35 #include <login_cap.h>
51 typedef struct Authctxt Authctxt;
52 typedef struct Authmethod Authmethod;
53 typedef struct KbdintDevice KbdintDevice;
62 int server_caused_failure;
74 u_int num_auth_methods;
83 krb5_context krb5_ctx;
84 krb5_ccache krb5_fwd_ccache;
85 krb5_principal krb5_user;
86 char *krb5_ticket_file;
92 struct sshbuf *loginmsg;
95 struct sshkey **prev_keys;
99 struct sshkey *auth_method_key;
100 char *auth_method_info;
103 struct sshbuf *session_info;
116 int (*userauth)(
struct ssh *,
const char *);
130 void* (*init_ctx)(Authctxt*);
131 int (*query)(
void *ctx,
char **name,
char **infotxt,
132 u_int *numprompts,
char ***prompts, u_int **echo_on);
133 int (*respond)(
void *ctx, u_int numresp,
char **responses);
134 void (*free_ctx)(
void *ctx);
138 auth_rhosts2(
struct passwd *,
const char *,
const char *,
const char *);
140 int auth_password(
struct ssh *,
const char *);
142 int hostbased_key_allowed(
struct ssh *,
struct passwd *,
143 const char *,
char *,
struct sshkey *);
144 int user_key_allowed(
struct ssh *ssh,
struct passwd *,
struct sshkey *,
145 int,
struct sshauthopt **);
146 int auth2_key_already_used(Authctxt *,
const struct sshkey *);
152 void auth2_authctxt_reset_info(Authctxt *);
153 void auth2_record_key(Authctxt *,
int,
const struct sshkey *);
154 void auth2_record_info(Authctxt *authctxt,
const char *, ...)
155 __attribute__((__format__ (printf, 2, 3)))
156 __attribute__((__nonnull__ (2)));
157 void auth2_update_session_info(Authctxt *, const
char *, const
char *);
160 int auth_krb5(Authctxt *authctxt, krb5_data *auth,
char **client, krb5_data *);
161 int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt);
162 int auth_krb5_password(Authctxt *authctxt,
const char *password);
163 void krb5_cleanup_proc(Authctxt *authctxt);
166 #if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
168 int auth_shadow_acctexpired(
struct spwd *);
169 int auth_shadow_pwexpired(Authctxt *);
172 #include "auth-pam.h"
174 void remove_kbdint_device(
const char *);
176 void do_authentication2(
struct ssh *);
178 void auth_log(
struct ssh *,
int,
int,
const char *,
const char *);
179 void auth_maxtries_exceeded(
struct ssh *) __attribute__((noreturn));
180 void userauth_finish(struct ssh *,
int, const
char *, const
char *);
181 int auth_root_allowed(struct ssh *, const
char *);
183 char *auth2_read_banner(
void);
184 int auth2_methods_valid(const
char *,
int);
185 int auth2_update_methods_lists(Authctxt *, const
char *, const
char *);
186 int auth2_setup_methods_lists(Authctxt *);
187 int auth2_method_allowed(Authctxt *, const
char *, const
char *);
189 void privsep_challenge_enable(
void);
191 int auth2_challenge(struct ssh *,
char *);
192 void auth2_challenge_stop(struct ssh *);
193 int bsdauth_query(
void *,
char **,
char **, u_int *,
char ***, u_int **);
194 int bsdauth_respond(
void *, u_int,
char **);
196 int allowed_user(struct ssh *, struct passwd *);
197 struct passwd * getpwnamallow(struct ssh *, const
char *user);
199 char *expand_authorized_keys(const
char *, struct passwd *pw);
200 char *authorized_principals_file(struct passwd *);
202 int auth_key_is_revoked(struct sshkey *);
204 const
char *auth_get_canonical_hostname(struct ssh *,
int);
207 check_key_in_hostfiles(struct passwd *, struct sshkey *, const
char *,
208 const
char *, const
char *);
211 struct sshkey *get_hostkey_by_index(
int);
212 struct sshkey *get_hostkey_public_by_index(
int, struct ssh *);
213 struct sshkey *get_hostkey_public_by_type(
int,
int, struct ssh *);
214 struct sshkey *get_hostkey_private_by_type(
int,
int, struct ssh *);
215 int get_hostkey_index(struct sshkey *,
int, struct ssh *);
216 int sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
217 u_char **,
size_t *, const u_char *,
size_t, const
char *);
218 int hostbased_key_verify(struct ssh *, const struct sshkey *, const u_char *,
size_t,
219 const u_char *,
size_t, const
char *, u_int, struct sshkey_sig_details **);
222 const struct sshauthopt *auth_options(struct ssh *);
223 int auth_activate_options(struct ssh *, struct sshauthopt *);
224 void auth_restrict_session(struct ssh *);
225 void auth_log_authopts(const
char *, const struct sshauthopt *,
int);
228 void auth_debug_add(const
char *fmt,...)
229 __attribute__((format(printf, 1, 2)));
230 void auth_debug_send(struct ssh *);
231 void auth_debug_reset(
void);
233 struct passwd *fakepw(
void);
236 int auth_authorise_keyopts(struct passwd *, struct sshauthopt *,
int,
237 const
char *, const
char *, const
char *);
238 int auth_check_principals_line(
char *, const struct sshkey_cert *,
239 const
char *, struct sshauthopt **);
240 int auth_process_principals(FILE *, const
char *,
241 const struct sshkey_cert *, struct sshauthopt **);
242 int auth_check_authkey_line(struct passwd *, struct sshkey *,
243 char *, const
char *, const
char *, const
char *, struct sshauthopt **);
244 int auth_check_authkeys_file(struct passwd *, FILE *,
char *,
245 struct sshkey *, const
char *, const
char *, struct sshauthopt **);
246 int user_key_verify(struct ssh *, const struct sshkey *, const u_char *,
size_t,
247 const u_char *,
size_t, const
char *, u_int, struct sshkey_sig_details **);
248 FILE *auth_openkeyfile(const
char *, struct passwd *,
int);
249 FILE *auth_openprincipals(const
char *, struct passwd *,
int);
251 int sys_auth_passwd(struct ssh *, const
char *);
253 #if defined(KRB5) && !defined(HEIMDAL)
254 krb5_error_code ssh_krb5_cc_new_unique(krb5_context, krb5_ccache *,
int *);
255 krb5_error_code ssh_krb5_get_k5login_directory(krb5_context ctx,
256 char **k5login_directory);