forked from CERN-CERT/pam_2fa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpam_2fa.h
79 lines (60 loc) · 1.83 KB
/
pam_2fa.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#ifndef HEADER_PAM_2FA_H
#define HEADER_PAM_2FA_H
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
// These #defines must be present according to PAM documentation
#define PAM_SM_AUTH
#include <security/pam_appl.h> //to be correctly init, define it before including pam_modules.h
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#include <security/pam_modutil.h>
#include "log.h"
typedef struct {
int debug;
int flags;
char *capath;
int gauth_enabled;
char *gauth_uri_prefix;
char *gauth_uri_suffix;
int yk_enabled;
char *yk_uri;
char *domain;
char *trusted_file;
} module_config;
// Defaults
#define DEFAULT_TRUSTED_FILE ".k5login"
#define GAUTH_LOGIN_LEN 31
#define YK_PUBLICID_LEN 12
struct pam_2fa_privs {
unsigned int is_dropped;
uid_t old_uid;
GETGROUPS_T old_gid;
GETGROUPS_T *grplist;
int nbgrps;
};
typedef int (*auth_func) (pam_handle_t * pamh, module_config * cfg, const char* username, const char *otp);
typedef struct {
auth_func do_auth;
const char * name;
size_t otp_len;
const char * prompt;
} auth_mod;
#define AUTHTOK_INCORRECT "\b\n\r\177INCORRECT"
#define LOG_PREFIX "[pam_2fa] "
#define GAUTH_OTP_LEN 6
#define YK_OTP_LEN 44
module_config * parse_config(pam_handle_t *pamh, int argc, const char **argv, int flags);
void free_config(module_config *cfg);
char * get_user(pam_handle_t * pamh, const module_config *cfg);
int pam_2fa_drop_priv(pam_handle_t *pamh, const module_config * cfg, struct pam_2fa_privs *p, const struct passwd *pw);
int pam_2fa_regain_priv(pam_handle_t *pamh, struct pam_2fa_privs *p, const struct passwd *pw);
extern const auth_mod gauth_auth;
extern const auth_mod yk_auth;
#endif /* HEADER_PAM_2FA_H */