Provided by: libduo3_1.9.21-1.1_amd64 bug


     duo — Duo authentication service


     #include <duo.h>

     duo_t *
     duo_open(const char *ikey, const char *skey, const char *progname, const char *cafile);

     duo_set_conv_funcs(duo_t *d,
         char *(*conv_prompt)(void *conv_arg, const char *, char *, size_t),
         void (*conv_status)(void *conv_arg, const char *msg), void *conv_arg);

     duo_set_host(duo_t *d, const char *hostname);

     duo_set_ssl_verify(duo_t *d, int bool);

     duo_login(duo_t *d, const char *username, const char *client_ip, int flags,
         const char *command);

     const char *
     duo_geterr(duo_t *d);

     duo_close(duo_t *d);


     The duo API provides access to the Duo two-factor authentication service.

     duo_open() is used to obtain a handle to the Duo service.  ikey and skey are the required
     integration and secret keys, respectively, for a Duo customer account.  progname identifies
     the program to the Duo service.  cafile should be NULL or the pathname of a PEM-format CA
     certificate to override the default.

     duo_set_conv_funcs() may be used to override the internal user conversation functions.
     conv_prompt is called to present the user a login menu and prompt, and gather their
     response, returning buf or NULL on error. It may be set to NULL if automatic login is
     specified with DUO_FLAG_AUTO.  conv_status is called to display status messages to the user,
     and may be NULL if no status display is needed.  conv_arg is passed as the first argument to
     these conversation functions.

     duo_set_host() may be used to override the default Duo API host.

     duo_set_ssl_verify() may be used to override SSL certificate verification (enabled by

     duo_login() performs secondary authentication via the Duo service for the specified
     username.  client_ip is the source IP address of the connection to be authenticated, or NULL
     to specify the local host. The following bitmask values are defined for flags:

           DUO_FLAG_AUTO     Attempt authentication without prompting the user, using their
                             default out-of-band authentication factor.
           DUO_FLAG_SYNC     Do not report incremental status during authentication (e.g. voice
                             callback progress) - only issue one status message per
                             authentication attempt.

     If not NULL, the command to be authorized will be displayed during push authentication.

     duo_geterr() returns a description of the last-seen error on the specified Duo API handle.
     The returned constant string should not be modified or freed by the caller.

     duo_close() closes and frees the specified Duo API handle.


     duo_open() returns a pointer to the configured Duo API handle, or NULL on failure.

     duo_login() returns status codes of type duo_code_t, which may have the following values:

           DUO_OK            User authenticated
           DUO_FAIL          User failed to authenticate
           DUO_ABORT         User denied by policy
           DUO_LIB_ERROR     Unexpected library error
           DUO_CONN_ERROR    Duo service unreachable
           DUO_CLIENT_ERROR  Invalid client parameters to API call
           DUO_SERVER_ERROR  Duo service error

     In the event of a DUO_*_ERROR return, duo_geterr may be called to recover a human-readable
     error message.

     duo_geterr() returns a constant string which should not be modified or freed by the caller.


     pam_duo(8), login_duo(1)


     Duo Security ⟨