diff options
| author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
| commit | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 (patch) | |
| tree | 3e090f2711b94ca5029d3fa3e8047b1ed1448b1f /auth.h | |
| parent | 6fabaf6fd9b07cc8bc6a17c9c4a5b76849cfc874 (diff) | |
| parent | 66bf74a92131b7effe49fb0eefe5225151869dc5 (diff) | |
Import openssh_7.6p1.orig.tar.gz
Diffstat (limited to 'auth.h')
| -rw-r--r-- | auth.h | 81 |
1 files changed, 48 insertions, 33 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth.h,v 1.89 2016/08/13 17:47:41 markus Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.93 2017/08/18 05:36:45 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
| @@ -44,6 +44,7 @@ | |||
| 44 | 44 | ||
| 45 | struct ssh; | 45 | struct ssh; |
| 46 | struct sshkey; | 46 | struct sshkey; |
| 47 | struct sshbuf; | ||
| 47 | 48 | ||
| 48 | typedef struct Authctxt Authctxt; | 49 | typedef struct Authctxt Authctxt; |
| 49 | typedef struct Authmethod Authmethod; | 50 | typedef struct Authmethod Authmethod; |
| @@ -62,13 +63,17 @@ struct Authctxt { | |||
| 62 | char *service; | 63 | char *service; |
| 63 | struct passwd *pw; /* set if 'valid' */ | 64 | struct passwd *pw; /* set if 'valid' */ |
| 64 | char *style; | 65 | char *style; |
| 66 | |||
| 67 | /* Method lists for multiple authentication */ | ||
| 68 | char **auth_methods; /* modified from server config */ | ||
| 69 | u_int num_auth_methods; | ||
| 70 | |||
| 71 | /* Authentication method-specific data */ | ||
| 72 | void *methoddata; | ||
| 65 | void *kbdintctxt; | 73 | void *kbdintctxt; |
| 66 | char *info; /* Extra info for next auth_log */ | ||
| 67 | #ifdef BSD_AUTH | 74 | #ifdef BSD_AUTH |
| 68 | auth_session_t *as; | 75 | auth_session_t *as; |
| 69 | #endif | 76 | #endif |
| 70 | char **auth_methods; /* modified from server config */ | ||
| 71 | u_int num_auth_methods; | ||
| 72 | #ifdef KRB5 | 77 | #ifdef KRB5 |
| 73 | krb5_context krb5_ctx; | 78 | krb5_context krb5_ctx; |
| 74 | krb5_ccache krb5_fwd_ccache; | 79 | krb5_ccache krb5_fwd_ccache; |
| @@ -76,12 +81,20 @@ struct Authctxt { | |||
| 76 | char *krb5_ticket_file; | 81 | char *krb5_ticket_file; |
| 77 | char *krb5_ccname; | 82 | char *krb5_ccname; |
| 78 | #endif | 83 | #endif |
| 79 | Buffer *loginmsg; | 84 | struct sshbuf *loginmsg; |
| 80 | void *methoddata; | 85 | |
| 86 | /* Authentication keys already used; these will be refused henceforth */ | ||
| 87 | struct sshkey **prev_keys; | ||
| 88 | u_int nprev_keys; | ||
| 81 | 89 | ||
| 82 | struct sshkey **prev_userkeys; | 90 | /* Last used key and ancilliary information from active auth method */ |
| 83 | u_int nprev_userkeys; | 91 | struct sshkey *auth_method_key; |
| 92 | char *auth_method_info; | ||
| 93 | |||
| 94 | /* Information exposed to session */ | ||
| 95 | struct sshbuf *session_info; /* Auth info for environment */ | ||
| 84 | }; | 96 | }; |
| 97 | |||
| 85 | /* | 98 | /* |
| 86 | * Every authentication method has to handle authentication requests for | 99 | * Every authentication method has to handle authentication requests for |
| 87 | * non-existing users, or for users that are not allowed to login. In this | 100 | * non-existing users, or for users that are not allowed to login. In this |
| @@ -91,7 +104,7 @@ struct Authctxt { | |||
| 91 | 104 | ||
| 92 | struct Authmethod { | 105 | struct Authmethod { |
| 93 | char *name; | 106 | char *name; |
| 94 | int (*userauth)(Authctxt *authctxt); | 107 | int (*userauth)(struct ssh *); |
| 95 | int *enabled; | 108 | int *enabled; |
| 96 | }; | 109 | }; |
| 97 | 110 | ||
| @@ -117,16 +130,21 @@ auth_rhosts2(struct passwd *, const char *, const char *, const char *); | |||
| 117 | 130 | ||
| 118 | int auth_password(Authctxt *, const char *); | 131 | int auth_password(Authctxt *, const char *); |
| 119 | 132 | ||
| 120 | int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); | 133 | int hostbased_key_allowed(struct passwd *, const char *, char *, |
| 121 | int user_key_allowed(struct passwd *, Key *, int); | 134 | struct sshkey *); |
| 122 | void pubkey_auth_info(Authctxt *, const Key *, const char *, ...) | 135 | int user_key_allowed(struct passwd *, struct sshkey *, int); |
| 123 | __attribute__((__format__ (printf, 3, 4))); | 136 | int auth2_key_already_used(Authctxt *, const struct sshkey *); |
| 124 | void auth2_record_userkey(Authctxt *, struct sshkey *); | ||
| 125 | int auth2_userkey_already_used(Authctxt *, struct sshkey *); | ||
| 126 | 137 | ||
| 127 | struct stat; | 138 | /* |
| 128 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, | 139 | * Handling auth method-specific information for logging and prevention |
| 129 | char *, size_t); | 140 | * of key reuse during multiple authentication. |
| 141 | */ | ||
| 142 | void auth2_authctxt_reset_info(Authctxt *); | ||
| 143 | void auth2_record_key(Authctxt *, int, const struct sshkey *); | ||
| 144 | void auth2_record_info(Authctxt *authctxt, const char *, ...) | ||
| 145 | __attribute__((__format__ (printf, 2, 3))) | ||
| 146 | __attribute__((__nonnull__ (2))); | ||
| 147 | void auth2_update_session_info(Authctxt *, const char *, const char *); | ||
| 130 | 148 | ||
| 131 | #ifdef KRB5 | 149 | #ifdef KRB5 |
| 132 | int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); | 150 | int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); |
| @@ -149,12 +167,9 @@ void disable_forwarding(void); | |||
| 149 | 167 | ||
| 150 | void do_authentication2(Authctxt *); | 168 | void do_authentication2(Authctxt *); |
| 151 | 169 | ||
| 152 | void auth_info(Authctxt *authctxt, const char *, ...) | ||
| 153 | __attribute__((__format__ (printf, 2, 3))) | ||
| 154 | __attribute__((__nonnull__ (2))); | ||
| 155 | void auth_log(Authctxt *, int, int, const char *, const char *); | 170 | void auth_log(Authctxt *, int, int, const char *, const char *); |
| 156 | void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); | 171 | void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); |
| 157 | void userauth_finish(Authctxt *, int, const char *, const char *); | 172 | void userauth_finish(struct ssh *, int, const char *, const char *); |
| 158 | int auth_root_allowed(const char *); | 173 | int auth_root_allowed(const char *); |
| 159 | 174 | ||
| 160 | void userauth_send_banner(const char *); | 175 | void userauth_send_banner(const char *); |
| @@ -167,8 +182,8 @@ int auth2_method_allowed(Authctxt *, const char *, const char *); | |||
| 167 | 182 | ||
| 168 | void privsep_challenge_enable(void); | 183 | void privsep_challenge_enable(void); |
| 169 | 184 | ||
| 170 | int auth2_challenge(Authctxt *, char *); | 185 | int auth2_challenge(struct ssh *, char *); |
| 171 | void auth2_challenge_stop(Authctxt *); | 186 | void auth2_challenge_stop(struct ssh *); |
| 172 | int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); | 187 | int bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **); |
| 173 | int bsdauth_respond(void *, u_int, char **); | 188 | int bsdauth_respond(void *, u_int, char **); |
| 174 | int skey_query(void *, char **, char **, u_int *, char ***, u_int **); | 189 | int skey_query(void *, char **, char **, u_int *, char ***, u_int **); |
| @@ -182,22 +197,22 @@ char *authorized_principals_file(struct passwd *); | |||
| 182 | 197 | ||
| 183 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 198 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
| 184 | FILE *auth_openprincipals(const char *, struct passwd *, int); | 199 | FILE *auth_openprincipals(const char *, struct passwd *, int); |
| 185 | int auth_key_is_revoked(Key *); | 200 | int auth_key_is_revoked(struct sshkey *); |
| 186 | 201 | ||
| 187 | const char *auth_get_canonical_hostname(struct ssh *, int); | 202 | const char *auth_get_canonical_hostname(struct ssh *, int); |
| 188 | 203 | ||
| 189 | HostStatus | 204 | HostStatus |
| 190 | check_key_in_hostfiles(struct passwd *, Key *, const char *, | 205 | check_key_in_hostfiles(struct passwd *, struct sshkey *, const char *, |
| 191 | const char *, const char *); | 206 | const char *, const char *); |
| 192 | 207 | ||
| 193 | /* hostkey handling */ | 208 | /* hostkey handling */ |
| 194 | Key *get_hostkey_by_index(int); | 209 | struct sshkey *get_hostkey_by_index(int); |
| 195 | Key *get_hostkey_public_by_index(int, struct ssh *); | 210 | struct sshkey *get_hostkey_public_by_index(int, struct ssh *); |
| 196 | Key *get_hostkey_public_by_type(int, int, struct ssh *); | 211 | struct sshkey *get_hostkey_public_by_type(int, int, struct ssh *); |
| 197 | Key *get_hostkey_private_by_type(int, int, struct ssh *); | 212 | struct sshkey *get_hostkey_private_by_type(int, int, struct ssh *); |
| 198 | int get_hostkey_index(Key *, int, struct ssh *); | 213 | int get_hostkey_index(struct sshkey *, int, struct ssh *); |
| 199 | int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, | 214 | int sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **, |
| 200 | const u_char *, size_t, const char *, u_int); | 215 | size_t *, const u_char *, size_t, const char *, u_int); |
| 201 | 216 | ||
| 202 | /* debug messages during authentication */ | 217 | /* debug messages during authentication */ |
| 203 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); | 218 | void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); |