xref: /openbsd-src/usr.bin/ssh/auth.h (revision b2ea75c1b17e1a9a339660e7ed45cd24946b230e) 
1 /*
2  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23  *
24  * $OpenBSD: auth.h,v 1.22 2001/06/26 17:27:22 markus Exp $
25  */
26 #ifndef AUTH_H
27 #define AUTH_H
28 
29 #include "key.h"
30 #include "hostfile.h"
31 #include <openssl/rsa.h>
32 
33 #ifdef HAVE_LOGIN_CAP
34 #include <login_cap.h>
35 #endif
36 #ifdef BSD_AUTH
37 #include <bsd_auth.h>
38 #endif
39 #ifdef KRB5
40 #include <krb5.h>
41 #endif
42 
43 typedef struct Authctxt Authctxt;
44 typedef struct KbdintDevice KbdintDevice;
45 
46 struct Authctxt {
47 	int		 success;
48 	int		 postponed;
49 	int		 valid;
50 	int		 attempt;
51 	int		 failures;
52 	char		*user;
53 	char		*service;
54 	struct passwd	*pw;
55 	char		*style;
56 	void		*kbdintctxt;
57 #ifdef BSD_AUTH
58 	auth_session_t	*as;
59 #endif
60 #ifdef KRB4
61 	char		*krb4_ticket_file;
62 #endif
63 #ifdef KRB5
64 	krb5_context	 krb5_ctx;
65 	krb5_auth_context krb5_auth_ctx;
66 	krb5_ccache	 krb5_fwd_ccache;
67 	krb5_principal	 krb5_user;
68 	char		*krb5_ticket_file;
69 #endif
70 };
71 
72 /*
73  * Keyboard interactive device:
74  * init_ctx	returns: non NULL upon success
75  * query	returns: 0 - success, otherwise failure
76  * respond	returns: 0 - success, 1 - need further interaction,
77  *		otherwise - failure
78  */
79 struct KbdintDevice
80 {
81 	const char *name;
82 	void*	(*init_ctx)	__P((Authctxt*));
83 	int	(*query)	__P((void *ctx, char **name, char **infotxt,
84 				u_int *numprompts, char ***prompts,
85 				u_int **echo_on));
86 	int	(*respond)	__P((void *ctx, u_int numresp, char **responses));
87 	void	(*free_ctx)	__P((void *ctx));
88 };
89 
90 int     auth_rhosts(struct passwd *, const char *);
91 int
92 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
93 
94 int	 auth_rhosts_rsa(struct passwd *, const char *, RSA *);
95 int      auth_password(Authctxt *, const char *);
96 int      auth_rsa(struct passwd *, BIGNUM *);
97 int      auth_rsa_read_key(char **, u_int *, BIGNUM *, BIGNUM *);
98 int      auth_rsa_challenge_dialog(RSA *);
99 
100 #ifdef KRB4
101 #include <krb.h>
102 int     auth_krb4(Authctxt *, KTEXT, char **);
103 int	auth_krb4_password(Authctxt *, const char *);
104 void    krb4_cleanup_proc(void *);
105 
106 #ifdef AFS
107 #include <kafs.h>
108 int     auth_krb4_tgt(Authctxt *, const char *);
109 int     auth_afs_token(Authctxt *, const char *);
110 #endif /* AFS */
111 
112 #endif /* KRB4 */
113 
114 #ifdef KRB5
115 int	auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client);
116 int	auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
117 int	auth_krb5_password(Authctxt *authctxt, const char *password);
118 void	krb5_cleanup_proc(void *authctxt);
119 #endif /* KRB5 */
120 
121 void	do_authentication(void);
122 void	do_authentication2(void);
123 
124 Authctxt *authctxt_new(void);
125 void	auth_log(Authctxt *, int, char *, char *);
126 void	userauth_finish(Authctxt *, int, char *);
127 int	auth_root_allowed(char *);
128 
129 int	auth2_challenge(Authctxt *, char *);
130 
131 int	allowed_user(struct passwd *);
132 
133 char	*get_challenge(Authctxt *);
134 int	verify_response(Authctxt *, const char *);
135 
136 struct passwd * auth_get_user(void);
137 
138 char	*expand_filename(const char *, struct passwd *);
139 char	*authorized_keys_file(struct passwd *);
140 char	*authorized_keys_file2(struct passwd *);
141 
142 int
143 secure_filename(FILE *, const char *, struct passwd *, char *, size_t);
144 
145 HostStatus
146 check_key_in_hostfiles(struct passwd *, Key *, const char *,
147     const char *, const char *);
148 
149 #define AUTH_FAIL_MAX 6
150 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
151 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
152 
153 #endif
154