- (djm) Fix a few warnings the above turned up

[openssh.git] / auth.h

diff --git a/auth.h b/auth.h
index 960f1ac3bde95501ce64f3b7c7025e5009de28b1..b9585d3af466d0b876d25a06171f374742fa71cd 100644 (file)
--- a/auth.h
+++ b/auth.h
@@ -21,11 +21,13 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $OpenBSD: auth.h,v 1.13 2001/03/20 18:57:04 markus Exp $
+ * $OpenBSD: auth.h,v 1.18 2001/06/23 00:20:58 markus Exp $
  */
 #ifndef AUTH_H
 #define AUTH_H
 
+#include "key.h"
+#include "hostfile.h"
 #include <openssl/rsa.h>
 
 #ifdef HAVE_LOGIN_CAP
@@ -36,6 +38,8 @@
 #endif
 
 typedef struct Authctxt Authctxt;
+typedef struct KbdintDevice KbdintDevice;
+
 struct Authctxt {
        int success;
        int postponed;
@@ -46,11 +50,30 @@ struct Authctxt {
        char *service;
        struct passwd *pw;
        char *style;
+       void *kbdintctxt;
 #ifdef BSD_AUTH
        auth_session_t *as;
 #endif
 };
 
+/*
+ * Keyboard interactive device:
+ * init_ctx    returns: non NULL upon success 
+ * query       returns: 0 - success, otherwise failure 
+ * respond     returns: 0 - success, 1 - need further interaction,
+ *             otherwise - failure
+ */
+struct KbdintDevice
+{
+       const char *name;
+       void*   (*init_ctx)     __P((Authctxt*));
+       int     (*query)        __P((void *ctx, char **name, char **infotxt,
+                               u_int *numprompts, char ***prompts,
+                               u_int **echo_on));
+       int     (*respond)      __P((void *ctx, u_int numresp, char **responses));
+       void    (*free_ctx)     __P((void *ctx));
+};
+
 /*
  * Tries to authenticate the user using the .rhosts file.  Returns true if
  * authentication succeeds.  If ignore_rhosts is non-zero, this will not
@@ -58,6 +81,11 @@ struct Authctxt {
  */
 int     auth_rhosts(struct passwd * pw, const char *client_user);
 
+/* extended interface similar to auth_rhosts() */
+int
+auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+    const char *ipaddr);
+
 /*
  * Tries to authenticate the user using the .rhosts file and the host using
  * its host key.  Returns true if authentication succeeds.
@@ -121,18 +149,32 @@ void      do_authentication2(void);
 
 Authctxt *authctxt_new(void);
 void   auth_log(Authctxt *authctxt, int authenticated, char *method, char *info);
-void   userauth_reply(Authctxt *authctxt, int authenticated);
+void   userauth_finish(Authctxt *authctxt, int authenticated, char *method);
 int    auth_root_allowed(char *method);
 
 int    auth2_challenge(Authctxt *authctxt, char *devs);
 
 int    allowed_user(struct passwd * pw);
 
-char   *get_challenge(Authctxt *authctxt, char *devs);
-int    verify_response(Authctxt *authctxt, char *response);
+char   *get_challenge(Authctxt *authctxt);
+int    verify_response(Authctxt *authctxt, const char *response);
 
 struct passwd * auth_get_user(void);
 
+/* expand a filename - return buffer is allocated by xmalloc */
+char   *expand_filename(const char *template, struct passwd *pw);
+char   *authorized_keys_file(struct passwd *pw);
+char   *authorized_keys_file2(struct passwd *pw);
+
+/* check a file and the path to it */
+int
+secure_filename(FILE *f, const char *file, uid_t u, char *err, size_t errlen);
+
+/* helper for hostbased auth */
+HostStatus
+check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+    const char *sysfile, const char *userfile);
+
 #define AUTH_FAIL_MAX 6
 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"