10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 54321Scasper * Common Development and Distribution License (the "License"). 64321Scasper * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 210Sstevel@tonic-gate /* 22*8637SVallish.Vaidyeshwara@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 230Sstevel@tonic-gate * Use is subject to license terms. 240Sstevel@tonic-gate */ 250Sstevel@tonic-gate /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 260Sstevel@tonic-gate /* All Rights Reserved */ 270Sstevel@tonic-gate /* 280Sstevel@tonic-gate * Portions of this source code were derived from Berkeley 290Sstevel@tonic-gate * 4.3 BSD under license from the Regents of the University of 300Sstevel@tonic-gate * California. 310Sstevel@tonic-gate */ 320Sstevel@tonic-gate 330Sstevel@tonic-gate /* 340Sstevel@tonic-gate * auth.h, Authentication interface. 350Sstevel@tonic-gate * 360Sstevel@tonic-gate * The data structures are completely opaque to the client. The client 370Sstevel@tonic-gate * is required to pass a AUTH * to routines that create rpc 380Sstevel@tonic-gate * "sessions". 390Sstevel@tonic-gate */ 400Sstevel@tonic-gate 410Sstevel@tonic-gate #ifndef _RPC_AUTH_H 420Sstevel@tonic-gate #define _RPC_AUTH_H 430Sstevel@tonic-gate 440Sstevel@tonic-gate #include <rpc/xdr.h> 450Sstevel@tonic-gate #include <rpc/clnt_stat.h> 460Sstevel@tonic-gate #include <sys/cred.h> 470Sstevel@tonic-gate #include <sys/tiuser.h> 480Sstevel@tonic-gate #ifdef _KERNEL 490Sstevel@tonic-gate #include <sys/zone.h> 500Sstevel@tonic-gate #endif 510Sstevel@tonic-gate 520Sstevel@tonic-gate #ifdef __cplusplus 530Sstevel@tonic-gate extern "C" { 540Sstevel@tonic-gate #endif 550Sstevel@tonic-gate 560Sstevel@tonic-gate #define MAX_AUTH_BYTES 400 570Sstevel@tonic-gate #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 580Sstevel@tonic-gate 590Sstevel@tonic-gate /* 600Sstevel@tonic-gate * Client side authentication/security data 610Sstevel@tonic-gate */ 620Sstevel@tonic-gate typedef struct sec_data { 630Sstevel@tonic-gate uint_t secmod; /* security mode number e.g. in nfssec.conf */ 640Sstevel@tonic-gate uint_t rpcflavor; /* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */ 650Sstevel@tonic-gate int flags; /* AUTH_F_xxx flags */ 660Sstevel@tonic-gate uid_t uid; /* uid of caller for all sec flavors (NFSv4) */ 670Sstevel@tonic-gate caddr_t data; /* opaque data per flavor */ 680Sstevel@tonic-gate } sec_data_t; 690Sstevel@tonic-gate 700Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 710Sstevel@tonic-gate struct sec_data32 { 720Sstevel@tonic-gate uint32_t secmod; /* security mode number e.g. in nfssec.conf */ 730Sstevel@tonic-gate uint32_t rpcflavor; /* AUTH_UNIX,AUTH_DES,RPCSEC_GSS */ 740Sstevel@tonic-gate int32_t flags; /* AUTH_F_xxx flags */ 750Sstevel@tonic-gate uid_t uid; /* uid of caller for all sec flavors (NFSv4) */ 760Sstevel@tonic-gate caddr32_t data; /* opaque data per flavor */ 770Sstevel@tonic-gate }; 780Sstevel@tonic-gate #endif /* _SYSCALL32_IMPL */ 790Sstevel@tonic-gate 800Sstevel@tonic-gate /* 810Sstevel@tonic-gate * AUTH_DES flavor specific data from sec_data opaque data field. 820Sstevel@tonic-gate * AUTH_KERB has the same structure. 830Sstevel@tonic-gate */ 840Sstevel@tonic-gate typedef struct des_clnt_data { 850Sstevel@tonic-gate struct netbuf syncaddr; /* time sync addr */ 860Sstevel@tonic-gate struct knetconfig *knconf; /* knetconfig info that associated */ 870Sstevel@tonic-gate /* with the syncaddr. */ 880Sstevel@tonic-gate char *netname; /* server's netname */ 890Sstevel@tonic-gate int netnamelen; /* server's netname len */ 900Sstevel@tonic-gate } dh_k4_clntdata_t; 910Sstevel@tonic-gate 920Sstevel@tonic-gate #ifdef _SYSCALL32_IMPL 930Sstevel@tonic-gate struct des_clnt_data32 { 940Sstevel@tonic-gate struct netbuf32 syncaddr; /* time sync addr */ 950Sstevel@tonic-gate caddr32_t knconf; /* knetconfig info that associated */ 960Sstevel@tonic-gate /* with the syncaddr. */ 970Sstevel@tonic-gate caddr32_t netname; /* server's netname */ 980Sstevel@tonic-gate int32_t netnamelen; /* server's netname len */ 990Sstevel@tonic-gate }; 1000Sstevel@tonic-gate #endif /* _SYSCALL32_IMPL */ 1010Sstevel@tonic-gate 1020Sstevel@tonic-gate /* 1030Sstevel@tonic-gate * flavor specific data to hold the data for AUTH_DES/AUTH_KERB(v4) 1040Sstevel@tonic-gate * in sec_data->data opaque field. 1050Sstevel@tonic-gate */ 1060Sstevel@tonic-gate typedef struct krb4_svc_data { 1070Sstevel@tonic-gate int window; /* window option value */ 1080Sstevel@tonic-gate } krb4_svcdata_t; 1090Sstevel@tonic-gate 1100Sstevel@tonic-gate typedef struct krb4_svc_data des_svcdata_t; 1110Sstevel@tonic-gate 1120Sstevel@tonic-gate /* 1130Sstevel@tonic-gate * authentication/security specific flags 1140Sstevel@tonic-gate */ 1150Sstevel@tonic-gate #define AUTH_F_RPCTIMESYNC 0x001 /* use RPC to do time sync */ 1160Sstevel@tonic-gate #define AUTH_F_TRYNONE 0x002 /* allow fall back to AUTH_NONE */ 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate 1190Sstevel@tonic-gate /* 1200Sstevel@tonic-gate * Status returned from authentication check 1210Sstevel@tonic-gate */ 1220Sstevel@tonic-gate enum auth_stat { 1230Sstevel@tonic-gate AUTH_OK = 0, 1240Sstevel@tonic-gate /* 1250Sstevel@tonic-gate * failed at remote end 1260Sstevel@tonic-gate */ 1270Sstevel@tonic-gate AUTH_BADCRED = 1, /* bogus credentials (seal broken) */ 1280Sstevel@tonic-gate AUTH_REJECTEDCRED = 2, /* client should begin new session */ 1290Sstevel@tonic-gate AUTH_BADVERF = 3, /* bogus verifier (seal broken) */ 1300Sstevel@tonic-gate AUTH_REJECTEDVERF = 4, /* verifier expired or was replayed */ 1310Sstevel@tonic-gate AUTH_TOOWEAK = 5, /* rejected due to security reasons */ 1320Sstevel@tonic-gate /* 1330Sstevel@tonic-gate * failed locally 1340Sstevel@tonic-gate */ 1350Sstevel@tonic-gate AUTH_INVALIDRESP = 6, /* bogus response verifier */ 1360Sstevel@tonic-gate AUTH_FAILED = 7, /* some unknown reason */ 1370Sstevel@tonic-gate /* 1380Sstevel@tonic-gate * kerberos errors 1390Sstevel@tonic-gate */ 1400Sstevel@tonic-gate AUTH_KERB_GENERIC = 8, /* kerberos generic error */ 1410Sstevel@tonic-gate AUTH_TIMEEXPIRE = 9, /* time of credential expired */ 1420Sstevel@tonic-gate AUTH_TKT_FILE = 10, /* something wrong with ticket file */ 1430Sstevel@tonic-gate AUTH_DECODE = 11, /* can't decode authenticator */ 1440Sstevel@tonic-gate AUTH_NET_ADDR = 12, /* wrong net address in ticket */ 1450Sstevel@tonic-gate /* 1460Sstevel@tonic-gate * GSS related errors 1470Sstevel@tonic-gate */ 1480Sstevel@tonic-gate RPCSEC_GSS_NOCRED = 13, /* no credentials for user */ 1490Sstevel@tonic-gate RPCSEC_GSS_FAILED = 14 /* GSS failure, credentials deleted */ 1500Sstevel@tonic-gate }; 1510Sstevel@tonic-gate typedef enum auth_stat AUTH_STAT; 1520Sstevel@tonic-gate 1530Sstevel@tonic-gate union des_block { 1540Sstevel@tonic-gate struct { 1550Sstevel@tonic-gate uint32_t high; 1560Sstevel@tonic-gate uint32_t low; 1570Sstevel@tonic-gate } key; 1580Sstevel@tonic-gate char c[8]; 1590Sstevel@tonic-gate }; 1600Sstevel@tonic-gate typedef union des_block des_block; 1610Sstevel@tonic-gate 1620Sstevel@tonic-gate #ifdef __STDC__ 1630Sstevel@tonic-gate extern bool_t xdr_des_block(XDR *, des_block *); 1640Sstevel@tonic-gate #else 1650Sstevel@tonic-gate extern bool_t xdr_des_block(); 1660Sstevel@tonic-gate #endif 1670Sstevel@tonic-gate 1680Sstevel@tonic-gate 1690Sstevel@tonic-gate /* 1700Sstevel@tonic-gate * Authentication info. Opaque to client. 1710Sstevel@tonic-gate */ 1720Sstevel@tonic-gate struct opaque_auth { 1730Sstevel@tonic-gate enum_t oa_flavor; /* flavor of auth */ 1740Sstevel@tonic-gate caddr_t oa_base; /* address of more auth stuff */ 1750Sstevel@tonic-gate uint_t oa_length; /* not to exceed MAX_AUTH_BYTES */ 1760Sstevel@tonic-gate }; 1770Sstevel@tonic-gate 1780Sstevel@tonic-gate 1790Sstevel@tonic-gate /* 1800Sstevel@tonic-gate * Auth handle, interface to client side authenticators. 1810Sstevel@tonic-gate */ 1820Sstevel@tonic-gate typedef struct __auth { 1830Sstevel@tonic-gate struct opaque_auth ah_cred; 1840Sstevel@tonic-gate struct opaque_auth ah_verf; 1850Sstevel@tonic-gate union des_block ah_key; 1860Sstevel@tonic-gate struct auth_ops { 1870Sstevel@tonic-gate #ifdef __STDC__ 1880Sstevel@tonic-gate void (*ah_nextverf)(struct __auth *); 1890Sstevel@tonic-gate #ifdef _KERNEL 1900Sstevel@tonic-gate int (*ah_marshal)(struct __auth *, XDR *, struct cred *); 1910Sstevel@tonic-gate #else 1920Sstevel@tonic-gate int (*ah_marshal)(struct __auth *, XDR *); 1930Sstevel@tonic-gate #endif 1940Sstevel@tonic-gate /* nextverf & serialize */ 1950Sstevel@tonic-gate int (*ah_validate)(struct __auth *, 1960Sstevel@tonic-gate struct opaque_auth *); 1970Sstevel@tonic-gate /* validate varifier */ 1980Sstevel@tonic-gate #ifdef _KERNEL 1990Sstevel@tonic-gate int (*ah_refresh)(struct __auth *, struct rpc_msg *, 2000Sstevel@tonic-gate cred_t *); 2010Sstevel@tonic-gate #else 2020Sstevel@tonic-gate int (*ah_refresh)(struct __auth *, void *); 2030Sstevel@tonic-gate /* refresh credentials */ 2040Sstevel@tonic-gate #endif 2050Sstevel@tonic-gate void (*ah_destroy)(struct __auth *); 2060Sstevel@tonic-gate /* destroy this structure */ 2070Sstevel@tonic-gate 2080Sstevel@tonic-gate #ifdef _KERNEL 2090Sstevel@tonic-gate int (*ah_wrap)(struct __auth *, caddr_t, uint_t, 2100Sstevel@tonic-gate XDR *, xdrproc_t, caddr_t); 2110Sstevel@tonic-gate int (*ah_unwrap)(struct __auth *, XDR *, xdrproc_t, 2120Sstevel@tonic-gate caddr_t); 2130Sstevel@tonic-gate #endif 2140Sstevel@tonic-gate #else 2150Sstevel@tonic-gate void (*ah_nextverf)(); 2160Sstevel@tonic-gate int (*ah_marshal)(); /* nextverf & serialize */ 2170Sstevel@tonic-gate int (*ah_validate)(); /* validate verifier */ 2180Sstevel@tonic-gate int (*ah_refresh)(); /* refresh credentials */ 2190Sstevel@tonic-gate void (*ah_destroy)(); /* destroy this structure */ 2200Sstevel@tonic-gate #ifdef _KERNEL 2210Sstevel@tonic-gate int (*ah_wrap)(); /* encode XDR data */ 2220Sstevel@tonic-gate int (*ah_unwrap)(); /* decode XDR data */ 2230Sstevel@tonic-gate #endif 2240Sstevel@tonic-gate 2250Sstevel@tonic-gate #endif 2260Sstevel@tonic-gate } *ah_ops; 2270Sstevel@tonic-gate caddr_t ah_private; 2280Sstevel@tonic-gate } AUTH; 2290Sstevel@tonic-gate 2300Sstevel@tonic-gate 2310Sstevel@tonic-gate /* 2320Sstevel@tonic-gate * Authentication ops. 2330Sstevel@tonic-gate * The ops and the auth handle provide the interface to the authenticators. 2340Sstevel@tonic-gate * 2350Sstevel@tonic-gate * AUTH *auth; 2360Sstevel@tonic-gate * XDR *xdrs; 2370Sstevel@tonic-gate * struct opaque_auth verf; 2380Sstevel@tonic-gate */ 2390Sstevel@tonic-gate #define AUTH_NEXTVERF(auth) \ 2400Sstevel@tonic-gate ((*((auth)->ah_ops->ah_nextverf))(auth)) 2410Sstevel@tonic-gate #define auth_nextverf(auth) \ 2420Sstevel@tonic-gate ((*((auth)->ah_ops->ah_nextverf))(auth)) 2430Sstevel@tonic-gate 2440Sstevel@tonic-gate 2450Sstevel@tonic-gate #ifdef _KERNEL 2460Sstevel@tonic-gate #define AUTH_MARSHALL(auth, xdrs, cred) \ 2470Sstevel@tonic-gate ((*((auth)->ah_ops->ah_marshal))(auth, xdrs, cred)) 2480Sstevel@tonic-gate #define auth_marshall(auth, xdrs, cred) \ 2490Sstevel@tonic-gate ((*((auth)->ah_ops->ah_marshal))(auth, xdrs, cred)) 2500Sstevel@tonic-gate #else 2510Sstevel@tonic-gate #define AUTH_MARSHALL(auth, xdrs) \ 2520Sstevel@tonic-gate ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 2530Sstevel@tonic-gate #define auth_marshall(auth, xdrs) \ 2540Sstevel@tonic-gate ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 2550Sstevel@tonic-gate #endif 2560Sstevel@tonic-gate 2570Sstevel@tonic-gate 2580Sstevel@tonic-gate #define AUTH_VALIDATE(auth, verfp) \ 2590Sstevel@tonic-gate ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 2600Sstevel@tonic-gate #define auth_validate(auth, verfp) \ 2610Sstevel@tonic-gate ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 2620Sstevel@tonic-gate 2630Sstevel@tonic-gate #ifdef _KERNEL 2640Sstevel@tonic-gate #define AUTH_REFRESH(auth, msg, cr) \ 2650Sstevel@tonic-gate ((*((auth)->ah_ops->ah_refresh))(auth, msg, cr)) 2660Sstevel@tonic-gate #define auth_refresh(auth, msg, cr) \ 2670Sstevel@tonic-gate ((*((auth)->ah_ops->ah_refresh))(auth, msg, cr)) 2680Sstevel@tonic-gate #else 2690Sstevel@tonic-gate #define AUTH_REFRESH(auth, msg) \ 2700Sstevel@tonic-gate ((*((auth)->ah_ops->ah_refresh))(auth, msg)) 2710Sstevel@tonic-gate #define auth_refresh(auth, msg) \ 2720Sstevel@tonic-gate ((*((auth)->ah_ops->ah_refresh))(auth, msg)) 2730Sstevel@tonic-gate #endif 2740Sstevel@tonic-gate 2750Sstevel@tonic-gate #define AUTH_DESTROY(auth) \ 2760Sstevel@tonic-gate ((*((auth)->ah_ops->ah_destroy))(auth)) 2770Sstevel@tonic-gate #define auth_destroy(auth) \ 2780Sstevel@tonic-gate ((*((auth)->ah_ops->ah_destroy))(auth)) 2790Sstevel@tonic-gate 2800Sstevel@tonic-gate /* 2810Sstevel@tonic-gate * Auth flavors can now apply a transformation in addition to simple XDR 2820Sstevel@tonic-gate * on the body of a call/response in ways that depend on the flavor being 2830Sstevel@tonic-gate * used. These interfaces provide a generic interface between the 2840Sstevel@tonic-gate * internal RPC frame and the auth flavor specific code to allow the 2850Sstevel@tonic-gate * auth flavor to encode (WRAP) or decode (UNWRAP) the body. 2860Sstevel@tonic-gate */ 2870Sstevel@tonic-gate #ifdef _KERNEL 2880Sstevel@tonic-gate #define AUTH_WRAP(auth, buf, buflen, xdrs, xfunc, xwhere) \ 2890Sstevel@tonic-gate ((*((auth)->ah_ops->ah_wrap))(auth, buf, buflen, \ 2900Sstevel@tonic-gate xdrs, xfunc, xwhere)) 2910Sstevel@tonic-gate #define auth_wrap(auth, buf, buflen, xdrs, xfunc, xwhere) \ 2920Sstevel@tonic-gate ((*((auth)->ah_ops->ah_wrap))(auth, buf, buflen, \ 2930Sstevel@tonic-gate xdrs, xfunc, xwhere)) 2940Sstevel@tonic-gate 2950Sstevel@tonic-gate #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \ 2960Sstevel@tonic-gate ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, xfunc, xwhere)) 2970Sstevel@tonic-gate #define auth_unwrap(auth, xdrs) \ 2980Sstevel@tonic-gate ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, xfunc, xwhere)) 2990Sstevel@tonic-gate #endif 3000Sstevel@tonic-gate 3010Sstevel@tonic-gate extern struct opaque_auth _null_auth; 3020Sstevel@tonic-gate 3030Sstevel@tonic-gate /* 3040Sstevel@tonic-gate * These are the various implementations of client side authenticators. 3050Sstevel@tonic-gate */ 3060Sstevel@tonic-gate 3070Sstevel@tonic-gate /* 3080Sstevel@tonic-gate * System style authentication 3090Sstevel@tonic-gate * AUTH *authsys_create(machname, uid, gid, len, aup_gids) 3100Sstevel@tonic-gate * const char *machname; 3110Sstevel@tonic-gate * const uid_t uid; 3120Sstevel@tonic-gate * const gid_t gid; 3130Sstevel@tonic-gate * const int len; 3140Sstevel@tonic-gate * const gid_t *aup_gids; 3150Sstevel@tonic-gate */ 3160Sstevel@tonic-gate #ifdef _KERNEL 3170Sstevel@tonic-gate extern AUTH *authkern_create(void); /* takes no parameters */ 3180Sstevel@tonic-gate extern int authkern_init(void *, void *, int); 3190Sstevel@tonic-gate extern struct kmem_cache *authkern_cache; 320*8637SVallish.Vaidyeshwara@Sun.COM extern AUTH *authnone_create(void); /* takes no parameters */ 321*8637SVallish.Vaidyeshwara@Sun.COM extern int authnone_init(void *, void *, int); 322*8637SVallish.Vaidyeshwara@Sun.COM extern struct kmem_cache *authnone_cache; 3230Sstevel@tonic-gate extern AUTH *authloopback_create(void); /* takes no parameters */ 3240Sstevel@tonic-gate extern int authloopback_init(void *, void *, int); 3250Sstevel@tonic-gate extern struct kmem_cache *authloopback_cache; 3260Sstevel@tonic-gate #else /* _KERNEL */ 3270Sstevel@tonic-gate #ifdef __STDC__ 3280Sstevel@tonic-gate extern AUTH *authsys_create(const char *, const uid_t, const gid_t, const int, 3290Sstevel@tonic-gate const gid_t *); 3300Sstevel@tonic-gate extern AUTH *authsys_create_default(void); /* takes no parameters */ 3310Sstevel@tonic-gate extern AUTH *authnone_create(void); /* takes no parameters */ 3320Sstevel@tonic-gate #else /* __STDC__ */ 3330Sstevel@tonic-gate extern AUTH *authsys_create(); 3340Sstevel@tonic-gate extern AUTH *authsys_create_default(); /* takes no parameters */ 3350Sstevel@tonic-gate extern AUTH *authnone_create(); /* takes no parameters */ 3360Sstevel@tonic-gate #endif /* __STDC__ */ 3370Sstevel@tonic-gate /* Will get obsolete in near future */ 3380Sstevel@tonic-gate #define authunix_create authsys_create 3390Sstevel@tonic-gate #define authunix_create_default authsys_create_default 3400Sstevel@tonic-gate #endif /* _KERNEL */ 3410Sstevel@tonic-gate 3420Sstevel@tonic-gate /* 3430Sstevel@tonic-gate * DES style authentication 3440Sstevel@tonic-gate * AUTH *authdes_seccreate(servername, window, timehost, ckey) 3450Sstevel@tonic-gate * const char *servername; - network name of server 3460Sstevel@tonic-gate * const uint_t window; - time to live 3470Sstevel@tonic-gate * const char *timehost; - optional hostname to sync with 3480Sstevel@tonic-gate * const des_block *ckey; - optional conversation key to use 3490Sstevel@tonic-gate */ 3500Sstevel@tonic-gate /* Will get obsolete in near future */ 3510Sstevel@tonic-gate #ifdef _KERNEL 3520Sstevel@tonic-gate extern int authdes_create(char *, uint_t, struct netbuf *, struct knetconfig *, 3530Sstevel@tonic-gate des_block *, int, AUTH **retauth); 3540Sstevel@tonic-gate #else /* _KERNEL */ 3550Sstevel@tonic-gate #ifdef __STDC__ 3560Sstevel@tonic-gate extern AUTH *authdes_seccreate(const char *, const uint_t, const char *, 3570Sstevel@tonic-gate const des_block *); 3580Sstevel@tonic-gate #else 3590Sstevel@tonic-gate extern AUTH *authdes_seccreate(); 3600Sstevel@tonic-gate #endif /* __STDC__ */ 3610Sstevel@tonic-gate #endif /* _KERNEL */ 3620Sstevel@tonic-gate 3630Sstevel@tonic-gate /* 3640Sstevel@tonic-gate * Netname manipulating functions 3650Sstevel@tonic-gate */ 3660Sstevel@tonic-gate 3670Sstevel@tonic-gate #ifdef _KERNEL 3684321Scasper extern enum clnt_stat netname2user(char *, uid_t *, gid_t *, int *, gid_t *); 3690Sstevel@tonic-gate #endif 3700Sstevel@tonic-gate #ifdef __STDC__ 3710Sstevel@tonic-gate extern int getnetname(char *); 3720Sstevel@tonic-gate extern int host2netname(char *, const char *, const char *); 3730Sstevel@tonic-gate extern int user2netname(char *, const uid_t, const char *); 3740Sstevel@tonic-gate #ifndef _KERNEL 3750Sstevel@tonic-gate extern int netname2user(const char *, uid_t *, gid_t *, int *, gid_t *); 3760Sstevel@tonic-gate #endif 3770Sstevel@tonic-gate extern int netname2host(const char *, char *, const int); 3780Sstevel@tonic-gate #else 3790Sstevel@tonic-gate extern int getnetname(); 3800Sstevel@tonic-gate extern int host2netname(); 3810Sstevel@tonic-gate extern int user2netname(); 3820Sstevel@tonic-gate extern int netname2host(); 3830Sstevel@tonic-gate #endif 3840Sstevel@tonic-gate 3850Sstevel@tonic-gate /* 3860Sstevel@tonic-gate * These routines interface to the keyserv daemon 3870Sstevel@tonic-gate */ 3880Sstevel@tonic-gate 3890Sstevel@tonic-gate #ifdef _KERNEL 3900Sstevel@tonic-gate extern enum clnt_stat key_decryptsession(); 3910Sstevel@tonic-gate extern enum clnt_stat key_encryptsession(); 3920Sstevel@tonic-gate extern enum clnt_stat key_gendes(); 3930Sstevel@tonic-gate extern enum clnt_stat key_getnetname(); 3940Sstevel@tonic-gate #endif 3950Sstevel@tonic-gate 3960Sstevel@tonic-gate #ifndef _KERNEL 3970Sstevel@tonic-gate #ifdef __STDC__ 3980Sstevel@tonic-gate extern int key_decryptsession(const char *, des_block *); 3990Sstevel@tonic-gate extern int key_encryptsession(const char *, des_block *); 4000Sstevel@tonic-gate extern int key_gendes(des_block *); 4010Sstevel@tonic-gate extern int key_setsecret(const char *); 4020Sstevel@tonic-gate extern int key_secretkey_is_set(void); 4030Sstevel@tonic-gate /* 4040Sstevel@tonic-gate * The following routines are private. 4050Sstevel@tonic-gate */ 4060Sstevel@tonic-gate extern int key_setnet_ruid(); 4070Sstevel@tonic-gate extern int key_setnet_g_ruid(); 4080Sstevel@tonic-gate extern int key_removesecret_g_ruid(); 4090Sstevel@tonic-gate extern int key_secretkey_is_set_g_ruid(); 4100Sstevel@tonic-gate extern AUTH *authsys_create_ruid(); 4110Sstevel@tonic-gate #else 4120Sstevel@tonic-gate extern int key_decryptsession(); 4130Sstevel@tonic-gate extern int key_encryptsession(); 4140Sstevel@tonic-gate extern int key_gendes(); 4150Sstevel@tonic-gate extern int key_setsecret(); 4160Sstevel@tonic-gate extern int key_secretkey_is_set(); 4170Sstevel@tonic-gate #endif 4180Sstevel@tonic-gate #endif 4190Sstevel@tonic-gate 4200Sstevel@tonic-gate 4210Sstevel@tonic-gate /* 4220Sstevel@tonic-gate * Kerberos style authentication 4230Sstevel@tonic-gate * AUTH *authkerb_seccreate(service, srv_inst, realm, window, timehost, status) 4240Sstevel@tonic-gate * const char *service; - service name 4250Sstevel@tonic-gate * const char *srv_inst; - server instance 4260Sstevel@tonic-gate * const char *realm; - server realm 4270Sstevel@tonic-gate * const uint_t window; - time to live 4280Sstevel@tonic-gate * const char *timehost; - optional hostname to sync with 4290Sstevel@tonic-gate * int *status; - kerberos status returned 4300Sstevel@tonic-gate */ 4310Sstevel@tonic-gate #ifdef _KERNEL 4320Sstevel@tonic-gate extern int authkerb_create(char *, char *, char *, uint_t, 4330Sstevel@tonic-gate struct netbuf *, int *, struct knetconfig *, int, AUTH **); 4340Sstevel@tonic-gate #else 4350Sstevel@tonic-gate #ifdef __STDC__ 4360Sstevel@tonic-gate extern AUTH *authkerb_seccreate(const char *, const char *, const char *, 4370Sstevel@tonic-gate const uint_t, const char *, int *); 4380Sstevel@tonic-gate #else 4390Sstevel@tonic-gate extern AUTH *authkerb_seccreate(); 4400Sstevel@tonic-gate #endif 4410Sstevel@tonic-gate #endif /* _KERNEL */ 4420Sstevel@tonic-gate 4430Sstevel@tonic-gate /* 4440Sstevel@tonic-gate * Map a kerberos credential into a unix cred. 4450Sstevel@tonic-gate * 4460Sstevel@tonic-gate * authkerb_getucred(rqst, uid, gid, grouplen, groups) 4470Sstevel@tonic-gate * const struct svc_req *rqst; - request pointer 4480Sstevel@tonic-gate * uid_t *uid; 4490Sstevel@tonic-gate * gid_t *gid; 4500Sstevel@tonic-gate * short *grouplen; 4510Sstevel@tonic-gate * int *groups; 4520Sstevel@tonic-gate * 4530Sstevel@tonic-gate */ 4540Sstevel@tonic-gate #ifdef __STDC__ 4550Sstevel@tonic-gate struct svc_req; 4560Sstevel@tonic-gate extern int authkerb_getucred(struct svc_req *, uid_t *, gid_t *, 4570Sstevel@tonic-gate short *, int *); 4580Sstevel@tonic-gate #else 4590Sstevel@tonic-gate extern int authkerb_getucred(); 4600Sstevel@tonic-gate #endif 4610Sstevel@tonic-gate 4620Sstevel@tonic-gate #ifdef _KERNEL 4630Sstevel@tonic-gate /* 4640Sstevel@tonic-gate * XDR an opaque authentication struct. See auth.h. 4650Sstevel@tonic-gate */ 4660Sstevel@tonic-gate extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); 4670Sstevel@tonic-gate #endif 4680Sstevel@tonic-gate 4690Sstevel@tonic-gate #ifdef _KERNEL 4700Sstevel@tonic-gate extern int authany_wrap(AUTH *, caddr_t, uint_t, XDR *, xdrproc_t, caddr_t); 4710Sstevel@tonic-gate extern int authany_unwrap(AUTH *, XDR *, xdrproc_t, caddr_t); 4720Sstevel@tonic-gate #endif 4730Sstevel@tonic-gate 4740Sstevel@tonic-gate #define AUTH_NONE 0 /* no authentication */ 4750Sstevel@tonic-gate #define AUTH_NULL 0 /* backward compatibility */ 4760Sstevel@tonic-gate #define AUTH_SYS 1 /* unix style (uid, gids) */ 4770Sstevel@tonic-gate #define AUTH_UNIX AUTH_SYS 4780Sstevel@tonic-gate #define AUTH_SHORT 2 /* short hand unix style */ 4790Sstevel@tonic-gate #define AUTH_DH 3 /* for Diffie-Hellman mechanism */ 4800Sstevel@tonic-gate #define AUTH_DES AUTH_DH /* for backward compatibility */ 4810Sstevel@tonic-gate #define AUTH_KERB 4 /* kerberos style */ 4820Sstevel@tonic-gate #define RPCSEC_GSS 6 /* GSS-API style */ 4830Sstevel@tonic-gate 4840Sstevel@tonic-gate #define AUTH_LOOPBACK 21982 /* unix style w/ expanded groups */ 4850Sstevel@tonic-gate /* for use over the local transport */ 4860Sstevel@tonic-gate 4870Sstevel@tonic-gate #ifdef _KERNEL 4880Sstevel@tonic-gate extern char loopback_name[]; 4890Sstevel@tonic-gate 4900Sstevel@tonic-gate extern zone_key_t auth_zone_key; 4910Sstevel@tonic-gate extern void * auth_zone_init(zoneid_t); 4920Sstevel@tonic-gate extern void auth_zone_fini(zoneid_t, void *); 4930Sstevel@tonic-gate #endif 4940Sstevel@tonic-gate 4950Sstevel@tonic-gate #ifdef __cplusplus 4960Sstevel@tonic-gate } 4970Sstevel@tonic-gate #endif 4980Sstevel@tonic-gate 4990Sstevel@tonic-gate #endif /* !_RPC_AUTH_H */ 500