1 /*
2  * ProFTPD - mod_sftp user authentication (auth)
3  * Copyright (c) 2008-2016 TJ Saunders
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 2 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA.
18  *
19  * As a special exemption, TJ Saunders and other respective copyright holders
20  * give permission to link this program with OpenSSL, and distribute the
21  * resulting executable, without including the source code for OpenSSL in the
22  * source distribution.
23  */
24 
25 #ifndef MOD_SFTP_AUTH_H
26 #define MOD_SFTP_AUTH_H
27 
28 #include "mod_sftp.h"
29 #include "packet.h"
30 
31 #define SFTP_AUTH_FL_METH_PUBLICKEY	0x001
32 #define SFTP_AUTH_FL_METH_KBDINT	0x002
33 #define SFTP_AUTH_FL_METH_PASSWORD	0x004
34 #define SFTP_AUTH_FL_METH_HOSTBASED	0x008
35 
36 /* Structures which define a chain of authentication methods; when each method
37  * in a chain has been satisfied, authentication succeeds.
38  */
39 struct sftp_auth_method {
40   unsigned int method_id;
41   const char *method_name;
42 
43   /* For e.g. kbdint driver names. */
44   const char *submethod_name;
45 
46   /* For use during authentication. */
47   int succeeded, failed;
48 };
49 
50 struct sftp_auth_chain {
51   pool *pool;
52   array_header *methods;
53   int completed;
54 };
55 
56 struct sftp_auth_chain *sftp_auth_chain_alloc(pool *);
57 
58 /* Add a new method to this authentication chain. */
59 int sftp_auth_chain_add_method(struct sftp_auth_chain *, unsigned int,
60   const char *, const char *);
61 
62 /* Parse given method name, e.g. "password" or "keyboard-interactive:pam",
63  * into the ID for the method, and the submethod portion (if any).
64  */
65 int sftp_auth_chain_parse_method(pool *p, const char *, unsigned int *,
66   const char **, const char **);
67 
68 /* Parse a chain of methods, e.g. "publickey+password", into its component
69  * method names.  Returns the list of parsed method names, or NULL on error.
70  */
71 array_header *sftp_auth_chain_parse_method_chain(pool *p, const char *);
72 
73 /* Verify that a given auth chain is correct, i.e. no unsupportable
74  * double/repeated methods, etc.
75  */
76 int sftp_auth_chain_isvalid(struct sftp_auth_chain *);
77 
78 char *sftp_auth_get_default_dir(void);
79 int sftp_auth_handle(struct ssh2_packet *);
80 int sftp_auth_init(void);
81 
82 /* Handles 'hostbased' user authentication. */
83 int sftp_auth_hostbased(struct ssh2_packet *, cmd_rec *,
84   const char *, const char *, const char *, unsigned char **, uint32_t *,
85   int *);
86 int sftp_auth_hostbased_init(pool *);
87 
88 /* Handles 'keyboard-interactive' user authentication. */
89 int sftp_auth_kbdint(struct ssh2_packet *, cmd_rec *,
90   const char *, const char *, const char *, unsigned char **, uint32_t *,
91   int *);
92 int sftp_auth_kbdint_init(pool *);
93 
94 /* Handles 'password' user authentication. */
95 int sftp_auth_password(struct ssh2_packet *, cmd_rec *,
96   const char *, const char *, const char *, unsigned char **, uint32_t *,
97   int *);
98 int sftp_auth_password_init(pool *);
99 
100 /* Handles 'publickey' user authentication. */
101 int sftp_auth_publickey(struct ssh2_packet *, cmd_rec *,
102   const char *, const char *, const char *, unsigned char **, uint32_t *,
103   int *);
104 int sftp_auth_publickey_init(pool *);
105 
106 #endif /* MOD_SFTP_AUTH_H */
107