2 * Copyright (c) 1999-2001 Todd C. Miller <Todd.Miller@courtesan.com>
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * 4. Products derived from this software may not be called "Sudo" nor
20 * may "Sudo" appear in their names without specific prior written
21 * permission from the author.
23 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
24 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
25 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
26 * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
29 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
30 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
31 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
32 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 * $Sudo: sudo_auth.h,v 1.19 2001/12/14 19:55:01 millert Exp $
40 /* Auth function return values. */
41 #define AUTH_SUCCESS 0
42 #define AUTH_FAILURE 1
45 typedef struct sudo_auth {
46 short flags; /* various flags, see below */
47 short status; /* status from verify routine */
48 char *name; /* name of the method as a string */
49 VOID *data; /* method-specific data pointer */
50 int (*init) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
51 int (*setup) __P((struct passwd *pw, char **prompt, struct sudo_auth *auth));
52 int (*verify) __P((struct passwd *pw, char *p, struct sudo_auth *auth));
53 int (*cleanup) __P((struct passwd *pw, struct sudo_auth *auth));
56 /* Values for sudo_auth.flags. */
57 /* XXX - these names are too long for my liking */
58 #define FLAG_USER 0x01 /* functions must run as the user, not root */
59 #define FLAG_CONFIGURED 0x02 /* method configured ok */
60 #define FLAG_ONEANDONLY 0x04 /* one and only auth method */
62 /* Shortcuts for using the flags above. */
63 #define NEEDS_USER(x) ((x)->flags & FLAG_USER)
64 #define IS_CONFIGURED(x) ((x)->flags & FLAG_CONFIGURED)
65 #define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)
67 /* Prototypes for standalone methods */
68 int fwtk_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
69 int fwtk_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
70 int fwtk_cleanup __P((struct passwd *pw, sudo_auth *auth));
71 int pam_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
72 int pam_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
73 int pam_cleanup __P((struct passwd *pw, sudo_auth *auth));
74 int sia_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
75 int sia_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
76 int sia_cleanup __P((struct passwd *pw, sudo_auth *auth));
77 int aixauth_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
78 int bsdauth_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
79 int bsdauth_verify __P((struct passwd *pw, char *prompt, sudo_auth *auth));
80 int bsdauth_cleanup __P((struct passwd *pw, sudo_auth *auth));
82 /* Prototypes for normal methods */
83 int passwd_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
84 int passwd_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
85 int secureware_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
86 int secureware_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
87 int rfc1938_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
88 int rfc1938_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
89 int afs_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
90 int dce_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
91 int kerb4_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
92 int kerb4_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
93 int kerb5_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
94 int kerb5_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
95 int kerb5_cleanup __P((struct passwd *pw, sudo_auth *auth));
96 int securid_init __P((struct passwd *pw, char **prompt, sudo_auth *auth));
97 int securid_setup __P((struct passwd *pw, char **prompt, sudo_auth *auth));
98 int securid_verify __P((struct passwd *pw, char *pass, sudo_auth *auth));
100 /* Fields: need_root, name, init, setup, verify, cleanup */
101 #define AUTH_ENTRY(r, n, i, s, v, c) \
102 { (r|FLAG_CONFIGURED), AUTH_FAILURE, n, NULL, i, s, v, c },
104 /* Some methods cannots (or should not) interoperate with any others */
105 #if defined(HAVE_PAM)
106 # define AUTH_STANDALONE \
107 AUTH_ENTRY(0, "pam", \
108 pam_init, NULL, pam_verify, pam_cleanup)
109 #elif defined(HAVE_SECURID)
110 # define AUTH_STANDALONE \
111 AUTH_ENTRY(0, "SecurId", \
112 securid_init, securid_setup, securid_verify, NULL)
113 #elif defined(HAVE_SIA)
114 # define AUTH_STANDALONE \
115 AUTH_ENTRY(0, "sia", \
116 NULL, sia_setup, sia_verify, sia_cleanup)
117 #elif defined(HAVE_AUTHENTICATE)
118 # define AUTH_STANDALONE \
119 AUTH_ENTRY(0, "aixauth", \
120 NULL, NULL, aixauth_verify, NULL)
121 #elif defined(HAVE_FWTK)
122 # define AUTH_STANDALONE \
123 AUTH_ENTRY(0, "fwtk", \
124 fwtk_init, NULL, fwtk_verify, fwtk_cleanup)
125 #elif defined(HAVE_BSD_AUTH_H)
126 # define AUTH_STANDALONE \
127 AUTH_ENTRY(0, "bsdauth", \
128 bsdauth_init, NULL, bsdauth_verify, bsdauth_cleanup)
131 #endif /* SUDO_AUTH_H */