1/*	$NetBSD: hostfile.h,v 1.11 2021/03/05 17:47:16 christos Exp $	*/
2/* $OpenBSD: hostfile.h,v 1.29 2021/01/26 00:51:30 djm Exp $ */
3
4/*
5 * Author: Tatu Ylonen <ylo@cs.hut.fi>
6 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 *                    All rights reserved
8 *
9 * As far as I am concerned, the code I have written for this software
10 * can be used freely for any purpose.  Any derived versions of this
11 * software must be clearly marked as such, and if the derived work is
12 * incompatible with the protocol description in the RFC file, it must be
13 * called by a name other than "ssh" or "Secure Shell".
14 */
15#ifndef HOSTFILE_H
16#define HOSTFILE_H
17
18typedef enum {
19	HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND
20}       HostStatus;
21
22typedef enum {
23	MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA
24}	HostkeyMarker;
25
26struct hostkey_entry {
27	char *host;
28	char *file;
29	u_long line;
30	struct sshkey *key;
31	HostkeyMarker marker;
32	u_int note; /* caller-specific note/flag */
33};
34struct hostkeys {
35	struct hostkey_entry *entries;
36	u_int num_entries;
37};
38
39struct hostkeys *init_hostkeys(void);
40void	 load_hostkeys(struct hostkeys *, const char *,
41    const char *, u_int);
42void	 load_hostkeys_file(struct hostkeys *, const char *,
43    const char *, FILE *, u_int note);
44void	 free_hostkeys(struct hostkeys *);
45
46HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *,
47    const struct hostkey_entry **);
48int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int, int,
49    const struct hostkey_entry **);
50int	 lookup_marker_in_hostkeys(struct hostkeys *, int);
51
52int	 hostfile_read_key(char **, u_int *, struct sshkey *);
53int	 add_host_to_hostfile(const char *, const char *,
54    const struct sshkey *, int);
55
56int	 hostfile_replace_entries(const char *filename,
57    const char *host, const char *ip, struct sshkey **keys, size_t nkeys,
58    int store_hash, int quiet, int hash_alg);
59
60#define HASH_MAGIC	"|1|"
61#define HASH_DELIM	'|'
62
63#define CA_MARKER	"@cert-authority"
64#define REVOKE_MARKER	"@revoked"
65
66char	*host_hash(const char *, const char *, u_int);
67
68/*
69 * Iterate through a hostkeys file, optionally parsing keys and matching
70 * hostnames. Allows access to the raw keyfile lines to allow
71 * streaming edits to the file to take place.
72 */
73#define HKF_WANT_MATCH		(1)	/* return only matching hosts/addrs */
74#define HKF_WANT_PARSE_KEY	(1<<1)	/* need key parsed */
75
76#define HKF_STATUS_OK		0	/* Line parsed, didn't match host */
77#define HKF_STATUS_INVALID	1	/* line had parse error */
78#define HKF_STATUS_COMMENT	2	/* valid line contained no key */
79#define HKF_STATUS_MATCHED	3	/* hostname or IP matched */
80
81#define HKF_MATCH_HOST		(1)	/* hostname matched */
82#define HKF_MATCH_IP		(1<<1)	/* address matched */
83#define HKF_MATCH_HOST_HASHED	(1<<2)	/* hostname was hashed */
84#define HKF_MATCH_IP_HASHED	(1<<3)	/* address was hashed */
85/* XXX HKF_MATCH_KEY_TYPE? */
86
87/*
88 * The callback function receives this as an argument for each matching
89 * hostkey line. The callback may "steal" the 'key' field by setting it to NULL.
90 * If a parse error occurred, then "hosts" and subsequent options may be NULL.
91 */
92struct hostkey_foreach_line {
93	const char *path; /* Path of file */
94	u_long linenum;	/* Line number */
95	u_int status;	/* One of HKF_STATUS_* */
96	u_int match;	/* Zero or more of HKF_MATCH_* OR'd together */
97	char *line;	/* Entire key line; mutable by callback */
98	int marker;	/* CA/revocation markers; indicated by MRK_* value */
99	const char *hosts; /* Raw hosts text, may be hashed or list multiple */
100	const char *rawkey; /* Text of key and any comment following it */
101	int keytype;	/* Type of key; KEY_UNSPEC for invalid/comment lines */
102	struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */
103	const char *comment; /* Any comment following the key */
104	u_int note;	/* caller-specified note copied from arguments */
105};
106
107/*
108 * Callback fires for each line (or matching line if a HKF_WANT_* option
109 * is set). The foreach loop will terminate if the callback returns a non-
110 * zero exit status.
111 */
112typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx);
113
114/* Iterate over a hostkeys file */
115int hostkeys_foreach(const char *path,
116    hostkeys_foreach_fn *callback, void *ctx,
117    const char *host, const char *ip, u_int options, u_int note);
118int hostkeys_foreach_file(const char *path, FILE *f,
119    hostkeys_foreach_fn *callback, void *ctx,
120    const char *host, const char *ip, u_int options, u_int note);
121
122void hostfile_create_user_ssh_dir(const char *, int);
123
124#endif
125