auth.h revision 76260
1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * 24 * $OpenBSD: auth.h,v 1.15 2001/04/12 19:15:24 markus Exp $ 25 */ 26#ifndef AUTH_H 27#define AUTH_H 28 29#include <openssl/rsa.h> 30 31#ifdef HAVE_LOGIN_CAP 32#include <login_cap.h> 33#endif 34#ifdef BSD_AUTH 35#include <bsd_auth.h> 36#endif 37 38typedef struct Authctxt Authctxt; 39struct Authctxt { 40 int success; 41 int postponed; 42 int valid; 43 int attempt; 44 int failures; 45 char *user; 46 char *service; 47 struct passwd *pw; 48 char *style; 49#ifdef BSD_AUTH 50 auth_session_t *as; 51#endif 52}; 53 54/* 55 * Tries to authenticate the user using the .rhosts file. Returns true if 56 * authentication succeeds. If ignore_rhosts is non-zero, this will not 57 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). 58 */ 59int auth_rhosts(struct passwd * pw, const char *client_user); 60 61/* extended interface similar to auth_rhosts() */ 62int 63auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 64 const char *ipaddr); 65 66/* 67 * Tries to authenticate the user using the .rhosts file and the host using 68 * its host key. Returns true if authentication succeeds. 69 */ 70int 71auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); 72 73/* 74 * Tries to authenticate the user using password. Returns true if 75 * authentication succeeds. 76 */ 77int auth_password(Authctxt *authctxt, const char *password); 78 79/* 80 * Performs the RSA authentication dialog with the client. This returns 0 if 81 * the client could not be authenticated, and 1 if authentication was 82 * successful. This may exit if there is a serious protocol violation. 83 */ 84int auth_rsa(struct passwd * pw, BIGNUM * client_n); 85 86/* 87 * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer 88 * over the key. Skips any whitespace at the beginning and at end. 89 */ 90int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); 91 92/* 93 * Performs the RSA authentication challenge-response dialog with the client, 94 * and returns true (non-zero) if the client gave the correct answer to our 95 * challenge; returns zero if the client gives a wrong answer. 96 */ 97int auth_rsa_challenge_dialog(RSA *pk); 98 99#ifdef KRB4 100#include <krb.h> 101/* 102 * Performs Kerberos v4 mutual authentication with the client. This returns 0 103 * if the client could not be authenticated, and 1 if authentication was 104 * successful. This may exit if there is a serious protocol violation. 105 */ 106int auth_krb4(const char *server_user, KTEXT auth, char **client); 107int krb4_init(uid_t uid); 108void krb4_cleanup_proc(void *ignore); 109int auth_krb4_password(struct passwd * pw, const char *password); 110 111#ifdef AFS 112#include <kafs.h> 113 114/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ 115int auth_kerberos_tgt(struct passwd * pw, const char *string); 116int auth_afs_token(struct passwd * pw, const char *token_string); 117#endif /* AFS */ 118 119#endif /* KRB4 */ 120 121void do_authentication(void); 122void do_authentication2(void); 123 124Authctxt *authctxt_new(void); 125void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info); 126void userauth_finish(Authctxt *authctxt, int authenticated, char *method); 127int auth_root_allowed(char *method); 128 129int auth2_challenge(Authctxt *authctxt, char *devs); 130 131int allowed_user(struct passwd * pw); 132 133char *get_challenge(Authctxt *authctxt, char *devs); 134int verify_response(Authctxt *authctxt, char *response); 135 136struct passwd * auth_get_user(void); 137 138#define AUTH_FAIL_MAX 6 139#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) 140#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 141 142#endif 143