auth.h revision 78129
1/* 2 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 16 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 17 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 18 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 19 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 20 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 21 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 * 24 * $OpenBSD: auth.h,v 1.15 2001/04/12 19:15:24 markus Exp $ 25 * $FreeBSD: head/crypto/openssh/auth.h 78129 2001-06-12 03:43:47Z green $ 26 */ 27#ifndef AUTH_H 28#define AUTH_H 29 30#include <openssl/rsa.h> 31 32#ifdef HAVE_LOGIN_CAP 33#include <login_cap.h> 34#endif 35#ifdef BSD_AUTH 36#include <bsd_auth.h> 37#endif 38 39typedef struct Authctxt Authctxt; 40struct Authctxt { 41 int success; 42 int postponed; 43 int valid; 44 int attempt; 45 int failures; 46 char *user; 47 char *service; 48 struct passwd *pw; 49 char *style; 50#ifdef BSD_AUTH 51 auth_session_t *as; 52#endif 53}; 54 55/* 56 * Tries to authenticate the user using the .rhosts file. Returns true if 57 * authentication succeeds. If ignore_rhosts is non-zero, this will not 58 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). 59 */ 60int auth_rhosts(struct passwd * pw, const char *client_user); 61 62/* extended interface similar to auth_rhosts() */ 63int 64auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 65 const char *ipaddr); 66 67/* 68 * Tries to authenticate the user using the .rhosts file and the host using 69 * its host key. Returns true if authentication succeeds. 70 */ 71int 72auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); 73 74/* 75 * Tries to authenticate the user using password. Returns true if 76 * authentication succeeds. 77 */ 78int auth_password(Authctxt *authctxt, const char *password); 79 80/* 81 * Performs the RSA authentication dialog with the client. This returns 0 if 82 * the client could not be authenticated, and 1 if authentication was 83 * successful. This may exit if there is a serious protocol violation. 84 */ 85int auth_rsa(struct passwd * pw, BIGNUM * client_n); 86 87/* 88 * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer 89 * over the key. Skips any whitespace at the beginning and at end. 90 */ 91int auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n); 92 93/* 94 * Performs the RSA authentication challenge-response dialog with the client, 95 * and returns true (non-zero) if the client gave the correct answer to our 96 * challenge; returns zero if the client gives a wrong answer. 97 */ 98int auth_rsa_challenge_dialog(RSA *pk); 99 100#ifdef KRB5 101#include <krb5.h> 102#include <krb.h> 103int auth_krb5(); /* XXX Doplnit prototypy */ 104int auth_krb5_tgt(); 105int krb5_init(); 106void krb5_cleanup_proc(void *ignore); 107int auth_krb5_password(struct passwd *pw, const char *password); 108#endif /* KRB5 */ 109 110#ifdef KRB4 111#include <krb.h> 112/* 113 * Performs Kerberos v4 mutual authentication with the client. This returns 0 114 * if the client could not be authenticated, and 1 if authentication was 115 * successful. This may exit if there is a serious protocol violation. 116 */ 117int auth_krb4(const char *server_user, KTEXT auth, char **client); 118int krb4_init(uid_t uid); 119void krb4_cleanup_proc(void *ignore); 120int auth_krb4_password(struct passwd * pw, const char *password); 121 122#ifdef AFS 123#include <kafs.h> 124 125/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ 126int auth_kerberos_tgt(struct passwd * pw, const char *string); 127int auth_afs_token(struct passwd * pw, const char *token_string); 128#endif /* AFS */ 129 130#endif /* KRB4 */ 131 132void do_authentication(void); 133void do_authentication2(void); 134 135Authctxt *authctxt_new(void); 136void auth_log(Authctxt *authctxt, int authenticated, char *method, char *info); 137void userauth_finish(Authctxt *authctxt, int authenticated, char *method); 138int auth_root_allowed(char *method); 139 140int auth2_challenge(Authctxt *authctxt, char *devs); 141 142int allowed_user(struct passwd * pw); 143 144char *get_challenge(Authctxt *authctxt, char *devs); 145int verify_response(Authctxt *authctxt, char *response); 146 147struct passwd * auth_get_user(void); 148 149#define AUTH_FAIL_MAX 6 150#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) 151#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 152 153#endif 154