diff options
Diffstat (limited to 'src/krb5_plugin/common/radius_kdcpreauth.h')
-rw-r--r-- | src/krb5_plugin/common/radius_kdcpreauth.h | 185 |
1 files changed, 185 insertions, 0 deletions
diff --git a/src/krb5_plugin/common/radius_kdcpreauth.h b/src/krb5_plugin/common/radius_kdcpreauth.h new file mode 100644 index 0000000..7e032b3 --- /dev/null +++ b/src/krb5_plugin/common/radius_kdcpreauth.h @@ -0,0 +1,185 @@ +/* + Authors: + Pavel Březina <pbrezina@redhat.com> + + Copyright (C) 2023 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _RADIUS_KDCPREAUTH_H_ +#define _RADIUS_KDCPREAUTH_H_ + +#include <stdlib.h> +#include <krb5/preauth_plugin.h> + +struct sss_radiuskdc_state { + const char *plugin_name; + const char *server; + const char *secret; + size_t retries; + int timeout; +}; + +struct sss_radiuskdc_config { + char *username; + char *server; + char *secret; + size_t retries; + int timeout; +}; + +struct sss_radiuskdc_client { + krad_client *client; + krad_attrset *attrs; +}; + +struct sss_radiuskdc_challenge { + struct sss_radiuskdc_client *client; + + krb5_context kctx; + krb5_kdcpreauth_callbacks cb; + krb5_kdcpreauth_rock rock; + krb5_kdcpreauth_edata_respond_fn respond; + void *arg; +}; + +struct sss_radiuskdc_verify { + struct sss_radiuskdc_client *client; + char **indicators; + + krb5_context kctx; + krb5_kdcpreauth_rock rock; + krb5_kdcpreauth_callbacks cb; + krb5_enc_tkt_part *enc_tkt_reply; + krb5_kdcpreauth_verify_respond_fn respond; + void *arg; +}; + +krb5_error_code +sss_radiuskdc_init(const char *plugin_name, + krb5_context kctx, + krb5_kdcpreauth_moddata *_moddata, + const char **_realmnames); + +void +sss_radiuskdc_fini(krb5_context kctx, + krb5_kdcpreauth_moddata moddata); + +int +sss_radiuskdc_flags(krb5_context kctx, + krb5_preauthtype pa_type); + +krb5_error_code +sss_radiuskdc_return_padata(krb5_context kctx, + krb5_pa_data *padata, + krb5_data *req_pkt, + krb5_kdc_req *request, + krb5_kdc_rep *reply, + krb5_keyblock *encrypting_key, + krb5_pa_data **send_pa_out, + krb5_kdcpreauth_callbacks cb, + krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_moddata moddata, + krb5_kdcpreauth_modreq modreq); + +krb5_error_code +sss_radiuskdc_enabled(const char *config_name, + krb5_context kctx, + krb5_kdcpreauth_callbacks cb, + krb5_kdcpreauth_rock rock, + char **_config); + +void +sss_radiuskdc_config_free(struct sss_radiuskdc_config *config); + +krb5_error_code +sss_radiuskdc_config_init(struct sss_radiuskdc_state *state, + krb5_context kctx, + krb5_const_principal princ, + const char *configstr, + struct sss_radiuskdc_config **_config); + +krb5_error_code +sss_radiuskdc_set_cookie(krb5_context context, + krb5_kdcpreauth_callbacks cb, + krb5_kdcpreauth_rock rock, + krb5_preauthtype pa_type, + const krb5_data *state); + +krb5_error_code +sss_radiuskdc_get_cookie(krb5_context context, + krb5_kdcpreauth_callbacks cb, + krb5_kdcpreauth_rock rock, + krb5_preauthtype pa_type, + krb5_data *_state); + +krb5_error_code +sss_radiuskdc_get_complete_attr(const krad_packet *rres, + const char *attr_name, + krb5_data *_data); + +krb5_error_code +sss_radiuskdc_put_complete_attr(krad_attrset *attrset, + krad_attr attr, + const krb5_data *datap); + +char * +sss_radiuskdc_get_attr_as_string(const krad_packet *packet, const char *attr); + + +krb5_error_code +sss_radiuskdc_set_attr_as_string(krad_attrset *attrset, + const char *attr, + const char *value); + +void +sss_radiuskdc_client_free(struct sss_radiuskdc_client *client); + +struct sss_radiuskdc_client * +sss_radiuskdc_client_init(krb5_context kctx, + verto_ctx *vctx, + struct sss_radiuskdc_config *config); + +void +sss_radiuskdc_challenge_free(struct sss_radiuskdc_challenge *state); + +struct sss_radiuskdc_challenge * +sss_radiuskdc_challenge_init(krb5_context kctx, + krb5_kdcpreauth_callbacks cb, + krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_edata_respond_fn respond, + void *arg, + struct sss_radiuskdc_config *config); + +void +sss_radiuskdc_verify_free(struct sss_radiuskdc_verify *state); + +struct sss_radiuskdc_verify * +sss_radiuskdc_verify_init(krb5_context kctx, + krb5_kdcpreauth_rock rock, + krb5_kdcpreauth_callbacks cb, + krb5_enc_tkt_part *enc_tkt_reply, + krb5_kdcpreauth_verify_respond_fn respond, + void *arg, + char **indicators, + struct sss_radiuskdc_config *config); + +void +sss_radiuskdc_verify_done(krb5_error_code rret, + const krad_packet *rreq, + const krad_packet *rres, + void *data); + +#endif /* _RADIUS_KDCPREAUTH_H_ */ |