1 /* 2 * ProFTPD - mod_sftp user authentication (auth) 3 * Copyright (c) 2008-2016 TJ Saunders 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin Street, Suite 500, Boston, MA 02110-1335, USA. 18 * 19 * As a special exemption, TJ Saunders and other respective copyright holders 20 * give permission to link this program with OpenSSL, and distribute the 21 * resulting executable, without including the source code for OpenSSL in the 22 * source distribution. 23 */ 24 25 #ifndef MOD_SFTP_AUTH_H 26 #define MOD_SFTP_AUTH_H 27 28 #include "mod_sftp.h" 29 #include "packet.h" 30 31 #define SFTP_AUTH_FL_METH_PUBLICKEY 0x001 32 #define SFTP_AUTH_FL_METH_KBDINT 0x002 33 #define SFTP_AUTH_FL_METH_PASSWORD 0x004 34 #define SFTP_AUTH_FL_METH_HOSTBASED 0x008 35 36 /* Structures which define a chain of authentication methods; when each method 37 * in a chain has been satisfied, authentication succeeds. 38 */ 39 struct sftp_auth_method { 40 unsigned int method_id; 41 const char *method_name; 42 43 /* For e.g. kbdint driver names. */ 44 const char *submethod_name; 45 46 /* For use during authentication. */ 47 int succeeded, failed; 48 }; 49 50 struct sftp_auth_chain { 51 pool *pool; 52 array_header *methods; 53 int completed; 54 }; 55 56 struct sftp_auth_chain *sftp_auth_chain_alloc(pool *); 57 58 /* Add a new method to this authentication chain. */ 59 int sftp_auth_chain_add_method(struct sftp_auth_chain *, unsigned int, 60 const char *, const char *); 61 62 /* Parse given method name, e.g. "password" or "keyboard-interactive:pam", 63 * into the ID for the method, and the submethod portion (if any). 64 */ 65 int sftp_auth_chain_parse_method(pool *p, const char *, unsigned int *, 66 const char **, const char **); 67 68 /* Parse a chain of methods, e.g. "publickey+password", into its component 69 * method names. Returns the list of parsed method names, or NULL on error. 70 */ 71 array_header *sftp_auth_chain_parse_method_chain(pool *p, const char *); 72 73 /* Verify that a given auth chain is correct, i.e. no unsupportable 74 * double/repeated methods, etc. 75 */ 76 int sftp_auth_chain_isvalid(struct sftp_auth_chain *); 77 78 char *sftp_auth_get_default_dir(void); 79 int sftp_auth_handle(struct ssh2_packet *); 80 int sftp_auth_init(void); 81 82 /* Handles 'hostbased' user authentication. */ 83 int sftp_auth_hostbased(struct ssh2_packet *, cmd_rec *, 84 const char *, const char *, const char *, unsigned char **, uint32_t *, 85 int *); 86 int sftp_auth_hostbased_init(pool *); 87 88 /* Handles 'keyboard-interactive' user authentication. */ 89 int sftp_auth_kbdint(struct ssh2_packet *, cmd_rec *, 90 const char *, const char *, const char *, unsigned char **, uint32_t *, 91 int *); 92 int sftp_auth_kbdint_init(pool *); 93 94 /* Handles 'password' user authentication. */ 95 int sftp_auth_password(struct ssh2_packet *, cmd_rec *, 96 const char *, const char *, const char *, unsigned char **, uint32_t *, 97 int *); 98 int sftp_auth_password_init(pool *); 99 100 /* Handles 'publickey' user authentication. */ 101 int sftp_auth_publickey(struct ssh2_packet *, cmd_rec *, 102 const char *, const char *, const char *, unsigned char **, uint32_t *, 103 int *); 104 int sftp_auth_publickey_init(pool *); 105 106 #endif /* MOD_SFTP_AUTH_H */ 107