diff options
Diffstat (limited to 'auth.h')
-rw-r--r-- | auth.h | 48 |
1 files changed, 33 insertions, 15 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth.h,v 1.91 2017/05/30 14:29:59 markus Exp $ */ | 1 | /* $OpenBSD: auth.h,v 1.92 2017/06/24 06:34:38 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -44,6 +44,7 @@ | |||
44 | 44 | ||
45 | struct ssh; | 45 | struct ssh; |
46 | struct sshkey; | 46 | struct sshkey; |
47 | struct sshbuf; | ||
47 | 48 | ||
48 | typedef struct Authctxt Authctxt; | 49 | typedef struct Authctxt Authctxt; |
49 | typedef struct Authmethod Authmethod; | 50 | typedef struct Authmethod Authmethod; |
@@ -62,13 +63,17 @@ struct Authctxt { | |||
62 | char *service; | 63 | char *service; |
63 | struct passwd *pw; /* set if 'valid' */ | 64 | struct passwd *pw; /* set if 'valid' */ |
64 | char *style; | 65 | char *style; |
66 | |||
67 | /* Method lists for multiple authentication */ | ||
68 | char **auth_methods; /* modified from server config */ | ||
69 | u_int num_auth_methods; | ||
70 | |||
71 | /* Authentication method-specific data */ | ||
72 | void *methoddata; | ||
65 | void *kbdintctxt; | 73 | void *kbdintctxt; |
66 | char *info; /* Extra info for next auth_log */ | ||
67 | #ifdef BSD_AUTH | 74 | #ifdef BSD_AUTH |
68 | auth_session_t *as; | 75 | auth_session_t *as; |
69 | #endif | 76 | #endif |
70 | char **auth_methods; /* modified from server config */ | ||
71 | u_int num_auth_methods; | ||
72 | #ifdef KRB5 | 77 | #ifdef KRB5 |
73 | krb5_context krb5_ctx; | 78 | krb5_context krb5_ctx; |
74 | krb5_ccache krb5_fwd_ccache; | 79 | krb5_ccache krb5_fwd_ccache; |
@@ -76,12 +81,20 @@ struct Authctxt { | |||
76 | char *krb5_ticket_file; | 81 | char *krb5_ticket_file; |
77 | char *krb5_ccname; | 82 | char *krb5_ccname; |
78 | #endif | 83 | #endif |
79 | Buffer *loginmsg; | 84 | struct sshbuf *loginmsg; |
80 | void *methoddata; | 85 | |
86 | /* Authentication keys already used; these will be refused henceforth */ | ||
87 | struct sshkey **prev_keys; | ||
88 | u_int nprev_keys; | ||
81 | 89 | ||
82 | struct sshkey **prev_userkeys; | 90 | /* Last used key and ancilliary information from active auth method */ |
83 | u_int nprev_userkeys; | 91 | struct sshkey *auth_method_key; |
92 | char *auth_method_info; | ||
93 | |||
94 | /* Information exposed to session */ | ||
95 | struct sshbuf *session_info; /* Auth info for environment */ | ||
84 | }; | 96 | }; |
97 | |||
85 | /* | 98 | /* |
86 | * Every authentication method has to handle authentication requests for | 99 | * Every authentication method has to handle authentication requests for |
87 | * non-existing users, or for users that are not allowed to login. In this | 100 | * non-existing users, or for users that are not allowed to login. In this |
@@ -120,10 +133,18 @@ int auth_password(Authctxt *, const char *); | |||
120 | int hostbased_key_allowed(struct passwd *, const char *, char *, | 133 | int hostbased_key_allowed(struct passwd *, const char *, char *, |
121 | struct sshkey *); | 134 | struct sshkey *); |
122 | int user_key_allowed(struct passwd *, struct sshkey *, int); | 135 | int user_key_allowed(struct passwd *, struct sshkey *, int); |
123 | void pubkey_auth_info(Authctxt *, const struct sshkey *, const char *, ...) | 136 | int auth2_key_already_used(Authctxt *, const struct sshkey *); |
124 | __attribute__((__format__ (printf, 3, 4))); | 137 | |
125 | void auth2_record_userkey(Authctxt *, struct sshkey *); | 138 | /* |
126 | int auth2_userkey_already_used(Authctxt *, struct sshkey *); | 139 | * Handling auth method-specific information for logging and prevention |
140 | * of key reuse during multiple authentication. | ||
141 | */ | ||
142 | void auth2_authctxt_reset_info(Authctxt *); | ||
143 | void auth2_record_key(Authctxt *, int, const struct sshkey *); | ||
144 | void auth2_record_info(Authctxt *authctxt, const char *, ...) | ||
145 | __attribute__((__format__ (printf, 2, 3))) | ||
146 | __attribute__((__nonnull__ (2))); | ||
147 | void auth2_update_session_info(Authctxt *, const char *, const char *); | ||
127 | 148 | ||
128 | struct stat; | 149 | struct stat; |
129 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, | 150 | int auth_secure_path(const char *, struct stat *, const char *, uid_t, |
@@ -150,9 +171,6 @@ void disable_forwarding(void); | |||
150 | 171 | ||
151 | void do_authentication2(Authctxt *); | 172 | void do_authentication2(Authctxt *); |
152 | 173 | ||
153 | void auth_info(Authctxt *authctxt, const char *, ...) | ||
154 | __attribute__((__format__ (printf, 2, 3))) | ||
155 | __attribute__((__nonnull__ (2))); | ||
156 | void auth_log(Authctxt *, int, int, const char *, const char *); | 174 | void auth_log(Authctxt *, int, int, const char *, const char *); |
157 | void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); | 175 | void auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn)); |
158 | void userauth_finish(struct ssh *, int, const char *, const char *); | 176 | void userauth_finish(struct ssh *, int, const char *, const char *); |