34 #include <login_cap.h>
49 typedef struct Authctxt Authctxt;
50 typedef struct Authmethod Authmethod;
51 typedef struct KbdintDevice KbdintDevice;
60 int server_caused_failure;
72 u_int num_auth_methods;
81 krb5_context krb5_ctx;
82 krb5_ccache krb5_fwd_ccache;
83 krb5_principal krb5_user;
84 char *krb5_ticket_file;
90 struct sshbuf *loginmsg;
93 struct sshkey **prev_keys;
97 struct sshkey *auth_method_key;
98 char *auth_method_info;
101 struct sshbuf *session_info;
113 int (*userauth)(
struct ssh *);
127 void* (*init_ctx)(Authctxt*);
128 int (*query)(
void *ctx,
char **name,
char **infotxt,
129 u_int *numprompts,
char ***prompts, u_int **echo_on);
130 int (*respond)(
void *ctx, u_int numresp,
char **responses);
131 void (*free_ctx)(
void *ctx);
135 auth_rhosts2(
struct passwd *,
const char *,
const char *,
const char *);
137 int auth_password(
struct ssh *,
const char *);
139 int hostbased_key_allowed(
struct ssh *,
struct passwd *,
140 const char *,
char *,
struct sshkey *);
141 int user_key_allowed(
struct ssh *,
struct passwd *,
struct sshkey *,
int,
142 struct sshauthopt **);
143 int auth2_key_already_used(Authctxt *,
const struct sshkey *);
149 void auth2_authctxt_reset_info(Authctxt *);
150 void auth2_record_key(Authctxt *,
int,
const struct sshkey *);
151 void auth2_record_info(Authctxt *authctxt,
const char *, ...)
152 __attribute__((__format__ (printf, 2, 3)))
153 __attribute__((__nonnull__ (2)));
154 void auth2_update_session_info(Authctxt *, const
char *, const
char *);
157 int auth_krb5(Authctxt *authctxt, krb5_data *auth,
char **client, krb5_data *);
158 int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
159 int auth_krb5_password(Authctxt *authctxt,
const char *password);
160 void krb5_cleanup_proc(Authctxt *authctxt);
163 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
165 int auth_shadow_acctexpired(
struct spwd *);
166 int auth_shadow_pwexpired(Authctxt *);
169 #include "auth-pam.h"
171 void remove_kbdint_device(
const char *);
173 void do_authentication2(
struct ssh *);
175 void auth_log(
struct ssh *,
int,
int,
const char *,
const char *);
176 void auth_maxtries_exceeded(
struct ssh *) __attribute__((noreturn));
177 void userauth_finish(struct ssh *,
int, const
char *, const
char *);
178 int auth_root_allowed(struct ssh *, const
char *);
180 char *auth2_read_banner(
void);
181 int auth2_methods_valid(const
char *,
int);
182 int auth2_update_methods_lists(Authctxt *, const
char *, const
char *);
183 int auth2_setup_methods_lists(Authctxt *);
184 int auth2_method_allowed(Authctxt *, const
char *, const
char *);
186 void privsep_challenge_enable(
void);
188 int auth2_challenge(struct ssh *,
char *);
189 void auth2_challenge_stop(struct ssh *);
190 int bsdauth_query(
void *,
char **,
char **, u_int *,
char ***, u_int **);
191 int bsdauth_respond(
void *, u_int,
char **);
193 int allowed_user(struct ssh *, struct passwd *);
194 struct passwd * getpwnamallow(struct ssh *, const
char *user);
196 char *expand_authorized_keys(const
char *, struct passwd *pw);
197 char *authorized_principals_file(struct passwd *);
198 int user_key_verify(struct ssh *, const struct sshkey *, const u_char *,
size_t,
199 const u_char *,
size_t, const
char *, u_int, struct sshkey_sig_details **);
201 FILE *auth_openkeyfile(const
char *, struct passwd *,
int);
202 FILE *auth_openprincipals(const
char *, struct passwd *,
int);
203 int auth_key_is_revoked(struct sshkey *);
205 const
char *auth_get_canonical_hostname(struct ssh *,
int);
208 check_key_in_hostfiles(struct passwd *, struct sshkey *, const
char *,
209 const
char *, const
char *);
212 struct sshkey *get_hostkey_by_index(
int);
213 struct sshkey *get_hostkey_public_by_index(
int, struct ssh *);
214 struct sshkey *get_hostkey_public_by_type(
int,
int, struct ssh *);
215 struct sshkey *get_hostkey_private_by_type(
int,
int, struct ssh *);
216 int get_hostkey_index(struct sshkey *,
int, struct ssh *);
217 int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
218 u_char **,
size_t *, const u_char *,
size_t, const
char *);
219 int hostbased_key_verify(struct ssh *, const struct sshkey *, const u_char *,
size_t,
220 const u_char *,
size_t, const
char *, u_int, struct sshkey_sig_details **);
223 const struct sshauthopt *auth_options(struct ssh *);
224 int auth_activate_options(struct ssh *, struct sshauthopt *);
225 void auth_restrict_session(struct ssh *);
226 int auth_authorise_keyopts(struct ssh *, struct passwd *pw,
227 struct sshauthopt *,
int, const
char *);
228 void auth_log_authopts(const
char *, const struct sshauthopt *,
int);
231 void auth_debug_add(const
char *fmt,...)
232 __attribute__((format(printf, 1, 2)));
233 void auth_debug_send(struct ssh *);
234 void auth_debug_reset(
void);
236 struct passwd *fakepw(
void);
238 int sys_auth_passwd(struct ssh *, const
char *);
240 #if defined(KRB5) && !defined(HEIMDAL)
241 krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *,
int *);
242 krb5_error_code ssh_krb5_get_k5login_directory(krb5_context ctx,
243 char **k5login_directory);