1 /* $OpenBSD: auth-options.h,v 1.26 2018/03/12 00:52:01 djm Exp $ */ 2 3 /* 4 * Copyright (c) 2018 Damien Miller <djm@mindrot.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #ifndef AUTH_OPTIONS_H 20 #define AUTH_OPTIONS_H 21 22 struct passwd; 23 struct sshkey; 24 25 /* 26 * sshauthopt represents key options parsed from authorized_keys or 27 * from certificate extensions/options. 28 */ 29 struct sshauthopt { 30 /* Feature flags */ 31 int permit_port_forwarding_flag; 32 int permit_agent_forwarding_flag; 33 int permit_x11_forwarding_flag; 34 int permit_pty_flag; 35 int permit_user_rc; 36 37 /* "restrict" keyword was invoked */ 38 int restricted; 39 40 /* key/principal expiry date */ 41 uint64_t valid_before; 42 43 /* Certificate-related options */ 44 int cert_authority; 45 char *cert_principals; 46 47 int force_tun_device; 48 char *force_command; 49 50 /* Custom environment */ 51 size_t nenv; 52 char **env; 53 54 /* Permitted port forwardings */ 55 size_t npermitopen; 56 char **permitopen; 57 58 /* 59 * Permitted host/addresses (comma-separated) 60 * Caller must check source address matches both lists (if present). 61 */ 62 char *required_from_host_cert; 63 char *required_from_host_keys; 64 }; 65 66 struct sshauthopt *sshauthopt_new(void); 67 struct sshauthopt *sshauthopt_new_with_keys_defaults(void); 68 void sshauthopt_free(struct sshauthopt *opts); 69 struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig); 70 int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int); 71 int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts); 72 73 /* 74 * Parse authorized_keys options. Returns an options structure on success 75 * or NULL on failure. Will set errstr on failure. 76 */ 77 struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr); 78 79 /* 80 * Parse certification options to a struct sshauthopt. 81 * Returns options on success or NULL on failure. 82 */ 83 struct sshauthopt *sshauthopt_from_cert(struct sshkey *k); 84 85 /* 86 * Merge key options. 87 */ 88 struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary, 89 const struct sshauthopt *additional, const char **errstrp); 90 91 #endif 92