xref: /freebsd/crypto/openssh/hostfile.h (revision 19261079b74319502c6ffa1249920079f0f69a72) 
1*19261079SEd Maste /* $OpenBSD: hostfile.h,v 1.29 2021/01/26 00:51:30 djm Exp $ */
21e8db6e2SBrian Feldman 
3b66f2d16SKris Kennaway /*
4b66f2d16SKris Kennaway  * Author: Tatu Ylonen <ylo@cs.hut.fi>
5b66f2d16SKris Kennaway  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6b66f2d16SKris Kennaway  *                    All rights reserved
7b66f2d16SKris Kennaway  *
8b66f2d16SKris Kennaway  * As far as I am concerned, the code I have written for this software
9b66f2d16SKris Kennaway  * can be used freely for any purpose.  Any derived versions of this
10b66f2d16SKris Kennaway  * software must be clearly marked as such, and if the derived work is
11b66f2d16SKris Kennaway  * incompatible with the protocol description in the RFC file, it must be
12b66f2d16SKris Kennaway  * called by a name other than "ssh" or "Secure Shell".
13b66f2d16SKris Kennaway  */
14a8f6863aSKris Kennaway #ifndef HOSTFILE_H
15a8f6863aSKris Kennaway #define HOSTFILE_H
16a8f6863aSKris Kennaway 
17a8f6863aSKris Kennaway typedef enum {
18b15c8340SDag-Erling Smørgrav 	HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND
19a8f6863aSKris Kennaway }       HostStatus;
201e8db6e2SBrian Feldman 
214a421b63SDag-Erling Smørgrav typedef enum {
224a421b63SDag-Erling Smørgrav 	MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA
234a421b63SDag-Erling Smørgrav }	HostkeyMarker;
244a421b63SDag-Erling Smørgrav 
254a421b63SDag-Erling Smørgrav struct hostkey_entry {
264a421b63SDag-Erling Smørgrav 	char *host;
274a421b63SDag-Erling Smørgrav 	char *file;
284a421b63SDag-Erling Smørgrav 	u_long line;
29bc5531deSDag-Erling Smørgrav 	struct sshkey *key;
304a421b63SDag-Erling Smørgrav 	HostkeyMarker marker;
31*19261079SEd Maste 	u_int note; /* caller-specific note/flag */
324a421b63SDag-Erling Smørgrav };
33*19261079SEd Maste struct hostkeys {
34*19261079SEd Maste 	struct hostkey_entry *entries;
35*19261079SEd Maste 	u_int num_entries;
36*19261079SEd Maste };
374a421b63SDag-Erling Smørgrav 
384a421b63SDag-Erling Smørgrav struct hostkeys *init_hostkeys(void);
39*19261079SEd Maste void	 load_hostkeys(struct hostkeys *, const char *,
40*19261079SEd Maste     const char *, u_int);
41*19261079SEd Maste void	 load_hostkeys_file(struct hostkeys *, const char *,
42*19261079SEd Maste     const char *, FILE *, u_int note);
434a421b63SDag-Erling Smørgrav void	 free_hostkeys(struct hostkeys *);
444a421b63SDag-Erling Smørgrav 
45bc5531deSDag-Erling Smørgrav HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *,
464a421b63SDag-Erling Smørgrav     const struct hostkey_entry **);
47*19261079SEd Maste int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int, int,
484a421b63SDag-Erling Smørgrav     const struct hostkey_entry **);
49*19261079SEd Maste int	 lookup_marker_in_hostkeys(struct hostkeys *, int);
504a421b63SDag-Erling Smørgrav 
51bc5531deSDag-Erling Smørgrav int	 hostfile_read_key(char **, u_int *, struct sshkey *);
52bc5531deSDag-Erling Smørgrav int	 add_host_to_hostfile(const char *, const char *,
53bc5531deSDag-Erling Smørgrav     const struct sshkey *, int);
54bc5531deSDag-Erling Smørgrav 
55bc5531deSDag-Erling Smørgrav int	 hostfile_replace_entries(const char *filename,
56bc5531deSDag-Erling Smørgrav     const char *host, const char *ip, struct sshkey **keys, size_t nkeys,
57bc5531deSDag-Erling Smørgrav     int store_hash, int quiet, int hash_alg);
58a8f6863aSKris Kennaway 
595e8dbd04SDag-Erling Smørgrav #define HASH_MAGIC	"|1|"
605e8dbd04SDag-Erling Smørgrav #define HASH_DELIM	'|'
615e8dbd04SDag-Erling Smørgrav 
62b15c8340SDag-Erling Smørgrav #define CA_MARKER	"@cert-authority"
63b15c8340SDag-Erling Smørgrav #define REVOKE_MARKER	"@revoked"
64b15c8340SDag-Erling Smørgrav 
655e8dbd04SDag-Erling Smørgrav char	*host_hash(const char *, const char *, u_int);
665e8dbd04SDag-Erling Smørgrav 
67bc5531deSDag-Erling Smørgrav /*
68bc5531deSDag-Erling Smørgrav  * Iterate through a hostkeys file, optionally parsing keys and matching
69bc5531deSDag-Erling Smørgrav  * hostnames. Allows access to the raw keyfile lines to allow
70bc5531deSDag-Erling Smørgrav  * streaming edits to the file to take place.
71bc5531deSDag-Erling Smørgrav  */
72bc5531deSDag-Erling Smørgrav #define HKF_WANT_MATCH		(1)	/* return only matching hosts/addrs */
73bc5531deSDag-Erling Smørgrav #define HKF_WANT_PARSE_KEY	(1<<1)	/* need key parsed */
74bc5531deSDag-Erling Smørgrav 
75bc5531deSDag-Erling Smørgrav #define HKF_STATUS_OK		0	/* Line parsed, didn't match host */
76bc5531deSDag-Erling Smørgrav #define HKF_STATUS_INVALID	1	/* line had parse error */
77bc5531deSDag-Erling Smørgrav #define HKF_STATUS_COMMENT	2	/* valid line contained no key */
78bc5531deSDag-Erling Smørgrav #define HKF_STATUS_MATCHED	3	/* hostname or IP matched */
79bc5531deSDag-Erling Smørgrav 
80bc5531deSDag-Erling Smørgrav #define HKF_MATCH_HOST		(1)	/* hostname matched */
81bc5531deSDag-Erling Smørgrav #define HKF_MATCH_IP		(1<<1)	/* address matched */
82bc5531deSDag-Erling Smørgrav #define HKF_MATCH_HOST_HASHED	(1<<2)	/* hostname was hashed */
83bc5531deSDag-Erling Smørgrav #define HKF_MATCH_IP_HASHED	(1<<3)	/* address was hashed */
84bc5531deSDag-Erling Smørgrav /* XXX HKF_MATCH_KEY_TYPE? */
85bc5531deSDag-Erling Smørgrav 
86bc5531deSDag-Erling Smørgrav /*
87bc5531deSDag-Erling Smørgrav  * The callback function receives this as an argument for each matching
88bc5531deSDag-Erling Smørgrav  * hostkey line. The callback may "steal" the 'key' field by setting it to NULL.
89bc5531deSDag-Erling Smørgrav  * If a parse error occurred, then "hosts" and subsequent options may be NULL.
90bc5531deSDag-Erling Smørgrav  */
91bc5531deSDag-Erling Smørgrav struct hostkey_foreach_line {
92bc5531deSDag-Erling Smørgrav 	const char *path; /* Path of file */
93bc5531deSDag-Erling Smørgrav 	u_long linenum;	/* Line number */
94bc5531deSDag-Erling Smørgrav 	u_int status;	/* One of HKF_STATUS_* */
95bc5531deSDag-Erling Smørgrav 	u_int match;	/* Zero or more of HKF_MATCH_* OR'd together */
96bc5531deSDag-Erling Smørgrav 	char *line;	/* Entire key line; mutable by callback */
97bc5531deSDag-Erling Smørgrav 	int marker;	/* CA/revocation markers; indicated by MRK_* value */
98bc5531deSDag-Erling Smørgrav 	const char *hosts; /* Raw hosts text, may be hashed or list multiple */
99bc5531deSDag-Erling Smørgrav 	const char *rawkey; /* Text of key and any comment following it */
100bc5531deSDag-Erling Smørgrav 	int keytype;	/* Type of key; KEY_UNSPEC for invalid/comment lines */
101bc5531deSDag-Erling Smørgrav 	struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */
102bc5531deSDag-Erling Smørgrav 	const char *comment; /* Any comment following the key */
103*19261079SEd Maste 	u_int note;	/* caller-specified note copied from arguments */
104bc5531deSDag-Erling Smørgrav };
105bc5531deSDag-Erling Smørgrav 
106bc5531deSDag-Erling Smørgrav /*
107bc5531deSDag-Erling Smørgrav  * Callback fires for each line (or matching line if a HKF_WANT_* option
108bc5531deSDag-Erling Smørgrav  * is set). The foreach loop will terminate if the callback returns a non-
109bc5531deSDag-Erling Smørgrav  * zero exit status.
110bc5531deSDag-Erling Smørgrav  */
111bc5531deSDag-Erling Smørgrav typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx);
112bc5531deSDag-Erling Smørgrav 
113bc5531deSDag-Erling Smørgrav /* Iterate over a hostkeys file */
114*19261079SEd Maste int hostkeys_foreach(const char *path,
115*19261079SEd Maste     hostkeys_foreach_fn *callback, void *ctx,
116*19261079SEd Maste     const char *host, const char *ip, u_int options, u_int note);
117*19261079SEd Maste int hostkeys_foreach_file(const char *path, FILE *f,
118*19261079SEd Maste     hostkeys_foreach_fn *callback, void *ctx,
119*19261079SEd Maste     const char *host, const char *ip, u_int options, u_int note);
120*19261079SEd Maste 
121*19261079SEd Maste void hostfile_create_user_ssh_dir(const char *, int);
122bc5531deSDag-Erling Smørgrav 
123a8f6863aSKris Kennaway #endif
124