forked from Yubico/yubico-pam
-
Notifications
You must be signed in to change notification settings - Fork 0
/
util.h
100 lines (83 loc) · 3.83 KB
/
util.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
/*
* Copyright (c) 2011-2014 Yubico AB
* Copyright (c) 2011 Tollef Fog Heen <[email protected]>
* All rights reserved.
*
* Author : Fredrik Thulin <[email protected]>
* Author : Tollef Fog Heen <[email protected]>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __PAM_YUBICO_UTIL_H_INCLUDED__
#define __PAM_YUBICO_UTIL_H_INCLUDED__
#include <stdio.h>
#include <stdint.h>
#include <pwd.h>
#define D(file, x...) do { \
fprintf (file, "debug: %s:%d (%s): ", __FILE__, __LINE__, __FUNCTION__); \
fprintf (file, x); \
fprintf (file, "\n"); \
} while (0)
/* Return values for authorize_user_token and authorize_user_token_ldap */
#define AUTH_NO_TOKENS -2 /* The user has no associated tokens */
#define AUTH_ERROR 0 /* Internal error when looking up associated tokens */
#define AUTH_FOUND 1 /* The requested token is associated to the user */
#define AUTH_NOT_FOUND -1 /* The requested token is not associated to the user */
int get_user_cfgfile_path(const char *common_path, const char *filename, const struct passwd *user, char **fn);
int check_user_token(const char *authfile, const char *username, const char *otp_id, int verbose, FILE *debug_file);
#if HAVE_CR
#include <ykcore.h>
/* Challenges can be 0..63 or 64 bytes long, depending on YubiKey configuration.
* We settle for 63 bytes to have something that works with all configurations.
*/
#define CR_CHALLENGE_SIZE 63
#define CR_RESPONSE_SIZE 20
#define CR_SALT_SIZE 32
#define CR_DEFAULT_ITERATIONS 10000
struct chalresp_state {
char challenge[CR_CHALLENGE_SIZE];
uint8_t challenge_len;
char response[CR_RESPONSE_SIZE];
uint8_t response_len;
char salt[CR_SALT_SIZE];
uint8_t salt_len;
uint8_t slot;
uint32_t iterations;
};
typedef struct chalresp_state CR_STATE;
int generate_random(void *buf, int len);
int get_user_challenge_file(YK_KEY *yk, const char *chalresp_path, const struct passwd *user, char **fn, FILE *debug_file);
int load_chalresp_state(FILE *f, CR_STATE *state, bool verbose, FILE *debug_file);
int write_chalresp_state(FILE *f, CR_STATE *state);
int init_yubikey(YK_KEY **yk);
int check_firmware_version(YK_KEY *yk, bool verbose, bool quiet, FILE *debug_file);
int challenge_response(YK_KEY *yk, int slot,
char *challenge, unsigned int len,
bool hmac, bool may_block, bool verbose,
char *response, unsigned int res_size, unsigned int *res_len);
#endif /* HAVE_CR */
size_t filter_result_len(const char *filter, const char *user, char *output);
char *filter_printf(const char *filter, const char *user);
#endif /* __PAM_YUBICO_UTIL_H_INCLUDED__ */