1/*
2 * This file is part of the SSH Library
3 *
4 * Copyright (c) 2009 by Aris Adamantiadis
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21#ifndef AUTH_H_
22#define AUTH_H_
23#include "config.h"
24#include "libssh/callbacks.h"
25
26SSH_PACKET_CALLBACK(ssh_packet_userauth_banner);
27SSH_PACKET_CALLBACK(ssh_packet_userauth_failure);
28SSH_PACKET_CALLBACK(ssh_packet_userauth_success);
29SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok);
30SSH_PACKET_CALLBACK(ssh_packet_userauth_info_request);
31SSH_PACKET_CALLBACK(ssh_packet_userauth_info_response);
32
33/** @internal
34 * kdbint structure must be shared with message.c
35 * and server.c
36 */
37struct ssh_kbdint_struct {
38 uint32_t nprompts;
39 uint32_t nanswers;
40 char *name;
41 char *instruction;
42 char **prompts;
43 unsigned char *echo; /* bool array */
44 char **answers;
45};
46typedef struct ssh_kbdint_struct* ssh_kbdint;
47
48ssh_kbdint ssh_kbdint_new(void);
49void ssh_kbdint_clean(ssh_kbdint kbd);
50void ssh_kbdint_free(ssh_kbdint kbd);
51
52
53#ifdef WITH_SSH1
54void ssh_auth1_handler(ssh_session session, uint8_t type);
55
56/* auth1.c */
57int ssh_userauth1_none(ssh_session session, const char *username);
58int ssh_userauth1_offer_pubkey(ssh_session session, const char *username,
59 int type, ssh_string pubkey);
60int ssh_userauth1_password(ssh_session session, const char *username,
61 const char *password);
62
63
64#endif
65
66/** @internal
67 * States of authentication in the client-side. They describe
68 * what was the last response from the server
69 */
70enum ssh_auth_state_e {
71 /** No authentication asked */
72 SSH_AUTH_STATE_NONE=0,
73 /** Last authentication response was a partial success */
74 SSH_AUTH_STATE_PARTIAL,
75 /** Last authentication response was a success */
76 SSH_AUTH_STATE_SUCCESS,
77 /** Last authentication response was failed */
78 SSH_AUTH_STATE_FAILED,
79 /** Last authentication was erroneous */
80 SSH_AUTH_STATE_ERROR,
81 /** Last state was a keyboard-interactive ask for info */
82 SSH_AUTH_STATE_INFO,
83 /** Last state was a public key accepted for authentication */
84 SSH_AUTH_STATE_PK_OK,
85 /** We asked for a keyboard-interactive authentication */
86 SSH_AUTH_STATE_KBDINT_SENT,
87 /** We have sent an userauth request with gssapi-with-mic */
88 SSH_AUTH_STATE_GSSAPI_REQUEST_SENT,
89 /** We are exchanging tokens until authentication */
90 SSH_AUTH_STATE_GSSAPI_TOKEN,
91 /** We have sent the MIC and expecting to be authenticated */
92 SSH_AUTH_STATE_GSSAPI_MIC_SENT,
93 /** We have offered a pubkey to check if it is supported */
94 SSH_AUTH_STATE_PUBKEY_OFFER_SENT,
95 /** We have sent pubkey and signature expecting to be authenticated */
96 SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
97 /** We have sent a password expecting to be authenticated */
98 SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
99 /** We have sent a request without auth information (method 'none') */
100 SSH_AUTH_STATE_AUTH_NONE_SENT,
101};
102
103/** @internal
104 * @brief states of the authentication service request
105 */
106enum ssh_auth_service_state_e {
107 /** initial state */
108 SSH_AUTH_SERVICE_NONE=0,
109 /** Authentication service request packet sent */
110 SSH_AUTH_SERVICE_SENT,
111 /** Service accepted */
112 SSH_AUTH_SERVICE_ACCEPTED,
113 /** Access to service denied (fatal) */
114 SSH_AUTH_SERVICE_DENIED,
115 /** Specific to SSH1 */
116 SSH_AUTH_SERVICE_USER_SENT
117};
118
119#endif /* AUTH_H_ */
120