xref: /netbsd-src/external/bsd/pam-u2f/dist/util.h (revision 8feb0f0b7eaff0608f8350bbfa3098827b4bb91b) 
1 /*
2  * Copyright (C) 2014-2019 Yubico AB - See COPYING
3  */
4 
5 #ifndef UTIL_H
6 #define UTIL_H
7 
8 #include <stdio.h>
9 #include <security/pam_appl.h>
10 
11 #define BUFSIZE 1024
12 #define MAX_DEVS 24
13 #define PK_LEN 130 // Public key
14 #define KH_LEN 86  // Key handle
15 #define RD_LEN 40  // Rounding
16 #define DEVSIZE (((PK_LEN) + (KH_LEN) + (RD_LEN)))
17 #define DEFAULT_AUTHFILE_DIR_VAR "XDG_CONFIG_HOME"
18 #define DEFAULT_AUTHFILE "/Yubico/u2f_keys"
19 #define DEFAULT_AUTHFILE_SSH "/id_ecdsa_sk"
20 #define DEFAULT_AUTHFILE_DIR "/.config"
21 #define DEFAULT_AUTHFILE_DIR_SSH "/.ssh"
22 #define DEFAULT_AUTHPENDING_FILE_PATH "/var/run/user/%d/pam-u2f-authpending"
23 #define DEFAULT_PROMPT "Insert your U2F device, then press ENTER."
24 #define DEFAULT_CUE "Please touch the device."
25 #define DEFAULT_ORIGIN_PREFIX "pam://"
26 #define SSH_ORIGIN "ssh:"
27 #define DEBUG_STR "debug(pam_u2f): %s:%d (%s): "
28 
29 #if defined(DEBUG_PAM)
30 #define D(file, ...) _debug(file, __FILE__, __LINE__, __func__, __VA_ARGS__)
31 #else
32 #define D(file, ...) ((void) 0)
33 #endif /* DEBUG_PAM */
34 
35 typedef struct {
36   unsigned max_devs;
37   int manual;
38   int debug;
39   int nouserok;
40   int openasuser;
41   int alwaysok;
42   int interactive;
43   int cue;
44   int nodetect;
45   int userpresence;
46   int userverification;
47   int pinverification;
48   int sshformat;
49   const char *auth_file;
50   const char *authpending_file;
51   const char *origin;
52   const char *appid;
53   const char *prompt;
54   const char *cue_prompt;
55   FILE *debug_file;
56   int is_custom_debug_file;
57 } cfg_t;
58 
59 typedef struct {
60   char *publicKey;
61   char *keyHandle;
62   char *coseType;
63   char *attributes;
64   int old_format;
65 } device_t;
66 
67 int get_devices_from_authfile(const cfg_t *cfg, const char *username,
68                               device_t *devices, unsigned *n_devs);
69 void free_devices(device_t *devices, const unsigned n_devs);
70 
71 int do_authentication(const cfg_t *cfg, const device_t *devices,
72                       const unsigned n_devs, pam_handle_t *pamh);
73 int do_manual_authentication(const cfg_t *cfg, const device_t *devices,
74                              const unsigned n_devs, pam_handle_t *pamh);
75 char *converse(pam_handle_t *pamh, int echocode, const char *prompt);
76 int random_bytes(void *, size_t);
77 int cose_type(const char *, int *);
78 const char *cose_string(int);
79 
80 #ifdef __GNUC__
81 void _debug(FILE *, const char *, int, const char *, const char *, ...)
82   __attribute__((__format__(printf, 5, 6)));
83 #else
84 void _debug(FILE *, const char *, int, const char *, const char *, ...);
85 #endif /* __GNUC__ */
86 
87 #if !defined(HAVE_EXPLICIT_BZERO)
88 void explicit_bzero(void *, size_t);
89 #endif
90 
91 #endif /* UTIL_H */
92