diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/libssh/callbacks.h | 54 |
1 files changed, 52 insertions, 2 deletions
diff --git a/include/libssh/callbacks.h b/include/libssh/callbacks.h index 5fd7dd1e..a7fdb5b6 100644 --- a/include/libssh/callbacks.h +++ b/include/libssh/callbacks.h @@ -106,7 +106,6 @@ typedef void (*ssh_global_request_callback) (ssh_session session, typedef ssh_channel (*ssh_channel_open_request_x11_callback) (ssh_session session, const char * originator_address, int originator_port, void *userdata); - /** * The structure to replace libssh functions with appropriate callbacks. */ @@ -137,7 +136,6 @@ struct ssh_callbacks_struct { /** This function will be called when an incoming X11 request is received. */ ssh_channel_open_request_x11_callback channel_open_request_x11_function; - }; typedef struct ssh_callbacks_struct *ssh_callbacks; @@ -202,6 +200,49 @@ typedef int (*ssh_service_request_callback) (ssh_session session, const char *se */ typedef ssh_channel (*ssh_channel_open_request_session_callback) (ssh_session session, void *userdata); +/* + * @brief handle the beginning of a GSSAPI authentication, server side. + * @param session current session handler + * @param user the username of the client + * @param n_oid number of available oids + * @param oids OIDs provided by the client + * @returns an ssh_string containing the chosen OID, that's supported by both + * client and server. + * @warning It is not necessary to fill this callback in if libssh is linked + * with libgssapi. + */ +typedef ssh_string (*ssh_gssapi_select_oid_callback) (ssh_session session, const char *user, + int n_oid, ssh_string *oids, void *userdata); + +/* + * @brief handle the negociation of a security context, server side. + * @param session current session handler + * @param[in] input_token input token provided by client + * @param[out] output_token output of the gssapi accept_sec_context method, + * NULL after completion. + * @returns SSH_OK if the token was generated correctly or accept_sec_context + * returned GSS_S_COMPLETE + * @returns SSH_ERROR in case of error + * @warning It is not necessary to fill this callback in if libssh is linked + * with libgssapi. + */ +typedef int (*ssh_gssapi_accept_sec_ctx_callback) (ssh_session session, + ssh_string input_token, ssh_string *output_token, void *userdata); + +/* + * @brief Verify and authenticates a MIC, server side. + * @param session current session handler + * @param[in] mic input mic to be verified provided by client + * @param[in] mic_buffer buffer of data to be signed. + * @param[in] mic_buffer_size size of mic_buffer + * @returns SSH_OK if the MIC was authenticated correctly + * @returns SSH_ERROR in case of error + * @warning It is not necessary to fill this callback in if libssh is linked + * with libgssapi. + */ +typedef int (*ssh_gssapi_verify_mic_callback) (ssh_session session, + ssh_string mic, void *mic_buffer, size_t mic_buffer_size, void *userdata); + /** * This structure can be used to implement a libssh server, with appropriate callbacks. */ @@ -235,6 +276,15 @@ struct ssh_server_callbacks_struct { * the client */ ssh_channel_open_request_session_callback channel_open_request_session_function; + /** This function will be called when a new gssapi authentication is attempted. + */ + ssh_gssapi_select_oid_callback gssapi_select_oid_function; + /** This function will be called when a gssapi token comes in. + */ + ssh_gssapi_accept_sec_ctx_callback gssapi_accept_sec_ctx_function; + /* This function will be called when a MIC needs to be verified. + */ + ssh_gssapi_verify_mic_callback gssapi_verify_mic_function; }; typedef struct ssh_server_callbacks_struct *ssh_server_callbacks; |