diff options
Diffstat (limited to 'src/krb5_plugin/passkey/passkey.h')
| -rw-r--r-- | src/krb5_plugin/passkey/passkey.h | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/krb5_plugin/passkey/passkey.h b/src/krb5_plugin/passkey/passkey.h new file mode 100644 index 0000000..0f36d5d --- /dev/null +++ b/src/krb5_plugin/passkey/passkey.h @@ -0,0 +1,110 @@ +/* + Authors: + Pavel Březina <pbrezina@redhat.com> + + Copyright (C) 2023 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _PASSKEY_H_ +#define _PASSKEY_H_ + +#include <stdlib.h> +#include <krb5/preauth_plugin.h> + +#ifndef discard_const +#define discard_const(ptr) ((void *)((uintptr_t)(ptr))) +#endif + +#define SSSD_PASSKEY_PLUGIN "passkey" +#define SSSD_PASSKEY_CONFIG "passkey" +#define SSSD_PASSKEY_PADATA 153 // PA-REDHAT-PASSKEY +#define SSSD_PASSKEY_QUESTION "passkey" +#define SSSD_PASSKEY_PREFIX "passkey " +#define SSSD_PASSKEY_REPLY_STATE "ipa_otpd state" +#define SSSD_PASSKEY_PROMPT "Insert your passkey device, then press ENTER" +#define SSSD_PASSKEY_PIN_PROMPT "Enter PIN" +#define SSSD_PASSKEY_CHILD SSSD_LIBEXEC_PATH"/passkey_child" + +struct sss_passkey_config { + char **indicators; +}; + +void +sss_passkey_config_free(struct sss_passkey_config *passkey); + +krb5_error_code +sss_passkey_config_init(const char *config, + struct sss_passkey_config **_passkey); + +enum sss_passkey_phase { + SSS_PASSKEY_PHASE_INIT, + SSS_PASSKEY_PHASE_CHALLENGE, + SSS_PASSKEY_PHASE_REPLY +}; + +struct sss_passkey_challenge { + char *domain; + char **credential_id_list; + int user_verification; + char *cryptographic_challenge; +}; + +struct sss_passkey_reply { + char *credential_id; + char *cryptographic_challenge; + char *authenticator_data; + char *assertion_signature; + char *user_id; +}; + +struct sss_passkey_message { + enum sss_passkey_phase phase; + char *state; + union { + struct sss_passkey_challenge *challenge; + struct sss_passkey_reply *reply; + void *ptr; + } data; +}; + +void +sss_passkey_message_free(struct sss_passkey_message *message); + +struct sss_passkey_message * +sss_passkey_message_from_reply_json(enum sss_passkey_phase phase, + const char *state, + const char *json_str); + +char * +sss_passkey_message_encode(const struct sss_passkey_message *data); + +struct sss_passkey_message * +sss_passkey_message_decode(const char *str); + +krb5_pa_data * +sss_passkey_message_encode_padata(const struct sss_passkey_message *data); + +struct sss_passkey_message * +sss_passkey_message_decode_padata(krb5_pa_data *padata); + +krb5_pa_data ** +sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data); + +krb5_error_code +sss_passkey_concat_credentials(char **creds, + char **_creds_str); + +#endif /* _PASSKEY_H_ */ |