1 /* 2 * SPDX-License-Identifier: ISC 3 * 4 * Copyright (c) 1999-2005, 2007-2016, 2018 Todd C. Miller <Todd.Miller@sudo.ws> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef SUDO_AUTH_H 20 #define SUDO_AUTH_H 21 22 /* Auth function return values. */ 23 #define AUTH_SUCCESS 0 24 #define AUTH_FAILURE 1 25 #define AUTH_INTR 2 26 #define AUTH_FATAL 3 27 28 typedef struct sudo_auth { 29 int flags; /* various flags, see below */ 30 int status; /* status from verify routine */ 31 char *name; /* name of the method as a string */ 32 void *data; /* method-specific data pointer */ 33 int (*init)(struct passwd *pw, struct sudo_auth *auth); 34 int (*setup)(struct passwd *pw, char **prompt, struct sudo_auth *auth); 35 int (*verify)(struct passwd *pw, char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback); 36 int (*approval)(struct passwd *pw, struct sudo_auth *auth, bool exempt); 37 int (*cleanup)(struct passwd *pw, struct sudo_auth *auth, bool force); 38 int (*begin_session)(struct passwd *pw, char **user_env[], struct sudo_auth *auth); 39 int (*end_session)(struct passwd *pw, struct sudo_auth *auth); 40 } sudo_auth; 41 42 /* Values for sudo_auth.flags. */ 43 #define FLAG_DISABLED 0x02 /* method disabled */ 44 #define FLAG_STANDALONE 0x04 /* standalone auth method */ 45 #define FLAG_ONEANDONLY 0x08 /* one and only auth method */ 46 47 /* Shortcuts for using the flags above. */ 48 #define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED) 49 #define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE) 50 #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) 51 52 /* Like tgetpass() but uses conversation function */ 53 char *auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback); 54 55 /* Pointer to conversation function to use with auth_getpass(). */ 56 extern sudo_conv_t sudo_conv; 57 58 /* Prototypes for standalone methods */ 59 int bsdauth_init(struct passwd *pw, sudo_auth *auth); 60 int bsdauth_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); 61 int bsdauth_approval(struct passwd *pw, sudo_auth *auth, bool exempt); 62 int bsdauth_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 63 int sudo_aix_init(struct passwd *pw, sudo_auth *auth); 64 int sudo_aix_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 65 int sudo_aix_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 66 int sudo_fwtk_init(struct passwd *pw, sudo_auth *auth); 67 int sudo_fwtk_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); 68 int sudo_fwtk_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 69 int sudo_pam_init(struct passwd *pw, sudo_auth *auth); 70 int sudo_pam_init_quiet(struct passwd *pw, sudo_auth *auth); 71 int sudo_pam_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); 72 int sudo_pam_approval(struct passwd *pw, sudo_auth *auth, bool exempt); 73 int sudo_pam_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 74 int sudo_pam_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); 75 int sudo_pam_end_session(struct passwd *pw, sudo_auth *auth); 76 int sudo_securid_init(struct passwd *pw, sudo_auth *auth); 77 int sudo_securid_setup(struct passwd *pw, char **prompt, sudo_auth *auth); 78 int sudo_securid_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 79 int sudo_sia_setup(struct passwd *pw, char **prompt, sudo_auth *auth); 80 int sudo_sia_verify(struct passwd *pw, char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback); 81 int sudo_sia_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 82 int sudo_sia_begin_session(struct passwd *pw, char **user_env[], sudo_auth *auth); 83 84 /* Prototypes for normal methods */ 85 int sudo_afs_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 86 int sudo_dce_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 87 int sudo_krb5_init(struct passwd *pw, sudo_auth *auth); 88 int sudo_krb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth); 89 int sudo_krb5_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 90 int sudo_krb5_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 91 int sudo_passwd_init(struct passwd *pw, sudo_auth *auth); 92 int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 93 int sudo_passwd_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 94 int sudo_rfc1938_setup(struct passwd *pw, char **prompt, sudo_auth *auth); 95 int sudo_rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 96 int sudo_secureware_init(struct passwd *pw, sudo_auth *auth); 97 int sudo_secureware_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback); 98 int sudo_secureware_cleanup(struct passwd *pw, sudo_auth *auth, bool force); 99 100 /* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */ 101 #define AUTH_ENTRY(n, f, i, s, v, a, c, b, e) \ 102 { (f), AUTH_FAILURE, (n), NULL, (i), (s), (v), (a), (c) , (b), (e) }, 103 104 #endif /* SUDO_AUTH_H */ 105