Annotation of src/usr.bin/ssh/auth-options.h, Revision 1.25
1.25 ! djm 1: /* $OpenBSD: auth-options.h,v 1.24 2018/03/03 03:06:02 djm Exp $ */
1.11 stevesk 2:
1.2 deraadt 3: /*
1.25 ! djm 4: * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
1.2 deraadt 5: *
1.25 ! djm 6: * Permission to use, copy, modify, and distribute this software for any
! 7: * purpose with or without fee is hereby granted, provided that the above
! 8: * copyright notice and this permission notice appear in all copies.
! 9: *
! 10: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 11: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 12: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 13: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 14: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 15: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 16: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.2 deraadt 17: */
1.5 djm 18:
1.1 markus 19: #ifndef AUTH_OPTIONS_H
20: #define AUTH_OPTIONS_H
1.8 markus 21:
1.24 djm 22: struct passwd;
23: struct sshkey;
24:
25: /*
26: * sshauthopt represents key options parsed from authorized_keys or
27: * from certificate extensions/options.
28: */
29: struct sshauthopt {
30: /* Feature flags */
31: int permit_port_forwarding_flag;
32: int permit_agent_forwarding_flag;
33: int permit_x11_forwarding_flag;
34: int permit_pty_flag;
35: int permit_user_rc;
36:
37: /* "restrict" keyword was invoked */
38: int restricted;
39:
40: /* Certificate-related options */
41: int cert_authority;
42: char *cert_principals;
43:
44: int force_tun_device;
45: char *force_command;
46:
47: /* Custom environment */
48: size_t nenv;
49: char **env;
50:
51: /* Permitted port forwardings */
52: size_t npermitopen;
53: char **permitopen;
54:
55: /*
56: * Permitted host/addresses (comma-separated)
57: * Caller must check source address matches both lists (if present).
58: */
59: char *required_from_host_cert;
60: char *required_from_host_keys;
61: };
62:
63: struct sshauthopt *sshauthopt_new(void);
64: struct sshauthopt *sshauthopt_new_with_keys_defaults(void);
65: void sshauthopt_free(struct sshauthopt *opts);
66: struct sshauthopt *sshauthopt_copy(const struct sshauthopt *orig);
67: int sshauthopt_serialise(const struct sshauthopt *opts, struct sshbuf *m, int);
68: int sshauthopt_deserialise(struct sshbuf *m, struct sshauthopt **opts);
69:
70: /*
71: * Parse authorized_keys options. Returns an options structure on success
72: * or NULL on failure. Will set errstr on failure.
73: */
74: struct sshauthopt *sshauthopt_parse(const char *s, const char **errstr);
75:
76: /*
77: * Parse certification options to a struct sshauthopt.
78: * Returns options on success or NULL on failure.
79: */
80: struct sshauthopt *sshauthopt_from_cert(struct sshkey *k);
81:
82: /*
83: * Merge key options.
84: */
85: struct sshauthopt *sshauthopt_merge(const struct sshauthopt *primary,
86: const struct sshauthopt *additional, const char **errstrp);
1.4 markus 87:
1.1 markus 88: #endif