version 1.7, 2000/04/14 10:30:30 |
version 1.7.2.2, 2000/11/08 21:30:26 |
|
|
/* |
/* |
* |
|
* authfd.h |
|
* |
|
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
* |
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* All rights reserved |
* All rights reserved |
* |
|
* Created: Wed Mar 29 01:17:41 1995 ylo |
|
* |
|
* Functions to interface with the SSH_AUTHENTICATION_FD socket. |
* Functions to interface with the SSH_AUTHENTICATION_FD socket. |
* |
* |
|
* As far as I am concerned, the code I have written for this software |
|
* can be used freely for any purpose. Any derived versions of this |
|
* software must be clearly marked as such, and if the derived work is |
|
* incompatible with the protocol description in the RFC file, it must be |
|
* called by a name other than "ssh" or "Secure Shell". |
*/ |
*/ |
|
|
/* RCSID("$Id$"); */ |
/* RCSID("$OpenBSD$"); */ |
|
|
#ifndef AUTHFD_H |
#ifndef AUTHFD_H |
#define AUTHFD_H |
#define AUTHFD_H |
|
|
#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 |
#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8 |
#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 |
#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 |
|
|
|
/* private OpenSSH extensions for SSH2 */ |
|
#define SSH2_AGENTC_REQUEST_IDENTITIES 11 |
|
#define SSH2_AGENT_IDENTITIES_ANSWER 12 |
|
#define SSH2_AGENTC_SIGN_REQUEST 13 |
|
#define SSH2_AGENT_SIGN_RESPONSE 14 |
|
#define SSH2_AGENTC_ADD_IDENTITY 17 |
|
#define SSH2_AGENTC_REMOVE_IDENTITY 18 |
|
#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 |
|
|
|
/* additional error code for ssh.com's ssh-agent2 */ |
|
#define SSH_COM_AGENT2_FAILURE 102 |
|
|
|
#define SSH_AGENT_OLD_SIGNATURE 0x01 |
|
|
|
|
typedef struct { |
typedef struct { |
int fd; |
int fd; |
Buffer packet; |
|
Buffer identities; |
Buffer identities; |
int howmany; |
int howmany; |
} AuthenticationConnection; |
} AuthenticationConnection; |
|
|
/* Returns the number of the authentication fd, or -1 if there is none. */ |
/* Returns the number of the authentication fd, or -1 if there is none. */ |
int ssh_get_authentication_socket(); |
int ssh_get_authentication_socket(); |
|
|
|
|
* Closes the connection to the authentication agent and frees any associated |
* Closes the connection to the authentication agent and frees any associated |
* memory. |
* memory. |
*/ |
*/ |
void ssh_close_authentication_connection(AuthenticationConnection * ac); |
void ssh_close_authentication_connection(AuthenticationConnection *auth); |
|
|
/* |
/* |
* Returns the first authentication identity held by the agent. Returns true |
* Returns the first authentication identity held by the agent or NULL if |
* if an identity is available, 0 otherwise. The caller must initialize the |
* no identies are available. Caller must free comment and key. |
* integers before the call, and free the comment after a successful call |
* Note that you cannot mix calls with different versions. |
* (before calling ssh_get_next_identity). |
|
*/ |
*/ |
int |
Key *ssh_get_first_identity(AuthenticationConnection *auth, char **comment, int version); |
ssh_get_first_identity(AuthenticationConnection * connection, |
|
BIGNUM * e, BIGNUM * n, char **comment); |
|
|
|
/* |
/* |
* Returns the next authentication identity for the agent. Other functions |
* Returns the next authentication identity for the agent. Other functions |
* can be called between this and ssh_get_first_identity or two calls of this |
* can be called between this and ssh_get_first_identity or two calls of this |
* function. This returns 0 if there are no more identities. The caller |
* function. This returns NULL if there are no more identities. The caller |
* must free comment after a successful return. |
* must free key and comment after a successful return. |
*/ |
*/ |
int |
Key *ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int version); |
ssh_get_next_identity(AuthenticationConnection * connection, |
|
BIGNUM * e, BIGNUM * n, char **comment); |
|
|
|
/* Requests the agent to decrypt the given challenge. Returns true if |
/* |
the agent claims it was able to decrypt it. */ |
* Requests the agent to decrypt the given challenge. Returns true if the |
|
* agent claims it was able to decrypt it. |
|
*/ |
int |
int |
ssh_decrypt_challenge(AuthenticationConnection * auth, |
ssh_decrypt_challenge(AuthenticationConnection *auth, |
BIGNUM * e, BIGNUM * n, BIGNUM * challenge, |
Key *key, BIGNUM * challenge, |
unsigned char session_id[16], |
unsigned char session_id[16], |
unsigned int response_type, |
unsigned int response_type, |
unsigned char response[16]); |
unsigned char response[16]); |
|
|
|
/* Requests the agent to sign data using key */ |
|
int |
|
ssh_agent_sign(AuthenticationConnection *auth, |
|
Key *key, |
|
unsigned char **sigp, int *lenp, |
|
unsigned char *data, int datalen); |
|
|
/* |
/* |
* Adds an identity to the authentication server. This call is not meant to |
* Adds an identity to the authentication server. This call is not meant to |
* be used by normal applications. This returns true if the identity was |
* be used by normal applications. This returns true if the identity was |
* successfully added. |
* successfully added. |
*/ |
*/ |
int |
int |
ssh_add_identity(AuthenticationConnection * connection, RSA * key, |
ssh_add_identity(AuthenticationConnection *auth, Key *key, |
const char *comment); |
const char *comment); |
|
|
/* |
/* |
|
|
* meant to be used by normal applications. This returns true if the |
* meant to be used by normal applications. This returns true if the |
* identity was successfully added. |
* identity was successfully added. |
*/ |
*/ |
int ssh_remove_identity(AuthenticationConnection * connection, RSA * key); |
int ssh_remove_identity(AuthenticationConnection *auth, Key *key); |
|
|
/* |
/* |
* Removes all identities from the authentication agent. This call is not |
* Removes all identities from the authentication agent. This call is not |
* meant to be used by normal applications. This returns true if the |
* meant to be used by normal applications. This returns true if the |
* operation was successful. |
* operation was successful. |
*/ |
*/ |
int ssh_remove_all_identities(AuthenticationConnection * connection); |
int ssh_remove_all_identities(AuthenticationConnection *auth, int version); |
|
|
/* Closes the connection to the authentication agent. */ |
|
void ssh_close_authentication(AuthenticationConnection * connection); |
|
|
|
#endif /* AUTHFD_H */ |
#endif /* AUTHFD_H */ |