1 /* $OpenBSD: ssh.h,v 1.64 2002/03/04 17:27:39 stevesk Exp $ */
4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
5 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8 * As far as I am concerned, the code I have written for this software
9 * can be used freely for any purpose. Any derived versions of this
10 * software must be clearly marked as such, and if the derived work is
11 * incompatible with the protocol description in the RFC file, it must be
12 * called by a name other than "ssh" or "Secure Shell".
18 #include <netinet/in.h> /* For struct sockaddr_in */
19 #include <pwd.h> /* For struct pw */
20 #include <stdarg.h> /* For va_list */
21 #include <syslog.h> /* For LOG_AUTH and friends */
22 #include <sys/socket.h> /* For struct sockaddr_storage */
23 #include "openbsd-compat/fake-socket.h" /* For struct sockaddr_storage */
24 #ifdef HAVE_SYS_SELECT_H
25 # include <sys/select.h>
28 /* Cipher used for encrypting authentication files. */
29 #define SSH_AUTHFILE_CIPHER SSH_CIPHER_3DES
31 /* Default port number. */
32 #define SSH_DEFAULT_PORT 22
34 /* Maximum number of TCP/IP ports forwarded per direction. */
35 #define SSH_MAX_FORWARDS_PER_DIRECTION 100
38 * Maximum number of RSA authentication identity files that can be specified
39 * in configuration files or on the command line.
41 #define SSH_MAX_IDENTITY_FILES 100
44 * Major protocol version. Different version indicates major incompatiblity
45 * that prevents communication.
47 * Minor protocol version. Different version indicates minor incompatibility
48 * that does not prevent interoperation.
50 #define PROTOCOL_MAJOR_1 1
51 #define PROTOCOL_MINOR_1 5
53 /* We support both SSH1 and SSH2 */
54 #define PROTOCOL_MAJOR_2 2
55 #define PROTOCOL_MINOR_2 0
58 * Name for the service. The port named by this service overrides the
59 * default port if present.
61 #define SSH_SERVICE_NAME "ssh"
63 #if defined(USE_PAM) && !defined(SSHD_PAM_SERVICE)
64 # define SSHD_PAM_SERVICE __progname
69 /*------------ GSSAPI-related functions -----------------------*/
73 * Given a target account, and source host, perform GSSAPI authentication
74 * and authorization. Returns 1 on success, 0 on failure. On success fills
75 * in client_name with the GSSAPI identity of the user.
77 int auth_gssapi(const char *target_account,
78 const char *source_host,
79 gss_buffer_desc *client_name);
82 * The userstring sent by the client may contain a GSSAPI identity which
83 * the server can use to determine the target account. This function
84 * parses the userstring and does the local account determination,
88 gssapi_parse_userstring(char *username);
91 * Change the ownership of all delegated credentials to the user.
92 * Returns 0 on success, non-zero on error.
95 gssapi_chown_delegation(uid_t uid, gid_t gid);
98 * Remove the forwarded proxy credentials
101 gssapi_remove_delegation(void);
104 * Clean our environment on startup. This means removing any environment
105 * strings that might inadvertantly been in root's environment and
106 * could cause serious security problems if we think we set them.
109 gssapi_clean_env(void);
112 * Set up our environment for GSSAPI authentication
115 gssapi_setup_env(void);
118 * Fix up our environment after GSSAPI authentication
121 gssapi_fix_env(void);
124 * Pass all the GSSAPI environment variables to the child.
127 gssapi_child_set_env(char ***p_env,
128 unsigned int *p_envsize);
131 * A string containing the version of the GSSAPI patch applied
133 #define GSSAPI_PATCH_VERSION "GSSAPI_PATCH FOR OPENSSH-3.0.2p1"
135 #ifndef GSSAPI_SERVICE_NAME
136 #define GSSAPI_SERVICE_NAME "host"
137 #endif /* GSSAPI_SERVICE_NAME */
139 #ifndef GSSAPI_SERVICE_NAME_FORMAT
140 #define GSSAPI_SERVICE_NAME_FORMAT "%s@%s" /* host@fqdn */
141 #endif /* GSSAPI_SERVICE_NAME_FORMAT */
143 /* String to send if we don't have a valid hash of sshd keys */
144 #define GSSAPI_NO_HASH_STRING "GSSAPI_NO_HASH"
146 /*end of modification*/
149 * Name of the environment variable containing the pathname of the
150 * authentication socket.
152 #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"
155 * Name of the environment variable containing the pathname of the
156 * authentication socket.
158 #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"
161 * Environment variable for overwriting the default location of askpass
163 #define SSH_ASKPASS_ENV "SSH_ASKPASS"
166 * Force host key length and server key length to differ by at least this
167 * many bits. This is to make double encryption with rsaref work.
169 #define SSH_KEY_BITS_RESERVED 128
172 * Length of the session key in bytes. (Specified as 256 bits in the
175 #define SSH_SESSION_KEY_LENGTH 32
177 /* Name of Kerberos service for SSH to use. */
178 #define KRB4_SERVICE_NAME "rcmd"
180 /* Used to identify ``EscapeChar none'' */
181 #define SSH_ESCAPECHAR_NONE -2