diff options
Diffstat (limited to 'auth-options.h')
-rw-r--r-- | auth-options.h | 108 |
1 files changed, 79 insertions, 29 deletions
diff --git a/auth-options.h b/auth-options.h index 4de0f14dc..bf59b30be 100644 --- a/auth-options.h +++ b/auth-options.h | |||
@@ -1,41 +1,91 @@ | |||
1 | /* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */ | 1 | /* $OpenBSD: auth-options.h,v 1.26 2018/03/12 00:52:01 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
6 | * All rights reserved | ||
7 | * | 5 | * |
8 | * As far as I am concerned, the code I have written for this software | 6 | * Permission to use, copy, modify, and distribute this software for any |
9 | * can be used freely for any purpose. Any derived versions of this | 7 | * purpose with or without fee is hereby granted, provided that the above |
10 | * software must be clearly marked as such, and if the derived work is | 8 | * copyright notice and this permission notice appear in all copies. |
11 | * incompatible with the protocol description in the RFC file, it must be | 9 | * |
12 | * called by a name other than "ssh" or "Secure Shell". | 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
13 | */ | 17 | */ |
14 | 18 | ||
15 | #ifndef AUTH_OPTIONS_H | 19 | #ifndef AUTH_OPTIONS_H |
16 | #define AUTH_OPTIONS_H | 20 | #define AUTH_OPTIONS_H |
17 | 21 | ||
18 | /* Linked list of custom environment strings */ | 22 | struct passwd; |
19 | struct envstring { | 23 | struct sshkey; |
20 | struct envstring *next; | 24 | |
21 | char *s; | 25 | /* |
26 | * sshauthopt represents key options parsed from authorized_keys or | ||
27 | * from certificate extensions/options. | ||
28 | */ | ||
29 | struct sshauthopt { | ||
30 | /* Feature flags */ | ||
31 | int permit_port_forwarding_flag; | ||
32 | int permit_agent_forwarding_flag; | ||
33 | int permit_x11_forwarding_flag; | ||
34 | int permit_pty_flag; | ||
35 | int permit_user_rc; | ||
36 | |||
37 | /* "restrict" keyword was invoked */ | ||
38 | int restricted; | ||
39 | |||
40 | /* key/principal expiry date */ | ||
41 | uint64_t valid_before; | ||
42 | |||
43 | /* Certificate-related options */ | ||
44 | int cert_authority; | ||
45 | char *cert_principals; | ||
46 | |||
47 | int force_tun_device; | ||
48 | char *force_command; | ||
49 | |||
50 | /* Custom environment */ | ||
51 | size_t nenv; | ||
52 | char **env; | ||
53 | |||
54 | /* Permitted port forwardings */ | ||
55 | size_t npermitopen; | ||
56 | char **permitopen; | ||
57 | |||
58 | /* | ||
59 | * Permitted host/addresses (comma-separated) | ||
60 | * Caller must check source address matches both lists (if present). | ||
61 | */ | ||
62 | char *required_from_host_cert; | ||
63 | char *required_from_host_keys; | ||
22 | }; | 64 | }; |
23 | 65 | ||
24 | /* Flags that may be set in authorized_keys options. */ | 66 | struct sshauthopt *sshauthopt_new(void); |
25 | extern int no_port_forwarding_flag; | 67 | struct sshauthopt *sshauthopt_new_with_keys_defaults(void); |
26 | extern int no_agent_forwarding_flag; | 68 | void sshauthopt_free(struct sshauthopt *opts); |
27 | extern int no_x11_forwarding_flag; | 69 | struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig); |
28 | extern int no_pty_flag; | 70 | int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int); |
29 | extern int no_user_rc; | 71 | int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts); |
30 | extern char *forced_command; | 72 | |
31 | extern struct envstring *custom_environment; | 73 | /* |
32 | extern int forced_tun_device; | 74 | * Parse authorized_keys options. Returns an options structure on success |
33 | extern int key_is_cert_authority; | 75 | * or NULL on failure. Will set errstr on failure. |
34 | extern char *authorized_principals; | 76 | */ |
35 | 77 | struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr); | |
36 | void auth_start_parse_options(void); | 78 | |
37 | int auth_parse_options(struct passwd *, char *, const char *, u_long); | 79 | /* |
38 | void auth_clear_options(void); | 80 | * Parse certification options to a struct sshauthopt. |
39 | int auth_cert_options(struct sshkey *, struct passwd *, const char **); | 81 | * Returns options on success or NULL on failure. |
82 | */ | ||
83 | struct sshauthopt *sshauthopt_from_cert(struct sshkey *k); | ||
84 | |||
85 | /* | ||
86 | * Merge key options. | ||
87 | */ | ||
88 | struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary, | ||
89 | const struct sshauthopt *additional, const char **errstrp); | ||
40 | 90 | ||
41 | #endif | 91 | #endif |