#ifndef WH_KEYFILES_H_7ba76961_ #define WH_KEYFILES_H_7ba76961_ /* This file is in the public domain. */ #include #include /* * This typedef is here, before we #include "algs.h", to work around an * annoying issue. We include algs.h which includes userauth.h which * includes us because it (userauth.h) uses AK_CMD_LIST. If we leave * this typedef until after we include algs.h, then, when userauth.h * uses AK_CMD_LIST, the typedef is not yet in effect and it produces * an error. * * There is probably a better way to fix this. I welcome suggestions. */ typedef struct ak_cmd_list AK_CMD_LIST; #include "str.h" #include "algs.h" extern int load_key_pair( const char *, const char *, void **, int *, HKALG **, void **, int *, char **, char *, FILE *); extern int load_key_pair_stdio( FILE *, const char *, FILE *, const char *, void **, int *, HKALG **, void **, int *, char **, char *, FILE *); extern int load_key_pub_string( const char *, const char *, void **, int *, HKALG **, char **, char *, FILE *); extern void write_key( HKALG *, const char *, void *, int, const char *, const char *, void *, int ); extern int write_pub_to_fd(const char *, const char *, int, HKALG *, const void *, int, const char *); extern int write_priv_to_fd(const char *, const char *, int, const void *, int); extern int brief_pub_to_fd(const char *, const char *, int, HKALG *, const char *); extern int key_files_exist(const char *, const char *); /* * Authorized-keys file reading. * * read_authkeys_file(fn,cb) reads file fn, calling cb for each key or * clause found. The AK * passed to the callback goes invalid as soon * as the callback returns. * * ak_nkeys(ak) and ak_key(ak,n) retrieve the number of keys in a * clause and the Nth key for a given N. Keys are returned as * pointers to AK_KEY structs; these returned pointers must not be * freed, and go invalid as soon as the AK * argument does. * * ak_ip_ok(ak,sa,salen) tests whether a given client address is * acceptable according to the clientip clauses present, if any, in * the clause. The return value can be AK_IP_ALLOW, AK_IP_DENY, or * AK_IP_SKIP; ALLOW and DENY have the obvious meanings, while SKIP * means that the clause should be skipped, as if the key did not * match. (It is up to the caller to check whether the key matches.) * * ak_cmd_list_get(ak) returns an AK_CMD_LIST * which is used to check * acceptability of a proposed command. This pointer's validity does * survive termination of the enclosing read_authkeys_file callback; * it must be freed with ak_cmd_list_done(akcl) when it's no longer * needed. * * ak_cmd_list_ok(akcl,cmd,cmdlen,tty) checks a proposed command. It * takes the AK_CMD_LIST *, the proposed command line (as a * pointer-and-length), and a boolean indicating whether the client * has requested a pseudo-tty (true=yes). Return value is zero for * "not acceptable" and nonzero for "acceptable". To check a proposed * interactive shell session, pass a nil pointer for the command * buffer and AKCL_SHELL for the length. * * ak_cmd_list_override(akcl) indicates whether the client-specified * command is to be overridden. If `override' was used in the clause, * this returns a ROSTR containing the specified command. (The memory * pointed to by the ROSTR is valid until ak_cmd_list_done() is called * on the AK_CMD_LIST *.) If `override' was not used, the returned * ROSTR has length zero and a nil data pointer. * * ak_cmd_list_done(akcl) frees up any memory held by the AK_CMD_LIST. * As mentioned above under ak_cmd_list_get(), it must be called when * the AK_CMD_LIST is no longer needed to avoid leaking memory. (If * ak_cmd_list_get returns nil, no ak_cmd_list_done call is needed, * though it is still permitted.) */ typedef enum { AK_IP_ALLOW = 1, AK_IP_DENY, AK_IP_SKIP, } AK_IP_OK_RV; typedef struct ak AK; typedef struct ak_key AK_KEY; struct ak_key { HKALG *alg; ROSTR blob; const char *comment; } ; extern int read_authkeys_file(const char *, int (*)(AK *)); extern int ak_nkeys(AK *); extern const AK_KEY *ak_key(AK *, int); extern AK_IP_OK_RV ak_ip_ok(AK *, const struct sockaddr *, int); extern AK_CMD_LIST *ak_cmd_list_get(AK *); #define AKCL_SHELL (-10001) extern int ak_cmd_list_ok(AK_CMD_LIST *, const char *, int, int); extern ROSTR ak_cmd_list_override(AK_CMD_LIST *); extern void ak_cmd_list_done(AK_CMD_LIST *); #endif