]>
Commit | Line | Data |
---|---|---|
dfe18a29 | 1 | /* $OpenBSD: hostfile.h,v 1.29 2021/01/26 00:51:30 djm Exp $ */ |
36579d3d | 2 | |
e4340be5 DM |
3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
5 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
6 | * All rights reserved | |
7 | * | |
8 | * As far as I am concerned, the code I have written for this software | |
9 | * can be used freely for any purpose. Any derived versions of this | |
10 | * software must be clearly marked as such, and if the derived work is | |
11 | * incompatible with the protocol description in the RFC file, it must be | |
12 | * called by a name other than "ssh" or "Secure Shell". | |
13 | */ | |
450a7a1f DM |
14 | #ifndef HOSTFILE_H |
15 | #define HOSTFILE_H | |
16 | ||
450a7a1f | 17 | typedef enum { |
1aed65eb | 18 | HOST_OK, HOST_NEW, HOST_CHANGED, HOST_REVOKED, HOST_FOUND |
450a7a1f | 19 | } HostStatus; |
46c16220 | 20 | |
d925dcd8 DM |
21 | typedef enum { |
22 | MRK_ERROR, MRK_NONE, MRK_REVOKE, MRK_CA | |
23 | } HostkeyMarker; | |
24 | ||
25 | struct hostkey_entry { | |
26 | char *host; | |
27 | char *file; | |
28 | u_long line; | |
1129dcfc | 29 | struct sshkey *key; |
d925dcd8 | 30 | HostkeyMarker marker; |
b4c7cd11 | 31 | u_int note; /* caller-specific note/flag */ |
d925dcd8 | 32 | }; |
dfe18a29 | 33 | struct hostkeys { |
34 | struct hostkey_entry *entries; | |
35 | u_int num_entries; | |
36 | }; | |
d925dcd8 DM |
37 | |
38 | struct hostkeys *init_hostkeys(void); | |
b4c7cd11 | 39 | void load_hostkeys(struct hostkeys *, const char *, |
40 | const char *, u_int); | |
41 | void load_hostkeys_file(struct hostkeys *, const char *, | |
42 | const char *, FILE *, u_int note); | |
d925dcd8 DM |
43 | void free_hostkeys(struct hostkeys *); |
44 | ||
1129dcfc | 45 | HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *, |
d925dcd8 | 46 | const struct hostkey_entry **); |
af889a40 | 47 | int lookup_key_in_hostkeys_by_type(struct hostkeys *, int, int, |
d925dcd8 | 48 | const struct hostkey_entry **); |
05a65140 | 49 | int lookup_marker_in_hostkeys(struct hostkeys *, int); |
d925dcd8 | 50 | |
1129dcfc | 51 | int hostfile_read_key(char **, u_int *, struct sshkey *); |
52 | int add_host_to_hostfile(const char *, const char *, | |
53 | const struct sshkey *, int); | |
450a7a1f | 54 | |
6c5c9497 | 55 | int hostfile_replace_entries(const char *filename, |
56 | const char *host, const char *ip, struct sshkey **keys, size_t nkeys, | |
57 | int store_hash, int quiet, int hash_alg); | |
8d4f8725 | 58 | |
e1776155 DM |
59 | #define HASH_MAGIC "|1|" |
60 | #define HASH_DELIM '|' | |
61 | ||
0a80ca19 | 62 | #define CA_MARKER "@cert-authority" |
1aed65eb | 63 | #define REVOKE_MARKER "@revoked" |
0a80ca19 | 64 | |
e1776155 DM |
65 | char *host_hash(const char *, const char *, u_int); |
66 | ||
c29811cc | 67 | /* |
68 | * Iterate through a hostkeys file, optionally parsing keys and matching | |
69 | * hostnames. Allows access to the raw keyfile lines to allow | |
70 | * streaming edits to the file to take place. | |
71 | */ | |
6c5c9497 | 72 | #define HKF_WANT_MATCH (1) /* return only matching hosts/addrs */ |
c29811cc | 73 | #define HKF_WANT_PARSE_KEY (1<<1) /* need key parsed */ |
74 | ||
6c5c9497 | 75 | #define HKF_STATUS_OK 0 /* Line parsed, didn't match host */ |
76 | #define HKF_STATUS_INVALID 1 /* line had parse error */ | |
77 | #define HKF_STATUS_COMMENT 2 /* valid line contained no key */ | |
78 | #define HKF_STATUS_MATCHED 3 /* hostname or IP matched */ | |
79 | ||
80 | #define HKF_MATCH_HOST (1) /* hostname matched */ | |
81 | #define HKF_MATCH_IP (1<<1) /* address matched */ | |
82 | #define HKF_MATCH_HOST_HASHED (1<<2) /* hostname was hashed */ | |
83 | #define HKF_MATCH_IP_HASHED (1<<3) /* address was hashed */ | |
84 | /* XXX HKF_MATCH_KEY_TYPE? */ | |
c29811cc | 85 | |
86 | /* | |
87 | * The callback function receives this as an argument for each matching | |
88 | * hostkey line. The callback may "steal" the 'key' field by setting it to NULL. | |
89 | * If a parse error occurred, then "hosts" and subsequent options may be NULL. | |
90 | */ | |
91 | struct hostkey_foreach_line { | |
92 | const char *path; /* Path of file */ | |
93 | u_long linenum; /* Line number */ | |
6c5c9497 | 94 | u_int status; /* One of HKF_STATUS_* */ |
95 | u_int match; /* Zero or more of HKF_MATCH_* OR'd together */ | |
c29811cc | 96 | char *line; /* Entire key line; mutable by callback */ |
97 | int marker; /* CA/revocation markers; indicated by MRK_* value */ | |
98 | const char *hosts; /* Raw hosts text, may be hashed or list multiple */ | |
c29811cc | 99 | const char *rawkey; /* Text of key and any comment following it */ |
6c5c9497 | 100 | int keytype; /* Type of key; KEY_UNSPEC for invalid/comment lines */ |
c29811cc | 101 | struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */ |
102 | const char *comment; /* Any comment following the key */ | |
b4c7cd11 | 103 | u_int note; /* caller-specified note copied from arguments */ |
c29811cc | 104 | }; |
105 | ||
106 | /* | |
107 | * Callback fires for each line (or matching line if a HKF_WANT_* option | |
108 | * is set). The foreach loop will terminate if the callback returns a non- | |
109 | * zero exit status. | |
110 | */ | |
111 | typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx); | |
112 | ||
6c5c9497 | 113 | /* Iterate over a hostkeys file */ |
b4c7cd11 | 114 | int hostkeys_foreach(const char *path, |
115 | hostkeys_foreach_fn *callback, void *ctx, | |
116 | const char *host, const char *ip, u_int options, u_int note); | |
117 | int hostkeys_foreach_file(const char *path, FILE *f, | |
118 | hostkeys_foreach_fn *callback, void *ctx, | |
119 | const char *host, const char *ip, u_int options, u_int note); | |
c29811cc | 120 | |
74344c3c | 121 | void hostfile_create_user_ssh_dir(const char *, int); |
122 | ||
450a7a1f | 123 | #endif |