auth.h (69587) | auth.h (76259) |
---|---|
1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 7 unchanged lines hidden (view full) --- 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * | 1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. --- 7 unchanged lines hidden (view full) --- 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * |
24 * $OpenBSD: auth.h,v 1.7 2000/10/16 09:38:44 djm Exp $ | 24 * $OpenBSD: auth.h,v 1.15 2001/04/12 19:15:24 markus Exp $ |
25 */ 26#ifndef AUTH_H 27#define AUTH_H 28 | 25 */ 26#ifndef AUTH_H 27#define AUTH_H 28 |
29#include <openssl/rsa.h> 30 31#ifdef HAVE_LOGIN_CAP 32#include <login_cap.h> 33#endif 34#ifdef BSD_AUTH 35#include <bsd_auth.h> 36#endif 37 |
|
29typedef struct Authctxt Authctxt; 30struct Authctxt { 31 int success; | 38typedef struct Authctxt Authctxt; 39struct Authctxt { 40 int success; |
41 int postponed; |
|
32 int valid; 33 int attempt; | 42 int valid; 43 int attempt; |
44 int failures; |
|
34 char *user; 35 char *service; 36 struct passwd *pw; | 45 char *user; 46 char *service; 47 struct passwd *pw; |
48 char *style; 49#ifdef BSD_AUTH 50 auth_session_t *as; 51#endif |
|
37}; 38 | 52}; 53 |
54/* 55 * Tries to authenticate the user using the .rhosts file. Returns true if 56 * authentication succeeds. If ignore_rhosts is non-zero, this will not 57 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). 58 */ 59int auth_rhosts(struct passwd * pw, const char *client_user); 60 61/* extended interface similar to auth_rhosts() */ 62int 63auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 64 const char *ipaddr); 65 66/* 67 * Tries to authenticate the user using the .rhosts file and the host using 68 * its host key. Returns true if authentication succeeds. 69 */ 70int 71auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); 72 73/* 74 * Tries to authenticate the user using password. Returns true if 75 * authentication succeeds. 76 */ 77int auth_password(Authctxt *authctxt, const char *password); 78 79/* 80 * Performs the RSA authentication dialog with the client. This returns 0 if 81 * the client could not be authenticated, and 1 if authentication was 82 * successful. This may exit if there is a serious protocol violation. 83 */ 84int auth_rsa(struct passwd * pw, BIGNUM * client_n); 85 86/* 87 * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer 88 * over the key. Skips any whitespace at the beginning and at end. 89 */ 90int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); 91 92/* 93 * Performs the RSA authentication challenge-response dialog with the client, 94 * and returns true (non-zero) if the client gave the correct answer to our 95 * challenge; returns zero if the client gives a wrong answer. 96 */ 97int auth_rsa_challenge_dialog(RSA *pk); 98 99#ifdef KRB4 100#include <krb.h> 101/* 102 * Performs Kerberos v4 mutual authentication with the client. This returns 0 103 * if the client could not be authenticated, and 1 if authentication was 104 * successful. This may exit if there is a serious protocol violation. 105 */ 106int auth_krb4(const char *server_user, KTEXT auth, char **client); 107int krb4_init(uid_t uid); 108void krb4_cleanup_proc(void *ignore); 109int auth_krb4_password(struct passwd * pw, const char *password); 110 111#ifdef AFS 112#include <kafs.h> 113 114/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ 115int auth_kerberos_tgt(struct passwd * pw, const char *string); 116int auth_afs_token(struct passwd * pw, const char *token_string); 117#endif /* AFS */ 118 119#endif /* KRB4 */ 120 |
|
39void do_authentication(void); 40void do_authentication2(void); 41 | 121void do_authentication(void); 122void do_authentication2(void); 123 |
42void userauth_log(Authctxt *authctxt, int authenticated, char *method); 43void userauth_reply(Authctxt *authctxt, int authenticated); | 124Authctxt *authctxt_new(void); 125void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info); 126void userauth_finish(Authctxt *authctxt, int authenticated, char *method); 127int auth_root_allowed(char *method); |
44 | 128 |
45int auth2_skey(Authctxt *authctxt); | 129int auth2_challenge(Authctxt *authctxt, char *devs); |
46 47int allowed_user(struct passwd * pw); | 130 131int allowed_user(struct passwd * pw); |
132 133char *get_challenge(Authctxt *authctxt, char *devs); 134int verify_response(Authctxt *authctxt, char *response); 135 |
|
48struct passwd * auth_get_user(void); 49 50#define AUTH_FAIL_MAX 6 51#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) 52#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 53 54#endif | 136struct passwd * auth_get_user(void); 137 138#define AUTH_FAIL_MAX 6 139#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) 140#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 141 142#endif |