sudo/plugins/sudoers/auth/sudo_auth.h

/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 1999-2005, 2007-2016, 2018 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

#ifndef SUDO_AUTH_H
#define SUDO_AUTH_H

/* Private auth function return values (rowhammer resistant).  */
#define AUTH_INTR		0x69d61fc8	/* 1101001110101100001111111001000 */
#define AUTH_NONINTERACTIVE	0x1629e037	/* 0010110001010011110000000110111 */

struct sudoers_context;
typedef struct sudo_auth {
    unsigned int flags;		/* various flags, see below */
    int status;			/* status from verify routine */
    const char *name;		/* name of the method as a string */
    void *data;			/* method-specific data pointer */
    int (*init)(const struct sudoers_context *ctx, struct passwd *pw, struct sudo_auth *auth);
    int (*setup)(const struct sudoers_context *ctx, struct passwd *pw, char **prompt, struct sudo_auth *auth);
    int (*verify)(const struct sudoers_context *ctx, struct passwd *pw, const char *p, struct sudo_auth *auth, struct sudo_conv_callback *callback);
    int (*approval)(const struct sudoers_context *ctx, struct passwd *pw, struct sudo_auth *auth, bool exempt);
    int (*cleanup)(const struct sudoers_context *ctx, struct passwd *pw, struct sudo_auth *auth, bool force);
    int (*begin_session)(const struct sudoers_context *ctx, struct passwd *pw, char **user_env[], struct sudo_auth *auth);
    int (*end_session)(struct sudo_auth *auth);
} sudo_auth;

/* Values for sudo_auth.flags.  */
#define FLAG_DISABLED		0x02U	/* method disabled */
#define FLAG_STANDALONE		0x04U	/* standalone auth method */
#define FLAG_ONEANDONLY		0x08U	/* one and only auth method */
#define FLAG_NONINTERACTIVE	0x10U	/* no user input allowed */

/* Shortcuts for using the flags above. */
#define IS_DISABLED(x)		((x)->flags & FLAG_DISABLED)
#define IS_STANDALONE(x)	((x)->flags & FLAG_STANDALONE)
#define IS_ONEANDONLY(x)	((x)->flags & FLAG_ONEANDONLY)
#define IS_NONINTERACTIVE(x)	((x)->flags & FLAG_NONINTERACTIVE)

/* Like tgetpass() but uses conversation function */
char *auth_getpass(const char *prompt, int type, struct sudo_conv_callback *callback);

/* Pointer to conversation function to use with auth_getpass(). */
extern sudo_conv_t sudo_conv;

/* Prototypes for standalone methods */
int bsdauth_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int bsdauth_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int bsdauth_approval(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool exempt);
int bsdauth_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
void bsdauth_set_style(const char *style);
int sudo_aix_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_aix_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_aix_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_fwtk_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_fwtk_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_fwtk_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_pam_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_pam_init_quiet(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_pam_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_pam_approval(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool exempt);
int sudo_pam_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_pam_begin_session(const struct sudoers_context *ctx, struct passwd *pw, char **user_env[], sudo_auth *auth);
int sudo_pam_end_session(sudo_auth *auth);
int sudo_securid_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_securid_setup(const struct sudoers_context *ctx, struct passwd *pw, char **prompt, sudo_auth *auth);
int sudo_securid_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_sia_setup(const struct sudoers_context *ctx, struct passwd *pw, char **prompt, sudo_auth *auth);
int sudo_sia_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *prompt, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_sia_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_sia_begin_session(const struct sudoers_context *ctx, struct passwd *pw, char **user_env[], sudo_auth *auth);

/* Prototypes for normal methods */
int sudo_afs_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_dce_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_krb5_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_krb5_setup(const struct sudoers_context *ctx, struct passwd *pw, char **prompt, sudo_auth *auth);
int sudo_krb5_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_krb5_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_passwd_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_passwd_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_passwd_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);
int sudo_rfc1938_setup(const struct sudoers_context *ctx, struct passwd *pw, char **prompt, sudo_auth *auth);
int sudo_rfc1938_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_secureware_init(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth);
int sudo_secureware_verify(const struct sudoers_context *ctx, struct passwd *pw, const char *pass, sudo_auth *auth, struct sudo_conv_callback *callback);
int sudo_secureware_cleanup(const struct sudoers_context *ctx, struct passwd *pw, sudo_auth *auth, bool force);

/* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */
#define AUTH_ENTRY(n, f, i, s, v, a, c, b, e) \
	{ (f), AUTH_FAILURE, (n), NULL, (i), (s), (v), (a), (c) , (b), (e) },

#endif /* SUDO_AUTH_H */
BSD-style copyright 1999-07-22 11:00:49 +00:00			`/*`
Add SPDX-License-Identifier to files. 2019-04-29 07:21:51 -06:00			`* SPDX-License-Identifier: ISC`
			`*`
Add an approval function to the sudo auth API which is run after the user's password has been verified. The approval function is run even if no password is required. This is currently only used for PAM (use pam_acct_mgmt) and BSD auth (auth_approval). 2018-01-16 10:27:58 -07:00			`* Copyright (c) 1999-2005, 2007-2016, 2018 Todd C. Miller <Todd.Miller@sudo.ws>`
BSD-style copyright 1999-07-22 11:00:49 +00:00			`*`
More to a less restrictive, ISC-style license. 2004-02-13 21:36:49 +00:00			`* Permission to use, copy, modify, and distribute this software for any`
			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
add 4th term to license similar to term 5 in the apache license 1999-07-31 16:19:50 +00:00			`*`
More to a less restrictive, ISC-style license. 2004-02-13 21:36:49 +00:00			`* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES`
			`* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF`
			`* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR`
			`* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES`
			`* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN`
			`* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF`
			`* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.`
BSD-style copyright 1999-07-22 11:00:49 +00:00			`*/`

New authentication API and methods 1999-07-11 00:32:11 +00:00			`#ifndef SUDO_AUTH_H`
			`#define SUDO_AUTH_H`

Fix spelling: resistent -> resistant 2023-10-12 10:20:34 -06:00			`/* Private auth function return values (rowhammer resistant). */`
Try to make sudo less vulnerable to ROWHAMMER attacks. We now use ROWHAMMER-resistent values for ALLOW, DENY, AUTH_SUCCESS, AUTH_FAILURE, AUTH_ERROR and AUTH_NONINTERACTIVE. In addition, we explicitly test for expected values instead of using a negated test against an error value. In the parser match functions this means explicitly checking for ALLOW or DENY instead of accepting anything that is not set to UNSPEC. Thanks to Andrew J. Adiletta, M. Caner Tol, Yarkin Doroz, and Berk Sunar, all affiliated with the Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute, for the report. Paper preprint: https://arxiv.org/abs/2309.02545 2023-09-09 14:07:04 -06:00			`#define AUTH_INTR 0x69d61fc8 /* 1101001110101100001111111001000 */`
Return AUTH_* flags from check_user() instead of 1/0/-1. 2023-09-09 14:59:46 -06:00			`#define AUTH_NONINTERACTIVE 0x1629e037 /* 0010110001010011110000000110111 */`
New authentication API and methods 1999-07-11 00:32:11 +00:00
Make most sudo_auth functions return AUTH_{SUCCESS,FAILURE,FATAL}. 2023-09-09 14:07:07 -06:00			`struct sudoers_context;`
New authentication API and methods 1999-07-11 00:32:11 +00:00			`typedef struct sudo_auth {`
sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00			`unsigned int flags; /* various flags, see below */`
Clean up the sudoers auth API a bit and update the docs. 2010-05-27 14:53:11 -04:00			`int status; /* status from verify routine */`
Make sudo pass -Wwrite-strings 2022-06-28 16:33:15 -06:00			`const char name; / name of the method as a string */`
Remove support for compilers that don't support void * 2007-08-31 23:30:07 +00:00			`void data; / method-specific data pointer */`
Make struct sudoers_context private to sudoers.c. We now pass a pointer to the context where necessary. There are a few cases where we need to request the context from sudoers via sudoers_get_context() for the plugin API functions. If the plugin API was able to pass around a closure pointer this would not be necessary. 2023-08-21 09:21:49 -06:00			`int (init)(const struct sudoers_context ctx, struct passwd pw, struct sudo_auth auth);`
			`int (setup)(const struct sudoers_context ctx, struct passwd pw, char prompt, struct sudo_auth auth);`
			`int (verify)(const struct sudoers_context ctx, struct passwd pw, const char p, struct sudo_auth auth, struct sudo_conv_callback callback);`
			`int (approval)(const struct sudoers_context ctx, struct passwd pw, struct sudo_auth auth, bool exempt);`
			`int (cleanup)(const struct sudoers_context ctx, struct passwd pw, struct sudo_auth auth, bool force);`
			`int (begin_session)(const struct sudoers_context ctx, struct passwd pw, char user_env[], struct sudo_auth auth);`
			`int (end_session)(struct sudo_auth auth);`
New authentication API and methods 1999-07-11 00:32:11 +00:00			`} sudo_auth;`

In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). 1999-08-14 15:36:47 +00:00			`/* Values for sudo_auth.flags. */`
sudoers plugin: make more bit flags unsigned. 2023-07-10 11:06:23 -06:00			`#define FLAG_DISABLED 0x02U /* method disabled */`
			`#define FLAG_STANDALONE 0x04U /* standalone auth method */`
			`#define FLAG_ONEANDONLY 0x08U /* one and only auth method */`
			`#define FLAG_NONINTERACTIVE 0x10U /* no user input allowed */`
In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). 1999-08-14 15:36:47 +00:00
			`/* Shortcuts for using the flags above. */`
Clean up the sudoers auth API a bit and update the docs. 2010-05-27 14:53:11 -04:00			`#define IS_DISABLED(x) ((x)->flags & FLAG_DISABLED)`
			`#define IS_STANDALONE(x) ((x)->flags & FLAG_STANDALONE)`
In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). 1999-08-14 15:36:47 +00:00			`#define IS_ONEANDONLY(x) ((x)->flags & FLAG_ONEANDONLY)`
Push non-interactive mode checking down into the auth methods. For "sudo -n" we only want to reject a command if user input is actually required. In the case of PAM at least, we may not need to interact with the user. Bug #956, GitHub issue #83 2022-01-04 18:57:36 -07:00			`#define IS_NONINTERACTIVE(x) ((x)->flags & FLAG_NONINTERACTIVE)`
In struct sudo_auth, turn need_root and configured into flags and add a flag to specify an auth method is running alone (the only one). Pass auth methods their sudo_auth pointer, not the data pointer. This allows us to get at the flags and tell if we are the only auth method. That, in turn, allows the method to be able to decide what should/should not be a fatal error. Currently only rfc1938 uses it this way, which allows us to kill the OTP_ONLY define and te hackery that went with it. With access to the sudo_auth struct, methods can also get at a string holding their cannonical name (useful in error messages). 1999-08-14 15:36:47 +00:00
Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00			`/* Like tgetpass() but uses conversation function */`
Store passwd_timeout and timestamp_timeout as a struct timespec instead of as a float. Remove timeout argument to auth_getpass() as it was never used. 2018-01-22 12:18:48 -07:00			`char auth_getpass(const char prompt, int type, struct sudo_conv_callback *callback);`
Initial bits of sudoers plugin; still needs work. 2010-03-14 19:58:47 -04:00
			`/* Pointer to conversation function to use with auth_getpass(). */`
			`extern sudo_conv_t sudo_conv;`

New authentication API and methods 1999-07-11 00:32:11 +00:00			`/* Prototypes for standalone methods */`
Make struct sudoers_context private to sudoers.c. We now pass a pointer to the context where necessary. There are a few cases where we need to request the context from sudoers via sudoers_get_context() for the plugin API functions. If the plugin API was able to pass around a closure pointer this would not be necessary. 2023-08-21 09:21:49 -06:00			`int bsdauth_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int bsdauth_verify(const struct sudoers_context ctx, struct passwd pw, const char prompt, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int bsdauth_approval(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool exempt);`
			`int bsdauth_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
Make login_style private to bsdauth.c Add a setter for policy.c to handle auth_type from the front-end. 2023-05-04 13:06:09 -06:00			`void bsdauth_set_style(const char *style);`
Make struct sudoers_context private to sudoers.c. We now pass a pointer to the context where necessary. There are a few cases where we need to request the context from sudoers via sudoers_get_context() for the plugin API functions. If the plugin API was able to pass around a closure pointer this would not be necessary. 2023-08-21 09:21:49 -06:00			`int sudo_aix_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_aix_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_aix_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_fwtk_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_fwtk_verify(const struct sudoers_context ctx, struct passwd pw, const char prompt, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_fwtk_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_pam_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_pam_init_quiet(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_pam_verify(const struct sudoers_context ctx, struct passwd pw, const char prompt, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_pam_approval(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool exempt);`
			`int sudo_pam_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_pam_begin_session(const struct sudoers_context ctx, struct passwd pw, char *user_env[], sudo_auth auth);`
			`int sudo_pam_end_session(sudo_auth *auth);`
			`int sudo_securid_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_securid_setup(const struct sudoers_context ctx, struct passwd pw, char *prompt, sudo_auth auth);`
			`int sudo_securid_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_sia_setup(const struct sudoers_context ctx, struct passwd pw, char *prompt, sudo_auth auth);`
			`int sudo_sia_verify(const struct sudoers_context ctx, struct passwd pw, const char prompt, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_sia_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_sia_begin_session(const struct sudoers_context ctx, struct passwd pw, char *user_env[], sudo_auth auth);`
New authentication API and methods 1999-07-11 00:32:11 +00:00
			`/* Prototypes for normal methods */`
Make struct sudoers_context private to sudoers.c. We now pass a pointer to the context where necessary. There are a few cases where we need to request the context from sudoers via sudoers_get_context() for the plugin API functions. If the plugin API was able to pass around a closure pointer this would not be necessary. 2023-08-21 09:21:49 -06:00			`int sudo_afs_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_dce_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_krb5_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_krb5_setup(const struct sudoers_context ctx, struct passwd pw, char *prompt, sudo_auth auth);`
			`int sudo_krb5_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_krb5_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_passwd_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_passwd_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_passwd_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
			`int sudo_rfc1938_setup(const struct sudoers_context ctx, struct passwd pw, char *prompt, sudo_auth auth);`
			`int sudo_rfc1938_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_secureware_init(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth);`
			`int sudo_secureware_verify(const struct sudoers_context ctx, struct passwd pw, const char pass, sudo_auth auth, struct sudo_conv_callback *callback);`
			`int sudo_secureware_cleanup(const struct sudoers_context ctx, struct passwd pw, sudo_auth *auth, bool force);`
New authentication API and methods 1999-07-11 00:32:11 +00:00
Add an approval function to the sudo auth API which is run after the user's password has been verified. The approval function is run even if no password is required. This is currently only used for PAM (use pam_acct_mgmt) and BSD auth (auth_approval). 2018-01-16 10:27:58 -07:00			`/* Fields: name, flags, init, setup, verify, approval, cleanup, begin_sess, end_sess */`
			`#define AUTH_ENTRY(n, f, i, s, v, a, c, b, e) \`
			`{ (f), AUTH_FAILURE, (n), NULL, (i), (s), (v), (a), (c) , (b), (e) },`
New authentication API and methods 1999-07-11 00:32:11 +00:00
			`#endif /* SUDO_AUTH_H */`