[openssh.git] / auth.h

/*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * $OpenBSD: auth.h,v 1.13 2001/03/20 18:57:04 markus Exp $
 */
#ifndef AUTH_H
#define AUTH_H

#include <openssl/rsa.h>

#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
#ifdef BSD_AUTH
#include <bsd_auth.h>
#endif

typedef struct Authctxt Authctxt;
struct Authctxt {
	int success;
	int postponed;
	int valid;
	int attempt;
	int failures;
	char *user;
	char *service;
	struct passwd *pw;
	char *style;
#ifdef BSD_AUTH
	auth_session_t *as;
#endif
};

/*
 * Tries to authenticate the user using the .rhosts file.  Returns true if
 * authentication succeeds.  If ignore_rhosts is non-zero, this will not
 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
 */
int     auth_rhosts(struct passwd * pw, const char *client_user);

/*
 * Tries to authenticate the user using the .rhosts file and the host using
 * its host key.  Returns true if authentication succeeds.
 */
int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);

/*
 * Tries to authenticate the user using password.  Returns true if
 * authentication succeeds.
 */
int     auth_password(Authctxt *authctxt, const char *password);

/*
 * Performs the RSA authentication dialog with the client.  This returns 0 if
 * the client could not be authenticated, and 1 if authentication was
 * successful.  This may exit if there is a serious protocol violation.
 */
int     auth_rsa(struct passwd * pw, BIGNUM * client_n);

/*
 * Parses an RSA key (number of bits, e, n) from a string.  Moves the pointer
 * over the key.  Skips any whitespace at the beginning and at end.
 */
int     auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);

/*
 * Performs the RSA authentication challenge-response dialog with the client,
 * and returns true (non-zero) if the client gave the correct answer to our
 * challenge; returns zero if the client gives a wrong answer.
 */
int     auth_rsa_challenge_dialog(RSA *pk);

#ifdef KRB4
#include <krb.h>
/*
 * Performs Kerberos v4 mutual authentication with the client. This returns 0
 * if the client could not be authenticated, and 1 if authentication was
 * successful.  This may exit if there is a serious protocol violation.
 */
int     auth_krb4(const char *server_user, KTEXT auth, char **client);
int     krb4_init(uid_t uid);
void    krb4_cleanup_proc(void *ignore);
int	auth_krb4_password(struct passwd * pw, const char *password);

#ifdef AFS
#include <kafs.h>

/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int     auth_kerberos_tgt(struct passwd * pw, const char *string);
int     auth_afs_token(struct passwd * pw, const char *token_string);
#endif				/* AFS */

#endif				/* KRB4 */

#include "auth-pam.h"
#include "auth2-pam.h"

void	do_authentication(void);
void	do_authentication2(void);

Authctxt *authctxt_new(void);
void	auth_log(Authctxt *authctxt, int authenticated, char *method, char *info);
void	userauth_reply(Authctxt *authctxt, int authenticated);
int	auth_root_allowed(char *method);

int	auth2_challenge(Authctxt *authctxt, char *devs);

int	allowed_user(struct passwd * pw);

char	*get_challenge(Authctxt *authctxt, char *devs);
int	verify_response(Authctxt *authctxt, char *response);

struct passwd * auth_get_user(void);

#define AUTH_FAIL_MAX 6
#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"

#endif
Commit	Line	Data
bcbf86ec	1	/*
	2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8abcdba4	23	*
a5b09902	24	* $OpenBSD: auth.h,v 1.13 2001/03/20 18:57:04 markus Exp $
bcbf86ec	25	*/
7368a6c8	26	#ifndef AUTH_H
	27	#define AUTH_H
	28
42f11eb2	29	#include <openssl/rsa.h>
42f11eb2	30
af774732	31	#ifdef HAVE_LOGIN_CAP
	32	#include <login_cap.h>
	33	#endif
	34	#ifdef BSD_AUTH
	35	#include <bsd_auth.h>
	36	#endif
	37
94ec8c6b	38	typedef struct Authctxt Authctxt;
	39	struct Authctxt {
	40	int success;
59c97189	41	int postponed;
94ec8c6b	42	int valid;
94ec8c6b	43	int attempt;
8abcdba4	44	int failures;
94ec8c6b	45	char *user;
	46	char *service;
	47	struct passwd *pw;
59c97189	48	char *style;
af774732	49	#ifdef BSD_AUTH
	50	auth_session_t *as;
	51	#endif
94ec8c6b	52	};
94ec8c6b	53
42f11eb2	54	/*
	55	* Tries to authenticate the user using the .rhosts file. Returns true if
	56	* authentication succeeds. If ignore_rhosts is non-zero, this will not
	57	* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
	58	*/
	59	int auth_rhosts(struct passwd * pw, const char *client_user);
	60
	61	/*
	62	* Tries to authenticate the user using the .rhosts file and the host using
	63	* its host key. Returns true if authentication succeeds.
	64	*/
	65	int
	66	auth_rhosts_rsa(struct passwd * pw, const char client_user, RSA client_host_key);
	67
	68	/*
	69	* Tries to authenticate the user using password. Returns true if
	70	* authentication succeeds.
	71	*/
af774732	72	int auth_password(Authctxt authctxt, const char password);
42f11eb2	73
	74	/*
	75	* Performs the RSA authentication dialog with the client. This returns 0 if
	76	* the client could not be authenticated, and 1 if authentication was
	77	* successful. This may exit if there is a serious protocol violation.
	78	*/
	79	int auth_rsa(struct passwd * pw, BIGNUM * client_n);
	80
	81	/*
	82	* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
	83	* over the key. Skips any whitespace at the beginning and at end.
	84	*/
	85	int auth_rsa_read_key(char *cpp, u_int bitsp, BIGNUM * e, BIGNUM * n);
	86
	87	/*
	88	* Performs the RSA authentication challenge-response dialog with the client,
	89	* and returns true (non-zero) if the client gave the correct answer to our
	90	* challenge; returns zero if the client gives a wrong answer.
	91	*/
	92	int auth_rsa_challenge_dialog(RSA *pk);
	93
	94	#ifdef KRB4
	95	#include <krb.h>
	96	/*
	97	* Performs Kerberos v4 mutual authentication with the client. This returns 0
	98	* if the client could not be authenticated, and 1 if authentication was
	99	* successful. This may exit if there is a serious protocol violation.
	100	*/
	101	int auth_krb4(const char server_user, KTEXT auth, char *client);
	102	int krb4_init(uid_t uid);
	103	void krb4_cleanup_proc(void *ignore);
	104	int auth_krb4_password(struct passwd * pw, const char *password);
	105
	106	#ifdef AFS
	107	#include <kafs.h>
	108
	109	/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
	110	int auth_kerberos_tgt(struct passwd * pw, const char *string);
	111	int auth_afs_token(struct passwd * pw, const char *token_string);
	112	#endif /* AFS */
	113
	114	#endif /* KRB4 */
	115
8c9fe09e	116	#include "auth-pam.h"
	117	#include "auth2-pam.h"
	118
7368a6c8	119	void do_authentication(void);
e78a59f5	120	void do_authentication2(void);
e78a59f5	121
59c97189	122	Authctxt *authctxt_new(void);
59c97189	123	void auth_log(Authctxt authctxt, int authenticated, char method, char *info);
94ec8c6b	124	void userauth_reply(Authctxt *authctxt, int authenticated);
15853e93	125	int auth_root_allowed(char *method);
94ec8c6b	126
59c97189	127	int auth2_challenge(Authctxt authctxt, char devs);
7368a6c8	128
94ec8c6b	129	int allowed_user(struct passwd * pw);
59c97189	130
	131	char get_challenge(Authctxt authctxt, char *devs);
	132	int verify_response(Authctxt authctxt, char response);
	133
94ec8c6b	134	struct passwd * auth_get_user(void);
a306f2dd	135
	136	#define AUTH_FAIL_MAX 6
	137	#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
	138	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
	139
7368a6c8	140	#endif