Annotation of src/usr.bin/ssh/auth-options.h, Revision 1.24
1.24 ! djm 1: /* $OpenBSD: auth-options.h,v 1.23 2017/05/31 10:54:00 markus Exp $ */
1.11 stevesk 2:
1.2 deraadt 3: /*
1.3 markus 4: * Author: Tatu Ylonen <ylo@cs.hut.fi>
5: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
6: * All rights reserved
1.2 deraadt 7: *
1.3 markus 8: * As far as I am concerned, the code I have written for this software
9: * can be used freely for any purpose. Any derived versions of this
10: * software must be clearly marked as such, and if the derived work is
11: * incompatible with the protocol description in the RFC file, it must be
12: * called by a name other than "ssh" or "Secure Shell".
1.2 deraadt 13: */
1.5 djm 14:
1.1 markus 15: #ifndef AUTH_OPTIONS_H
16: #define AUTH_OPTIONS_H
1.8 markus 17:
1.24 ! djm 18: struct passwd;
! 19: struct sshkey;
! 20:
1.8 markus 21: /* Linked list of custom environment strings */
22: struct envstring {
23: struct envstring *next;
24: char *s;
25: };
26:
1.1 markus 27: /* Flags that may be set in authorized_keys options. */
28: extern int no_port_forwarding_flag;
29: extern int no_agent_forwarding_flag;
30: extern int no_x11_forwarding_flag;
31: extern int no_pty_flag;
1.17 djm 32: extern int no_user_rc;
1.1 markus 33: extern char *forced_command;
34: extern struct envstring *custom_environment;
1.13 reyk 35: extern int forced_tun_device;
1.18 djm 36: extern int key_is_cert_authority;
1.20 djm 37: extern char *authorized_principals;
1.1 markus 38:
1.23 markus 39: int auth_parse_options(struct passwd *, char *, const char *, u_long);
1.4 markus 40: void auth_clear_options(void);
1.22 djm 41: int auth_cert_options(struct sshkey *, struct passwd *, const char **);
1.24 ! djm 42:
! 43: /* authorized_keys options handling */
! 44:
! 45: /*
! 46: * sshauthopt represents key options parsed from authorized_keys or
! 47: * from certificate extensions/options.
! 48: */
! 49: struct sshauthopt {
! 50: /* Feature flags */
! 51: int permit_port_forwarding_flag;
! 52: int permit_agent_forwarding_flag;
! 53: int permit_x11_forwarding_flag;
! 54: int permit_pty_flag;
! 55: int permit_user_rc;
! 56:
! 57: /* "restrict" keyword was invoked */
! 58: int restricted;
! 59:
! 60: /* Certificate-related options */
! 61: int cert_authority;
! 62: char *cert_principals;
! 63:
! 64: int force_tun_device;
! 65: char *force_command;
! 66:
! 67: /* Custom environment */
! 68: size_t nenv;
! 69: char **env;
! 70:
! 71: /* Permitted port forwardings */
! 72: size_t npermitopen;
! 73: char **permitopen;
! 74:
! 75: /*
! 76: * Permitted host/addresses (comma-separated)
! 77: * Caller must check source address matches both lists (if present).
! 78: */
! 79: char *required_from_host_cert;
! 80: char *required_from_host_keys;
! 81: };
! 82:
! 83: struct sshauthopt *sshauthopt_new(void);
! 84: struct sshauthopt *sshauthopt_new_with_keys_defaults(void);
! 85: void sshauthopt_free(struct sshauthopt *opts);
! 86: struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig);
! 87: int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int);
! 88: int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts);
! 89:
! 90: /*
! 91: * Parse authorized_keys options. Returns an options structure on success
! 92: * or NULL on failure. Will set errstr on failure.
! 93: */
! 94: struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr);
! 95:
! 96: /*
! 97: * Parse certification options to a struct sshauthopt.
! 98: * Returns options on success or NULL on failure.
! 99: */
! 100: struct sshauthopt *sshauthopt_from_cert(struct sshkey *k);
! 101:
! 102: /*
! 103: * Merge key options.
! 104: */
! 105: struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary,
! 106: const struct sshauthopt *additional, const char **errstrp);
1.4 markus 107:
1.1 markus 108: #endif