diff options
Diffstat (limited to 'ssh.h')
-rw-r--r-- | ssh.h | 518 |
1 files changed, 317 insertions, 201 deletions
@@ -13,7 +13,7 @@ | |||
13 | * | 13 | * |
14 | */ | 14 | */ |
15 | 15 | ||
16 | /* RCSID("$Id: ssh.h,v 1.15 1999/11/24 13:26:23 damien Exp $"); */ | 16 | /* RCSID("$Id: ssh.h,v 1.16 1999/11/25 00:54:59 damien Exp $"); */ |
17 | 17 | ||
18 | #ifndef SSH_H | 18 | #ifndef SSH_H |
19 | #define SSH_H | 19 | #define SSH_H |
@@ -25,9 +25,11 @@ | |||
25 | #include "rsa.h" | 25 | #include "rsa.h" |
26 | #include "cipher.h" | 26 | #include "cipher.h" |
27 | 27 | ||
28 | /* The default cipher used if IDEA is not supported by the remote host. | 28 | /* |
29 | It is recommended that this be one of the mandatory ciphers (DES, 3DES), | 29 | * The default cipher used if IDEA is not supported by the remote host. It is |
30 | though that is not required. */ | 30 | * recommended that this be one of the mandatory ciphers (DES, 3DES), though |
31 | * that is not required. | ||
32 | */ | ||
31 | #define SSH_FALLBACK_CIPHER SSH_CIPHER_3DES | 33 | #define SSH_FALLBACK_CIPHER SSH_CIPHER_3DES |
32 | 34 | ||
33 | /* Cipher used for encrypting authentication files. */ | 35 | /* Cipher used for encrypting authentication files. */ |
@@ -39,20 +41,28 @@ | |||
39 | /* Maximum number of TCP/IP ports forwarded per direction. */ | 41 | /* Maximum number of TCP/IP ports forwarded per direction. */ |
40 | #define SSH_MAX_FORWARDS_PER_DIRECTION 100 | 42 | #define SSH_MAX_FORWARDS_PER_DIRECTION 100 |
41 | 43 | ||
42 | /* Maximum number of RSA authentication identity files that can be specified | 44 | /* |
43 | in configuration files or on the command line. */ | 45 | * Maximum number of RSA authentication identity files that can be specified |
46 | * in configuration files or on the command line. | ||
47 | */ | ||
44 | #define SSH_MAX_IDENTITY_FILES 100 | 48 | #define SSH_MAX_IDENTITY_FILES 100 |
45 | 49 | ||
46 | /* Major protocol version. Different version indicates major incompatiblity | 50 | /* |
47 | that prevents communication. */ | 51 | * Major protocol version. Different version indicates major incompatiblity |
52 | * that prevents communication. | ||
53 | */ | ||
48 | #define PROTOCOL_MAJOR 1 | 54 | #define PROTOCOL_MAJOR 1 |
49 | 55 | ||
50 | /* Minor protocol version. Different version indicates minor incompatibility | 56 | /* |
51 | that does not prevent interoperation. */ | 57 | * Minor protocol version. Different version indicates minor incompatibility |
58 | * that does not prevent interoperation. | ||
59 | */ | ||
52 | #define PROTOCOL_MINOR 5 | 60 | #define PROTOCOL_MINOR 5 |
53 | 61 | ||
54 | /* Name for the service. The port named by this service overrides the default | 62 | /* |
55 | port if present. */ | 63 | * Name for the service. The port named by this service overrides the |
64 | * default port if present. | ||
65 | */ | ||
56 | #define SSH_SERVICE_NAME "ssh" | 66 | #define SSH_SERVICE_NAME "ssh" |
57 | 67 | ||
58 | #ifndef ETCDIR | 68 | #ifndef ETCDIR |
@@ -63,16 +73,16 @@ | |||
63 | #define PIDDIR "/var/run" | 73 | #define PIDDIR "/var/run" |
64 | #endif /* PIDDIR */ | 74 | #endif /* PIDDIR */ |
65 | 75 | ||
66 | /* System-wide file containing host keys of known hosts. This file should be | 76 | /* |
67 | world-readable. */ | 77 | * System-wide file containing host keys of known hosts. This file should be |
78 | * world-readable. | ||
79 | */ | ||
68 | #define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" | 80 | #define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" |
69 | 81 | ||
70 | /* HOST_KEY_FILE /etc/ssh_host_key, | 82 | /* |
71 | SERVER_CONFIG_FILE /etc/sshd_config, | 83 | * Of these, ssh_host_key must be readable only by root, whereas ssh_config |
72 | and HOST_CONFIG_FILE /etc/ssh_config | 84 | * should be world-readable. |
73 | are all defined in Makefile.in. Of these, ssh_host_key should be readable | 85 | */ |
74 | only by root, whereas ssh_config should be world-readable. */ | ||
75 | |||
76 | #define HOST_KEY_FILE ETCDIR "/ssh_host_key" | 86 | #define HOST_KEY_FILE ETCDIR "/ssh_host_key" |
77 | #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" | 87 | #define SERVER_CONFIG_FILE ETCDIR "/sshd_config" |
78 | #define HOST_CONFIG_FILE ETCDIR "/ssh_config" | 88 | #define HOST_CONFIG_FILE ETCDIR "/ssh_config" |
@@ -89,73 +99,95 @@ only by root, whereas ssh_config should be world-readable. */ | |||
89 | #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" | 99 | #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" |
90 | #endif /* ASKPASS_PROGRAM */ | 100 | #endif /* ASKPASS_PROGRAM */ |
91 | 101 | ||
92 | /* The process id of the daemon listening for connections is saved | 102 | /* |
93 | here to make it easier to kill the correct daemon when necessary. */ | 103 | * The process id of the daemon listening for connections is saved here to |
104 | * make it easier to kill the correct daemon when necessary. | ||
105 | */ | ||
94 | #define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid" | 106 | #define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid" |
95 | 107 | ||
96 | /* The directory in user\'s home directory in which the files reside. | 108 | /* |
97 | The directory should be world-readable (though not all files are). */ | 109 | * The directory in user\'s home directory in which the files reside. The |
110 | * directory should be world-readable (though not all files are). | ||
111 | */ | ||
98 | #define SSH_USER_DIR ".ssh" | 112 | #define SSH_USER_DIR ".ssh" |
99 | 113 | ||
100 | /* Per-user file containing host keys of known hosts. This file need | 114 | /* |
101 | not be readable by anyone except the user him/herself, though this does | 115 | * Per-user file containing host keys of known hosts. This file need not be |
102 | not contain anything particularly secret. */ | 116 | * readable by anyone except the user him/herself, though this does not |
117 | * contain anything particularly secret. | ||
118 | */ | ||
103 | #define SSH_USER_HOSTFILE "~/.ssh/known_hosts" | 119 | #define SSH_USER_HOSTFILE "~/.ssh/known_hosts" |
104 | 120 | ||
105 | /* Name of the default file containing client-side authentication key. | 121 | /* |
106 | This file should only be readable by the user him/herself. */ | 122 | * Name of the default file containing client-side authentication key. This |
123 | * file should only be readable by the user him/herself. | ||
124 | */ | ||
107 | #define SSH_CLIENT_IDENTITY ".ssh/identity" | 125 | #define SSH_CLIENT_IDENTITY ".ssh/identity" |
108 | 126 | ||
109 | /* Configuration file in user\'s home directory. This file need not be | 127 | /* |
110 | readable by anyone but the user him/herself, but does not contain | 128 | * Configuration file in user\'s home directory. This file need not be |
111 | anything particularly secret. If the user\'s home directory resides | 129 | * readable by anyone but the user him/herself, but does not contain anything |
112 | on an NFS volume where root is mapped to nobody, this may need to be | 130 | * particularly secret. If the user\'s home directory resides on an NFS |
113 | world-readable. */ | 131 | * volume where root is mapped to nobody, this may need to be world-readable. |
132 | */ | ||
114 | #define SSH_USER_CONFFILE ".ssh/config" | 133 | #define SSH_USER_CONFFILE ".ssh/config" |
115 | 134 | ||
116 | /* File containing a list of those rsa keys that permit logging in as | 135 | /* |
117 | this user. This file need not be | 136 | * File containing a list of those rsa keys that permit logging in as this |
118 | readable by anyone but the user him/herself, but does not contain | 137 | * user. This file need not be readable by anyone but the user him/herself, |
119 | anything particularly secret. If the user\'s home directory resides | 138 | * but does not contain anything particularly secret. If the user\'s home |
120 | on an NFS volume where root is mapped to nobody, this may need to be | 139 | * directory resides on an NFS volume where root is mapped to nobody, this |
121 | world-readable. (This file is read by the daemon which is running as | 140 | * may need to be world-readable. (This file is read by the daemon which is |
122 | root.) */ | 141 | * running as root.) |
142 | */ | ||
123 | #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" | 143 | #define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys" |
124 | 144 | ||
125 | /* Per-user and system-wide ssh "rc" files. These files are executed with | 145 | /* |
126 | /bin/sh before starting the shell or command if they exist. They | 146 | * Per-user and system-wide ssh "rc" files. These files are executed with |
127 | will be passed "proto cookie" as arguments if X11 forwarding with | 147 | * /bin/sh before starting the shell or command if they exist. They will be |
128 | spoofing is in use. xauth will be run if neither of these exists. */ | 148 | * passed "proto cookie" as arguments if X11 forwarding with spoofing is in |
149 | * use. xauth will be run if neither of these exists. | ||
150 | */ | ||
129 | #define SSH_USER_RC ".ssh/rc" | 151 | #define SSH_USER_RC ".ssh/rc" |
130 | #define SSH_SYSTEM_RC ETCDIR "/sshrc" | 152 | #define SSH_SYSTEM_RC ETCDIR "/sshrc" |
131 | 153 | ||
132 | /* Ssh-only version of /etc/hosts.equiv. */ | 154 | /* |
155 | * Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use | ||
156 | * ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled. | ||
157 | */ | ||
133 | #define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" | 158 | #define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv" |
134 | 159 | ||
135 | /* Additionally, the daemon may use ~/.rhosts and /etc/hosts.equiv if | 160 | /* |
136 | rhosts authentication is enabled. */ | 161 | * Name of the environment variable containing the pathname of the |
137 | 162 | * authentication socket. | |
138 | /* Name of the environment variable containing the pathname of the | 163 | */ |
139 | authentication socket. */ | ||
140 | #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" | 164 | #define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK" |
141 | 165 | ||
142 | /* Name of the environment variable containing the pathname of the | 166 | /* |
143 | authentication socket. */ | 167 | * Name of the environment variable containing the pathname of the |
168 | * authentication socket. | ||
169 | */ | ||
144 | #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" | 170 | #define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID" |
145 | 171 | ||
146 | /* Force host key length and server key length to differ by at least this | 172 | /* |
147 | many bits. This is to make double encryption with rsaref work. */ | 173 | * Force host key length and server key length to differ by at least this |
174 | * many bits. This is to make double encryption with rsaref work. | ||
175 | */ | ||
148 | #define SSH_KEY_BITS_RESERVED 128 | 176 | #define SSH_KEY_BITS_RESERVED 128 |
149 | 177 | ||
150 | /* Length of the session key in bytes. (Specified as 256 bits in the | 178 | /* |
151 | protocol.) */ | 179 | * Length of the session key in bytes. (Specified as 256 bits in the |
180 | * protocol.) | ||
181 | */ | ||
152 | #define SSH_SESSION_KEY_LENGTH 32 | 182 | #define SSH_SESSION_KEY_LENGTH 32 |
153 | 183 | ||
154 | /* Name of Kerberos service for SSH to use. */ | 184 | /* Name of Kerberos service for SSH to use. */ |
155 | #define KRB4_SERVICE_NAME "rcmd" | 185 | #define KRB4_SERVICE_NAME "rcmd" |
156 | 186 | ||
157 | /* Authentication methods. New types can be added, but old types should not | 187 | /* |
158 | be removed for compatibility. The maximum allowed value is 31. */ | 188 | * Authentication methods. New types can be added, but old types should not |
189 | * be removed for compatibility. The maximum allowed value is 31. | ||
190 | */ | ||
159 | #define SSH_AUTH_RHOSTS 1 | 191 | #define SSH_AUTH_RHOSTS 1 |
160 | #define SSH_AUTH_RSA 2 | 192 | #define SSH_AUTH_RSA 2 |
161 | #define SSH_AUTH_PASSWORD 3 | 193 | #define SSH_AUTH_PASSWORD 3 |
@@ -163,20 +195,20 @@ only by root, whereas ssh_config should be world-readable. */ | |||
163 | #define SSH_AUTH_TIS 5 | 195 | #define SSH_AUTH_TIS 5 |
164 | #define SSH_AUTH_KERBEROS 6 | 196 | #define SSH_AUTH_KERBEROS 6 |
165 | #define SSH_PASS_KERBEROS_TGT 7 | 197 | #define SSH_PASS_KERBEROS_TGT 7 |
166 | /* 8 to 15 are reserved */ | 198 | /* 8 to 15 are reserved */ |
167 | #define SSH_PASS_AFS_TOKEN 21 | 199 | #define SSH_PASS_AFS_TOKEN 21 |
168 | 200 | ||
169 | /* Protocol flags. These are bit masks. */ | 201 | /* Protocol flags. These are bit masks. */ |
170 | #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes | 202 | #define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ |
171 | * screen */ | 203 | #define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ |
172 | #define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain | 204 | |
173 | * host */ | 205 | /* |
174 | 206 | * Definition of message types. New values can be added, but old values | |
175 | /* Definition of message types. New values can be added, but old values | 207 | * should not be removed or without careful consideration of the consequences |
176 | should not be removed or without careful consideration of the consequences | 208 | * for compatibility. The maximum value is 254; value 255 is reserved for |
177 | for compatibility. The maximum value is 254; value 255 is reserved | 209 | * future extension. |
178 | for future extension. */ | 210 | */ |
179 | /* Message name *//* msg code *//* arguments */ | 211 | /* Message name */ /* msg code */ /* arguments */ |
180 | #define SSH_MSG_NONE 0 /* no message */ | 212 | #define SSH_MSG_NONE 0 /* no message */ |
181 | #define SSH_MSG_DISCONNECT 1 /* cause (string) */ | 213 | #define SSH_MSG_DISCONNECT 1 /* cause (string) */ |
182 | #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ | 214 | #define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */ |
@@ -226,45 +258,54 @@ only by root, whereas ssh_config should be world-readable. */ | |||
226 | 258 | ||
227 | /*------------ definitions for login.c -------------*/ | 259 | /*------------ definitions for login.c -------------*/ |
228 | 260 | ||
229 | /* Returns the time when the user last logged in. Returns 0 if the | 261 | /* |
230 | information is not available. This must be called before record_login. | 262 | * Returns the time when the user last logged in. Returns 0 if the |
231 | The host from which the user logged in is stored in buf. */ | 263 | * information is not available. This must be called before record_login. |
264 | * The host from which the user logged in is stored in buf. | ||
265 | */ | ||
232 | unsigned long | 266 | unsigned long |
233 | get_last_login_time(uid_t uid, const char *logname, | 267 | get_last_login_time(uid_t uid, const char *logname, |
234 | char *buf, unsigned int bufsize); | 268 | char *buf, unsigned int bufsize); |
235 | 269 | ||
236 | /* Records that the user has logged in. This does many things normally | 270 | /* |
237 | done by login(1). */ | 271 | * Records that the user has logged in. This does many things normally done |
272 | * by login(1). | ||
273 | */ | ||
238 | void | 274 | void |
239 | record_login(int pid, const char *ttyname, const char *user, uid_t uid, | 275 | record_login(int pid, const char *ttyname, const char *user, uid_t uid, |
240 | const char *host, struct sockaddr_in * addr); | 276 | const char *host, struct sockaddr_in * addr); |
241 | 277 | ||
242 | /* Records that the user has logged out. This does many thigs normally | 278 | /* |
243 | done by login(1) or init. */ | 279 | * Records that the user has logged out. This does many thigs normally done |
280 | * by login(1) or init. | ||
281 | */ | ||
244 | void record_logout(int pid, const char *ttyname); | 282 | void record_logout(int pid, const char *ttyname); |
245 | 283 | ||
246 | /*------------ definitions for sshconnect.c ----------*/ | 284 | /*------------ definitions for sshconnect.c ----------*/ |
247 | 285 | ||
248 | /* Opens a TCP/IP connection to the remote server on the given host. If | 286 | /* |
249 | port is 0, the default port will be used. If anonymous is zero, | 287 | * Opens a TCP/IP connection to the remote server on the given host. If port |
250 | a privileged port will be allocated to make the connection. | 288 | * is 0, the default port will be used. If anonymous is zero, a privileged |
251 | This requires super-user privileges if anonymous is false. | 289 | * port will be allocated to make the connection. This requires super-user |
252 | Connection_attempts specifies the maximum number of tries, one per | 290 | * privileges if anonymous is false. Connection_attempts specifies the |
253 | second. This returns true on success, and zero on failure. If the | 291 | * maximum number of tries, one per second. This returns true on success, |
254 | connection is successful, this calls packet_set_connection for the | 292 | * and zero on failure. If the connection is successful, this calls |
255 | connection. */ | 293 | * packet_set_connection for the connection. |
294 | */ | ||
256 | int | 295 | int |
257 | ssh_connect(const char *host, struct sockaddr_in * hostaddr, | 296 | ssh_connect(const char *host, struct sockaddr_in * hostaddr, |
258 | int port, int connection_attempts, | 297 | int port, int connection_attempts, |
259 | int anonymous, uid_t original_real_uid, | 298 | int anonymous, uid_t original_real_uid, |
260 | const char *proxy_command); | 299 | const char *proxy_command); |
261 | 300 | ||
262 | /* Starts a dialog with the server, and authenticates the current user on the | 301 | /* |
263 | server. This does not need any extra privileges. The basic connection | 302 | * Starts a dialog with the server, and authenticates the current user on the |
264 | to the server must already have been established before this is called. | 303 | * server. This does not need any extra privileges. The basic connection to |
265 | If login fails, this function prints an error and never returns. | 304 | * the server must already have been established before this is called. If |
266 | This initializes the random state, and leaves it initialized (it will also | 305 | * login fails, this function prints an error and never returns. This |
267 | have references from the packet module). */ | 306 | * initializes the random state, and leaves it initialized (it will also have |
307 | * references from the packet module). | ||
308 | */ | ||
268 | 309 | ||
269 | void | 310 | void |
270 | ssh_login(int host_key_valid, RSA * host_key, const char *host, | 311 | ssh_login(int host_key_valid, RSA * host_key, const char *host, |
@@ -272,41 +313,57 @@ ssh_login(int host_key_valid, RSA * host_key, const char *host, | |||
272 | 313 | ||
273 | /*------------ Definitions for various authentication methods. -------*/ | 314 | /*------------ Definitions for various authentication methods. -------*/ |
274 | 315 | ||
275 | /* Tries to authenticate the user using the .rhosts file. Returns true if | 316 | /* |
276 | authentication succeeds. If ignore_rhosts is non-zero, this will not | 317 | * Tries to authenticate the user using the .rhosts file. Returns true if |
277 | consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */ | 318 | * authentication succeeds. If ignore_rhosts is non-zero, this will not |
319 | * consider .rhosts and .shosts (/etc/hosts.equiv will still be used). | ||
320 | */ | ||
278 | int auth_rhosts(struct passwd * pw, const char *client_user); | 321 | int auth_rhosts(struct passwd * pw, const char *client_user); |
279 | 322 | ||
280 | /* Tries to authenticate the user using the .rhosts file and the host using | 323 | /* |
281 | its host key. Returns true if authentication succeeds. */ | 324 | * Tries to authenticate the user using the .rhosts file and the host using |
325 | * its host key. Returns true if authentication succeeds. | ||
326 | */ | ||
282 | int | 327 | int |
283 | auth_rhosts_rsa(struct passwd * pw, const char *client_user, | 328 | auth_rhosts_rsa(struct passwd * pw, const char *client_user, |
284 | BIGNUM * client_host_key_e, BIGNUM * client_host_key_n); | 329 | BIGNUM * client_host_key_e, BIGNUM * client_host_key_n); |
285 | 330 | ||
286 | /* Tries to authenticate the user using password. Returns true if | 331 | /* |
287 | authentication succeeds. */ | 332 | * Tries to authenticate the user using password. Returns true if |
333 | * authentication succeeds. | ||
334 | */ | ||
288 | int auth_password(struct passwd * pw, const char *password); | 335 | int auth_password(struct passwd * pw, const char *password); |
289 | 336 | ||
290 | /* Performs the RSA authentication dialog with the client. This returns | 337 | /* |
291 | 0 if the client could not be authenticated, and 1 if authentication was | 338 | * Performs the RSA authentication dialog with the client. This returns 0 if |
292 | successful. This may exit if there is a serious protocol violation. */ | 339 | * the client could not be authenticated, and 1 if authentication was |
340 | * successful. This may exit if there is a serious protocol violation. | ||
341 | */ | ||
293 | int auth_rsa(struct passwd * pw, BIGNUM * client_n); | 342 | int auth_rsa(struct passwd * pw, BIGNUM * client_n); |
294 | 343 | ||
295 | /* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer | 344 | /* |
296 | over the key. Skips any whitespace at the beginning and at end. */ | 345 | * Parses an RSA key (number of bits, e, n) from a string. Moves the pointer |
346 | * over the key. Skips any whitespace at the beginning and at end. | ||
347 | */ | ||
297 | int auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n); | 348 | int auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n); |
298 | 349 | ||
299 | /* Returns the name of the machine at the other end of the socket. The | 350 | /* |
300 | returned string should be freed by the caller. */ | 351 | * Returns the name of the machine at the other end of the socket. The |
352 | * returned string should be freed by the caller. | ||
353 | */ | ||
301 | char *get_remote_hostname(int socket); | 354 | char *get_remote_hostname(int socket); |
302 | 355 | ||
303 | /* Return the canonical name of the host in the other side of the current | 356 | /* |
304 | connection (as returned by packet_get_connection). The host name is | 357 | * Return the canonical name of the host in the other side of the current |
305 | cached, so it is efficient to call this several times. */ | 358 | * connection (as returned by packet_get_connection). The host name is |
359 | * cached, so it is efficient to call this several times. | ||
360 | */ | ||
306 | const char *get_canonical_hostname(void); | 361 | const char *get_canonical_hostname(void); |
307 | 362 | ||
308 | /* Returns the remote IP address as an ascii string. The value need not be | 363 | /* |
309 | freed by the caller. */ | 364 | * Returns the remote IP address as an ascii string. The value need not be |
365 | * freed by the caller. | ||
366 | */ | ||
310 | const char *get_remote_ipaddr(void); | 367 | const char *get_remote_ipaddr(void); |
311 | 368 | ||
312 | /* Returns the port number of the peer of the socket. */ | 369 | /* Returns the port number of the peer of the socket. */ |
@@ -315,16 +372,20 @@ int get_peer_port(int sock); | |||
315 | /* Returns the port number of the remote host. */ | 372 | /* Returns the port number of the remote host. */ |
316 | int get_remote_port(void); | 373 | int get_remote_port(void); |
317 | 374 | ||
318 | /* Tries to match the host name (which must be in all lowercase) against the | 375 | /* |
319 | comma-separated sequence of subpatterns (each possibly preceded by ! to | 376 | * Tries to match the host name (which must be in all lowercase) against the |
320 | indicate negation). Returns true if there is a positive match; zero | 377 | * comma-separated sequence of subpatterns (each possibly preceded by ! to |
321 | otherwise. */ | 378 | * indicate negation). Returns true if there is a positive match; zero |
379 | * otherwise. | ||
380 | */ | ||
322 | int match_hostname(const char *host, const char *pattern, unsigned int len); | 381 | int match_hostname(const char *host, const char *pattern, unsigned int len); |
323 | 382 | ||
324 | /* Checks whether the given host is already in the list of our known hosts. | 383 | /* |
325 | Returns HOST_OK if the host is known and has the specified key, | 384 | * Checks whether the given host is already in the list of our known hosts. |
326 | HOST_NEW if the host is not known, and HOST_CHANGED if the host is known | 385 | * Returns HOST_OK if the host is known and has the specified key, HOST_NEW |
327 | but used to have a different host key. The host must be in all lowercase. */ | 386 | * if the host is not known, and HOST_CHANGED if the host is known but used |
387 | * to have a different host key. The host must be in all lowercase. | ||
388 | */ | ||
328 | typedef enum { | 389 | typedef enum { |
329 | HOST_OK, HOST_NEW, HOST_CHANGED | 390 | HOST_OK, HOST_NEW, HOST_CHANGED |
330 | } HostStatus; | 391 | } HostStatus; |
@@ -332,43 +393,55 @@ HostStatus | |||
332 | check_host_in_hostfile(const char *filename, const char *host, | 393 | check_host_in_hostfile(const char *filename, const char *host, |
333 | BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn); | 394 | BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn); |
334 | 395 | ||
335 | /* Appends an entry to the host file. Returns false if the entry | 396 | /* |
336 | could not be appended. */ | 397 | * Appends an entry to the host file. Returns false if the entry could not |
398 | * be appended. | ||
399 | */ | ||
337 | int | 400 | int |
338 | add_host_to_hostfile(const char *filename, const char *host, | 401 | add_host_to_hostfile(const char *filename, const char *host, |
339 | BIGNUM * e, BIGNUM * n); | 402 | BIGNUM * e, BIGNUM * n); |
340 | 403 | ||
341 | /* Performs the RSA authentication challenge-response dialog with the client, | 404 | /* |
342 | and returns true (non-zero) if the client gave the correct answer to | 405 | * Performs the RSA authentication challenge-response dialog with the client, |
343 | our challenge; returns zero if the client gives a wrong answer. */ | 406 | * and returns true (non-zero) if the client gave the correct answer to our |
407 | * challenge; returns zero if the client gives a wrong answer. | ||
408 | */ | ||
344 | int auth_rsa_challenge_dialog(BIGNUM * e, BIGNUM * n); | 409 | int auth_rsa_challenge_dialog(BIGNUM * e, BIGNUM * n); |
345 | 410 | ||
346 | /* Reads a passphrase from /dev/tty with echo turned off. Returns the | 411 | /* |
347 | passphrase (allocated with xmalloc). Exits if EOF is encountered. | 412 | * Reads a passphrase from /dev/tty with echo turned off. Returns the |
348 | If from_stdin is true, the passphrase will be read from stdin instead. */ | 413 | * passphrase (allocated with xmalloc). Exits if EOF is encountered. If |
414 | * from_stdin is true, the passphrase will be read from stdin instead. | ||
415 | */ | ||
349 | char *read_passphrase(const char *prompt, int from_stdin); | 416 | char *read_passphrase(const char *prompt, int from_stdin); |
350 | 417 | ||
351 | /* Saves the authentication (private) key in a file, encrypting it with | 418 | /* |
352 | passphrase. The identification of the file (lowest 64 bits of n) | 419 | * Saves the authentication (private) key in a file, encrypting it with |
353 | will precede the key to provide identification of the key without | 420 | * passphrase. The identification of the file (lowest 64 bits of n) will |
354 | needing a passphrase. */ | 421 | * precede the key to provide identification of the key without needing a |
422 | * passphrase. | ||
423 | */ | ||
355 | int | 424 | int |
356 | save_private_key(const char *filename, const char *passphrase, | 425 | save_private_key(const char *filename, const char *passphrase, |
357 | RSA * private_key, const char *comment); | 426 | RSA * private_key, const char *comment); |
358 | 427 | ||
359 | /* Loads the public part of the key file (public key and comment). | 428 | /* |
360 | Returns 0 if an error occurred; zero if the public key was successfully | 429 | * Loads the public part of the key file (public key and comment). Returns 0 |
361 | read. The comment of the key is returned in comment_return if it is | 430 | * if an error occurred; zero if the public key was successfully read. The |
362 | non-NULL; the caller must free the value with xfree. */ | 431 | * comment of the key is returned in comment_return if it is non-NULL; the |
432 | * caller must free the value with xfree. | ||
433 | */ | ||
363 | int | 434 | int |
364 | load_public_key(const char *filename, RSA * pub, | 435 | load_public_key(const char *filename, RSA * pub, |
365 | char **comment_return); | 436 | char **comment_return); |
366 | 437 | ||
367 | /* Loads the private key from the file. Returns 0 if an error is encountered | 438 | /* |
368 | (file does not exist or is not readable, or passphrase is bad). | 439 | * Loads the private key from the file. Returns 0 if an error is encountered |
369 | This initializes the private key. The comment of the key is returned | 440 | * (file does not exist or is not readable, or passphrase is bad). This |
370 | in comment_return if it is non-NULL; the caller must free the value | 441 | * initializes the private key. The comment of the key is returned in |
371 | with xfree. */ | 442 | * comment_return if it is non-NULL; the caller must free the value with |
443 | * xfree. | ||
444 | */ | ||
372 | int | 445 | int |
373 | load_private_key(const char *filename, const char *passphrase, | 446 | load_private_key(const char *filename, const char *passphrase, |
374 | RSA * private_key, char **comment_return); | 447 | RSA * private_key, char **comment_return); |
@@ -418,9 +491,11 @@ void debug(const char *fmt,...) __attribute__((format(printf, 1, 2))); | |||
418 | /* same as fatal() but w/o logging */ | 491 | /* same as fatal() but w/o logging */ |
419 | void fatal_cleanup(void); | 492 | void fatal_cleanup(void); |
420 | 493 | ||
421 | /* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. | 494 | /* |
422 | It is permissible to call fatal_remove_cleanup for the function itself | 495 | * Registers a cleanup function to be called by fatal()/fatal_cleanup() |
423 | from the function. */ | 496 | * before exiting. It is permissible to call fatal_remove_cleanup for the |
497 | * function itself from the function. | ||
498 | */ | ||
424 | void fatal_add_cleanup(void (*proc) (void *context), void *context); | 499 | void fatal_add_cleanup(void (*proc) (void *context), void *context); |
425 | 500 | ||
426 | /* Removes a cleanup function to be called at fatal(). */ | 501 | /* Removes a cleanup function to be called at fatal(). */ |
@@ -431,9 +506,11 @@ void fatal_remove_cleanup(void (*proc) (void *context), void *context); | |||
431 | /* Sets specific protocol options. */ | 506 | /* Sets specific protocol options. */ |
432 | void channel_set_options(int hostname_in_open); | 507 | void channel_set_options(int hostname_in_open); |
433 | 508 | ||
434 | /* Allocate a new channel object and set its type and socket. Remote_name | 509 | /* |
435 | must have been allocated with xmalloc; this will free it when the channel | 510 | * Allocate a new channel object and set its type and socket. Remote_name |
436 | is freed. */ | 511 | * must have been allocated with xmalloc; this will free it when the channel |
512 | * is freed. | ||
513 | */ | ||
437 | int channel_allocate(int type, int sock, char *remote_name); | 514 | int channel_allocate(int type, int sock, char *remote_name); |
438 | 515 | ||
439 | /* Free the channel and close its socket. */ | 516 | /* Free the channel and close its socket. */ |
@@ -442,16 +519,20 @@ void channel_free(int channel); | |||
442 | /* Add any bits relevant to channels in select bitmasks. */ | 519 | /* Add any bits relevant to channels in select bitmasks. */ |
443 | void channel_prepare_select(fd_set * readset, fd_set * writeset); | 520 | void channel_prepare_select(fd_set * readset, fd_set * writeset); |
444 | 521 | ||
445 | /* After select, perform any appropriate operations for channels which | 522 | /* |
446 | have events pending. */ | 523 | * After select, perform any appropriate operations for channels which have |
524 | * events pending. | ||
525 | */ | ||
447 | void channel_after_select(fd_set * readset, fd_set * writeset); | 526 | void channel_after_select(fd_set * readset, fd_set * writeset); |
448 | 527 | ||
449 | /* If there is data to send to the connection, send some of it now. */ | 528 | /* If there is data to send to the connection, send some of it now. */ |
450 | void channel_output_poll(void); | 529 | void channel_output_poll(void); |
451 | 530 | ||
452 | /* This is called when a packet of type CHANNEL_DATA has just been received. | 531 | /* |
453 | The message type has already been consumed, but channel number and data | 532 | * This is called when a packet of type CHANNEL_DATA has just been received. |
454 | is still there. */ | 533 | * The message type has already been consumed, but channel number and data is |
534 | * still there. | ||
535 | */ | ||
455 | void channel_input_data(int payload_len); | 536 | void channel_input_data(int payload_len); |
456 | 537 | ||
457 | /* Returns true if no channel has too much buffered data. */ | 538 | /* Returns true if no channel has too much buffered data. */ |
@@ -473,8 +554,10 @@ void channel_input_open_failure(void); | |||
473 | any unix domain sockets. */ | 554 | any unix domain sockets. */ |
474 | void channel_stop_listening(void); | 555 | void channel_stop_listening(void); |
475 | 556 | ||
476 | /* Closes the sockets of all channels. This is used to close extra file | 557 | /* |
477 | descriptors after a fork. */ | 558 | * Closes the sockets of all channels. This is used to close extra file |
559 | * descriptors after a fork. | ||
560 | */ | ||
478 | void channel_close_all(void); | 561 | void channel_close_all(void); |
479 | 562 | ||
480 | /* Returns the maximum file descriptor number used by the channels. */ | 563 | /* Returns the maximum file descriptor number used by the channels. */ |
@@ -483,92 +566,123 @@ int channel_max_fd(void); | |||
483 | /* Returns true if there is still an open channel over the connection. */ | 566 | /* Returns true if there is still an open channel over the connection. */ |
484 | int channel_still_open(void); | 567 | int channel_still_open(void); |
485 | 568 | ||
486 | /* Returns a string containing a list of all open channels. The list is | 569 | /* |
487 | suitable for displaying to the user. It uses crlf instead of newlines. | 570 | * Returns a string containing a list of all open channels. The list is |
488 | The caller should free the string with xfree. */ | 571 | * suitable for displaying to the user. It uses crlf instead of newlines. |
572 | * The caller should free the string with xfree. | ||
573 | */ | ||
489 | char *channel_open_message(void); | 574 | char *channel_open_message(void); |
490 | 575 | ||
491 | /* Initiate forwarding of connections to local port "port" through the secure | 576 | /* |
492 | channel to host:port from remote side. This never returns if there | 577 | * Initiate forwarding of connections to local port "port" through the secure |
493 | was an error. */ | 578 | * channel to host:port from remote side. This never returns if there was an |
579 | * error. | ||
580 | */ | ||
494 | void | 581 | void |
495 | channel_request_local_forwarding(int port, const char *host, | 582 | channel_request_local_forwarding(int port, const char *host, |
496 | int remote_port); | 583 | int remote_port); |
497 | 584 | ||
498 | /* Initiate forwarding of connections to port "port" on remote host through | 585 | /* |
499 | the secure channel to host:port from local side. This never returns | 586 | * Initiate forwarding of connections to port "port" on remote host through |
500 | if there was an error. This registers that open requests for that | 587 | * the secure channel to host:port from local side. This never returns if |
501 | port are permitted. */ | 588 | * there was an error. This registers that open requests for that port are |
589 | * permitted. | ||
590 | */ | ||
502 | void | 591 | void |
503 | channel_request_remote_forwarding(int port, const char *host, | 592 | channel_request_remote_forwarding(int port, const char *host, |
504 | int remote_port); | 593 | int remote_port); |
505 | 594 | ||
506 | /* Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually | 595 | /* |
507 | called by the server, because the user could connect to any port anyway, | 596 | * Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually |
508 | and the server has no way to know but to trust the client anyway. */ | 597 | * called by the server, because the user could connect to any port anyway, |
598 | * and the server has no way to know but to trust the client anyway. | ||
599 | */ | ||
509 | void channel_permit_all_opens(void); | 600 | void channel_permit_all_opens(void); |
510 | 601 | ||
511 | /* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates | 602 | /* |
512 | listening for the port, and sends back a success reply (or disconnect | 603 | * This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates |
513 | message if there was an error). This never returns if there was an | 604 | * listening for the port, and sends back a success reply (or disconnect |
514 | error. */ | 605 | * message if there was an error). This never returns if there was an error. |
606 | */ | ||
515 | void channel_input_port_forward_request(int is_root); | 607 | void channel_input_port_forward_request(int is_root); |
516 | 608 | ||
517 | /* This is called after receiving PORT_OPEN message. This attempts to connect | 609 | /* |
518 | to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION or | 610 | * This is called after receiving PORT_OPEN message. This attempts to |
519 | CHANNEL_OPEN_FAILURE. */ | 611 | * connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION |
612 | * or CHANNEL_OPEN_FAILURE. | ||
613 | */ | ||
520 | void channel_input_port_open(int payload_len); | 614 | void channel_input_port_open(int payload_len); |
521 | 615 | ||
522 | /* Creates a port for X11 connections, and starts listening for it. | 616 | /* |
523 | Returns the display name, or NULL if an error was encountered. */ | 617 | * Creates a port for X11 connections, and starts listening for it. Returns |
618 | * the display name, or NULL if an error was encountered. | ||
619 | */ | ||
524 | char *x11_create_display(int screen); | 620 | char *x11_create_display(int screen); |
525 | 621 | ||
526 | /* Creates an internet domain socket for listening for X11 connections. | 622 | /* |
527 | Returns a suitable value for the DISPLAY variable, or NULL if an error | 623 | * Creates an internet domain socket for listening for X11 connections. |
528 | occurs. */ | 624 | * Returns a suitable value for the DISPLAY variable, or NULL if an error |
625 | * occurs. | ||
626 | */ | ||
529 | char *x11_create_display_inet(int screen); | 627 | char *x11_create_display_inet(int screen); |
530 | 628 | ||
531 | /* This is called when SSH_SMSG_X11_OPEN is received. The packet contains | 629 | /* |
532 | the remote channel number. We should do whatever we want, and respond | 630 | * This is called when SSH_SMSG_X11_OPEN is received. The packet contains |
533 | with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */ | 631 | * the remote channel number. We should do whatever we want, and respond |
632 | * with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. | ||
633 | */ | ||
534 | void x11_input_open(int payload_len); | 634 | void x11_input_open(int payload_len); |
535 | 635 | ||
536 | /* Requests forwarding of X11 connections. This should be called on the | 636 | /* |
537 | client only. */ | 637 | * Requests forwarding of X11 connections. This should be called on the |
638 | * client only. | ||
639 | */ | ||
538 | void x11_request_forwarding(void); | 640 | void x11_request_forwarding(void); |
539 | 641 | ||
540 | /* Requests forwarding for X11 connections, with authentication spoofing. | 642 | /* |
541 | This should be called in the client only. */ | 643 | * Requests forwarding for X11 connections, with authentication spoofing. |
644 | * This should be called in the client only. | ||
645 | */ | ||
542 | void x11_request_forwarding_with_spoofing(const char *proto, const char *data); | 646 | void x11_request_forwarding_with_spoofing(const char *proto, const char *data); |
543 | 647 | ||
544 | /* Sends a message to the server to request authentication fd forwarding. */ | 648 | /* Sends a message to the server to request authentication fd forwarding. */ |
545 | void auth_request_forwarding(void); | 649 | void auth_request_forwarding(void); |
546 | 650 | ||
547 | /* Returns the name of the forwarded authentication socket. Returns NULL | 651 | /* |
548 | if there is no forwarded authentication socket. The returned value points | 652 | * Returns the name of the forwarded authentication socket. Returns NULL if |
549 | to a static buffer. */ | 653 | * there is no forwarded authentication socket. The returned value points to |
654 | * a static buffer. | ||
655 | */ | ||
550 | char *auth_get_socket_name(void); | 656 | char *auth_get_socket_name(void); |
551 | 657 | ||
552 | /* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. | 658 | /* |
553 | This starts forwarding authentication requests. */ | 659 | * This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server. |
660 | * This starts forwarding authentication requests. | ||
661 | */ | ||
554 | void auth_input_request_forwarding(struct passwd * pw); | 662 | void auth_input_request_forwarding(struct passwd * pw); |
555 | 663 | ||
556 | /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ | 664 | /* This is called to process an SSH_SMSG_AGENT_OPEN message. */ |
557 | void auth_input_open_request(void); | 665 | void auth_input_open_request(void); |
558 | 666 | ||
559 | /* Returns true if the given string matches the pattern (which may contain | 667 | /* |
560 | ? and * as wildcards), and zero if it does not match. */ | 668 | * Returns true if the given string matches the pattern (which may contain ? |
669 | * and * as wildcards), and zero if it does not match. | ||
670 | */ | ||
561 | int match_pattern(const char *s, const char *pattern); | 671 | int match_pattern(const char *s, const char *pattern); |
562 | 672 | ||
563 | /* Expands tildes in the file name. Returns data allocated by xmalloc. | 673 | /* |
564 | Warning: this calls getpw*. */ | 674 | * Expands tildes in the file name. Returns data allocated by xmalloc. |
675 | * Warning: this calls getpw*. | ||
676 | */ | ||
565 | char *tilde_expand_filename(const char *filename, uid_t my_uid); | 677 | char *tilde_expand_filename(const char *filename, uid_t my_uid); |
566 | 678 | ||
567 | /* Performs the interactive session. This handles data transmission between | 679 | /* |
568 | the client and the program. Note that the notion of stdin, stdout, and | 680 | * Performs the interactive session. This handles data transmission between |
569 | stderr in this function is sort of reversed: this function writes to | 681 | * the client and the program. Note that the notion of stdin, stdout, and |
570 | stdin (of the child program), and reads from stdout and stderr (of the | 682 | * stderr in this function is sort of reversed: this function writes to stdin |
571 | child program). */ | 683 | * (of the child program), and reads from stdout and stderr (of the child |
684 | * program). | ||
685 | */ | ||
572 | void server_loop(int pid, int fdin, int fdout, int fderr); | 686 | void server_loop(int pid, int fdin, int fdout, int fderr); |
573 | 687 | ||
574 | /* Client side main loop for the interactive session. */ | 688 | /* Client side main loop for the interactive session. */ |
@@ -582,9 +696,11 @@ struct envstring { | |||
582 | #ifdef KRB4 | 696 | #ifdef KRB4 |
583 | #include <krb.h> | 697 | #include <krb.h> |
584 | 698 | ||
585 | /* Performs Kerberos v4 mutual authentication with the client. This returns | 699 | /* |
586 | 0 if the client could not be authenticated, and 1 if authentication was | 700 | * Performs Kerberos v4 mutual authentication with the client. This returns 0 |
587 | successful. This may exit if there is a serious protocol violation. */ | 701 | * if the client could not be authenticated, and 1 if authentication was |
702 | * successful. This may exit if there is a serious protocol violation. | ||
703 | */ | ||
588 | int auth_krb4(const char *server_user, KTEXT auth, char **client); | 704 | int auth_krb4(const char *server_user, KTEXT auth, char **client); |
589 | int krb4_init(uid_t uid); | 705 | int krb4_init(uid_t uid); |
590 | void krb4_cleanup_proc(void *ignore); | 706 | void krb4_cleanup_proc(void *ignore); |