crypto/openssh/auth.h

af12a3e7SDag-Erling Smørgrav/*	$OpenBSD: auth.h,v 1.29 2002/03/04 17:27:39 stevesk Exp $	*/
af12a3e7SDag-Erling Smørgrav/*	$FreeBSD$	*/
af12a3e7SDag-Erling Smørgrav
b66f2d16SKris Kennaway/*
b66f2d16SKris Kennaway * Copyright (c) 2000 Markus Friedl.  All rights reserved.
b66f2d16SKris Kennaway *
b66f2d16SKris Kennaway * Redistribution and use in source and binary forms, with or without
b66f2d16SKris Kennaway * modification, are permitted provided that the following conditions
b66f2d16SKris Kennaway * are met:
b66f2d16SKris Kennaway * 1. Redistributions of source code must retain the above copyright
b66f2d16SKris Kennaway *    notice, this list of conditions and the following disclaimer.
b66f2d16SKris Kennaway * 2. Redistributions in binary form must reproduce the above copyright
b66f2d16SKris Kennaway *    notice, this list of conditions and the following disclaimer in the
b66f2d16SKris Kennaway *    documentation and/or other materials provided with the distribution.
b66f2d16SKris Kennaway *
b66f2d16SKris Kennaway * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
b66f2d16SKris Kennaway * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
b66f2d16SKris Kennaway * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
b66f2d16SKris Kennaway * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
b66f2d16SKris Kennaway * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
b66f2d16SKris Kennaway * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
b66f2d16SKris Kennaway * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
b66f2d16SKris Kennaway * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
b66f2d16SKris Kennaway * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
b66f2d16SKris Kennaway * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5b9b2fafSBrian Feldman *
b66f2d16SKris Kennaway */
af12a3e7SDag-Erling Smørgrav
a04a10f8SKris Kennaway#ifndef AUTH_H
a04a10f8SKris Kennaway#define AUTH_H
a04a10f8SKris Kennaway
af12a3e7SDag-Erling Smørgrav#include "key.h"
af12a3e7SDag-Erling Smørgrav#include "hostfile.h"
1e8db6e2SBrian Feldman#include <openssl/rsa.h>
1e8db6e2SBrian Feldman
1e8db6e2SBrian Feldman#ifdef HAVE_LOGIN_CAP
1e8db6e2SBrian Feldman#include <login_cap.h>
1e8db6e2SBrian Feldman#endif
1e8db6e2SBrian Feldman#ifdef BSD_AUTH
1e8db6e2SBrian Feldman#include <bsd_auth.h>
1e8db6e2SBrian Feldman#endif
af12a3e7SDag-Erling Smørgrav#ifdef KRB5
af12a3e7SDag-Erling Smørgrav#include <krb5.h>
af12a3e7SDag-Erling Smørgrav#endif
1e8db6e2SBrian Feldman
5b9b2fafSBrian Feldmantypedef struct Authctxt Authctxt;
af12a3e7SDag-Erling Smørgravtypedef struct KbdintDevice KbdintDevice;
af12a3e7SDag-Erling Smørgrav
5b9b2fafSBrian Feldmanstruct Authctxt {
5b9b2fafSBrian Feldman	int		 success;
1e8db6e2SBrian Feldman	int		 postponed;
5b9b2fafSBrian Feldman	int		 valid;
5b9b2fafSBrian Feldman	int		 attempt;
1e8db6e2SBrian Feldman	int		 failures;
5b9b2fafSBrian Feldman	char		*user;
5b9b2fafSBrian Feldman	char		*service;
5b9b2fafSBrian Feldman	struct passwd	*pw;
1e8db6e2SBrian Feldman	char		*style;
af12a3e7SDag-Erling Smørgrav	void		*kbdintctxt;
1e8db6e2SBrian Feldman#ifdef BSD_AUTH
1e8db6e2SBrian Feldman	auth_session_t	*as;
1e8db6e2SBrian Feldman#endif
af12a3e7SDag-Erling Smørgrav#ifdef KRB4
af12a3e7SDag-Erling Smørgrav	char		*krb4_ticket_file;
af12a3e7SDag-Erling Smørgrav#endif
af12a3e7SDag-Erling Smørgrav#ifdef KRB5
af12a3e7SDag-Erling Smørgrav	krb5_context	 krb5_ctx;
af12a3e7SDag-Erling Smørgrav	krb5_auth_context krb5_auth_ctx;
af12a3e7SDag-Erling Smørgrav	krb5_ccache	 krb5_fwd_ccache;
af12a3e7SDag-Erling Smørgrav	krb5_principal	 krb5_user;
af12a3e7SDag-Erling Smørgrav	char		*krb5_ticket_file;
af12a3e7SDag-Erling Smørgrav#endif
5b9b2fafSBrian Feldman};
5b9b2fafSBrian Feldman
1e8db6e2SBrian Feldman/*
af12a3e7SDag-Erling Smørgrav * Keyboard interactive device:
af12a3e7SDag-Erling Smørgrav * init_ctx	returns: non NULL upon success
af12a3e7SDag-Erling Smørgrav * query	returns: 0 - success, otherwise failure
af12a3e7SDag-Erling Smørgrav * respond	returns: 0 - success, 1 - need further interaction,
af12a3e7SDag-Erling Smørgrav *		otherwise - failure
1e8db6e2SBrian Feldman */
af12a3e7SDag-Erling Smørgravstruct KbdintDevice
af12a3e7SDag-Erling Smørgrav{
af12a3e7SDag-Erling Smørgrav	const char *name;
af12a3e7SDag-Erling Smørgrav	void*	(*init_ctx)(Authctxt*);
af12a3e7SDag-Erling Smørgrav	int	(*query)(void *ctx, char **name, char **infotxt,
af12a3e7SDag-Erling Smørgrav		    u_int *numprompts, char ***prompts, u_int **echo_on);
af12a3e7SDag-Erling Smørgrav	int	(*respond)(void *ctx, u_int numresp, char **responses);
af12a3e7SDag-Erling Smørgrav	void	(*free_ctx)(void *ctx);
af12a3e7SDag-Erling Smørgrav};
1e8db6e2SBrian Feldman
af12a3e7SDag-Erling Smørgravint     auth_rhosts(struct passwd *, const char *);
1e8db6e2SBrian Feldmanint
af12a3e7SDag-Erling Smørgravauth_rhosts2(struct passwd *, const char *, const char *, const char *);
1e8db6e2SBrian Feldman
af12a3e7SDag-Erling Smørgravint	 auth_rhosts_rsa(struct passwd *, const char *, Key *);
af12a3e7SDag-Erling Smørgravint      auth_password(Authctxt *, const char *);
af12a3e7SDag-Erling Smørgravint      auth_rsa(struct passwd *, BIGNUM *);
af12a3e7SDag-Erling Smørgravint      auth_rsa_challenge_dialog(RSA *);
1e8db6e2SBrian Feldman
7e40a391SMark Murray#ifdef KRB4
7e40a391SMark Murray#include <krb.h>
af12a3e7SDag-Erling Smørgravint     auth_krb4(Authctxt *, KTEXT, char **);
af12a3e7SDag-Erling Smørgravint	auth_krb4_password(Authctxt *, const char *);
af12a3e7SDag-Erling Smørgravvoid    krb4_cleanup_proc(void *);
1e8db6e2SBrian Feldman
1e8db6e2SBrian Feldman#ifdef AFS
1e8db6e2SBrian Feldman#include <kafs.h>
af12a3e7SDag-Erling Smørgravint     auth_krb4_tgt(Authctxt *, const char *);
af12a3e7SDag-Erling Smørgravint     auth_afs_token(Authctxt *, const char *);
1e8db6e2SBrian Feldman#endif /* AFS */
1e8db6e2SBrian Feldman
1e8db6e2SBrian Feldman#endif /* KRB4 */
1e8db6e2SBrian Feldman
af12a3e7SDag-Erling Smørgrav#ifdef KRB5
af12a3e7SDag-Erling Smørgravint	auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client);
af12a3e7SDag-Erling Smørgravint	auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
af12a3e7SDag-Erling Smørgravint	auth_krb5_password(Authctxt *authctxt, const char *password);
af12a3e7SDag-Erling Smørgravvoid	krb5_cleanup_proc(void *authctxt);
af12a3e7SDag-Erling Smørgrav#endif /* KRB5 */
af12a3e7SDag-Erling Smørgrav
a04a10f8SKris Kennawayvoid	do_authentication(void);
a04a10f8SKris Kennawayvoid	do_authentication2(void);
a04a10f8SKris Kennaway
1e8db6e2SBrian FeldmanAuthctxt *authctxt_new(void);
af12a3e7SDag-Erling Smørgravvoid	auth_log(Authctxt *, int, char *, char *);
af12a3e7SDag-Erling Smørgravvoid	userauth_finish(Authctxt *, int, char *);
af12a3e7SDag-Erling Smørgravint	auth_root_allowed(char *);
5b9b2fafSBrian Feldman
af12a3e7SDag-Erling Smørgravint	auth2_challenge(Authctxt *, char *);
af12a3e7SDag-Erling Smørgravvoid	auth2_challenge_stop(Authctxt *);
a04a10f8SKris Kennaway
af12a3e7SDag-Erling Smørgravint	allowed_user(struct passwd *);
1e8db6e2SBrian Feldman
af12a3e7SDag-Erling Smørgravchar	*get_challenge(Authctxt *);
af12a3e7SDag-Erling Smørgravint	verify_response(Authctxt *, const char *);
1e8db6e2SBrian Feldman
5b9b2fafSBrian Feldmanstruct passwd * auth_get_user(void);
a04a10f8SKris Kennaway
af12a3e7SDag-Erling Smørgravchar	*expand_filename(const char *, struct passwd *);
af12a3e7SDag-Erling Smørgravchar	*authorized_keys_file(struct passwd *);
af12a3e7SDag-Erling Smørgravchar	*authorized_keys_file2(struct passwd *);
af12a3e7SDag-Erling Smørgrav
af12a3e7SDag-Erling Smørgravint
af12a3e7SDag-Erling Smørgravsecure_filename(FILE *, const char *, struct passwd *, char *, size_t);
af12a3e7SDag-Erling Smørgrav
af12a3e7SDag-Erling SmørgravHostStatus
af12a3e7SDag-Erling Smørgravcheck_key_in_hostfiles(struct passwd *, Key *, const char *,
af12a3e7SDag-Erling Smørgrav    const char *, const char *);
af12a3e7SDag-Erling Smørgrav
a04a10f8SKris Kennaway#define AUTH_FAIL_MAX 6
a04a10f8SKris Kennaway#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
a04a10f8SKris Kennaway#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
a04a10f8SKris Kennaway
a04a10f8SKris Kennaway#endif