1/* 2 * Copyright (c) 1999-2005, 2007-2009 Todd C. Miller <Todd.Miller@courtesan.com> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17#ifndef SUDO_AUTH_H 18#define SUDO_AUTH_H 19 20/* Auth function return values. */ 21#define AUTH_SUCCESS 0 22#define AUTH_FAILURE 1 23#define AUTH_INTR 2 24#define AUTH_FATAL 3 25 26typedef struct sudo_auth { 27 short flags; /* various flags, see below */ 28 short status; /* status from verify routine */ 29 char *name; /* name of the method as a string */ 30 void *data; /* method-specific data pointer */ 31 int (*init) __P((struct passwd *pw, struct sudo_auth *auth)); 32 int (*setup) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth)); 33 int (*verify) __P((struct passwd *pw, char *p, struct sudo_auth *auth)); 34 int (*cleanup) __P((struct passwd *pw, struct sudo_auth *auth)); 35} sudo_auth; 36 37/* Values for sudo_auth.flags. */ 38/* XXX - these names are too long for my liking */ 39#define FLAG_USER 0x01 /* functions must run as the user, not root */ 40#define FLAG_CONFIGURED 0x02 /* method configured ok */ 41#define FLAG_ONEANDONLY 0x04 /* one and only auth method */ 42 43/* Shortcuts for using the flags above. */ 44#define NEEDS_USER(x) ((x)->flags & FLAG_USER) 45#define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED) 46#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) 47 48/* Prototypes for standalone methods */ 49int fwtk_init __P((struct passwd *pw, sudo_auth *auth)); 50int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 51int fwtk_cleanup __P((struct passwd *pw, sudo_auth *auth)); 52int pam_init __P((struct passwd *pw, sudo_auth *auth)); 53int pam_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 54int pam_cleanup __P((struct passwd *pw, sudo_auth *auth)); 55int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 56int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 57int sia_cleanup __P((struct passwd *pw, sudo_auth *auth)); 58int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 59int aixauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); 60int bsdauth_init __P((struct passwd *pw, sudo_auth *auth)); 61int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 62int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); 63 64/* Prototypes for normal methods */ 65int passwd_init __P((struct passwd *pw, sudo_auth *auth)); 66int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 67int passwd_cleanup __P((struct passwd *pw, sudo_auth *auth)); 68int secureware_init __P((struct passwd *pw, sudo_auth *auth)); 69int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 70int secureware_cleanup __P((struct passwd *pw, sudo_auth *auth)); 71int rfc1938_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 72int rfc1938_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 73int afs_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 74int dce_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 75int kerb4_init __P((struct passwd *pw, sudo_auth *auth)); 76int kerb4_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 77int kerb5_init __P((struct passwd *pw, sudo_auth *auth)); 78int kerb5_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 79int kerb5_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 80int kerb5_cleanup __P((struct passwd *pw, sudo_auth *auth)); 81int securid_init __P((struct passwd *pw, sudo_auth *auth)); 82int securid_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 83int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 84 85/* Fields: need_root, name, init, setup, verify, cleanup */ 86#define AUTH_ENTRY(r, n, i, s, v, c) \ 87 { (r|FLAG_CONFIGURED), AUTH_FAILURE, n, NULL, i, s, v, c }, 88 89/* Some methods cannots (or should not) interoperate with any others */ 90#if defined(HAVE_PAM) 91# define AUTH_STANDALONE \ 92 AUTH_ENTRY(0, "pam", \ 93 pam_init, NULL, pam_verify, pam_cleanup) 94#elif defined(HAVE_SECURID) 95# define AUTH_STANDALONE \ 96 AUTH_ENTRY(0, "SecurId", \ 97 securid_init, securid_setup, securid_verify, NULL) 98#elif defined(HAVE_SIA_SES_INIT) 99# define AUTH_STANDALONE \ 100 AUTH_ENTRY(0, "sia", \ 101 NULL, sia_setup, sia_verify, sia_cleanup) 102#elif defined(HAVE_AIXAUTH) 103# define AUTH_STANDALONE \ 104 AUTH_ENTRY(0, "aixauth", \ 105 NULL, NULL, aixauth_verify, aixauth_cleanup) 106#elif defined(HAVE_FWTK) 107# define AUTH_STANDALONE \ 108 AUTH_ENTRY(0, "fwtk", \ 109 fwtk_init, NULL, fwtk_verify, fwtk_cleanup) 110#elif defined(HAVE_BSD_AUTH_H) 111# define AUTH_STANDALONE \ 112 AUTH_ENTRY(0, "bsdauth", \ 113 bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup) 114#endif 115 116#endif /* SUDO_AUTH_H */ 117