10Sstevel@tonic-gate /* $OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $ */ 20Sstevel@tonic-gate 30Sstevel@tonic-gate #ifndef _AUTHFD_H 40Sstevel@tonic-gate #define _AUTHFD_H 50Sstevel@tonic-gate 60Sstevel@tonic-gate #ifdef __cplusplus 70Sstevel@tonic-gate extern "C" { 80Sstevel@tonic-gate #endif 90Sstevel@tonic-gate 100Sstevel@tonic-gate 110Sstevel@tonic-gate /* 120Sstevel@tonic-gate * Author: Tatu Ylonen <ylo@cs.hut.fi> 130Sstevel@tonic-gate * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 140Sstevel@tonic-gate * All rights reserved 150Sstevel@tonic-gate * Functions to interface with the SSH_AUTHENTICATION_FD socket. 160Sstevel@tonic-gate * 170Sstevel@tonic-gate * As far as I am concerned, the code I have written for this software 180Sstevel@tonic-gate * can be used freely for any purpose. Any derived versions of this 190Sstevel@tonic-gate * software must be clearly marked as such, and if the derived work is 200Sstevel@tonic-gate * incompatible with the protocol description in the RFC file, it must be 210Sstevel@tonic-gate * called by a name other than "ssh" or "Secure Shell". 220Sstevel@tonic-gate */ 230Sstevel@tonic-gate 240Sstevel@tonic-gate #include "buffer.h" 250Sstevel@tonic-gate 260Sstevel@tonic-gate /* Messages for the authentication agent connection. */ 270Sstevel@tonic-gate #define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 280Sstevel@tonic-gate #define SSH_AGENT_RSA_IDENTITIES_ANSWER 2 290Sstevel@tonic-gate #define SSH_AGENTC_RSA_CHALLENGE 3 300Sstevel@tonic-gate #define SSH_AGENT_RSA_RESPONSE 4 310Sstevel@tonic-gate #define SSH_AGENT_FAILURE 5 320Sstevel@tonic-gate #define SSH_AGENT_SUCCESS 6 330Sstevel@tonic-gate #define SSH_AGENTC_ADD_RSA_IDENTITY 7 340Sstevel@tonic-gate #define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 350Sstevel@tonic-gate #define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 360Sstevel@tonic-gate 370Sstevel@tonic-gate /* private OpenSSH extensions for SSH2 */ 380Sstevel@tonic-gate #define SSH2_AGENTC_REQUEST_IDENTITIES 11 390Sstevel@tonic-gate #define SSH2_AGENT_IDENTITIES_ANSWER 12 400Sstevel@tonic-gate #define SSH2_AGENTC_SIGN_REQUEST 13 410Sstevel@tonic-gate #define SSH2_AGENT_SIGN_RESPONSE 14 420Sstevel@tonic-gate #define SSH2_AGENTC_ADD_IDENTITY 17 430Sstevel@tonic-gate #define SSH2_AGENTC_REMOVE_IDENTITY 18 440Sstevel@tonic-gate #define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 450Sstevel@tonic-gate 460Sstevel@tonic-gate /* smartcard */ 470Sstevel@tonic-gate #define SSH_AGENTC_ADD_SMARTCARD_KEY 20 480Sstevel@tonic-gate #define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 490Sstevel@tonic-gate 500Sstevel@tonic-gate /* lock/unlock the agent */ 510Sstevel@tonic-gate #define SSH_AGENTC_LOCK 22 520Sstevel@tonic-gate #define SSH_AGENTC_UNLOCK 23 530Sstevel@tonic-gate 540Sstevel@tonic-gate /* add key with constraints */ 550Sstevel@tonic-gate #define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 560Sstevel@tonic-gate #define SSH2_AGENTC_ADD_ID_CONSTRAINED 25 570Sstevel@tonic-gate 580Sstevel@tonic-gate #define SSH_AGENT_CONSTRAIN_LIFETIME 1 59*10296SHuie-Ying.Lee@Sun.COM #define SSH_AGENT_CONSTRAIN_CONFIRM 2 600Sstevel@tonic-gate 610Sstevel@tonic-gate /* extended failure messages */ 620Sstevel@tonic-gate #define SSH2_AGENT_FAILURE 30 630Sstevel@tonic-gate 640Sstevel@tonic-gate /* additional error code for ssh.com's ssh-agent2 */ 650Sstevel@tonic-gate #define SSH_COM_AGENT2_FAILURE 102 660Sstevel@tonic-gate 670Sstevel@tonic-gate #define SSH_AGENT_OLD_SIGNATURE 0x01 680Sstevel@tonic-gate 690Sstevel@tonic-gate typedef struct { 700Sstevel@tonic-gate int fd; 710Sstevel@tonic-gate Buffer identities; 720Sstevel@tonic-gate int howmany; 730Sstevel@tonic-gate } AuthenticationConnection; 740Sstevel@tonic-gate 750Sstevel@tonic-gate int ssh_agent_present(void); 760Sstevel@tonic-gate int ssh_get_authentication_socket(void); 770Sstevel@tonic-gate void ssh_close_authentication_socket(int); 780Sstevel@tonic-gate 790Sstevel@tonic-gate AuthenticationConnection *ssh_get_authentication_connection(void); 800Sstevel@tonic-gate void ssh_close_authentication_connection(AuthenticationConnection *); 810Sstevel@tonic-gate int ssh_get_num_identities(AuthenticationConnection *, int); 820Sstevel@tonic-gate Key *ssh_get_first_identity(AuthenticationConnection *, char **, int); 830Sstevel@tonic-gate Key *ssh_get_next_identity(AuthenticationConnection *, char **, int); 840Sstevel@tonic-gate int ssh_add_identity(AuthenticationConnection *, Key *, const char *); 850Sstevel@tonic-gate int ssh_add_identity_constrained(AuthenticationConnection *, Key *, const char *, u_int); 860Sstevel@tonic-gate int ssh_remove_identity(AuthenticationConnection *, Key *); 870Sstevel@tonic-gate int ssh_remove_all_identities(AuthenticationConnection *, int); 880Sstevel@tonic-gate int ssh_lock_agent(AuthenticationConnection *, int, const char *); 890Sstevel@tonic-gate int ssh_update_card(AuthenticationConnection *, int, const char *, const char *); 900Sstevel@tonic-gate 910Sstevel@tonic-gate int 920Sstevel@tonic-gate ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16], 930Sstevel@tonic-gate u_int, u_char[16]); 940Sstevel@tonic-gate 950Sstevel@tonic-gate int 960Sstevel@tonic-gate ssh_agent_sign(AuthenticationConnection *, Key *, u_char **, u_int *, u_char *, 970Sstevel@tonic-gate u_int); 980Sstevel@tonic-gate 990Sstevel@tonic-gate #ifdef __cplusplus 1000Sstevel@tonic-gate } 1010Sstevel@tonic-gate #endif 1020Sstevel@tonic-gate 1030Sstevel@tonic-gate #endif /* _AUTHFD_H */ 104