xref: /minix3/include/rpc/auth.h (revision 2fe8fb192fe7e8720e3e7a77f928da545e872a6a)
1*2fe8fb19SBen Gras /*	$NetBSD: auth.h,v 1.17 2005/12/26 19:01:47 perry Exp $	*/
2*2fe8fb19SBen Gras 
3*2fe8fb19SBen Gras /*
4*2fe8fb19SBen Gras  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5*2fe8fb19SBen Gras  * unrestricted use provided that this legend is included on all tape
6*2fe8fb19SBen Gras  * media and as a part of the software program in whole or part.  Users
7*2fe8fb19SBen Gras  * may copy or modify Sun RPC without charge, but are not authorized
8*2fe8fb19SBen Gras  * to license or distribute it to anyone else except as part of a product or
9*2fe8fb19SBen Gras  * program developed by the user.
10*2fe8fb19SBen Gras  *
11*2fe8fb19SBen Gras  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12*2fe8fb19SBen Gras  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13*2fe8fb19SBen Gras  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14*2fe8fb19SBen Gras  *
15*2fe8fb19SBen Gras  * Sun RPC is provided with no support and without any obligation on the
16*2fe8fb19SBen Gras  * part of Sun Microsystems, Inc. to assist in its use, correction,
17*2fe8fb19SBen Gras  * modification or enhancement.
18*2fe8fb19SBen Gras  *
19*2fe8fb19SBen Gras  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20*2fe8fb19SBen Gras  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21*2fe8fb19SBen Gras  * OR ANY PART THEREOF.
22*2fe8fb19SBen Gras  *
23*2fe8fb19SBen Gras  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24*2fe8fb19SBen Gras  * or profits or other special, indirect and consequential damages, even if
25*2fe8fb19SBen Gras  * Sun has been advised of the possibility of such damages.
26*2fe8fb19SBen Gras  *
27*2fe8fb19SBen Gras  * Sun Microsystems, Inc.
28*2fe8fb19SBen Gras  * 2550 Garcia Avenue
29*2fe8fb19SBen Gras  * Mountain View, California  94043
30*2fe8fb19SBen Gras  *
31*2fe8fb19SBen Gras  *	from: @(#)auth.h 1.17 88/02/08 SMI
32*2fe8fb19SBen Gras  *	@(#)auth.h	2.3 88/08/07 4.0 RPCSRC
33*2fe8fb19SBen Gras  */
34*2fe8fb19SBen Gras 
35*2fe8fb19SBen Gras /*
36*2fe8fb19SBen Gras  * auth.h, Authentication interface.
37*2fe8fb19SBen Gras  *
38*2fe8fb19SBen Gras  * Copyright (C) 1984, Sun Microsystems, Inc.
39*2fe8fb19SBen Gras  *
40*2fe8fb19SBen Gras  * The data structures are completely opaque to the client.  The client
41*2fe8fb19SBen Gras  * is required to pass a AUTH * to routines that create rpc
42*2fe8fb19SBen Gras  * "sessions".
43*2fe8fb19SBen Gras  */
44*2fe8fb19SBen Gras 
45*2fe8fb19SBen Gras #ifndef _RPC_AUTH_H_
46*2fe8fb19SBen Gras #define _RPC_AUTH_H_
47*2fe8fb19SBen Gras #include <sys/cdefs.h>
48*2fe8fb19SBen Gras 
49*2fe8fb19SBen Gras #define MAX_AUTH_BYTES	400
50*2fe8fb19SBen Gras #define MAXNETNAMELEN	255	/* maximum length of network user's name */
51*2fe8fb19SBen Gras 
52*2fe8fb19SBen Gras /*
53*2fe8fb19SBen Gras  * Status returned from authentication check
54*2fe8fb19SBen Gras  */
55*2fe8fb19SBen Gras enum auth_stat {
56*2fe8fb19SBen Gras 	AUTH_OK=0,
57*2fe8fb19SBen Gras 	/*
58*2fe8fb19SBen Gras 	 * failed at remote end
59*2fe8fb19SBen Gras 	 */
60*2fe8fb19SBen Gras 	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */
61*2fe8fb19SBen Gras 	AUTH_REJECTEDCRED=2,		/* client should begin new session */
62*2fe8fb19SBen Gras 	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */
63*2fe8fb19SBen Gras 	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */
64*2fe8fb19SBen Gras 	AUTH_TOOWEAK=5,			/* rejected due to security reasons */
65*2fe8fb19SBen Gras 	/*
66*2fe8fb19SBen Gras 	 * failed locally
67*2fe8fb19SBen Gras 	*/
68*2fe8fb19SBen Gras 	AUTH_INVALIDRESP=6,		/* bogus response verifier */
69*2fe8fb19SBen Gras 	AUTH_FAILED=7			/* some unknown reason */
70*2fe8fb19SBen Gras };
71*2fe8fb19SBen Gras 
72*2fe8fb19SBen Gras union des_block {
73*2fe8fb19SBen Gras 	struct {
74*2fe8fb19SBen Gras 		uint32_t high;
75*2fe8fb19SBen Gras 		uint32_t low;
76*2fe8fb19SBen Gras 	} key;
77*2fe8fb19SBen Gras 	char c[8];
78*2fe8fb19SBen Gras };
79*2fe8fb19SBen Gras typedef union des_block des_block;
80*2fe8fb19SBen Gras __BEGIN_DECLS
81*2fe8fb19SBen Gras extern bool_t xdr_des_block(XDR *, des_block *);
82*2fe8fb19SBen Gras __END_DECLS
83*2fe8fb19SBen Gras 
84*2fe8fb19SBen Gras /*
85*2fe8fb19SBen Gras  * Authentication info.  Opaque to client.
86*2fe8fb19SBen Gras  */
87*2fe8fb19SBen Gras struct opaque_auth {
88*2fe8fb19SBen Gras 	enum_t	oa_flavor;		/* flavor of auth */
89*2fe8fb19SBen Gras 	caddr_t	oa_base;		/* address of more auth stuff */
90*2fe8fb19SBen Gras 	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */
91*2fe8fb19SBen Gras };
92*2fe8fb19SBen Gras 
93*2fe8fb19SBen Gras 
94*2fe8fb19SBen Gras /*
95*2fe8fb19SBen Gras  * Auth handle, interface to client side authenticators.
96*2fe8fb19SBen Gras  */
97*2fe8fb19SBen Gras typedef struct __rpc_auth {
98*2fe8fb19SBen Gras 	struct	opaque_auth	ah_cred;
99*2fe8fb19SBen Gras 	struct	opaque_auth	ah_verf;
100*2fe8fb19SBen Gras 	union	des_block	ah_key;
101*2fe8fb19SBen Gras 	const struct auth_ops {
102*2fe8fb19SBen Gras 		void	(*ah_nextverf)(struct __rpc_auth *);
103*2fe8fb19SBen Gras 		/* nextverf & serialize */
104*2fe8fb19SBen Gras 		int	(*ah_marshal)(struct __rpc_auth *, XDR *);
105*2fe8fb19SBen Gras 		/* validate varifier */
106*2fe8fb19SBen Gras 		int	(*ah_validate)(struct __rpc_auth *,
107*2fe8fb19SBen Gras 			    struct opaque_auth *);
108*2fe8fb19SBen Gras 		/* refresh credentials */
109*2fe8fb19SBen Gras 		int	(*ah_refresh)(struct __rpc_auth *);
110*2fe8fb19SBen Gras 		/* destroy this structure */
111*2fe8fb19SBen Gras 		void	(*ah_destroy)(struct __rpc_auth *);
112*2fe8fb19SBen Gras 	} *ah_ops;
113*2fe8fb19SBen Gras 	void *ah_private;
114*2fe8fb19SBen Gras } AUTH;
115*2fe8fb19SBen Gras 
116*2fe8fb19SBen Gras 
117*2fe8fb19SBen Gras /*
118*2fe8fb19SBen Gras  * Authentication ops.
119*2fe8fb19SBen Gras  * The ops and the auth handle provide the interface to the authenticators.
120*2fe8fb19SBen Gras  *
121*2fe8fb19SBen Gras  * AUTH	*auth;
122*2fe8fb19SBen Gras  * XDR	*xdrs;
123*2fe8fb19SBen Gras  * struct opaque_auth verf;
124*2fe8fb19SBen Gras  */
125*2fe8fb19SBen Gras #define AUTH_NEXTVERF(auth)		\
126*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_nextverf))(auth))
127*2fe8fb19SBen Gras #define auth_nextverf(auth)		\
128*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_nextverf))(auth))
129*2fe8fb19SBen Gras 
130*2fe8fb19SBen Gras #define AUTH_MARSHALL(auth, xdrs)	\
131*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
132*2fe8fb19SBen Gras #define auth_marshall(auth, xdrs)	\
133*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
134*2fe8fb19SBen Gras 
135*2fe8fb19SBen Gras #define AUTH_VALIDATE(auth, verfp)	\
136*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
137*2fe8fb19SBen Gras #define auth_validate(auth, verfp)	\
138*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
139*2fe8fb19SBen Gras 
140*2fe8fb19SBen Gras #define AUTH_REFRESH(auth)		\
141*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_refresh))(auth))
142*2fe8fb19SBen Gras #define auth_refresh(auth)		\
143*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_refresh))(auth))
144*2fe8fb19SBen Gras 
145*2fe8fb19SBen Gras #define AUTH_DESTROY(auth)		\
146*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_destroy))(auth))
147*2fe8fb19SBen Gras #define auth_destroy(auth)		\
148*2fe8fb19SBen Gras 		((*((auth)->ah_ops->ah_destroy))(auth))
149*2fe8fb19SBen Gras 
150*2fe8fb19SBen Gras 
151*2fe8fb19SBen Gras extern struct opaque_auth _null_auth;
152*2fe8fb19SBen Gras 
153*2fe8fb19SBen Gras 
154*2fe8fb19SBen Gras /*
155*2fe8fb19SBen Gras  * These are the various implementations of client side authenticators.
156*2fe8fb19SBen Gras  */
157*2fe8fb19SBen Gras 
158*2fe8fb19SBen Gras /*
159*2fe8fb19SBen Gras  * Unix style authentication
160*2fe8fb19SBen Gras  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
161*2fe8fb19SBen Gras  *	char *machname;
162*2fe8fb19SBen Gras  *	int uid;
163*2fe8fb19SBen Gras  *	int gid;
164*2fe8fb19SBen Gras  *	int len;
165*2fe8fb19SBen Gras  *	int *aup_gids;
166*2fe8fb19SBen Gras  */
167*2fe8fb19SBen Gras __BEGIN_DECLS
168*2fe8fb19SBen Gras struct sockaddr_in;
169*2fe8fb19SBen Gras extern AUTH *authunix_create		(char *, int, int, int, int *);
170*2fe8fb19SBen Gras extern AUTH *authunix_create_default	(void);
171*2fe8fb19SBen Gras extern AUTH *authnone_create		(void);
172*2fe8fb19SBen Gras extern AUTH *authdes_create		(char *, u_int,
173*2fe8fb19SBen Gras 					    struct sockaddr_in *, des_block *);
174*2fe8fb19SBen Gras extern bool_t xdr_opaque_auth		(XDR *, struct opaque_auth *);
175*2fe8fb19SBen Gras 
176*2fe8fb19SBen Gras #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
177*2fe8fb19SBen Gras #define authsys_create_default() authunix_create_default()
178*2fe8fb19SBen Gras 
179*2fe8fb19SBen Gras struct svc_req;
180*2fe8fb19SBen Gras struct rpc_msg;
181*2fe8fb19SBen Gras enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *);
182*2fe8fb19SBen Gras enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *);
183*2fe8fb19SBen Gras enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *);
184*2fe8fb19SBen Gras __END_DECLS
185*2fe8fb19SBen Gras 
186*2fe8fb19SBen Gras #define AUTH_NONE	0		/* no authentication */
187*2fe8fb19SBen Gras #define	AUTH_NULL	0		/* backward compatibility */
188*2fe8fb19SBen Gras #define	AUTH_SYS	1		/* unix style (uid, gids) */
189*2fe8fb19SBen Gras #define AUTH_UNIX	AUTH_SYS	/* backward compatibility */
190*2fe8fb19SBen Gras #define	AUTH_SHORT	2		/* short hand unix style */
191*2fe8fb19SBen Gras #define AUTH_DES	3		/* des style (encrypted timestamps) */
192*2fe8fb19SBen Gras 
193*2fe8fb19SBen Gras #endif /* !_RPC_AUTH_H_ */
194