mirror of
https://github.com/Yubico/yubico-pam.git
synced 2024-11-29 00:24:11 +01:00
b708e6dcf1
Add support of Mysql/Mariadb for the yubikey_mapping Mise à jour sql complete, manque la documentation Final clean Add packages dependency actions: apt update Fix bool variable cause error build travis Fix job #2 Fix job #3 Fix #4 fix &null fix &null fix &null Fix line 257 %s test Apple integration test Apple integration Timeout Travis extend Timeout travis extend Fix klali comment Fix warning fix configure.ac fix configure.ac Update configure.ac Update util.c Update util.h Update util.c Update util.c Update util.c Update util.c Fix white space fix left column
105 lines
4.1 KiB
C
105 lines
4.1 KiB
C
/*
|
|
* Copyright (c) 2011-2014 Yubico AB
|
|
* Copyright (c) 2011 Tollef Fog Heen <tfheen@err.no>
|
|
* All rights reserved.
|
|
*
|
|
* Author : Fredrik Thulin <fredrik@yubico.com>
|
|
* Author : Tollef Fog Heen <tfheen@err.no>
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are
|
|
* met:
|
|
*
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
*
|
|
* * Redistributions in binary form must reproduce the above
|
|
* copyright notice, this list of conditions and the following
|
|
* disclaimer in the documentation and/or other materials provided
|
|
* with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#ifndef __PAM_YUBICO_UTIL_H_INCLUDED__
|
|
#define __PAM_YUBICO_UTIL_H_INCLUDED__
|
|
|
|
#include <stdio.h>
|
|
#include <stdint.h>
|
|
#include <pwd.h>
|
|
|
|
#define D(file, x...) do { \
|
|
fprintf (file, "debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
|
|
fprintf (file, x); \
|
|
fprintf (file, "\n"); \
|
|
} while (0)
|
|
|
|
/* Return values for authorize_user_token and authorize_user_token_ldap */
|
|
#define AUTH_NO_TOKENS -2 /* The user has no associated tokens */
|
|
#define AUTH_ERROR 0 /* Internal error when looking up associated tokens */
|
|
#define AUTH_FOUND 1 /* The requested token is associated to the user */
|
|
#define AUTH_NOT_FOUND -1 /* The requested token is not associated to the user */
|
|
|
|
int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn);
|
|
#ifdef HAVE_MYSQL
|
|
int check_user_token_mysql(const char *mysql_server,const char *mysql_user,const char *mysql_password,const char *mysql_database,const char *username,const char *otp_id,int verbose,FILE *debug_file);
|
|
#endif
|
|
int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file);
|
|
|
|
#if HAVE_CR
|
|
#include <ykcore.h>
|
|
|
|
/* Challenges can be 0..63 or 64 bytes long, depending on YubiKey configuration.
|
|
* We settle for 63 bytes to have something that works with all configurations.
|
|
*/
|
|
#define CR_CHALLENGE_SIZE 63
|
|
#define CR_RESPONSE_SIZE 20
|
|
#define CR_SALT_SIZE 32
|
|
|
|
#define CR_DEFAULT_ITERATIONS 10000
|
|
|
|
struct chalresp_state {
|
|
char challenge[CR_CHALLENGE_SIZE];
|
|
uint8_t challenge_len;
|
|
char response[CR_RESPONSE_SIZE];
|
|
uint8_t response_len;
|
|
char salt[CR_SALT_SIZE];
|
|
uint8_t salt_len;
|
|
uint8_t slot;
|
|
uint32_t iterations;
|
|
};
|
|
|
|
typedef struct chalresp_state CR_STATE;
|
|
|
|
int generate_random(void *buf, int len);
|
|
|
|
int check_user_challenge_file(const char *chalresp_path, const struct passwd *user, FILE *debug_file);
|
|
int get_user_challenge_file(YK_KEY *yk, const char *chalresp_path, const struct passwd *user, char **fn, FILE *debug_file);
|
|
|
|
int load_chalresp_state(FILE *f, CR_STATE *state, bool verbose, FILE *debug_file);
|
|
int write_chalresp_state(FILE *f, CR_STATE *state);
|
|
|
|
int init_yubikey(YK_KEY **yk);
|
|
int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet, FILE *debug_file);
|
|
int challenge_response(YK_KEY *yk, int slot,
|
|
char *challenge, unsigned int len,
|
|
bool hmac, bool may_block, bool verbose,
|
|
char *response, unsigned int res_size, unsigned int *res_len);
|
|
|
|
#endif /* HAVE_CR */
|
|
|
|
size_t filter_result_len(const char *filter, const char *user, char *output);
|
|
char *filter_printf(const char *filter, const char *user);
|
|
|
|
#endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */
|