Resolve conflicts. Known issues:

 - sshd fails to set TERM correctly.
 - privilege separation may break PAM and is currently turned off.
 - man pages have not yet been updated

I will have these issues resolved, and privilege separation turned on by
default, in time for DP2.

Sponsored by:	DARPA, NAI Labs

1 files changed, 41 insertions, 6 deletions

diff --git a/crypto/openssh/auth.h b/crypto/openssh/auth.h
index a6265f3..3fc7954 100644
--- a/crypto/openssh/auth.h
+++ b/crypto/openssh/auth.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: auth.h,v 1.29 2002/03/04 17:27:39 stevesk Exp $	*/
+/*	$OpenBSD: auth.h,v 1.39 2002/05/31 11:35:15 markus Exp $	*/
 /*	$FreeBSD$	*/
 
 /*
@@ -44,6 +44,7 @@
 #endif
 
 typedef struct Authctxt Authctxt;
+typedef struct Authmethod Authmethod;
 typedef struct KbdintDevice KbdintDevice;
 
 struct Authctxt {
@@ -72,6 +73,12 @@ struct Authctxt {
 #endif
 };
 
+struct Authmethod {
+	char	*name;
+	int	(*userauth)(Authctxt *authctxt);
+	int	*enabled;
+};
+
 /*
  * Keyboard interactive device:
  * init_ctx	returns: non NULL upon success
@@ -89,14 +96,21 @@ struct KbdintDevice
 	void	(*free_ctx)(void *ctx);
 };
 
-int     auth_rhosts(struct passwd *, const char *);
+int      auth_rhosts(struct passwd *, const char *);
 int
 auth_rhosts2(struct passwd *, const char *, const char *, const char *);
 
-int	 auth_rhosts_rsa(struct passwd *, const char *, Key *);
+int	 auth_rhosts_rsa(struct passwd *, char *, Key *);
 int      auth_password(Authctxt *, const char *);
 int      auth_rsa(struct passwd *, BIGNUM *);
-int      auth_rsa_challenge_dialog(RSA *);
+int      auth_rsa_challenge_dialog(Key *);
+BIGNUM	*auth_rsa_generate_challenge(Key *);
+int	 auth_rsa_verify_response(Key *, BIGNUM *, u_char[]);
+int	 auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **);
+
+int	 auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *);
+int	 hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+int	 user_key_allowed(struct passwd *, Key *);
 
 #ifdef KRB4
 #include <krb.h>
@@ -119,18 +133,27 @@ int	auth_krb5_password(Authctxt *authctxt, const char *password);
 void	krb5_cleanup_proc(void *authctxt);
 #endif /* KRB5 */
 
-void	do_authentication(void);
-void	do_authentication2(void);
+Authctxt *do_authentication(void);
+Authctxt *do_authentication2(void);
 
 Authctxt *authctxt_new(void);
 void	auth_log(Authctxt *, int, char *, char *);
 void	userauth_finish(Authctxt *, int, char *);
 int	auth_root_allowed(char *);
 
+char	*auth2_read_banner(void);
+
+void	privsep_challenge_enable(void);
+
 int	auth2_challenge(Authctxt *, char *);
 void	auth2_challenge_stop(Authctxt *);
+int	bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
+int	bsdauth_respond(void *, u_int, char **);
+int	skey_query(void *, char **, char **, u_int *, char ***, u_int **);
+int	skey_respond(void *, u_int, char **);
 
 int	allowed_user(struct passwd *);
+struct passwd * getpwnamallow(const char *user);
 
 char	*get_challenge(Authctxt *);
 int	verify_response(Authctxt *, const char *);
@@ -148,8 +171,20 @@ HostStatus
 check_key_in_hostfiles(struct passwd *, Key *, const char *,
     const char *, const char *);
 
+/* hostkey handling */
+Key	*get_hostkey_by_index(int);
+Key	*get_hostkey_by_type(int);
+int	 get_hostkey_index(Key *);
+int	 ssh1_session_key(BIGNUM *);
+
+/* debug messages during authentication */
+void	 auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2)));
+void	 auth_debug_send(void);
+void	 auth_debug_reset(void);
+
 #define AUTH_FAIL_MAX 6
 #define AUTH_FAIL_LOG (AUTH_FAIL_MAX/2)
 #define AUTH_FAIL_MSG "Too many authentication failures for %.100s"
 
+#define SKEY_PROMPT "\nOPIE Password: "
 #endif