PAM: Passkey kerberos preauth support

Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
SSSD · Apr 4, 2023 · c76ba34 · c76ba34
1 parent 7c34742
commit c76ba34
Show file tree

Hide file tree

Showing 6 changed files with 579 additions and 76 deletions.
diff --git a/src/responder/pam/pam_prompting_config.c b/src/responder/pam/pam_prompting_config.c
@@ -239,6 +239,7 @@ errno_t pam_eval_prompting_config(struct pam_ctx *pctx, struct pam_data *pd)
             cert_auth = true;
             break;
         case SSS_PAM_PASSKEY_INFO:
+        case SSS_PAM_PASSKEY_KRB_INFO:
             passkey_auth = true;
             break;
         case SSS_PASSWORD_PROMPTING:

diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
@@ -49,7 +49,7 @@
 #define NO_DOMAINS_ARE_PUBLIC "none"
 #define DEFAULT_ALLOWED_UIDS ALL_UIDS_ALLOWED
 #define DEFAULT_PAM_CERT_AUTH false
-#define DEFAULT_PAM_PASSKEY_AUTH false
+#define DEFAULT_PAM_PASSKEY_AUTH true
 #define DEFAULT_PAM_CERT_DB_PATH SYSCONFDIR"/sssd/pki/sssd_auth_ca_db.pem"
 #define DEFAULT_PAM_INITGROUPS_SCHEME "no_session"
 

diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
@@ -72,6 +72,7 @@ struct pam_ctx {
     char **gssapi_indicators_map;
     bool gssapi_check_upn;
     bool passkey_auth;
+    struct pam_passkey_table_data *pk_table_data;
 };
 
 struct pam_auth_req {
@@ -94,7 +95,7 @@ struct pam_auth_req {
     struct cert_auth_info *current_cert;
     bool cert_auth_local;
 
-    struct passkey_auth_data *passkey_data;
+    bool passkey_data_exists;
     uint32_t client_id_num;
 };