Mercurial > dropbear
comparison pubkeyapi.h @ 1733:d529a52b2f7c coverity coverity
merge coverity from main
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 26 Jun 2020 21:07:34 +0800 |
| parents | cc0fc5131c5c |
| children |
comparison
equal
deleted
inserted
replaced
| 1643:b59623a64678 | 1733:d529a52b2f7c |
|---|---|
| 1 /* | |
| 2 * Dropbear - a SSH2 server | |
| 3 * | |
| 4 * Copyright (c) 2002,2003 Matt Johnston | |
| 5 * All rights reserved. | |
| 6 * | |
| 7 * Permission is hereby granted, free of charge, to any person obtaining a copy | |
| 8 * of this software and associated documentation files (the "Software"), to deal | |
| 9 * in the Software without restriction, including without limitation the rights | |
| 10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| 11 * copies of the Software, and to permit persons to whom the Software is | |
| 12 * furnished to do so, subject to the following conditions: | |
| 13 * | |
| 14 * The above copyright notice and this permission notice shall be included in | |
| 15 * all copies or substantial portions of the Software. | |
| 16 * | |
| 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| 18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| 19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| 20 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| 21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| 22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| 23 * SOFTWARE. */ | |
| 24 #ifndef DROPBEAR_PUBKEY_H | |
| 25 #define DROPBEAR_PUBKEY_H | |
| 26 | |
| 27 | |
| 28 /* External Public Key API (EPKA) Plug-in Interface | |
| 29 * | |
| 30 * See: | |
| 31 * https://github.com/fabriziobertocci/dropbear-epka | |
| 32 * for additional information and examples about this API | |
| 33 * | |
| 34 */ | |
| 35 | |
| 36 struct PluginInstance; | |
| 37 struct PluginSession; | |
| 38 | |
| 39 /* API VERSION INFORMATION - | |
| 40 * Dropbear will: | |
| 41 * - Reject any plugin with a major version mismatch | |
| 42 * - Load and print a warning if the plugin's minor version is HIGHER than | |
| 43 * dropbear's minor version (assumes properties are added at the end of | |
| 44 * PluginInstance or PluginSession). This is a case of plugin newer than dropbear. | |
| 45 * - Reject if the plugin minor version is SMALLER than dropbear one (case | |
| 46 * of plugin older than dropbear). | |
| 47 * - Load (with no warnings) if version match. | |
| 48 */ | |
| 49 #define DROPBEAR_PLUGIN_VERSION_MAJOR 1 | |
| 50 #define DROPBEAR_PLUGIN_VERSION_MINOR 0 | |
| 51 | |
| 52 | |
| 53 /* Creates an instance of the plugin. | |
| 54 * | |
| 55 * This is the main entry point of the plug-in and should be IMMUTABLE across | |
| 56 * different API versions. Dropbear will check the version number | |
| 57 * returned in the api_version to match the version it understands and reject | |
| 58 * any plugin for which API major version does not match. | |
| 59 * | |
| 60 * If the version MINOR is different, dropbear will allow the plugin to run | |
| 61 * only if: plugin_MINOR > dropbear_MINOR | |
| 62 * | |
| 63 * If plugin_MINOR < dropbear_MINOR or if the MAJOR version is different | |
| 64 * dropbear will reject the plugin and terminate the execution. | |
| 65 * | |
| 66 * addrstring is the IP address of the client. | |
| 67 * | |
| 68 * Returns NULL in case of failure, otherwise a void * of the instance that need | |
| 69 * to be passed to all the subsequent call to the plugin | |
| 70 */ | |
| 71 typedef struct PluginInstance *(* PubkeyExtPlugin_newFn)(int verbose, | |
| 72 const char *options, | |
| 73 const char *addrstring); | |
| 74 #define DROPBEAR_PUBKEY_PLUGIN_FNNAME_NEW "plugin_new" | |
| 75 | |
| 76 | |
| 77 /* Validate a client through public key authentication | |
| 78 * | |
| 79 * If session has not been already created, creates it and store it | |
| 80 * in *sessionInOut. | |
| 81 * If session is a non-NULL, it will reuse it. | |
| 82 * | |
| 83 * Returns DROPBEAR_SUCCESS (0) if success or DROPBEAR_FAILURE (-1) if | |
| 84 * authentication fails | |
| 85 */ | |
| 86 typedef int (* PubkeyExtPlugin_checkPubKeyFn)(struct PluginInstance *PluginInstance, | |
| 87 struct PluginSession **sessionInOut, | |
| 88 const char* algo, | |
| 89 unsigned int algolen, | |
| 90 const unsigned char* keyblob, | |
| 91 unsigned int keybloblen, | |
| 92 const char *username); | |
| 93 | |
| 94 /* Notify the plugin that auth completed (after signature verification) | |
| 95 */ | |
| 96 typedef void (* PubkeyExtPlugin_authSuccessFn)(struct PluginSession *session); | |
| 97 | |
| 98 /* Deletes a session | |
| 99 * TODO: Add a reason why the session is terminated. See svr_dropbear_exit (in svr-session.c) | |
| 100 */ | |
| 101 typedef void (* PubkeyExtPlugin_sessionDeleteFn)(struct PluginSession *session); | |
| 102 | |
| 103 /* Deletes the plugin instance */ | |
| 104 typedef void (* PubkeyExtPlugin_deleteFn)(struct PluginInstance *PluginInstance); | |
| 105 | |
| 106 | |
| 107 /* The PluginInstance object - A simple container of the pointer to the functions used | |
| 108 * by Dropbear. | |
| 109 * | |
| 110 * A plug-in can extend it to add its own properties | |
| 111 * | |
| 112 * The instance is created from the call to the plugin_new() function of the | |
| 113 * shared library. | |
| 114 * The delete_plugin function should delete the object. | |
| 115 */ | |
| 116 struct PluginInstance { | |
| 117 int api_version[2]; /* 0=Major, 1=Minor */ | |
| 118 | |
| 119 PubkeyExtPlugin_checkPubKeyFn checkpubkey; /* mandatory */ | |
| 120 PubkeyExtPlugin_authSuccessFn auth_success; /* optional */ | |
| 121 PubkeyExtPlugin_sessionDeleteFn delete_session; /* mandatory */ | |
| 122 PubkeyExtPlugin_deleteFn delete_plugin; /* mandatory */ | |
| 123 }; | |
| 124 | |
| 125 /***************************************************************************** | |
| 126 * SESSION | |
| 127 ****************************************************************************/ | |
| 128 /* Returns the options from the session. | |
| 129 * The returned buffer will be destroyed when the session is deleted. | |
| 130 * Option buffer string NULL-terminated | |
| 131 */ | |
| 132 typedef char * (* PubkeyExtPlugin_getOptionsFn)(struct PluginSession *session); | |
| 133 | |
| 134 | |
| 135 /* An SSH Session. Created during pre-auth and reused during the authentication. | |
| 136 * The plug-in should delete this object (or any object extending it) from | |
| 137 * the delete_session() function. | |
| 138 * | |
| 139 * Extend it to cache user and authentication information that can be | |
| 140 * reused between pre-auth and auth (and to store whatever session-specific | |
| 141 * variable you need to keep). | |
| 142 * | |
| 143 * Store any optional auth options in the auth_options property of the session. | |
| 144 */ | |
| 145 struct PluginSession { | |
| 146 struct PluginInstance * plugin_instance; | |
| 147 | |
| 148 PubkeyExtPlugin_getOptionsFn get_options; | |
| 149 }; | |
| 150 | |
| 151 #endif |