blob: 0f36d5da1afee41f8db22e307742261a59518aa4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
/*
Authors:
Pavel Březina <pbrezina@redhat.com>
Copyright (C) 2023 Red Hat
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _PASSKEY_H_
#define _PASSKEY_H_
#include <stdlib.h>
#include <krb5/preauth_plugin.h>
#ifndef discard_const
#define discard_const(ptr) ((void *)((uintptr_t)(ptr)))
#endif
#define SSSD_PASSKEY_PLUGIN "passkey"
#define SSSD_PASSKEY_CONFIG "passkey"
#define SSSD_PASSKEY_PADATA 153 // PA-REDHAT-PASSKEY
#define SSSD_PASSKEY_QUESTION "passkey"
#define SSSD_PASSKEY_PREFIX "passkey "
#define SSSD_PASSKEY_REPLY_STATE "ipa_otpd state"
#define SSSD_PASSKEY_PROMPT "Insert your passkey device, then press ENTER"
#define SSSD_PASSKEY_PIN_PROMPT "Enter PIN"
#define SSSD_PASSKEY_CHILD SSSD_LIBEXEC_PATH"/passkey_child"
struct sss_passkey_config {
char **indicators;
};
void
sss_passkey_config_free(struct sss_passkey_config *passkey);
krb5_error_code
sss_passkey_config_init(const char *config,
struct sss_passkey_config **_passkey);
enum sss_passkey_phase {
SSS_PASSKEY_PHASE_INIT,
SSS_PASSKEY_PHASE_CHALLENGE,
SSS_PASSKEY_PHASE_REPLY
};
struct sss_passkey_challenge {
char *domain;
char **credential_id_list;
int user_verification;
char *cryptographic_challenge;
};
struct sss_passkey_reply {
char *credential_id;
char *cryptographic_challenge;
char *authenticator_data;
char *assertion_signature;
char *user_id;
};
struct sss_passkey_message {
enum sss_passkey_phase phase;
char *state;
union {
struct sss_passkey_challenge *challenge;
struct sss_passkey_reply *reply;
void *ptr;
} data;
};
void
sss_passkey_message_free(struct sss_passkey_message *message);
struct sss_passkey_message *
sss_passkey_message_from_reply_json(enum sss_passkey_phase phase,
const char *state,
const char *json_str);
char *
sss_passkey_message_encode(const struct sss_passkey_message *data);
struct sss_passkey_message *
sss_passkey_message_decode(const char *str);
krb5_pa_data *
sss_passkey_message_encode_padata(const struct sss_passkey_message *data);
struct sss_passkey_message *
sss_passkey_message_decode_padata(krb5_pa_data *padata);
krb5_pa_data **
sss_passkey_message_encode_padata_array(const struct sss_passkey_message *data);
krb5_error_code
sss_passkey_concat_credentials(char **creds,
char **_creds_str);
#endif /* _PASSKEY_H_ */
|
