1 /* 2 * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com> 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 * 16 * $Sudo: sudo_auth.h,v 1.20 2004/02/13 21:36:47 millert Exp $ 17 */ 18 19 #ifndef SUDO_AUTH_H 20 #define SUDO_AUTH_H 21 22 /* Auth function return values. */ 23 #define AUTH_SUCCESS 0 24 #define AUTH_FAILURE 1 25 #define AUTH_FATAL 2 26 27 typedef struct sudo_auth { 28 short flags; /* various flags, see below */ 29 short status; /* status from verify routine */ 30 char *name; /* name of the method as a string */ 31 VOID *data; /* method-specific data pointer */ 32 int (*init) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth)); 33 int (*setup) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth)); 34 int (*verify) __P((struct passwd *pw, char *p, struct sudo_auth *auth)); 35 int (*cleanup) __P((struct passwd *pw, struct sudo_auth *auth)); 36 } sudo_auth; 37 38 /* Values for sudo_auth.flags. */ 39 /* XXX - these names are too long for my liking */ 40 #define FLAG_USER 0x01 /* functions must run as the user, not root */ 41 #define FLAG_CONFIGURED 0x02 /* method configured ok */ 42 #define FLAG_ONEANDONLY 0x04 /* one and only auth method */ 43 44 /* Shortcuts for using the flags above. */ 45 #define NEEDS_USER(x) ((x)->flags & FLAG_USER) 46 #define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED) 47 #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY) 48 49 /* Prototypes for standalone methods */ 50 int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 51 int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 52 int fwtk_cleanup __P((struct passwd *pw, sudo_auth *auth)); 53 int pam_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 54 int pam_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 55 int pam_cleanup __P((struct passwd *pw, sudo_auth *auth)); 56 int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 57 int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 58 int sia_cleanup __P((struct passwd *pw, sudo_auth *auth)); 59 int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 60 int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 61 int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth)); 62 int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth)); 63 64 /* Prototypes for normal methods */ 65 int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 66 int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 67 int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 68 int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 69 int rfc1938_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 70 int rfc1938_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 71 int afs_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 72 int dce_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 73 int kerb4_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 74 int kerb4_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 75 int kerb5_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 76 int kerb5_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 77 int kerb5_cleanup __P((struct passwd *pw, sudo_auth *auth)); 78 int securid_init __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 79 int securid_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth)); 80 int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth)); 81 82 /* Fields: need_root, name, init, setup, verify, cleanup */ 83 #define AUTH_ENTRY(r, n, i, s, v, c) \ 84 { (r|FLAG_CONFIGURED), AUTH_FAILURE, n, NULL, i, s, v, c }, 85 86 /* Some methods cannots (or should not) interoperate with any others */ 87 #if defined(HAVE_PAM) 88 # define AUTH_STANDALONE \ 89 AUTH_ENTRY(0, "pam", \ 90 pam_init, NULL, pam_verify, pam_cleanup) 91 #elif defined(HAVE_SECURID) 92 # define AUTH_STANDALONE \ 93 AUTH_ENTRY(0, "SecurId", \ 94 securid_init, securid_setup, securid_verify, NULL) 95 #elif defined(HAVE_SIA) 96 # define AUTH_STANDALONE \ 97 AUTH_ENTRY(0, "sia", \ 98 NULL, sia_setup, sia_verify, sia_cleanup) 99 #elif defined(HAVE_AUTHENTICATE) 100 # define AUTH_STANDALONE \ 101 AUTH_ENTRY(0, "aixauth", \ 102 NULL, NULL, aixauth_verify, NULL) 103 #elif defined(HAVE_FWTK) 104 # define AUTH_STANDALONE \ 105 AUTH_ENTRY(0, "fwtk", \ 106 fwtk_init, NULL, fwtk_verify, fwtk_cleanup) 107 #elif defined(HAVE_BSD_AUTH_H) 108 # define AUTH_STANDALONE \ 109 AUTH_ENTRY(0, "bsdauth", \ 110 bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup) 111 #endif 112 113 #endif /* SUDO_AUTH_H */ 114