Blame - auth.h - fp2-dev/platform/external/openssh

blob: 0d786c4d53c41b8fca3de2988af07d0c52056192 [file] [log] [blame]

Greg Hartman	bd77cf7	2015-02-25 13:21:06 -0800	[diff] [blame^]	1	/* $OpenBSD: auth.h,v 1.69 2011/05/23 03:30:07 djm Exp $ */
				2
				3	/*
				4	* Copyright (c) 2000 Markus Friedl. All rights reserved.
				5	*
				6	* Redistribution and use in source and binary forms, with or without
				7	* modification, are permitted provided that the following conditions
				8	* are met:
				9	* 1. Redistributions of source code must retain the above copyright
				10	* notice, this list of conditions and the following disclaimer.
				11	* 2. Redistributions in binary form must reproduce the above copyright
				12	* notice, this list of conditions and the following disclaimer in the
				13	* documentation and/or other materials provided with the distribution.
				14	*
				15	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
				16	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
				17	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
				18	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
				19	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				20	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
				21	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
				22	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
				23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
				24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
				25	*
				26	*/
				27
				28	#ifndef AUTH_H
				29	#define AUTH_H
				30
				31	#include <signal.h>
				32
				33	#include <openssl/rsa.h>
				34
				35	#ifdef HAVE_LOGIN_CAP
				36	#include <login_cap.h>
				37	#endif
				38	#ifdef BSD_AUTH
				39	#include <bsd_auth.h>
				40	#endif
				41	#ifdef KRB5
				42	#include <krb5.h>
				43	#endif
				44
				45	typedef struct Authctxt Authctxt;
				46	typedef struct Authmethod Authmethod;
				47	typedef struct KbdintDevice KbdintDevice;
				48
				49	struct Authctxt {
				50	sig_atomic_t success;
				51	int authenticated; /* authenticated and alarms cancelled */
				52	int postponed; /* authentication needs another step */
				53	int valid; /* user exists and is allowed to login */
				54	int attempt;
				55	int failures;
				56	int server_caused_failure;
				57	int force_pwchange;
				58	char user; / username sent by the client */
				59	char *service;
				60	struct passwd pw; / set if 'valid' */
				61	char *style;
				62	void *kbdintctxt;
				63	void *jpake_ctx;
				64	#ifdef BSD_AUTH
				65	auth_session_t *as;
				66	#endif
				67	#ifdef KRB5
				68	krb5_context krb5_ctx;
				69	krb5_ccache krb5_fwd_ccache;
				70	krb5_principal krb5_user;
				71	char *krb5_ticket_file;
				72	char *krb5_ccname;
				73	#endif
				74	Buffer *loginmsg;
				75	void *methoddata;
				76	};
				77	/*
				78	* Every authentication method has to handle authentication requests for
				79	* non-existing users, or for users that are not allowed to login. In this
				80	* case 'valid' is set to 0, but 'user' points to the username requested by
				81	* the client.
				82	*/
				83
				84	struct Authmethod {
				85	char *name;
				86	int (userauth)(Authctxt authctxt);
				87	int *enabled;
				88	};
				89
				90	/*
				91	* Keyboard interactive device:
				92	* init_ctx returns: non NULL upon success
				93	* query returns: 0 - success, otherwise failure
				94	* respond returns: 0 - success, 1 - need further interaction,
				95	* otherwise - failure
				96	*/
				97	struct KbdintDevice
				98	{
				99	const char *name;
				100	void* (init_ctx)(Authctxt);
				101	int (query)(void ctx, char name, char infotxt,
				102	u_int numprompts, char prompts, u_int echo_on);
				103	int (respond)(void ctx, u_int numresp, char **responses);
				104	void (free_ctx)(void ctx);
				105	};
				106
				107	int auth_rhosts(struct passwd , const char );
				108	int
				109	auth_rhosts2(struct passwd , const char , const char , const char );
				110
				111	int auth_rhosts_rsa(Authctxt , char , Key *);
				112	int auth_password(Authctxt , const char );
				113	int auth_rsa(Authctxt , BIGNUM );
				114	int auth_rsa_challenge_dialog(Key *);
				115	BIGNUM auth_rsa_generate_challenge(Key );
				116	int auth_rsa_verify_response(Key , BIGNUM , u_char[]);
				117	int auth_rsa_key_allowed(struct passwd , BIGNUM , Key **);
				118
				119	int auth_rhosts_rsa_key_allowed(struct passwd , char , char , Key );
				120	int hostbased_key_allowed(struct passwd , const char , char , Key );
				121	int user_key_allowed(struct passwd , Key );
				122
				123	#ifdef KRB5
				124	int auth_krb5(Authctxt authctxt, krb5_data auth, char *client, krb5_data );
				125	int auth_krb5_tgt(Authctxt authctxt, krb5_data tgt);
				126	int auth_krb5_password(Authctxt authctxt, const char password);
				127	void krb5_cleanup_proc(Authctxt *authctxt);
				128	#endif /* KRB5 */
				129
				130	#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
				131	#include <shadow.h>
				132	int auth_shadow_acctexpired(struct spwd *);
				133	int auth_shadow_pwexpired(Authctxt *);
				134	#endif
				135
				136	#include "auth-pam.h"
				137	#include "audit.h"
				138	void remove_kbdint_device(const char *);
				139
				140	void disable_forwarding(void);
				141
				142	void do_authentication(Authctxt *);
				143	void do_authentication2(Authctxt *);
				144
				145	void auth_log(Authctxt , int, char , char *);
				146	void userauth_finish(Authctxt , int, char );
				147	void userauth_send_banner(const char *);
				148	int auth_root_allowed(char *);
				149
				150	char *auth2_read_banner(void);
				151
				152	void privsep_challenge_enable(void);
				153
				154	int auth2_challenge(Authctxt , char );
				155	void auth2_challenge_stop(Authctxt *);
				156	int bsdauth_query(void , char , char , u_int , char *, u_int );
				157	int bsdauth_respond(void , u_int, char *);
				158	int skey_query(void , char , char , u_int , char *, u_int );
				159	int skey_respond(void , u_int, char *);
				160
				161	void auth2_jpake_get_pwdata(Authctxt , BIGNUM , char , char *);
				162	void auth2_jpake_stop(Authctxt *);
				163
				164	int allowed_user(struct passwd *);
				165	struct passwd * getpwnamallow(const char *user);
				166
				167	char get_challenge(Authctxt );
				168	int verify_response(Authctxt , const char );
				169	void abandon_challenge_response(Authctxt *);
				170
				171	char expand_authorized_keys(const char , struct passwd *pw);
				172	char authorized_principals_file(struct passwd );
				173
				174	FILE auth_openkeyfile(const char , struct passwd *, int);
				175	FILE auth_openprincipals(const char , struct passwd *, int);
				176	int auth_key_is_revoked(Key *);
				177
				178	HostStatus
				179	check_key_in_hostfiles(struct passwd , Key , const char *,
				180	const char , const char );
				181
				182	/* hostkey handling */
				183	Key *get_hostkey_by_index(int);
				184	Key *get_hostkey_public_by_type(int);
				185	Key *get_hostkey_private_by_type(int);
				186	int get_hostkey_index(Key *);
				187	int ssh1_session_key(BIGNUM *);
				188
				189	/* debug messages during authentication */
				190	void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
				191	void auth_debug_send(void);
				192	void auth_debug_reset(void);
				193
				194	struct passwd *fakepw(void);
				195
				196	int sys_auth_passwd(Authctxt , const char );
				197
				198	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
				199
				200	#define SKEY_PROMPT "\nS/Key Password: "
				201
				202	#if defined(KRB5) && !defined(HEIMDAL)
				203	#include <krb5.h>
				204	krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
				205	#endif
				206	#endif