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    struct ldb_message *cert_user_obj;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase    char *token_name;
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase};
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehasestruct sss_cmd_table *get_pam_cmds(void);
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehase
4949048bda09e116ee3627383e831455954cbe41Tim Reddehaseint pam_dp_send_req(struct pam_auth_req *preq, int timeout);
4949048bda09e116ee3627383e831455954cbe41Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehaseint LOCAL_pam_handler(struct pam_auth_req *preq);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
db8aaeeeb3b24f487a5d02c60d18e96e55f6ba85Tim Reddehaseerrno_t p11_child_init(struct pam_ctx *pctx);
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehasestruct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       struct tevent_context *ev,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       int child_debug_fd,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       const char *nss_db,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       time_t timeout,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       const char *verify_opts,
23f0ab4a423943eb59109df37074ef0c330d07c0Tim Reddehase                                       struct pam_data *pd);
4949048bda09e116ee3627383e831455954cbe41Tim Reddehaseerrno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                            char **cert, char **token_name);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaerrno_t add_pam_cert_response(struct pam_data *pd, const char *user,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                              const char *token_name);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksabool may_do_cert_auth(struct pam_ctx *pctx, struct pam_data *pd);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaerrno_t
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksapam_set_last_online_auth_with_curr_token(struct sss_domain_info *domain,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                                         const char *username,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                                         uint64_t value);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksaerrno_t filter_responses(struct confdb_ctx *cdb,
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa                         struct response_data *resp_list);
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa#endif /* __PAMSRV_H__ */
1f3a52128a4c9a5830936e25b071ce6a81fec1beEugen Kuksa