source: trunk/third/openssh/auth.h @ 18763

Revision 18763, 5.7 KB checked in by zacheiss, 22 years ago (diff)
Merge openssh 3.5p1.
Line 
1/*      $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $        */
2
3/*
4 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 *    notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 *    notice, this list of conditions and the following disclaimer in the
13 *    documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 */
27
28#ifndef AUTH_H
29#define AUTH_H
30
31#include "key.h"
32#include "hostfile.h"
33#include <openssl/rsa.h>
34
35#ifdef HAVE_LOGIN_CAP
36#include <login_cap.h>
37#endif
38#ifdef BSD_AUTH
39#include <bsd_auth.h>
40#endif
41#ifdef KRB5
42#include <krb5.h>
43#endif
44
45typedef struct Authctxt Authctxt;
46typedef struct Authmethod Authmethod;
47typedef struct KbdintDevice KbdintDevice;
48
49struct Authctxt {
50        int              success;
51        int              postponed;
52        int              valid;
53        int              attempt;
54        int              failures;
55        char            *user;
56        char            *service;
57        struct passwd   *pw;
58        char            *style;
59        void            *kbdintctxt;
60#ifdef BSD_AUTH
61        auth_session_t  *as;
62#endif
63#ifdef KRB4
64        char            *krb4_ticket_file;
65#endif
66#ifdef KRB5
67        krb5_context     krb5_ctx;
68        krb5_auth_context krb5_auth_ctx;
69        krb5_ccache      krb5_fwd_ccache;
70        krb5_principal   krb5_user;
71        char            *krb5_ticket_file;
72#endif
73        void *methoddata;
74};
75
76struct Authmethod {
77        char    *name;
78        int     (*userauth)(Authctxt *authctxt);
79        int     *enabled;
80};
81
82/*
83 * Keyboard interactive device:
84 * init_ctx     returns: non NULL upon success
85 * query        returns: 0 - success, otherwise failure
86 * respond      returns: 0 - success, 1 - need further interaction,
87 *              otherwise - failure
88 */
89struct KbdintDevice
90{
91        const char *name;
92        void*   (*init_ctx)(Authctxt*);
93        int     (*query)(void *ctx, char **name, char **infotxt,
94                    u_int *numprompts, char ***prompts, u_int **echo_on);
95        int     (*respond)(void *ctx, u_int numresp, char **responses);
96        void    (*free_ctx)(void *ctx);
97};
98
99int      auth_rhosts(struct passwd *, const char *);
100int
101auth_rhosts2(struct passwd *, const char *, const char *, const char *);
102
103int      auth_rhosts_rsa(struct passwd *, char *, Key *);
104int      auth_password(Authctxt *, const char *);
105int      auth_rsa(struct passwd *, BIGNUM *);
106int      auth_rsa_challenge_dialog(Key *);
107BIGNUM  *auth_rsa_generate_challenge(Key *);
108int      auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
109int      auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
110
111int      auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
112int      hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
113int      user_key_allowed(struct passwd *, Key *);
114
115#ifdef KRB4
116#include <krb.h>
117int     auth_krb4(Authctxt *, KTEXT, char **, KTEXT);
118int     auth_krb4_password(Authctxt *, const char *);
119void    krb4_cleanup_proc(void *);
120
121#ifdef AFS
122#include <kafs.h>
123int     auth_krb4_tgt(Authctxt *, const char *);
124int     auth_afs_token(Authctxt *, const char *);
125#endif /* AFS */
126
127#endif /* KRB4 */
128
129#ifdef KRB5
130int     auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
131int     auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
132int     auth_krb5_password(Authctxt *authctxt, const char *password);
133void    krb5_cleanup_proc(void *authctxt);
134#endif /* KRB5 */
135
136void session_cleanup(void);
137
138#include "auth-pam.h"
139#include "auth2-pam.h"
140
141Authctxt *do_authentication(void);
142Authctxt *do_authentication2(void);
143
144Authctxt *authctxt_new(void);
145void    auth_log(Authctxt *, int, char *, char *);
146void    userauth_finish(Authctxt *, int, char *);
147int     auth_root_allowed(char *);
148
149char    *auth2_read_banner(void);
150
151void    privsep_challenge_enable(void);
152
153int     auth2_challenge(Authctxt *, char *);
154void    auth2_challenge_stop(Authctxt *);
155int     bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
156int     bsdauth_respond(void *, u_int, char **);
157int     skey_query(void *, char **, char **, u_int *, char ***, u_int **);
158int     skey_respond(void *, u_int, char **);
159
160int     allowed_user(struct passwd *);
161struct passwd * getpwnamallow(const char *user);
162
163char    *get_challenge(Authctxt *);
164int     verify_response(Authctxt *, const char *);
165
166struct passwd * auth_get_user(void);
167
168char    *expand_filename(const char *, struct passwd *);
169char    *authorized_keys_file(struct passwd *);
170char    *authorized_keys_file2(struct passwd *);
171
172int
173secure_filename(FILE *, const char *, struct passwd *, char *, size_t);
174
175HostStatus
176check_key_in_hostfiles(struct passwd *, Key *, const char *,
177    const char *, const char *);
178
179/* hostkey handling */
180Key     *get_hostkey_by_index(int);
181Key     *get_hostkey_by_type(int);
182int      get_hostkey_index(Key *);
183int      ssh1_session_key(BIGNUM *);
184
185/* debug messages during authentication */
186void     auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
187void     auth_debug_send(void);
188void     auth_debug_reset(void);
189
190#define AUTH_FAIL_MAX 6
191#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
192#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
193
194#define SKEY_PROMPT "\nS/Key Password: "
195#endif
Note: See TracBrowser for help on using the repository browser.