auth.h revision 106130
1106130Sdes/* $OpenBSD: auth.h,v 1.41 2002/09/26 11:38:43 markus Exp $ */ 299046Sdes/* $FreeBSD: head/crypto/openssh/auth.h 106130 2002-10-29 10:16:02Z des $ */ 392559Sdes 465668Skris/* 565668Skris * Copyright (c) 2000 Markus Friedl. All rights reserved. 665668Skris * 765668Skris * Redistribution and use in source and binary forms, with or without 865668Skris * modification, are permitted provided that the following conditions 965668Skris * are met: 1065668Skris * 1. Redistributions of source code must retain the above copyright 1165668Skris * notice, this list of conditions and the following disclaimer. 1265668Skris * 2. Redistributions in binary form must reproduce the above copyright 1365668Skris * notice, this list of conditions and the following disclaimer in the 1465668Skris * documentation and/or other materials provided with the distribution. 1565668Skris * 1665668Skris * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1765668Skris * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1865668Skris * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1965668Skris * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2065668Skris * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 2165668Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2265668Skris * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2365668Skris * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2465668Skris * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2565668Skris * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2669587Sgreen * 2765668Skris */ 2892559Sdes 2960573Skris#ifndef AUTH_H 3060573Skris#define AUTH_H 3160573Skris 3292559Sdes#include "key.h" 3392559Sdes#include "hostfile.h" 3476259Sgreen#include <openssl/rsa.h> 3576259Sgreen 3676259Sgreen#ifdef HAVE_LOGIN_CAP 3776259Sgreen#include <login_cap.h> 3876259Sgreen#endif 3976259Sgreen#ifdef BSD_AUTH 4076259Sgreen#include <bsd_auth.h> 4176259Sgreen#endif 4292559Sdes#ifdef KRB5 4392559Sdes#include <krb5.h> 4492559Sdes#endif 4576259Sgreen 4669587Sgreentypedef struct Authctxt Authctxt; 4798684Sdestypedef struct Authmethod Authmethod; 4892559Sdestypedef struct KbdintDevice KbdintDevice; 4992559Sdes 5069587Sgreenstruct Authctxt { 5192559Sdes int success; 5292559Sdes int postponed; 5392559Sdes int valid; 5492559Sdes int attempt; 5592559Sdes int failures; 5692559Sdes char *user; 5792559Sdes char *service; 5892559Sdes struct passwd *pw; 5992559Sdes char *style; 6092559Sdes void *kbdintctxt; 6176259Sgreen#ifdef BSD_AUTH 6292559Sdes auth_session_t *as; 6376259Sgreen#endif 6492559Sdes#ifdef KRB4 6592559Sdes char *krb4_ticket_file; 6692559Sdes#endif 6792559Sdes#ifdef KRB5 6892559Sdes krb5_context krb5_ctx; 6992559Sdes krb5_auth_context krb5_auth_ctx; 7092559Sdes krb5_ccache krb5_fwd_ccache; 7192559Sdes krb5_principal krb5_user; 7292559Sdes char *krb5_ticket_file; 7392559Sdes#endif 7469587Sgreen}; 7569587Sgreen 7698684Sdesstruct Authmethod { 7798684Sdes char *name; 7898684Sdes int (*userauth)(Authctxt *authctxt); 7998684Sdes int *enabled; 8098684Sdes}; 8198684Sdes 8276259Sgreen/* 8392559Sdes * Keyboard interactive device: 8492559Sdes * init_ctx returns: non NULL upon success 8592559Sdes * query returns: 0 - success, otherwise failure 8692559Sdes * respond returns: 0 - success, 1 - need further interaction, 8792559Sdes * otherwise - failure 8876259Sgreen */ 8992559Sdesstruct KbdintDevice 9092559Sdes{ 9192559Sdes const char *name; 9292559Sdes void* (*init_ctx)(Authctxt*); 9392559Sdes int (*query)(void *ctx, char **name, char **infotxt, 9492559Sdes u_int *numprompts, char ***prompts, u_int **echo_on); 9592559Sdes int (*respond)(void *ctx, u_int numresp, char **responses); 9692559Sdes void (*free_ctx)(void *ctx); 9792559Sdes}; 9876259Sgreen 9998684Sdesint auth_rhosts(struct passwd *, const char *); 10076259Sgreenint 10192559Sdesauth_rhosts2(struct passwd *, const char *, const char *, const char *); 10276259Sgreen 10398684Sdesint auth_rhosts_rsa(struct passwd *, char *, Key *); 10492559Sdesint auth_password(Authctxt *, const char *); 10592559Sdesint auth_rsa(struct passwd *, BIGNUM *); 10698684Sdesint auth_rsa_challenge_dialog(Key *); 10798684SdesBIGNUM *auth_rsa_generate_challenge(Key *); 10898684Sdesint auth_rsa_verify_response(Key *, BIGNUM *, u_char[]); 10998684Sdesint auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); 11076259Sgreen 11198684Sdesint auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); 11298684Sdesint hostbased_key_allowed(struct passwd *, const char *, char *, Key *); 11398684Sdesint user_key_allowed(struct passwd *, Key *); 11498684Sdes 11578263Smarkm#ifdef KRB4 11678263Smarkm#include <krb.h> 117106130Sdesint auth_krb4(Authctxt *, KTEXT, char **, KTEXT); 11892559Sdesint auth_krb4_password(Authctxt *, const char *); 11992559Sdesvoid krb4_cleanup_proc(void *); 12076262Sgreen 12176259Sgreen#ifdef AFS 12276259Sgreen#include <kafs.h> 12392559Sdesint auth_krb4_tgt(Authctxt *, const char *); 12492559Sdesint auth_afs_token(Authctxt *, const char *); 12592559Sdes#endif /* AFS */ 12676259Sgreen 12792559Sdes#endif /* KRB4 */ 12876259Sgreen 12992559Sdes#ifdef KRB5 130106130Sdesint auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); 13192559Sdesint auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); 13292559Sdesint auth_krb5_password(Authctxt *authctxt, const char *password); 13392559Sdesvoid krb5_cleanup_proc(void *authctxt); 13492559Sdes#endif /* KRB5 */ 13576259Sgreen 13698941Sdes#include "auth-pam.h" 13798941Sdes#include "auth2-pam.h" 13898941Sdes 13998684SdesAuthctxt *do_authentication(void); 14098684SdesAuthctxt *do_authentication2(void); 14160573Skris 14276259SgreenAuthctxt *authctxt_new(void); 14392559Sdesvoid auth_log(Authctxt *, int, char *, char *); 14492559Sdesvoid userauth_finish(Authctxt *, int, char *); 14592559Sdesint auth_root_allowed(char *); 14660573Skris 14798684Sdeschar *auth2_read_banner(void); 14898684Sdes 14998684Sdesvoid privsep_challenge_enable(void); 15098684Sdes 15192559Sdesint auth2_challenge(Authctxt *, char *); 15292559Sdesvoid auth2_challenge_stop(Authctxt *); 15398684Sdesint bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); 15498684Sdesint bsdauth_respond(void *, u_int, char **); 15598684Sdesint skey_query(void *, char **, char **, u_int *, char ***, u_int **); 15698684Sdesint skey_respond(void *, u_int, char **); 15760573Skris 15892559Sdesint allowed_user(struct passwd *); 15998684Sdesstruct passwd * getpwnamallow(const char *user); 16076259Sgreen 16192559Sdeschar *get_challenge(Authctxt *); 16292559Sdesint verify_response(Authctxt *, const char *); 16376259Sgreen 16469587Sgreenstruct passwd * auth_get_user(void); 16569587Sgreen 16692559Sdeschar *expand_filename(const char *, struct passwd *); 16792559Sdeschar *authorized_keys_file(struct passwd *); 16892559Sdeschar *authorized_keys_file2(struct passwd *); 16992559Sdes 17092559Sdesint 17192559Sdessecure_filename(FILE *, const char *, struct passwd *, char *, size_t); 17292559Sdes 17392559SdesHostStatus 17492559Sdescheck_key_in_hostfiles(struct passwd *, Key *, const char *, 17592559Sdes const char *, const char *); 17692559Sdes 17798684Sdes/* hostkey handling */ 17898684SdesKey *get_hostkey_by_index(int); 17998684SdesKey *get_hostkey_by_type(int); 18098684Sdesint get_hostkey_index(Key *); 18198684Sdesint ssh1_session_key(BIGNUM *); 18298684Sdes 18398684Sdes/* debug messages during authentication */ 18498684Sdesvoid auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); 18598684Sdesvoid auth_debug_send(void); 18698684Sdesvoid auth_debug_reset(void); 18798684Sdes 18860573Skris#define AUTH_FAIL_MAX 6 18960573Skris#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2) 19060573Skris#define AUTH_FAIL_MSG "Too many authentication failures for %.100s" 19160573Skris 19299046Sdes#ifdef SKEY 19399046Sdes#ifdef OPIE 19499046Sdes#define SKEY_PROMPT "\nOPIE Password: " 19599046Sdes#else 19698941Sdes#define SKEY_PROMPT "\nS/Key Password: " 19760573Skris#endif 19899046Sdes#endif 19999046Sdes 20099046Sdes#endif 201