src/usr.bin/ssh/ssh.h - diff

Return to ssh.h CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh.h between version 1.25 and 1.26

version 1.25, 1999/11/24 00:26:03

version 1.26, 1999/11/24 19:53:52

Line 21

#include "rsa.h"

#include "cipher.h"

/* The default cipher used if IDEA is not supported by the remote host.

It is recommended that this be one of the mandatory ciphers (DES, 3DES),

* The default cipher used if IDEA is not supported by the remote host. It is

though that is not required. */

* recommended that this be one of the mandatory ciphers (DES, 3DES), though

* that is not required.

#define SSH_FALLBACK_CIPHER SSH_CIPHER_3DES

/* Cipher used for encrypting authentication files. */

Line 35

Line 37

/* Maximum number of TCP/IP ports forwarded per direction. */

#define SSH_MAX_FORWARDS_PER_DIRECTION 100

/* Maximum number of RSA authentication identity files that can be specified

in configuration files or on the command line. */

* Maximum number of RSA authentication identity files that can be specified

* in configuration files or on the command line.

#define SSH_MAX_IDENTITY_FILES 100

/* Major protocol version. Different version indicates major incompatiblity

that prevents communication. */

* Major protocol version. Different version indicates major incompatiblity

* that prevents communication.

#define PROTOCOL_MAJOR 1

/* Minor protocol version. Different version indicates minor incompatibility

that does not prevent interoperation. */

* Minor protocol version. Different version indicates minor incompatibility

* that does not prevent interoperation.

#define PROTOCOL_MINOR 5

/* Name for the service. The port named by this service overrides the default

port if present. */

* Name for the service. The port named by this service overrides the

* default port if present.

#define SSH_SERVICE_NAME "ssh"

#define ETCDIR "/etc"

#define PIDDIR "/var/run"

/* System-wide file containing host keys of known hosts. This file should be

world-readable. */

* System-wide file containing host keys of known hosts. This file should be

* world-readable.

#define SSH_SYSTEM_HOSTFILE ETCDIR "/ssh_known_hosts"

/* HOST_KEY_FILE /etc/ssh_host_key,

SERVER_CONFIG_FILE /etc/sshd_config,

* Of these, ssh_host_key must be readable only by root, whereas ssh_config

and HOST_CONFIG_FILE /etc/ssh_config

* should be world-readable.

are all defined in Makefile.in. Of these, ssh_host_key should be readable

only by root, whereas ssh_config should be world-readable. */

#define HOST_KEY_FILE ETCDIR "/ssh_host_key"

#define SERVER_CONFIG_FILE ETCDIR "/sshd_config"

#define HOST_CONFIG_FILE ETCDIR "/ssh_config"

#define HOST_KEY_FILE "/etc/ssh_host_key"

#define SERVER_CONFIG_FILE "/etc/sshd_config"

#define HOST_CONFIG_FILE "/etc/ssh_config"

#define SSH_PROGRAM "/usr/bin/ssh"

/* The process id of the daemon listening for connections is saved

here to make it easier to kill the correct daemon when necessary. */

* The process id of the daemon listening for connections is saved here to

* make it easier to kill the correct daemon when necessary.

#define SSH_DAEMON_PID_FILE PIDDIR "/sshd.pid"

/* The directory in user\'s home directory in which the files reside.

The directory should be world-readable (though not all files are). */

* The directory in user\'s home directory in which the files reside. The

* directory should be world-readable (though not all files are).

#define SSH_USER_DIR ".ssh"

/* Per-user file containing host keys of known hosts. This file need

not be readable by anyone except the user him/herself, though this does

* Per-user file containing host keys of known hosts. This file need not be

not contain anything particularly secret. */

* readable by anyone except the user him/herself, though this does not

* contain anything particularly secret.

#define SSH_USER_HOSTFILE "~/.ssh/known_hosts"

/* Name of the default file containing client-side authentication key.

This file should only be readable by the user him/herself. */

* Name of the default file containing client-side authentication key. This

* file should only be readable by the user him/herself.

#define SSH_CLIENT_IDENTITY ".ssh/identity"

/* Configuration file in user\'s home directory. This file need not be

readable by anyone but the user him/herself, but does not contain

* Configuration file in user\'s home directory. This file need not be

anything particularly secret. If the user\'s home directory resides

* readable by anyone but the user him/herself, but does not contain anything

on an NFS volume where root is mapped to nobody, this may need to be

* particularly secret. If the user\'s home directory resides on an NFS

world-readable. */

* volume where root is mapped to nobody, this may need to be world-readable.

#define SSH_USER_CONFFILE ".ssh/config"

/* File containing a list of those rsa keys that permit logging in as

this user. This file need not be

* File containing a list of those rsa keys that permit logging in as this

readable by anyone but the user him/herself, but does not contain

* user. This file need not be readable by anyone but the user him/herself,

anything particularly secret. If the user\'s home directory resides

* but does not contain anything particularly secret. If the user\'s home

on an NFS volume where root is mapped to nobody, this may need to be

* directory resides on an NFS volume where root is mapped to nobody, this

world-readable. (This file is read by the daemon which is running as

* may need to be world-readable. (This file is read by the daemon which is

root.) */

* running as root.)

#define SSH_USER_PERMITTED_KEYS ".ssh/authorized_keys"

/* Per-user and system-wide ssh "rc" files. These files are executed with

/bin/sh before starting the shell or command if they exist. They

* Per-user and system-wide ssh "rc" files. These files are executed with

will be passed "proto cookie" as arguments if X11 forwarding with

* /bin/sh before starting the shell or command if they exist. They will be

spoofing is in use. xauth will be run if neither of these exists. */

* passed "proto cookie" as arguments if X11 forwarding with spoofing is in

* use. xauth will be run if neither of these exists.

#define SSH_USER_RC ".ssh/rc"

#define SSH_SYSTEM_RC ETCDIR "/sshrc"

/* Ssh-only version of /etc/hosts.equiv. */

* Ssh-only version of /etc/hosts.equiv. Additionally, the daemon may use

* ~/.rhosts and /etc/hosts.equiv if rhosts authentication is enabled.

#define SSH_HOSTS_EQUIV ETCDIR "/shosts.equiv"

/* Additionally, the daemon may use ~/.rhosts and /etc/hosts.equiv if

rhosts authentication is enabled. */

* Name of the environment variable containing the pathname of the

* authentication socket.

/* Name of the environment variable containing the pathname of the

authentication socket. */

#define SSH_AUTHSOCKET_ENV_NAME "SSH_AUTH_SOCK"

/* Name of the environment variable containing the pathname of the

authentication socket. */

* Name of the environment variable containing the pathname of the

* authentication socket.

#define SSH_AGENTPID_ENV_NAME "SSH_AGENT_PID"

/* Force host key length and server key length to differ by at least this

many bits. This is to make double encryption with rsaref work. */

* Force host key length and server key length to differ by at least this

* many bits. This is to make double encryption with rsaref work.

#define SSH_KEY_BITS_RESERVED 128

/* Length of the session key in bytes. (Specified as 256 bits in the

protocol.) */

* Length of the session key in bytes. (Specified as 256 bits in the

* protocol.)

#define SSH_SESSION_KEY_LENGTH 32

/* Name of Kerberos service for SSH to use. */

#define KRB4_SERVICE_NAME "rcmd"

/* Authentication methods. New types can be added, but old types should not

be removed for compatibility. The maximum allowed value is 31. */

* Authentication methods. New types can be added, but old types should not

* be removed for compatibility. The maximum allowed value is 31.

#define SSH_AUTH_RHOSTS 1

#define SSH_AUTH_RSA 2

#define SSH_AUTH_PASSWORD 3

Line 144

Line 176

#define SSH_AUTH_TIS 5

#define SSH_AUTH_KERBEROS 6

#define SSH_PASS_KERBEROS_TGT 7

/* 8 to 15 are reserved */

#define SSH_PASS_AFS_TOKEN 21

/* Protocol flags. These are bit masks. */

#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes

#define SSH_PROTOFLAG_SCREEN_NUMBER 1 /* X11 forwarding includes screen */

* screen */

#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain host */

#define SSH_PROTOFLAG_HOST_IN_FWD_OPEN 2 /* forwarding opens contain

* host */

/* Definition of message types. New values can be added, but old values

should not be removed or without careful consideration of the consequences

* Definition of message types. New values can be added, but old values

for compatibility. The maximum value is 254; value 255 is reserved

* should not be removed or without careful consideration of the consequences

for future extension. */

* for compatibility. The maximum value is 254; value 255 is reserved for

/* Message name *//* msg code *//* arguments */

* future extension.

/* Message name */ /* msg code */ /* arguments */

#define SSH_MSG_NONE 0 /* no message */

#define SSH_MSG_DISCONNECT 1 /* cause (string) */

#define SSH_SMSG_PUBLIC_KEY 2 /* ck,msk,srvk,hostk */

Line 207

Line 239

/*------------ definitions for login.c -------------*/

/* Returns the time when the user last logged in. Returns 0 if the

information is not available. This must be called before record_login.

* Returns the time when the user last logged in. Returns 0 if the

The host from which the user logged in is stored in buf. */

* information is not available. This must be called before record_login.

* The host from which the user logged in is stored in buf.

unsigned long

get_last_login_time(uid_t uid, const char *logname,

char *buf, unsigned int bufsize);

/* Records that the user has logged in. This does many things normally

done by login(1). */

* Records that the user has logged in. This does many things normally done

* by login(1).

void

record_login(int pid, const char *ttyname, const char *user, uid_t uid,

const char *host, struct sockaddr_in * addr);

/* Records that the user has logged out. This does many thigs normally

done by login(1) or init. */

* Records that the user has logged out. This does many thigs normally done

* by login(1) or init.

void record_logout(int pid, const char *ttyname);

/*------------ definitions for sshconnect.c ----------*/

/* Opens a TCP/IP connection to the remote server on the given host. If

port is 0, the default port will be used. If anonymous is zero,

* Opens a TCP/IP connection to the remote server on the given host. If port

a privileged port will be allocated to make the connection.

* is 0, the default port will be used. If anonymous is zero, a privileged

This requires super-user privileges if anonymous is false.

* port will be allocated to make the connection. This requires super-user

Connection_attempts specifies the maximum number of tries, one per

* privileges if anonymous is false. Connection_attempts specifies the

second. This returns true on success, and zero on failure. If the

* maximum number of tries, one per second. This returns true on success,

connection is successful, this calls packet_set_connection for the

* and zero on failure. If the connection is successful, this calls

connection. */

* packet_set_connection for the connection.

int

ssh_connect(const char *host, struct sockaddr_in * hostaddr,

int port, int connection_attempts,

int anonymous, uid_t original_real_uid,

const char *proxy_command);

/* Starts a dialog with the server, and authenticates the current user on the

server. This does not need any extra privileges. The basic connection

* Starts a dialog with the server, and authenticates the current user on the

to the server must already have been established before this is called.

* server. This does not need any extra privileges. The basic connection to

If login fails, this function prints an error and never returns.

* the server must already have been established before this is called. If

This initializes the random state, and leaves it initialized (it will also

* login fails, this function prints an error and never returns. This

have references from the packet module). */

* initializes the random state, and leaves it initialized (it will also have

* references from the packet module).

void

ssh_login(int host_key_valid, RSA * host_key, const char *host,

Line 253

Line 294

/*------------ Definitions for various authentication methods. -------*/

/* Tries to authenticate the user using the .rhosts file. Returns true if

authentication succeeds. If ignore_rhosts is non-zero, this will not

* Tries to authenticate the user using the .rhosts file. Returns true if

consider .rhosts and .shosts (/etc/hosts.equiv will still be used). */

* authentication succeeds. If ignore_rhosts is non-zero, this will not

* consider .rhosts and .shosts (/etc/hosts.equiv will still be used).

int auth_rhosts(struct passwd * pw, const char *client_user);

/* Tries to authenticate the user using the .rhosts file and the host using

its host key. Returns true if authentication succeeds. */

* Tries to authenticate the user using the .rhosts file and the host using

* its host key. Returns true if authentication succeeds.

int

auth_rhosts_rsa(struct passwd * pw, const char *client_user,

BIGNUM * client_host_key_e, BIGNUM * client_host_key_n);

/* Tries to authenticate the user using password. Returns true if

authentication succeeds. */

* Tries to authenticate the user using password. Returns true if

* authentication succeeds.

int auth_password(struct passwd * pw, const char *password);

/* Performs the RSA authentication dialog with the client. This returns

0 if the client could not be authenticated, and 1 if authentication was

* Performs the RSA authentication dialog with the client. This returns 0 if

successful. This may exit if there is a serious protocol violation. */

* the client could not be authenticated, and 1 if authentication was

* successful. This may exit if there is a serious protocol violation.

int auth_rsa(struct passwd * pw, BIGNUM * client_n);

/* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer

over the key. Skips any whitespace at the beginning and at end. */

* Parses an RSA key (number of bits, e, n) from a string. Moves the pointer

* over the key. Skips any whitespace at the beginning and at end.

int auth_rsa_read_key(char **cpp, unsigned int *bitsp, BIGNUM * e, BIGNUM * n);

/* Returns the name of the machine at the other end of the socket. The

returned string should be freed by the caller. */

* Returns the name of the machine at the other end of the socket. The

* returned string should be freed by the caller.

char *get_remote_hostname(int socket);

/* Return the canonical name of the host in the other side of the current

connection (as returned by packet_get_connection). The host name is

* Return the canonical name of the host in the other side of the current

cached, so it is efficient to call this several times. */

* connection (as returned by packet_get_connection). The host name is

* cached, so it is efficient to call this several times.

const char *get_canonical_hostname(void);

/* Returns the remote IP address as an ascii string. The value need not be

freed by the caller. */

* Returns the remote IP address as an ascii string. The value need not be

* freed by the caller.

const char *get_remote_ipaddr(void);

/* Returns the port number of the peer of the socket. */

Line 296

Line 353

/* Returns the port number of the remote host. */

int get_remote_port(void);

/* Tries to match the host name (which must be in all lowercase) against the

comma-separated sequence of subpatterns (each possibly preceded by ! to

* Tries to match the host name (which must be in all lowercase) against the

indicate negation). Returns true if there is a positive match; zero

* comma-separated sequence of subpatterns (each possibly preceded by ! to

otherwise. */

* indicate negation). Returns true if there is a positive match; zero

* otherwise.

int match_hostname(const char *host, const char *pattern, unsigned int len);

/* Checks whether the given host is already in the list of our known hosts.

Returns HOST_OK if the host is known and has the specified key,

* Checks whether the given host is already in the list of our known hosts.

HOST_NEW if the host is not known, and HOST_CHANGED if the host is known

* Returns HOST_OK if the host is known and has the specified key, HOST_NEW

but used to have a different host key. The host must be in all lowercase. */

* if the host is not known, and HOST_CHANGED if the host is known but used

* to have a different host key. The host must be in all lowercase.

typedef enum {

HOST_OK, HOST_NEW, HOST_CHANGED

} HostStatus;

Line 313

Line 374

check_host_in_hostfile(const char *filename, const char *host,

BIGNUM * e, BIGNUM * n, BIGNUM * ke, BIGNUM * kn);

/* Appends an entry to the host file. Returns false if the entry

could not be appended. */

* Appends an entry to the host file. Returns false if the entry could not

* be appended.

int

add_host_to_hostfile(const char *filename, const char *host,

BIGNUM * e, BIGNUM * n);

/* Performs the RSA authentication challenge-response dialog with the client,

and returns true (non-zero) if the client gave the correct answer to

* Performs the RSA authentication challenge-response dialog with the client,

our challenge; returns zero if the client gives a wrong answer. */

* and returns true (non-zero) if the client gave the correct answer to our

* challenge; returns zero if the client gives a wrong answer.

int auth_rsa_challenge_dialog(BIGNUM * e, BIGNUM * n);

/* Reads a passphrase from /dev/tty with echo turned off. Returns the

passphrase (allocated with xmalloc). Exits if EOF is encountered.

* Reads a passphrase from /dev/tty with echo turned off. Returns the

If from_stdin is true, the passphrase will be read from stdin instead. */

* passphrase (allocated with xmalloc). Exits if EOF is encountered. If

* from_stdin is true, the passphrase will be read from stdin instead.

char *read_passphrase(const char *prompt, int from_stdin);

/* Saves the authentication (private) key in a file, encrypting it with

passphrase. The identification of the file (lowest 64 bits of n)

* Saves the authentication (private) key in a file, encrypting it with

will precede the key to provide identification of the key without

* passphrase. The identification of the file (lowest 64 bits of n) will

needing a passphrase. */

* precede the key to provide identification of the key without needing a

* passphrase.

int

save_private_key(const char *filename, const char *passphrase,

RSA * private_key, const char *comment);

/* Loads the public part of the key file (public key and comment).

Returns 0 if an error occurred; zero if the public key was successfully

* Loads the public part of the key file (public key and comment). Returns 0

read. The comment of the key is returned in comment_return if it is

* if an error occurred; zero if the public key was successfully read. The

non-NULL; the caller must free the value with xfree. */

* comment of the key is returned in comment_return if it is non-NULL; the

* caller must free the value with xfree.

int

load_public_key(const char *filename, RSA * pub,

char **comment_return);

/* Loads the private key from the file. Returns 0 if an error is encountered

(file does not exist or is not readable, or passphrase is bad).

* Loads the private key from the file. Returns 0 if an error is encountered

This initializes the private key. The comment of the key is returned

* (file does not exist or is not readable, or passphrase is bad). This

in comment_return if it is non-NULL; the caller must free the value

* initializes the private key. The comment of the key is returned in

with xfree. */

* comment_return if it is non-NULL; the caller must free the value with

* xfree.

int

load_private_key(const char *filename, const char *passphrase,

RSA * private_key, char **comment_return);

Line 399

Line 472

/* same as fatal() but w/o logging */

void fatal_cleanup(void);

/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting.

It is permissible to call fatal_remove_cleanup for the function itself

* Registers a cleanup function to be called by fatal()/fatal_cleanup()

from the function. */

* before exiting. It is permissible to call fatal_remove_cleanup for the

* function itself from the function.

void fatal_add_cleanup(void (*proc) (void *context), void *context);

/* Removes a cleanup function to be called at fatal(). */

Line 412

Line 487

/* Sets specific protocol options. */

void channel_set_options(int hostname_in_open);

/* Allocate a new channel object and set its type and socket. Remote_name

must have been allocated with xmalloc; this will free it when the channel

* Allocate a new channel object and set its type and socket. Remote_name

is freed. */

* must have been allocated with xmalloc; this will free it when the channel

* is freed.

int channel_allocate(int type, int sock, char *remote_name);

/* Free the channel and close its socket. */

Line 423

Line 500

/* Add any bits relevant to channels in select bitmasks. */

void channel_prepare_select(fd_set * readset, fd_set * writeset);

/* After select, perform any appropriate operations for channels which

have events pending. */

* After select, perform any appropriate operations for channels which have

* events pending.

void channel_after_select(fd_set * readset, fd_set * writeset);

/* If there is data to send to the connection, send some of it now. */

void channel_output_poll(void);

/* This is called when a packet of type CHANNEL_DATA has just been received.

The message type has already been consumed, but channel number and data

* This is called when a packet of type CHANNEL_DATA has just been received.

is still there. */

* The message type has already been consumed, but channel number and data is

* still there.

void channel_input_data(int payload_len);

/* Returns true if no channel has too much buffered data. */

Line 454

Line 535

any unix domain sockets. */

void channel_stop_listening(void);

/* Closes the sockets of all channels. This is used to close extra file

descriptors after a fork. */

* Closes the sockets of all channels. This is used to close extra file

* descriptors after a fork.

void channel_close_all(void);

/* Returns the maximum file descriptor number used by the channels. */

Line 464

Line 547

/* Returns true if there is still an open channel over the connection. */

int channel_still_open(void);

/* Returns a string containing a list of all open channels. The list is

suitable for displaying to the user. It uses crlf instead of newlines.

* Returns a string containing a list of all open channels. The list is

The caller should free the string with xfree. */

* suitable for displaying to the user. It uses crlf instead of newlines.

* The caller should free the string with xfree.

char *channel_open_message(void);

/* Initiate forwarding of connections to local port "port" through the secure

channel to host:port from remote side. This never returns if there

* Initiate forwarding of connections to local port "port" through the secure

was an error. */

* channel to host:port from remote side. This never returns if there was an

* error.

void

channel_request_local_forwarding(int port, const char *host,

int remote_port);

/* Initiate forwarding of connections to port "port" on remote host through

the secure channel to host:port from local side. This never returns

* Initiate forwarding of connections to port "port" on remote host through

if there was an error. This registers that open requests for that

* the secure channel to host:port from local side. This never returns if

port are permitted. */

* there was an error. This registers that open requests for that port are

* permitted.

void

channel_request_remote_forwarding(int port, const char *host,

int remote_port);

/* Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually

called by the server, because the user could connect to any port anyway,

* Permits opening to any host/port in SSH_MSG_PORT_OPEN. This is usually

and the server has no way to know but to trust the client anyway. */

* called by the server, because the user could connect to any port anyway,

* and the server has no way to know but to trust the client anyway.

void channel_permit_all_opens(void);

/* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates

listening for the port, and sends back a success reply (or disconnect

* This is called after receiving CHANNEL_FORWARDING_REQUEST. This initates

message if there was an error). This never returns if there was an

* listening for the port, and sends back a success reply (or disconnect

error. */

* message if there was an error). This never returns if there was an error.

void channel_input_port_forward_request(int is_root);

/* This is called after receiving PORT_OPEN message. This attempts to connect

to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION or

* This is called after receiving PORT_OPEN message. This attempts to

CHANNEL_OPEN_FAILURE. */

* connect to the given host:port, and sends back CHANNEL_OPEN_CONFIRMATION

* or CHANNEL_OPEN_FAILURE.

void channel_input_port_open(int payload_len);

/* Creates a port for X11 connections, and starts listening for it.

Returns the display name, or NULL if an error was encountered. */

* Creates a port for X11 connections, and starts listening for it. Returns

* the display name, or NULL if an error was encountered.

char *x11_create_display(int screen);

/* Creates an internet domain socket for listening for X11 connections.

Returns a suitable value for the DISPLAY variable, or NULL if an error

* Creates an internet domain socket for listening for X11 connections.

occurs. */

* Returns a suitable value for the DISPLAY variable, or NULL if an error

* occurs.

char *x11_create_display_inet(int screen);

/* This is called when SSH_SMSG_X11_OPEN is received. The packet contains

the remote channel number. We should do whatever we want, and respond

* This is called when SSH_SMSG_X11_OPEN is received. The packet contains

with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE. */

* the remote channel number. We should do whatever we want, and respond

* with either SSH_MSG_OPEN_CONFIRMATION or SSH_MSG_OPEN_FAILURE.

void x11_input_open(int payload_len);

/* Requests forwarding of X11 connections. This should be called on the

client only. */

* Requests forwarding of X11 connections. This should be called on the

* client only.

void x11_request_forwarding(void);

/* Requests forwarding for X11 connections, with authentication spoofing.

This should be called in the client only. */

* Requests forwarding for X11 connections, with authentication spoofing.

* This should be called in the client only.

void x11_request_forwarding_with_spoofing(const char *proto, const char *data);

/* Sends a message to the server to request authentication fd forwarding. */

void auth_request_forwarding(void);

/* Returns the name of the forwarded authentication socket. Returns NULL

if there is no forwarded authentication socket. The returned value points

* Returns the name of the forwarded authentication socket. Returns NULL if

to a static buffer. */

* there is no forwarded authentication socket. The returned value points to

* a static buffer.

char *auth_get_socket_name(void);

/* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.

This starts forwarding authentication requests. */

* This if called to process SSH_CMSG_AGENT_REQUEST_FORWARDING on the server.

* This starts forwarding authentication requests.

void auth_input_request_forwarding(struct passwd * pw);

/* This is called to process an SSH_SMSG_AGENT_OPEN message. */

void auth_input_open_request(void);

/* Returns true if the given string matches the pattern (which may contain

? and * as wildcards), and zero if it does not match. */

* Returns true if the given string matches the pattern (which may contain ?

* and * as wildcards), and zero if it does not match.

int match_pattern(const char *s, const char *pattern);

/* Expands tildes in the file name. Returns data allocated by xmalloc.

Warning: this calls getpw*. */

* Expands tildes in the file name. Returns data allocated by xmalloc.

* Warning: this calls getpw*.

char *tilde_expand_filename(const char *filename, uid_t my_uid);

/* Performs the interactive session. This handles data transmission between

the client and the program. Note that the notion of stdin, stdout, and

* Performs the interactive session. This handles data transmission between

stderr in this function is sort of reversed: this function writes to

* the client and the program. Note that the notion of stdin, stdout, and

stdin (of the child program), and reads from stdout and stderr (of the

* stderr in this function is sort of reversed: this function writes to stdin

child program). */

* (of the child program), and reads from stdout and stderr (of the child

* program).

void server_loop(int pid, int fdin, int fdout, int fderr);

/* Client side main loop for the interactive session. */

Line 563

Line 677

#ifdef KRB4

#include <krb.h>

/* Performs Kerberos v4 mutual authentication with the client. This returns

0 if the client could not be authenticated, and 1 if authentication was

* Performs Kerberos v4 mutual authentication with the client. This returns 0

successful. This may exit if there is a serious protocol violation. */

* if the client could not be authenticated, and 1 if authentication was

* successful. This may exit if there is a serious protocol violation.

int auth_krb4(const char *server_user, KTEXT auth, char **client);

int krb4_init(uid_t uid);

void krb4_cleanup_proc(void *ignore);