src/util/authtok.c

918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce/*
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   SSSD - auth utils
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   Copyright (C) Simo Sorce <simo@redhat.com> 2012
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   This program is free software; you can redistribute it and/or modify
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   it under the terms of the GNU General Public License as published by
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   the Free Software Foundation; either version 3 of the License, or
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   (at your option) any later version.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   This program is distributed in the hope that it will be useful,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   but WITHOUT ANY WARRANTY; without even the implied warranty of
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   GNU General Public License for more details.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   You should have received a copy of the GNU General Public License
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce   along with this program.  If not, see <http://www.gnu.org/licenses/>.
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce*/
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce#include "authtok.h"
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    enum sss_authtok_type type;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    uint8_t *data;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    size_t length;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik};
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceenum sss_authtok_type sss_authtok_get_type(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return tok->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcesize_t sss_authtok_get_size(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return 0;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return tok->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceuint8_t *sss_authtok_get_data(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return NULL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                 const char **pwd, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EFAULT;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        *pwd = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce            *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorceerrno_t sss_authtok_get_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                               const char **ccfile, size_t *len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOENT;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        *ccfile = (const char *)tok->data;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        if (len) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce            *len = tok->length - 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EACCES;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstatic errno_t sss_authtok_set_string(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      enum sss_authtok_type type,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      const char *context_name,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                      const char *str, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    size_t size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        len = strlen(str);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    } else {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        while (len > 0 && str[len - 1] == '\0') len--;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (len == 0) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        /* we do not allow zero length typed tokens */
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    size = len + 1;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    tok->data = talloc_named(tok, size, "%s", context_name);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (!tok->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    memcpy(tok->data, str, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->data[len] = '\0';
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->type = type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->length = size;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_set_empty(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (tok->type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        break;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->type = SSS_AUTHTOK_TYPE_EMPTY;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    talloc_zfree(tok->data);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    tok->length = 0;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_password(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                 const char *password, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_PASSWORD,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                  "password", password, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set_ccfile(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                               const char *ccfile, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_CCFILE,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                                  "ccfile", ccfile, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosestatic errno_t sss_authtok_set_2fa_from_blob(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                             const uint8_t *data, size_t len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_set(struct sss_auth_token *tok,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                        enum sss_authtok_type type,
4b8021779e4db2a212a8214c17e778e843ae2b3aStef Walter                        const uint8_t *data, size_t len)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    switch (type) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_PASSWORD:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        return sss_authtok_set_password(tok, (const char *)data, len);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_CCFILE:
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik        return sss_authtok_set_ccfile(tok, (const char *)data, len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return sss_authtok_set_2fa_from_blob(tok, data, len);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return sss_authtok_set_sc_pin(tok, (const char*)data, len);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        sss_authtok_set_sc_keypad(tok);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    case SSS_AUTHTOK_TYPE_EMPTY:
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        sss_authtok_set_empty(tok);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EINVAL;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikerrno_t sss_authtok_copy(struct sss_auth_token *src,
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce                         struct sss_auth_token *dst)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!src || !dst) {
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha        return EINVAL;
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    sss_authtok_set_empty(dst);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (src->type == SSS_AUTHTOK_TYPE_EMPTY) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    dst->data = talloc_memdup(dst, src->data, src->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    if (!dst->data) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return ENOMEM;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    dst->length = src->length;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    dst->type = src->type;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    return EOK;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnikstruct sss_auth_token *sss_authtok_new(TALLOC_CTX *mem_ctx)
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik{
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    struct sss_auth_token *token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    token = talloc_zero(mem_ctx, struct sss_auth_token);
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    if (token == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    }
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    return token;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik}
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorcevoid sss_authtok_wipe_password(struct sss_auth_token *tok)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce{
439f664bfb0cbed7e85ebd68647deed7414598d4Pallavi Jha    if (!tok || tok->type != SSS_AUTHTOK_TYPE_PASSWORD) {
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce        return;
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    }
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce    safezero(tok->data, tok->length);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce}
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_auth_unpack_2fa_blob(TALLOC_CTX *mem_ctx,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 const uint8_t *blob, size_t blob_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 char **fa1, size_t *_fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 char **fa2, size_t *_fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    size_t c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    uint32_t fa1_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    uint32_t fa2_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (blob_len < 2 * sizeof(uint32_t)) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    c = 0;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    SAFEALIGN_COPY_UINT32(&fa1_len, blob, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    SAFEALIGN_COPY_UINT32(&fa2_len, blob + c, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (blob_len != 2 * sizeof(uint32_t) + fa1_len + fa2_len) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (fa1_len != 0) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        *fa1 = talloc_strndup(mem_ctx, (const char *) blob + c, fa1_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        if (*fa1 == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    } else {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        *fa1 = NULL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (fa2_len != 0) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        *fa2 = talloc_strndup(mem_ctx, (const char *) blob + c + fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                              fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        if (*fa2 == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            talloc_free(*fa1);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    } else {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        *fa2 = NULL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    /* Re-calculate length for the case where \0 was missing in the blob */
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *_fa1_len = (*fa1 == NULL) ? 0 : strlen(*fa1);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *_fa2_len = (*fa2 == NULL) ? 0 : strlen(*fa2);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosestatic errno_t sss_authtok_set_2fa_from_blob(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                             const uint8_t *data, size_t len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    TALLOC_CTX *tmp_ctx;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    int ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    char *fa1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    size_t fa1_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    char *fa2;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    size_t fa2_len;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    tmp_ctx = talloc_new(NULL);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tmp_ctx == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        ret = ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    ret = sss_auth_unpack_2fa_blob(tmp_ctx, data, len, &fa1, &fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                   &fa2, &fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sss_auth_unpack_2fa_blob failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    ret = sss_authtok_set_2fa(tok, fa1, fa1_len, fa2, fa2_len);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sss_authtok_set_2fa failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        goto done;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    ret = EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bosedone:
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    talloc_free(tmp_ctx);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        sss_authtok_set_empty(tok);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    return ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_authtok_get_2fa(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                            const char **fa1, size_t *fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                            const char **fa2, size_t *fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    size_t c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    uint32_t tmp_uint32_t;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tok->type != SSS_AUTHTOK_TYPE_2FA) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return (tok->type == SSS_AUTHTOK_TYPE_EMPTY) ? ENOENT : EACCES;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tok->length < 2 * sizeof(uint32_t)) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Blob too small.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    c = 0;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *fa1_len = tmp_uint32_t - 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    SAFEALIGN_COPY_UINT32(&tmp_uint32_t, tok->data + c, &c);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *fa2_len = tmp_uint32_t - 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (*fa1_len == 0 || *fa2_len == 0
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            || tok->length != 2 * sizeof(uint32_t) + *fa1_len + *fa2_len + 2) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Blob size mismatch.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tok->data[c + *fa1_len] != '\0'
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose            || tok->data[c + *fa1_len + 1 + *fa2_len] != '\0') {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Missing terminating null character.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *fa1 = (const char *) tok->data + c;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    *fa2 = (const char *) tok->data + c + *fa1_len + 1;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Boseerrno_t sss_authtok_set_2fa(struct sss_auth_token *tok,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                            const char *fa1, size_t fa1_len,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                            const char *fa2, size_t fa2_len)
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose{
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    int ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    size_t needed_size;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tok == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    sss_authtok_set_empty(tok);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    ret = sss_auth_pack_2fa_blob(fa1, fa1_len, fa2, fa2_len, NULL, 0,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 &needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (ret != EAGAIN) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_CRIT_FAILURE,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose              "sss_auth_pack_2fa_blob unexpectedly returned [%d].\n", ret);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return EINVAL;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    tok->data = talloc_size(tok, needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (tok->data == NULL) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "talloc_size failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return ENOMEM;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    ret = sss_auth_pack_2fa_blob(fa1, fa1_len, fa2, fa2_len, tok->data,
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose                                 needed_size, &needed_size);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    if (ret != EOK) {
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        talloc_free(tok->data);
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sss_auth_pack_2fa_blob failed.\n");
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose        return ret;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    }
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    tok->length = needed_size;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    tok->type = SSS_AUTHTOK_TYPE_2FA;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose    return EOK;
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Boseerrno_t sss_authtok_set_sc_pin(struct sss_auth_token *tok, const char *pin,
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose                               size_t len)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    if (tok == NULL) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EFAULT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    if (pin == NULL) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EINVAL;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    sss_authtok_set_empty(tok);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_SC_PIN,
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose                                  "sc_pin", pin, len);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Boseerrno_t sss_authtok_get_sc_pin(struct sss_auth_token *tok, const char **pin,
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose                               size_t *len)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    if (!tok) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EFAULT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    switch (tok->type) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_EMPTY:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return ENOENT;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_PIN:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        *pin = (const char *)tok->data;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        if (len) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose            *len = tok->length - 1;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EOK;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_PASSWORD:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_CCFILE:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_2FA:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    case SSS_AUTHTOK_TYPE_SC_KEYPAD:
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return EACCES;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    return EINVAL;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bosevoid sss_authtok_set_sc_keypad(struct sss_auth_token *tok)
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose{
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    if (!tok) {
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose        return;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    }
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    sss_authtok_set_empty(tok);
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose    tok->type = SSS_AUTHTOK_TYPE_SC_KEYPAD;
10703cd558016685ee778e333f1d4490238d46e7Sumit Bose}