diff options
author | Sumit Bose <sbose@redhat.com> | 2015-06-26 17:55:23 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-07-31 09:51:58 +0200 |
commit | 10703cd558016685ee778e333f1d4490238d46e7 (patch) | |
tree | fdeb34415d924e29d94091f66ff9444c9d3479c1 /src/util | |
parent | 35f3a213e0f0f2c60e9b5f095a05388e21092ae2 (diff) | |
download | sssd-10703cd558016685ee778e333f1d4490238d46e7.tar.gz sssd-10703cd558016685ee778e333f1d4490238d46e7.tar.xz sssd-10703cd558016685ee778e333f1d4490238d46e7.zip |
authok: add support for Smart Card related authtokens
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util')
-rw-r--r-- | src/util/authtok.c | 64 | ||||
-rw-r--r-- | src/util/authtok.h | 41 |
2 files changed, 105 insertions, 0 deletions
diff --git a/src/util/authtok.c b/src/util/authtok.c index 45761df80..6062cd875 100644 --- a/src/util/authtok.c +++ b/src/util/authtok.c @@ -39,6 +39,8 @@ size_t sss_authtok_get_size(struct sss_auth_token *tok) case SSS_AUTHTOK_TYPE_PASSWORD: case SSS_AUTHTOK_TYPE_CCFILE: case SSS_AUTHTOK_TYPE_2FA: + case SSS_AUTHTOK_TYPE_SC_PIN: + case SSS_AUTHTOK_TYPE_SC_KEYPAD: return tok->length; case SSS_AUTHTOK_TYPE_EMPTY: return 0; @@ -72,6 +74,8 @@ errno_t sss_authtok_get_password(struct sss_auth_token *tok, return EOK; case SSS_AUTHTOK_TYPE_CCFILE: case SSS_AUTHTOK_TYPE_2FA: + case SSS_AUTHTOK_TYPE_SC_PIN: + case SSS_AUTHTOK_TYPE_SC_KEYPAD: return EACCES; } @@ -95,6 +99,8 @@ errno_t sss_authtok_get_ccfile(struct sss_auth_token *tok, return EOK; case SSS_AUTHTOK_TYPE_PASSWORD: case SSS_AUTHTOK_TYPE_2FA: + case SSS_AUTHTOK_TYPE_SC_PIN: + case SSS_AUTHTOK_TYPE_SC_KEYPAD: return EACCES; } @@ -144,9 +150,11 @@ void sss_authtok_set_empty(struct sss_auth_token *tok) return; case SSS_AUTHTOK_TYPE_PASSWORD: case SSS_AUTHTOK_TYPE_2FA: + case SSS_AUTHTOK_TYPE_SC_PIN: safezero(tok->data, tok->length); break; case SSS_AUTHTOK_TYPE_CCFILE: + case SSS_AUTHTOK_TYPE_SC_KEYPAD: break; } @@ -187,6 +195,11 @@ errno_t sss_authtok_set(struct sss_auth_token *tok, return sss_authtok_set_ccfile(tok, (const char *)data, len); case SSS_AUTHTOK_TYPE_2FA: return sss_authtok_set_2fa_from_blob(tok, data, len); + case SSS_AUTHTOK_TYPE_SC_PIN: + return sss_authtok_set_sc_pin(tok, (const char*)data, len); + case SSS_AUTHTOK_TYPE_SC_KEYPAD: + sss_authtok_set_sc_keypad(tok); + return EOK; case SSS_AUTHTOK_TYPE_EMPTY: sss_authtok_set_empty(tok); return EOK; @@ -411,3 +424,54 @@ errno_t sss_authtok_set_2fa(struct sss_auth_token *tok, return EOK; } + +errno_t sss_authtok_set_sc_pin(struct sss_auth_token *tok, const char *pin, + size_t len) +{ + if (tok == NULL) { + return EFAULT; + } + if (pin == NULL) { + return EINVAL; + } + + sss_authtok_set_empty(tok); + + return sss_authtok_set_string(tok, SSS_AUTHTOK_TYPE_SC_PIN, + "sc_pin", pin, len); +} + +errno_t sss_authtok_get_sc_pin(struct sss_auth_token *tok, const char **pin, + size_t *len) +{ + if (!tok) { + return EFAULT; + } + switch (tok->type) { + case SSS_AUTHTOK_TYPE_EMPTY: + return ENOENT; + case SSS_AUTHTOK_TYPE_SC_PIN: + *pin = (const char *)tok->data; + if (len) { + *len = tok->length - 1; + } + return EOK; + case SSS_AUTHTOK_TYPE_PASSWORD: + case SSS_AUTHTOK_TYPE_CCFILE: + case SSS_AUTHTOK_TYPE_2FA: + case SSS_AUTHTOK_TYPE_SC_KEYPAD: + return EACCES; + } + + return EINVAL; +} + +void sss_authtok_set_sc_keypad(struct sss_auth_token *tok) +{ + if (!tok) { + return; + } + sss_authtok_set_empty(tok); + + tok->type = SSS_AUTHTOK_TYPE_SC_KEYPAD; +} diff --git a/src/util/authtok.h b/src/util/authtok.h index cb3662708..f1a01a423 100644 --- a/src/util/authtok.h +++ b/src/util/authtok.h @@ -223,4 +223,45 @@ errno_t sss_authtok_set_2fa(struct sss_auth_token *tok, errno_t sss_authtok_get_2fa(struct sss_auth_token *tok, const char **fa1, size_t *fa1_len, const char **fa2, size_t *fa2_len); + +/** + * @brief Set a Smart Card pin into a an auth token, replacing any previous data + * + * @param tok A pointer to a sss_auth_token structure to change, also + * used as a memory context to allocate the internal data. + * @param pin A string + * @param len The length of the string or, if 0 is passed, + * then strlen(password) will be used internally. + * + * @return EOK on success + * ENOMEM on error + */ +errno_t sss_authtok_set_sc_pin(struct sss_auth_token *tok, const char *pin, + size_t len); + +/** + * @brief Returns a Smart Card pin as const string if the auth token is of + * type SSS_AUTHTOK_TYPE_SC_PIN, otherwise it returns an error + * + * @param tok A pointer to an sss_auth_token + * @param pin A pointer to a const char *, that will point to a null + * terminated string + * @param len The length of the pin string + * + * @return EOK on success + * ENOENT if the token is empty + * EACCESS if the token is not a Smart Card pin token + */ +errno_t sss_authtok_get_sc_pin(struct sss_auth_token *tok, const char **pin, + size_t *len); + +/** + * @brief Sets an auth token to type SSS_AUTHTOK_TYPE_SC_KEYPAD, replacing any + * previous data + * + * @param tok A pointer to a sss_auth_token structure to change, also + * used as a memory context to allocate the internal data. + */ +void sss_authtok_set_sc_keypad(struct sss_auth_token *tok); + #endif /* __AUTHTOK_H__ */ |