1*2fe8fb19SBen Gras /* $NetBSD: auth.h,v 1.17 2005/12/26 19:01:47 perry Exp $ */ 2*2fe8fb19SBen Gras 3*2fe8fb19SBen Gras /* 4*2fe8fb19SBen Gras * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 5*2fe8fb19SBen Gras * unrestricted use provided that this legend is included on all tape 6*2fe8fb19SBen Gras * media and as a part of the software program in whole or part. Users 7*2fe8fb19SBen Gras * may copy or modify Sun RPC without charge, but are not authorized 8*2fe8fb19SBen Gras * to license or distribute it to anyone else except as part of a product or 9*2fe8fb19SBen Gras * program developed by the user. 10*2fe8fb19SBen Gras * 11*2fe8fb19SBen Gras * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 12*2fe8fb19SBen Gras * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 13*2fe8fb19SBen Gras * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 14*2fe8fb19SBen Gras * 15*2fe8fb19SBen Gras * Sun RPC is provided with no support and without any obligation on the 16*2fe8fb19SBen Gras * part of Sun Microsystems, Inc. to assist in its use, correction, 17*2fe8fb19SBen Gras * modification or enhancement. 18*2fe8fb19SBen Gras * 19*2fe8fb19SBen Gras * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 20*2fe8fb19SBen Gras * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 21*2fe8fb19SBen Gras * OR ANY PART THEREOF. 22*2fe8fb19SBen Gras * 23*2fe8fb19SBen Gras * In no event will Sun Microsystems, Inc. be liable for any lost revenue 24*2fe8fb19SBen Gras * or profits or other special, indirect and consequential damages, even if 25*2fe8fb19SBen Gras * Sun has been advised of the possibility of such damages. 26*2fe8fb19SBen Gras * 27*2fe8fb19SBen Gras * Sun Microsystems, Inc. 28*2fe8fb19SBen Gras * 2550 Garcia Avenue 29*2fe8fb19SBen Gras * Mountain View, California 94043 30*2fe8fb19SBen Gras * 31*2fe8fb19SBen Gras * from: @(#)auth.h 1.17 88/02/08 SMI 32*2fe8fb19SBen Gras * @(#)auth.h 2.3 88/08/07 4.0 RPCSRC 33*2fe8fb19SBen Gras */ 34*2fe8fb19SBen Gras 35*2fe8fb19SBen Gras /* 36*2fe8fb19SBen Gras * auth.h, Authentication interface. 37*2fe8fb19SBen Gras * 38*2fe8fb19SBen Gras * Copyright (C) 1984, Sun Microsystems, Inc. 39*2fe8fb19SBen Gras * 40*2fe8fb19SBen Gras * The data structures are completely opaque to the client. The client 41*2fe8fb19SBen Gras * is required to pass a AUTH * to routines that create rpc 42*2fe8fb19SBen Gras * "sessions". 43*2fe8fb19SBen Gras */ 44*2fe8fb19SBen Gras 45*2fe8fb19SBen Gras #ifndef _RPC_AUTH_H_ 46*2fe8fb19SBen Gras #define _RPC_AUTH_H_ 47*2fe8fb19SBen Gras #include <sys/cdefs.h> 48*2fe8fb19SBen Gras 49*2fe8fb19SBen Gras #define MAX_AUTH_BYTES 400 50*2fe8fb19SBen Gras #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 51*2fe8fb19SBen Gras 52*2fe8fb19SBen Gras /* 53*2fe8fb19SBen Gras * Status returned from authentication check 54*2fe8fb19SBen Gras */ 55*2fe8fb19SBen Gras enum auth_stat { 56*2fe8fb19SBen Gras AUTH_OK=0, 57*2fe8fb19SBen Gras /* 58*2fe8fb19SBen Gras * failed at remote end 59*2fe8fb19SBen Gras */ 60*2fe8fb19SBen Gras AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 61*2fe8fb19SBen Gras AUTH_REJECTEDCRED=2, /* client should begin new session */ 62*2fe8fb19SBen Gras AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 63*2fe8fb19SBen Gras AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 64*2fe8fb19SBen Gras AUTH_TOOWEAK=5, /* rejected due to security reasons */ 65*2fe8fb19SBen Gras /* 66*2fe8fb19SBen Gras * failed locally 67*2fe8fb19SBen Gras */ 68*2fe8fb19SBen Gras AUTH_INVALIDRESP=6, /* bogus response verifier */ 69*2fe8fb19SBen Gras AUTH_FAILED=7 /* some unknown reason */ 70*2fe8fb19SBen Gras }; 71*2fe8fb19SBen Gras 72*2fe8fb19SBen Gras union des_block { 73*2fe8fb19SBen Gras struct { 74*2fe8fb19SBen Gras uint32_t high; 75*2fe8fb19SBen Gras uint32_t low; 76*2fe8fb19SBen Gras } key; 77*2fe8fb19SBen Gras char c[8]; 78*2fe8fb19SBen Gras }; 79*2fe8fb19SBen Gras typedef union des_block des_block; 80*2fe8fb19SBen Gras __BEGIN_DECLS 81*2fe8fb19SBen Gras extern bool_t xdr_des_block(XDR *, des_block *); 82*2fe8fb19SBen Gras __END_DECLS 83*2fe8fb19SBen Gras 84*2fe8fb19SBen Gras /* 85*2fe8fb19SBen Gras * Authentication info. Opaque to client. 86*2fe8fb19SBen Gras */ 87*2fe8fb19SBen Gras struct opaque_auth { 88*2fe8fb19SBen Gras enum_t oa_flavor; /* flavor of auth */ 89*2fe8fb19SBen Gras caddr_t oa_base; /* address of more auth stuff */ 90*2fe8fb19SBen Gras u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 91*2fe8fb19SBen Gras }; 92*2fe8fb19SBen Gras 93*2fe8fb19SBen Gras 94*2fe8fb19SBen Gras /* 95*2fe8fb19SBen Gras * Auth handle, interface to client side authenticators. 96*2fe8fb19SBen Gras */ 97*2fe8fb19SBen Gras typedef struct __rpc_auth { 98*2fe8fb19SBen Gras struct opaque_auth ah_cred; 99*2fe8fb19SBen Gras struct opaque_auth ah_verf; 100*2fe8fb19SBen Gras union des_block ah_key; 101*2fe8fb19SBen Gras const struct auth_ops { 102*2fe8fb19SBen Gras void (*ah_nextverf)(struct __rpc_auth *); 103*2fe8fb19SBen Gras /* nextverf & serialize */ 104*2fe8fb19SBen Gras int (*ah_marshal)(struct __rpc_auth *, XDR *); 105*2fe8fb19SBen Gras /* validate varifier */ 106*2fe8fb19SBen Gras int (*ah_validate)(struct __rpc_auth *, 107*2fe8fb19SBen Gras struct opaque_auth *); 108*2fe8fb19SBen Gras /* refresh credentials */ 109*2fe8fb19SBen Gras int (*ah_refresh)(struct __rpc_auth *); 110*2fe8fb19SBen Gras /* destroy this structure */ 111*2fe8fb19SBen Gras void (*ah_destroy)(struct __rpc_auth *); 112*2fe8fb19SBen Gras } *ah_ops; 113*2fe8fb19SBen Gras void *ah_private; 114*2fe8fb19SBen Gras } AUTH; 115*2fe8fb19SBen Gras 116*2fe8fb19SBen Gras 117*2fe8fb19SBen Gras /* 118*2fe8fb19SBen Gras * Authentication ops. 119*2fe8fb19SBen Gras * The ops and the auth handle provide the interface to the authenticators. 120*2fe8fb19SBen Gras * 121*2fe8fb19SBen Gras * AUTH *auth; 122*2fe8fb19SBen Gras * XDR *xdrs; 123*2fe8fb19SBen Gras * struct opaque_auth verf; 124*2fe8fb19SBen Gras */ 125*2fe8fb19SBen Gras #define AUTH_NEXTVERF(auth) \ 126*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_nextverf))(auth)) 127*2fe8fb19SBen Gras #define auth_nextverf(auth) \ 128*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_nextverf))(auth)) 129*2fe8fb19SBen Gras 130*2fe8fb19SBen Gras #define AUTH_MARSHALL(auth, xdrs) \ 131*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 132*2fe8fb19SBen Gras #define auth_marshall(auth, xdrs) \ 133*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 134*2fe8fb19SBen Gras 135*2fe8fb19SBen Gras #define AUTH_VALIDATE(auth, verfp) \ 136*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 137*2fe8fb19SBen Gras #define auth_validate(auth, verfp) \ 138*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 139*2fe8fb19SBen Gras 140*2fe8fb19SBen Gras #define AUTH_REFRESH(auth) \ 141*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_refresh))(auth)) 142*2fe8fb19SBen Gras #define auth_refresh(auth) \ 143*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_refresh))(auth)) 144*2fe8fb19SBen Gras 145*2fe8fb19SBen Gras #define AUTH_DESTROY(auth) \ 146*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_destroy))(auth)) 147*2fe8fb19SBen Gras #define auth_destroy(auth) \ 148*2fe8fb19SBen Gras ((*((auth)->ah_ops->ah_destroy))(auth)) 149*2fe8fb19SBen Gras 150*2fe8fb19SBen Gras 151*2fe8fb19SBen Gras extern struct opaque_auth _null_auth; 152*2fe8fb19SBen Gras 153*2fe8fb19SBen Gras 154*2fe8fb19SBen Gras /* 155*2fe8fb19SBen Gras * These are the various implementations of client side authenticators. 156*2fe8fb19SBen Gras */ 157*2fe8fb19SBen Gras 158*2fe8fb19SBen Gras /* 159*2fe8fb19SBen Gras * Unix style authentication 160*2fe8fb19SBen Gras * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 161*2fe8fb19SBen Gras * char *machname; 162*2fe8fb19SBen Gras * int uid; 163*2fe8fb19SBen Gras * int gid; 164*2fe8fb19SBen Gras * int len; 165*2fe8fb19SBen Gras * int *aup_gids; 166*2fe8fb19SBen Gras */ 167*2fe8fb19SBen Gras __BEGIN_DECLS 168*2fe8fb19SBen Gras struct sockaddr_in; 169*2fe8fb19SBen Gras extern AUTH *authunix_create (char *, int, int, int, int *); 170*2fe8fb19SBen Gras extern AUTH *authunix_create_default (void); 171*2fe8fb19SBen Gras extern AUTH *authnone_create (void); 172*2fe8fb19SBen Gras extern AUTH *authdes_create (char *, u_int, 173*2fe8fb19SBen Gras struct sockaddr_in *, des_block *); 174*2fe8fb19SBen Gras extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *); 175*2fe8fb19SBen Gras 176*2fe8fb19SBen Gras #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip)) 177*2fe8fb19SBen Gras #define authsys_create_default() authunix_create_default() 178*2fe8fb19SBen Gras 179*2fe8fb19SBen Gras struct svc_req; 180*2fe8fb19SBen Gras struct rpc_msg; 181*2fe8fb19SBen Gras enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *); 182*2fe8fb19SBen Gras enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *); 183*2fe8fb19SBen Gras enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *); 184*2fe8fb19SBen Gras __END_DECLS 185*2fe8fb19SBen Gras 186*2fe8fb19SBen Gras #define AUTH_NONE 0 /* no authentication */ 187*2fe8fb19SBen Gras #define AUTH_NULL 0 /* backward compatibility */ 188*2fe8fb19SBen Gras #define AUTH_SYS 1 /* unix style (uid, gids) */ 189*2fe8fb19SBen Gras #define AUTH_UNIX AUTH_SYS /* backward compatibility */ 190*2fe8fb19SBen Gras #define AUTH_SHORT 2 /* short hand unix style */ 191*2fe8fb19SBen Gras #define AUTH_DES 3 /* des style (encrypted timestamps) */ 192*2fe8fb19SBen Gras 193*2fe8fb19SBen Gras #endif /* !_RPC_AUTH_H_ */ 194