[openssh.git] / auth.h

/*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * $OpenBSD: auth.h,v 1.11 2001/02/12 16:16:23 markus Exp $
 */
#ifndef AUTH_H
#define AUTH_H

#include <openssl/rsa.h>

typedef struct Authctxt Authctxt;
struct Authctxt {
	int success;
	int postponed;
	int valid;
	int attempt;
	int failures;
	char *user;
	char *service;
	struct passwd *pw;
	char *style;
};

/*
 * Tries to authenticate the user using the .rhosts file.  Returns true if
 * authentication succeeds.  If ignore_rhosts is non-zero, this will not
 * consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
 */
int     auth_rhosts(struct passwd * pw, const char *client_user);

/*
 * Tries to authenticate the user using the .rhosts file and the host using
 * its host key.  Returns true if authentication succeeds.
 */
int
auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key);

/*
 * Tries to authenticate the user using password.  Returns true if
 * authentication succeeds.
 */
int     auth_password(struct passwd * pw, const char *password);

/*
 * Performs the RSA authentication dialog with the client.  This returns 0 if
 * the client could not be authenticated, and 1 if authentication was
 * successful.  This may exit if there is a serious protocol violation.
 */
int     auth_rsa(struct passwd * pw, BIGNUM * client_n);

/*
 * Parses an RSA key (number of bits, e, n) from a string.  Moves the pointer
 * over the key.  Skips any whitespace at the beginning and at end.
 */
int     auth_rsa_read_key(char **cpp, u_int *bitsp, BIGNUM * e, BIGNUM * n);

/*
 * Performs the RSA authentication challenge-response dialog with the client,
 * and returns true (non-zero) if the client gave the correct answer to our
 * challenge; returns zero if the client gives a wrong answer.
 */
int     auth_rsa_challenge_dialog(RSA *pk);

#ifdef KRB4
#include <krb.h>
/*
 * Performs Kerberos v4 mutual authentication with the client. This returns 0
 * if the client could not be authenticated, and 1 if authentication was
 * successful.  This may exit if there is a serious protocol violation.
 */
int     auth_krb4(const char *server_user, KTEXT auth, char **client);
int     krb4_init(uid_t uid);
void    krb4_cleanup_proc(void *ignore);
int	auth_krb4_password(struct passwd * pw, const char *password);

#ifdef AFS
#include <kafs.h>

/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
int     auth_kerberos_tgt(struct passwd * pw, const char *string);
int     auth_afs_token(struct passwd * pw, const char *token_string);
#endif				/* AFS */

#endif				/* KRB4 */

#include "auth-pam.h"
#include "auth2-pam.h"

void	do_authentication(void);
void	do_authentication2(void);

Authctxt *authctxt_new(void);
void	auth_log(Authctxt *authctxt, int authenticated, char *method, char *info);
void	userauth_reply(Authctxt *authctxt, int authenticated);
int	auth_root_allowed(char *method);

int	auth2_challenge(Authctxt *authctxt, char *devs);

int	allowed_user(struct passwd * pw);

char	*get_challenge(Authctxt *authctxt, char *devs);
int	verify_response(Authctxt *authctxt, char *response);

struct passwd * auth_get_user(void);
struct passwd * pwcopy(struct passwd *pw);

#define AUTH_FAIL_MAX 6
#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"

#endif
Commit	Line	Data
bcbf86ec	1	/*
	2	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	3	*
	4	* Redistribution and use in source and binary forms, with or without
	5	* modification, are permitted provided that the following conditions
	6	* are met:
	7	* 1. Redistributions of source code must retain the above copyright
	8	* notice, this list of conditions and the following disclaimer.
	9	* 2. Redistributions in binary form must reproduce the above copyright
	10	* notice, this list of conditions and the following disclaimer in the
	11	* documentation and/or other materials provided with the distribution.
	12	*
	13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
8abcdba4	23	*
15853e93	24	* $OpenBSD: auth.h,v 1.11 2001/02/12 16:16:23 markus Exp $
bcbf86ec	25	*/
7368a6c8	26	#ifndef AUTH_H
	27	#define AUTH_H
	28
42f11eb2	29	#include <openssl/rsa.h>
42f11eb2	30
94ec8c6b	31	typedef struct Authctxt Authctxt;
	32	struct Authctxt {
	33	int success;
59c97189	34	int postponed;
94ec8c6b	35	int valid;
94ec8c6b	36	int attempt;
8abcdba4	37	int failures;
94ec8c6b	38	char *user;
	39	char *service;
	40	struct passwd *pw;
59c97189	41	char *style;
94ec8c6b	42	};
94ec8c6b	43
42f11eb2	44	/*
	45	* Tries to authenticate the user using the .rhosts file. Returns true if
	46	* authentication succeeds. If ignore_rhosts is non-zero, this will not
	47	* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).
	48	*/
	49	int auth_rhosts(struct passwd * pw, const char *client_user);
	50
	51	/*
	52	* Tries to authenticate the user using the .rhosts file and the host using
	53	* its host key. Returns true if authentication succeeds.
	54	*/
	55	int
	56	auth_rhosts_rsa(struct passwd * pw, const char client_user, RSA client_host_key);
	57
	58	/*
	59	* Tries to authenticate the user using password. Returns true if
	60	* authentication succeeds.
	61	*/
	62	int auth_password(struct passwd * pw, const char *password);
	63
	64	/*
	65	* Performs the RSA authentication dialog with the client. This returns 0 if
	66	* the client could not be authenticated, and 1 if authentication was
	67	* successful. This may exit if there is a serious protocol violation.
	68	*/
	69	int auth_rsa(struct passwd * pw, BIGNUM * client_n);
	70
	71	/*
	72	* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer
	73	* over the key. Skips any whitespace at the beginning and at end.
	74	*/
	75	int auth_rsa_read_key(char *cpp, u_int bitsp, BIGNUM * e, BIGNUM * n);
	76
	77	/*
	78	* Performs the RSA authentication challenge-response dialog with the client,
	79	* and returns true (non-zero) if the client gave the correct answer to our
	80	* challenge; returns zero if the client gives a wrong answer.
	81	*/
	82	int auth_rsa_challenge_dialog(RSA *pk);
	83
	84	#ifdef KRB4
	85	#include <krb.h>
	86	/*
	87	* Performs Kerberos v4 mutual authentication with the client. This returns 0
	88	* if the client could not be authenticated, and 1 if authentication was
	89	* successful. This may exit if there is a serious protocol violation.
	90	*/
	91	int auth_krb4(const char server_user, KTEXT auth, char *client);
	92	int krb4_init(uid_t uid);
	93	void krb4_cleanup_proc(void *ignore);
	94	int auth_krb4_password(struct passwd * pw, const char *password);
	95
	96	#ifdef AFS
	97	#include <kafs.h>
	98
	99	/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */
	100	int auth_kerberos_tgt(struct passwd * pw, const char *string);
	101	int auth_afs_token(struct passwd * pw, const char *token_string);
	102	#endif /* AFS */
	103
	104	#endif /* KRB4 */
	105
8c9fe09e	106	#include "auth-pam.h"
	107	#include "auth2-pam.h"
	108
7368a6c8	109	void do_authentication(void);
e78a59f5	110	void do_authentication2(void);
e78a59f5	111
59c97189	112	Authctxt *authctxt_new(void);
59c97189	113	void auth_log(Authctxt authctxt, int authenticated, char method, char *info);
94ec8c6b	114	void userauth_reply(Authctxt *authctxt, int authenticated);
15853e93	115	int auth_root_allowed(char *method);
94ec8c6b	116
59c97189	117	int auth2_challenge(Authctxt authctxt, char devs);
7368a6c8	118
94ec8c6b	119	int allowed_user(struct passwd * pw);
59c97189	120
	121	char get_challenge(Authctxt authctxt, char *devs);
	122	int verify_response(Authctxt authctxt, char response);
	123
94ec8c6b	124	struct passwd * auth_get_user(void);
59c97189	125	struct passwd * pwcopy(struct passwd *pw);
a306f2dd	126
	127	#define AUTH_FAIL_MAX 6
	128	#define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
	129	#define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
	130
7368a6c8	131	#endif