-/* $OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $ */
+/* $OpenBSD: auth.h,v 1.43 2003/07/22 13:35:22 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
struct Authctxt {
int success;
- int postponed;
- int valid;
+ int postponed; /* authentication needs another step */
+ int valid; /* user exists and is allowed to login */
int attempt;
int failures;
- char *user;
+ char *user; /* username sent by the client */
char *service;
- struct passwd *pw;
+ struct passwd *pw; /* set if 'valid' */
char *style;
void *kbdintctxt;
#ifdef BSD_AUTH
auth_session_t *as;
#endif
-#ifdef KRB4
- char *krb4_ticket_file;
-#endif
#ifdef KRB5
krb5_context krb5_ctx;
krb5_auth_context krb5_auth_ctx;
char *krb5_ticket_file;
#endif
};
+/*
+ * Every authentication method has to handle authentication requests for
+ * non-existing users, or for users that are not allowed to login. In this
+ * case 'valid' is set to 0, but 'user' points to the username requested by
+ * the client.
+ */
struct Authmethod {
char *name;
int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
int user_key_allowed(struct passwd *, Key *);
-#ifdef KRB4
-#include <krb.h>
-int auth_krb4(Authctxt *, KTEXT, char **);
-int auth_krb4_password(Authctxt *, const char *);
-void krb4_cleanup_proc(void *);
-
-#ifdef AFS
-#include <kafs.h>
-int auth_krb4_tgt(Authctxt *, const char *);
-int auth_afs_token(Authctxt *, const char *);
-#endif /* AFS */
-
-#endif /* KRB4 */
-
#ifdef KRB5
-int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client);
+int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *);
int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
int auth_krb5_password(Authctxt *authctxt, const char *password);
void krb5_cleanup_proc(void *authctxt);
#endif /* KRB5 */
#include "auth-pam.h"
-#include "auth2-pam.h"
Authctxt *do_authentication(void);
Authctxt *do_authentication2(void);
char *get_challenge(Authctxt *);
int verify_response(Authctxt *, const char *);
+void abandon_challenge_response(Authctxt *);
struct passwd * auth_get_user(void);