1/* $NetBSD: auth.h,v 1.16 2005/02/03 04:39:32 perry Exp $ */ 2 3/* 4 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 5 * unrestricted use provided that this legend is included on all tape 6 * media and as a part of the software program in whole or part. Users 7 * may copy or modify Sun RPC without charge, but are not authorized 8 * to license or distribute it to anyone else except as part of a product or 9 * program developed by the user. 10 * 11 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 12 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 13 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 14 * 15 * Sun RPC is provided with no support and without any obligation on the 16 * part of Sun Microsystems, Inc. to assist in its use, correction, 17 * modification or enhancement. 18 * 19 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 20 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 21 * OR ANY PART THEREOF. 22 * 23 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 24 * or profits or other special, indirect and consequential damages, even if 25 * Sun has been advised of the possibility of such damages. 26 * 27 * Sun Microsystems, Inc. 28 * 2550 Garcia Avenue 29 * Mountain View, California 94043 30 * 31 * from: @(#)auth.h 1.17 88/02/08 SMI 32 * @(#)auth.h 2.3 88/08/07 4.0 RPCSRC 33 */ 34 35/* 36 * auth.h, Authentication interface. 37 * 38 * Copyright (C) 1984, Sun Microsystems, Inc. 39 * 40 * The data structures are completely opaque to the client. The client 41 * is required to pass a AUTH * to routines that create rpc 42 * "sessions". 43 */ 44 45#ifndef _RPC_AUTH_H_ 46#define _RPC_AUTH_H_ 47#include <sys/cdefs.h> 48 49#define MAX_AUTH_BYTES 400 50#define MAXNETNAMELEN 255 /* maximum length of network user's name */ 51 52/* 53 * Status returned from authentication check 54 */ 55enum auth_stat { 56 AUTH_OK=0, 57 /* 58 * failed at remote end 59 */ 60 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 61 AUTH_REJECTEDCRED=2, /* client should begin new session */ 62 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 63 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 64 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 65 /* 66 * failed locally 67 */ 68 AUTH_INVALIDRESP=6, /* bogus response verifier */ 69 AUTH_FAILED=7 /* some unknown reason */ 70}; 71 72union des_block { 73 struct { 74 uint32_t high; 75 uint32_t low; 76 } key; 77 char c[8]; 78}; 79typedef union des_block des_block; 80__BEGIN_DECLS 81extern bool_t xdr_des_block(XDR *, des_block *); 82__END_DECLS 83 84/* 85 * Authentication info. Opaque to client. 86 */ 87struct opaque_auth { 88 enum_t oa_flavor; /* flavor of auth */ 89 caddr_t oa_base; /* address of more auth stuff */ 90 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 91}; 92 93 94/* 95 * Auth handle, interface to client side authenticators. 96 */ 97typedef struct __rpc_auth { 98 struct opaque_auth ah_cred; 99 struct opaque_auth ah_verf; 100 union des_block ah_key; 101 const struct auth_ops { 102 void (*ah_nextverf)(struct __rpc_auth *); 103 /* nextverf & serialize */ 104 int (*ah_marshal)(struct __rpc_auth *, XDR *); 105 /* validate varifier */ 106 int (*ah_validate)(struct __rpc_auth *, 107 struct opaque_auth *); 108 /* refresh credentials */ 109 int (*ah_refresh)(struct __rpc_auth *); 110 /* destroy this structure */ 111 void (*ah_destroy)(struct __rpc_auth *); 112 } *ah_ops; 113 void *ah_private; 114} AUTH; 115 116 117/* 118 * Authentication ops. 119 * The ops and the auth handle provide the interface to the authenticators. 120 * 121 * AUTH *auth; 122 * XDR *xdrs; 123 * struct opaque_auth verf; 124 */ 125#define AUTH_NEXTVERF(auth) \ 126 ((*((auth)->ah_ops->ah_nextverf))(auth)) 127#define auth_nextverf(auth) \ 128 ((*((auth)->ah_ops->ah_nextverf))(auth)) 129 130#define AUTH_MARSHALL(auth, xdrs) \ 131 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 132#define auth_marshall(auth, xdrs) \ 133 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 134 135#define AUTH_VALIDATE(auth, verfp) \ 136 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 137#define auth_validate(auth, verfp) \ 138 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 139 140#define AUTH_REFRESH(auth) \ 141 ((*((auth)->ah_ops->ah_refresh))(auth)) 142#define auth_refresh(auth) \ 143 ((*((auth)->ah_ops->ah_refresh))(auth)) 144 145#define AUTH_DESTROY(auth) \ 146 ((*((auth)->ah_ops->ah_destroy))(auth)) 147#define auth_destroy(auth) \ 148 ((*((auth)->ah_ops->ah_destroy))(auth)) 149 150 151extern struct opaque_auth _null_auth; 152 153 154/* 155 * These are the various implementations of client side authenticators. 156 */ 157 158/* 159 * Unix style authentication 160 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 161 * char *machname; 162 * int uid; 163 * int gid; 164 * int len; 165 * int *aup_gids; 166 */ 167__BEGIN_DECLS 168struct sockaddr_in; 169extern AUTH *authunix_create (char *, int, int, int, int *); 170extern AUTH *authunix_create_default (void); 171extern AUTH *authnone_create (void); 172extern AUTH *authdes_create (char *, u_int, 173 struct sockaddr_in *, des_block *); 174extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *); 175 176#define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip)) 177#define authsys_create_default() authunix_create_default() 178 179struct svc_req; 180struct rpc_msg; 181enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *); 182enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *); 183enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *); 184__END_DECLS 185 186#define AUTH_NONE 0 /* no authentication */ 187#define AUTH_NULL 0 /* backward compatibility */ 188#define AUTH_SYS 1 /* unix style (uid, gids) */ 189#define AUTH_UNIX AUTH_SYS /* backward compatibility */ 190#define AUTH_SHORT 2 /* short hand unix style */ 191#define AUTH_DES 3 /* des style (encrypted timestamps) */ 192 193#endif /* !_RPC_AUTH_H_ */ 194