| ssh.h (fe5fd017) | ssh.h (a8f6863a) |
|---|---|
| 1/* 2 * 3 * ssh.h 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Fri Mar 17 17:09:37 1995 ylo 11 * 12 * Generic header file for ssh. 13 * | 1/* 2 * 3 * ssh.h 4 * 5 * Author: Tatu Ylonen <ylo@cs.hut.fi> 6 * 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * 10 * Created: Fri Mar 17 17:09:37 1995 ylo 11 * 12 * Generic header file for ssh. 13 * |
| 14 * $FreeBSD$ | |
| 15 */ 16 | 14 */ 15 |
| 17/* RCSID("$Id: ssh.h,v 1.33 2000/02/01 22:32:53 d Exp $"); */ | 16/* RCSID("$Id: ssh.h,v 1.34 2000/03/23 22:15:33 markus Exp $"); */ |
| 18 19#ifndef SSH_H 20#define SSH_H 21 22#include "rsa.h" 23#include "cipher.h" 24 25/* --- 31 unchanged lines hidden (view full) --- 57#define PROTOCOL_MINOR 5 58 59/* 60 * Name for the service. The port named by this service overrides the 61 * default port if present. 62 */ 63#define SSH_SERVICE_NAME "ssh" 64 | 17 18#ifndef SSH_H 19#define SSH_H 20 21#include "rsa.h" 22#include "cipher.h" 23 24/* --- 31 unchanged lines hidden (view full) --- 56#define PROTOCOL_MINOR 5 57 58/* 59 * Name for the service. The port named by this service overrides the 60 * default port if present. 61 */ 62#define SSH_SERVICE_NAME "ssh" 63 |
| 65#define ETCDIR "/etc/ssh" | 64#define ETCDIR "/etc" |
| 66#define PIDDIR "/var/run" 67 68/* 69 * System-wide file containing host keys of known hosts. This file should be 70 * world-readable. 71 */ 72#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" 73 --- 103 unchanged lines hidden (view full) --- 177 * Authentication methods. New types can be added, but old types should not 178 * be removed for compatibility. The maximum allowed value is 31. 179 */ 180#define SSH_AUTH_RHOSTS 1 181#define SSH_AUTH_RSA 2 182#define SSH_AUTH_PASSWORD 3 183#define SSH_AUTH_RHOSTS_RSA 4 184#define SSH_AUTH_TIS 5 | 65#define PIDDIR "/var/run" 66 67/* 68 * System-wide file containing host keys of known hosts. This file should be 69 * world-readable. 70 */ 71#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts" 72 --- 103 unchanged lines hidden (view full) --- 176 * Authentication methods. New types can be added, but old types should not 177 * be removed for compatibility. The maximum allowed value is 31. 178 */ 179#define SSH_AUTH_RHOSTS 1 180#define SSH_AUTH_RSA 2 181#define SSH_AUTH_PASSWORD 3 182#define SSH_AUTH_RHOSTS_RSA 4 183#define SSH_AUTH_TIS 5 |
| 185#define SSH_AUTH_KRB4 6 186#define SSH_PASS_KRB4_TGT 7 | 184#define SSH_AUTH_KERBEROS 6 185#define SSH_PASS_KERBEROS_TGT 7 |
| 187 /* 8 to 15 are reserved */ 188#define SSH_PASS_AFS_TOKEN 21 189 | 186 /* 8 to 15 are reserved */ 187#define SSH_PASS_AFS_TOKEN 21 188 |
| 190#define SSH_AUTH_KRB5 29 191#define SSH_PASS_KRB5_TGT 30 192 | |
| 193/* Protocol flags. These are bit masks. */ 194#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ 195#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ 196 197/* 198 * Definition of message types. New values can be added, but old values 199 * should not be removed or without careful consideration of the consequences 200 * for compatibility. The maximum value is 254; value 255 is reserved for --- 37 unchanged lines hidden (view full) --- 238#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ 239#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ 240#define SSH_MSG_DEBUG 36 /* string */ 241#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ 242#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ 243#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ 244#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ 245#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ | 189/* Protocol flags. These are bit masks. */ 190#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */ 191#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */ 192 193/* 194 * Definition of message types. New values can be added, but old values 195 * should not be removed or without careful consideration of the consequences 196 * for compatibility. The maximum value is 254; value 255 is reserved for --- 37 unchanged lines hidden (view full) --- 234#define SSH_CMSG_X11_REQUEST_FORWARDING 34 /* proto,data (s,s) */ 235#define SSH_CMSG_AUTH_RHOSTS_RSA 35 /* user,mod (s,mpi) */ 236#define SSH_MSG_DEBUG 36 /* string */ 237#define SSH_CMSG_REQUEST_COMPRESSION 37 /* level 1-9 (int) */ 238#define SSH_CMSG_MAX_PACKET_SIZE 38 /* size 4k-1024k (int) */ 239#define SSH_CMSG_AUTH_TIS 39 /* we use this for s/key */ 240#define SSH_SMSG_AUTH_TIS_CHALLENGE 40 /* challenge (string) */ 241#define SSH_CMSG_AUTH_TIS_RESPONSE 41 /* response (string) */ |
| 246#define SSH_CMSG_AUTH_KRB4 42 /* (KTEXT) */ 247#define SSH_SMSG_AUTH_KRB4_RESPONSE 43 /* (KTEXT) */ 248#define SSH_CMSG_HAVE_KRB4_TGT 44 /* credentials (s) */ | 242#define SSH_CMSG_AUTH_KERBEROS 42 /* (KTEXT) */ 243#define SSH_SMSG_AUTH_KERBEROS_RESPONSE 43 /* (KTEXT) */ 244#define SSH_CMSG_HAVE_KERBEROS_TGT 44 /* credentials (s) */ |
| 249#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ 250 | 245#define SSH_CMSG_HAVE_AFS_TOKEN 65 /* token (s) */ 246 |
| 251#define SSH_CMSG_AUTH_KRB5 110 252#define SSH_SMSG_AUTH_KRB5_RESPONSE 111 253#define SSH_CMSG_HAVE_KRB5_TGT 112 254 | |
| 255/*------------ definitions for login.c -------------*/ 256 257/* 258 * Returns the time when the user last logged in. Returns 0 if the 259 * information is not available. This must be called before record_login. 260 * The host from which the user logged in is stored in buf. 261 */ 262unsigned long --- 53 unchanged lines hidden (view full) --- 316 */ 317int auth_rhosts(struct passwd * pw, const char *client_user); 318 319/* 320 * Tries to authenticate the user using the .rhosts file and the host using 321 * its host key. Returns true if authentication succeeds. 322 */ 323int | 247/*------------ definitions for login.c -------------*/ 248 249/* 250 * Returns the time when the user last logged in. Returns 0 if the 251 * information is not available. This must be called before record_login. 252 * The host from which the user logged in is stored in buf. 253 */ 254unsigned long --- 53 unchanged lines hidden (view full) --- 308 */ 309int auth_rhosts(struct passwd * pw, const char *client_user); 310 311/* 312 * Tries to authenticate the user using the .rhosts file and the host using 313 * its host key. Returns true if authentication succeeds. 314 */ 315int |
| 324auth_rhosts_rsa(struct passwd * pw, const char *client_user, 325 BIGNUM * client_host_key_e, BIGNUM * client_host_key_n); | 316auth_rhosts_rsa(struct passwd * pw, const char *client_user, RSA* client_host_key); |
| 326 327/* 328 * Tries to authenticate the user using password. Returns true if 329 * authentication succeeds. 330 */ 331int auth_password(struct passwd * pw, const char *password); 332 333/* --- 32 unchanged lines hidden (view full) --- 366int get_peer_port(int sock); 367 368/* Returns the port number of the remote/local host. */ 369int get_remote_port(void); 370int get_local_port(void); 371 372 373/* | 317 318/* 319 * Tries to authenticate the user using password. Returns true if 320 * authentication succeeds. 321 */ 322int auth_password(struct passwd * pw, const char *password); 323 324/* --- 32 unchanged lines hidden (view full) --- 357int get_peer_port(int sock); 358 359/* Returns the port number of the remote/local host. */ 360int get_remote_port(void); 361int get_local_port(void); 362 363 364/* |
| 374 * Tries to match the host name (which must be in all lowercase) against the 375 * comma-separated sequence of subpatterns (each possibly preceded by ! to 376 * indicate negation). Returns true if there is a positive match; zero 377 * otherwise. 378 */ 379int match_hostname(const char *host, const char *pattern, unsigned int len); 380 381/* 382 * Checks whether the given host is already in the list of our known hosts. 383 * Returns HOST_OK if the host is known and has the specified key, HOST_NEW 384 * if the host is not known, and HOST_CHANGED if the host is known but used 385 * to have a different host key. The host must be in all lowercase. 386 */ 387typedef enum { 388 HOST_OK, HOST_NEW, HOST_CHANGED 389} HostStatus; 390HostStatus 391check_host_in_hostfile(const char *filename, const char *host, 392 BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn); 393 394/* 395 * Appends an entry to the host file. Returns false if the entry could not 396 * be appended. 397 */ 398int 399add_host_to_hostfile(const char *filename, const char *host, 400 BIGNUM * e, BIGNUM * n); 401 402/* | |
| 403 * Performs the RSA authentication challenge-response dialog with the client, 404 * and returns true (non-zero) if the client gave the correct answer to our 405 * challenge; returns zero if the client gives a wrong answer. 406 */ | 365 * Performs the RSA authentication challenge-response dialog with the client, 366 * and returns true (non-zero) if the client gave the correct answer to our 367 * challenge; returns zero if the client gives a wrong answer. 368 */ |
| 407int auth_rsa_challenge_dialog(BIGNUM * e, BIGNUM * n); | 369int auth_rsa_challenge_dialog(RSA *pk); |
| 408 409/* 410 * Reads a passphrase from /dev/tty with echo turned off. Returns the 411 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If 412 * from_stdin is true, the passphrase will be read from stdin instead. 413 */ 414char *read_passphrase(const char *prompt, int from_stdin); 415 --- 276 unchanged lines hidden (view full) --- 692 char *s; 693}; 694 695/* 696 * Ensure all of data on socket comes through. f==read || f==write 697 */ 698ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); 699 | 370 371/* 372 * Reads a passphrase from /dev/tty with echo turned off. Returns the 373 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If 374 * from_stdin is true, the passphrase will be read from stdin instead. 375 */ 376char *read_passphrase(const char *prompt, int from_stdin); 377 --- 276 unchanged lines hidden (view full) --- 654 char *s; 655}; 656 657/* 658 * Ensure all of data on socket comes through. f==read || f==write 659 */ 660ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); 661 |
| 700#ifdef KRB5 701#include <krb5.h> 702int auth_krb5(); /* XXX Doplnit prototypy */ 703int auth_krb5_tgt(); 704int krb5_init(); 705void krb5_cleanup_proc(void *ignore); 706int auth_krb5_password(struct passwd *pw, const char *password); 707#endif /* KRB5 */ 708 | |
| 709#ifdef KRB4 710#include <krb.h> 711/* 712 * Performs Kerberos v4 mutual authentication with the client. This returns 0 713 * if the client could not be authenticated, and 1 if authentication was 714 * successful. This may exit if there is a serious protocol violation. 715 */ 716int auth_krb4(const char *server_user, KTEXT auth, char **client); 717int krb4_init(uid_t uid); 718void krb4_cleanup_proc(void *ignore); 719int auth_krb4_password(struct passwd * pw, const char *password); 720 721#ifdef AFS 722#include <kafs.h> 723 724/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ | 662#ifdef KRB4 663#include <krb.h> 664/* 665 * Performs Kerberos v4 mutual authentication with the client. This returns 0 666 * if the client could not be authenticated, and 1 if authentication was 667 * successful. This may exit if there is a serious protocol violation. 668 */ 669int auth_krb4(const char *server_user, KTEXT auth, char **client); 670int krb4_init(uid_t uid); 671void krb4_cleanup_proc(void *ignore); 672int auth_krb4_password(struct passwd * pw, const char *password); 673 674#ifdef AFS 675#include <kafs.h> 676 677/* Accept passed Kerberos v4 ticket-granting ticket and AFS tokens. */ |
| 725int auth_krb4_tgt(struct passwd * pw, const char *string); | 678int auth_kerberos_tgt(struct passwd * pw, const char *string); |
| 726int auth_afs_token(struct passwd * pw, const char *token_string); 727 728int creds_to_radix(CREDENTIALS * creds, unsigned char *buf); 729int radix_to_creds(const char *buf, CREDENTIALS * creds); 730#endif /* AFS */ 731 732#endif /* KRB4 */ 733 734#ifdef SKEY 735#include <skey.h> 736char *skey_fake_keyinfo(char *username); 737int auth_skey_password(struct passwd * pw, const char *password); 738#endif /* SKEY */ 739 740/* AF_UNSPEC or AF_INET or AF_INET6 */ 741extern int IPv4or6; 742 743#endif /* SSH_H */ | 679int auth_afs_token(struct passwd * pw, const char *token_string); 680 681int creds_to_radix(CREDENTIALS * creds, unsigned char *buf); 682int radix_to_creds(const char *buf, CREDENTIALS * creds); 683#endif /* AFS */ 684 685#endif /* KRB4 */ 686 687#ifdef SKEY 688#include <skey.h> 689char *skey_fake_keyinfo(char *username); 690int auth_skey_password(struct passwd * pw, const char *password); 691#endif /* SKEY */ 692 693/* AF_UNSPEC or AF_INET or AF_INET6 */ 694extern int IPv4or6; 695 696#endif /* SSH_H */ |