diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-07-10 17:54:07 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-07-31 09:52:01 +0200 |
| commit | a8d887323f83984679a7d9b827a70146656bb7b2 (patch) | |
| tree | e6b93747e75ac876e7c8acf6a1b79db0ec65fb04 /src/responder/pam/pamsrv.h | |
| parent | 10703cd558016685ee778e333f1d4490238d46e7 (diff) | |
| download | sssd-a8d887323f83984679a7d9b827a70146656bb7b2.tar.gz sssd-a8d887323f83984679a7d9b827a70146656bb7b2.tar.xz sssd-a8d887323f83984679a7d9b827a70146656bb7b2.zip | |
PAM: add certificate support to PAM (pre-)auth requests
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/responder/pam/pamsrv.h')
| -rw-r--r-- | src/responder/pam/pamsrv.h | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h index 027800646..59831f2e7 100644 --- a/src/responder/pam/pamsrv.h +++ b/src/responder/pam/pamsrv.h @@ -43,6 +43,10 @@ struct pam_ctx { /* List of domains that are accessible even for untrusted users. */ char **public_domains; int public_domains_count; + + bool cert_auth; + int p11_child_debug_fd; + char *nss_db; }; struct pam_auth_dp_req { @@ -65,6 +69,9 @@ struct pam_auth_req { bool cached_auth_failed; struct pam_auth_dp_req *dpreq_spy; + + struct ldb_message *cert_user_obj; + char *token_name; }; struct sss_cmd_table *get_pam_cmds(void); @@ -73,4 +80,19 @@ int pam_dp_send_req(struct pam_auth_req *preq, int timeout); int LOCAL_pam_handler(struct pam_auth_req *preq); +errno_t p11_child_init(struct pam_ctx *pctx); + +struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + int child_debug_fd, + const char *nss_db, + time_t timeout, + struct pam_data *pd); +errno_t pam_check_cert_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, + char **cert, char **token_name); + +errno_t add_pam_cert_response(struct pam_data *pd, const char *user, + const char *token_name); + +bool may_do_cert_auth(struct pam_ctx *pctx, struct pam_data *pd); #endif /* __PAMSRV_H__ */ |