145064Smckusick /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */ 245064Smckusick /* 345064Smckusick * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 445064Smckusick * unrestricted use provided that this legend is included on all tape 545064Smckusick * media and as a part of the software program in whole or part. Users 645064Smckusick * may copy or modify Sun RPC without charge, but are not authorized 745064Smckusick * to license or distribute it to anyone else except as part of a product or 845064Smckusick * program developed by the user. 945064Smckusick * 1045064Smckusick * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 1145064Smckusick * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 1245064Smckusick * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 1345064Smckusick * 1445064Smckusick * Sun RPC is provided with no support and without any obligation on the 1545064Smckusick * part of Sun Microsystems, Inc. to assist in its use, correction, 1645064Smckusick * modification or enhancement. 1745064Smckusick * 1845064Smckusick * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 1945064Smckusick * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 2045064Smckusick * OR ANY PART THEREOF. 2145064Smckusick * 2245064Smckusick * In no event will Sun Microsystems, Inc. be liable for any lost revenue 2345064Smckusick * or profits or other special, indirect and consequential damages, even if 2445064Smckusick * Sun has been advised of the possibility of such damages. 2545064Smckusick * 2645064Smckusick * Sun Microsystems, Inc. 2745064Smckusick * 2550 Garcia Avenue 2845064Smckusick * Mountain View, California 94043 2945064Smckusick */ 3045064Smckusick 3145064Smckusick /* 3245064Smckusick * auth.h, Authentication interface. 3345064Smckusick * 3445064Smckusick * Copyright (C) 1984, Sun Microsystems, Inc. 3545064Smckusick * 3645064Smckusick * The data structures are completely opaque to the client. The client 3745064Smckusick * is required to pass a AUTH * to routines that create rpc 3845064Smckusick * "sessions". 3945064Smckusick */ 4045064Smckusick 4145064Smckusick 4245064Smckusick #define MAX_AUTH_BYTES 400 4345064Smckusick #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 4445064Smckusick 4545064Smckusick /* 4645064Smckusick * Status returned from authentication check 4745064Smckusick */ 4845064Smckusick enum auth_stat { 4945064Smckusick AUTH_OK=0, 5045064Smckusick /* 5145064Smckusick * failed at remote end 5245064Smckusick */ 5345064Smckusick AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 5445064Smckusick AUTH_REJECTEDCRED=2, /* client should begin new session */ 5545064Smckusick AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 5645064Smckusick AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 5745064Smckusick AUTH_TOOWEAK=5, /* rejected due to security reasons */ 5845064Smckusick /* 5945064Smckusick * failed locally 6045064Smckusick */ 6145064Smckusick AUTH_INVALIDRESP=6, /* bogus response verifier */ 6245064Smckusick AUTH_FAILED=7 /* some unknown reason */ 6345064Smckusick }; 6445064Smckusick 65*53883Smckusick #if (mc68000 || sparc || vax || i386 || tahoe || luna68k || hp300 || mips) 6645064Smckusick typedef u_long u_int32; /* 32-bit unsigned integers */ 6745064Smckusick #endif 6845064Smckusick 6945064Smckusick union des_block { 7045064Smckusick struct { 7145064Smckusick u_int32 high; 7245064Smckusick u_int32 low; 7345064Smckusick } key; 7445064Smckusick char c[8]; 7545064Smckusick }; 7645064Smckusick typedef union des_block des_block; 7745064Smckusick extern bool_t xdr_des_block(); 7845064Smckusick 7945064Smckusick /* 8045064Smckusick * Authentication info. Opaque to client. 8145064Smckusick */ 8245064Smckusick struct opaque_auth { 8345064Smckusick enum_t oa_flavor; /* flavor of auth */ 8445064Smckusick caddr_t oa_base; /* address of more auth stuff */ 8545064Smckusick u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 8645064Smckusick }; 8745064Smckusick 8845064Smckusick 8945064Smckusick /* 9045064Smckusick * Auth handle, interface to client side authenticators. 9145064Smckusick */ 9245064Smckusick typedef struct { 9345064Smckusick struct opaque_auth ah_cred; 9445064Smckusick struct opaque_auth ah_verf; 9545064Smckusick union des_block ah_key; 9645064Smckusick struct auth_ops { 9745064Smckusick void (*ah_nextverf)(); 9845064Smckusick int (*ah_marshal)(); /* nextverf & serialize */ 9945064Smckusick int (*ah_validate)(); /* validate varifier */ 10045064Smckusick int (*ah_refresh)(); /* refresh credentials */ 10145064Smckusick void (*ah_destroy)(); /* destroy this structure */ 10245064Smckusick } *ah_ops; 10345064Smckusick caddr_t ah_private; 10445064Smckusick } AUTH; 10545064Smckusick 10645064Smckusick 10745064Smckusick /* 10845064Smckusick * Authentication ops. 10945064Smckusick * The ops and the auth handle provide the interface to the authenticators. 11045064Smckusick * 11145064Smckusick * AUTH *auth; 11245064Smckusick * XDR *xdrs; 11345064Smckusick * struct opaque_auth verf; 11445064Smckusick */ 11545064Smckusick #define AUTH_NEXTVERF(auth) \ 11645064Smckusick ((*((auth)->ah_ops->ah_nextverf))(auth)) 11745064Smckusick #define auth_nextverf(auth) \ 11845064Smckusick ((*((auth)->ah_ops->ah_nextverf))(auth)) 11945064Smckusick 12045064Smckusick #define AUTH_MARSHALL(auth, xdrs) \ 12145064Smckusick ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 12245064Smckusick #define auth_marshall(auth, xdrs) \ 12345064Smckusick ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 12445064Smckusick 12545064Smckusick #define AUTH_VALIDATE(auth, verfp) \ 12645064Smckusick ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 12745064Smckusick #define auth_validate(auth, verfp) \ 12845064Smckusick ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 12945064Smckusick 13045064Smckusick #define AUTH_REFRESH(auth) \ 13145064Smckusick ((*((auth)->ah_ops->ah_refresh))(auth)) 13245064Smckusick #define auth_refresh(auth) \ 13345064Smckusick ((*((auth)->ah_ops->ah_refresh))(auth)) 13445064Smckusick 13545064Smckusick #define AUTH_DESTROY(auth) \ 13645064Smckusick ((*((auth)->ah_ops->ah_destroy))(auth)) 13745064Smckusick #define auth_destroy(auth) \ 13845064Smckusick ((*((auth)->ah_ops->ah_destroy))(auth)) 13945064Smckusick 14045064Smckusick 14145064Smckusick extern struct opaque_auth _null_auth; 14245064Smckusick 14345064Smckusick 14445064Smckusick /* 14545064Smckusick * These are the various implementations of client side authenticators. 14645064Smckusick */ 14745064Smckusick 14845064Smckusick /* 14945064Smckusick * Unix style authentication 15045064Smckusick * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 15145064Smckusick * char *machname; 15245064Smckusick * int uid; 15345064Smckusick * int gid; 15445064Smckusick * int len; 15545064Smckusick * int *aup_gids; 15645064Smckusick */ 15745064Smckusick extern AUTH *authunix_create(); 15845064Smckusick extern AUTH *authunix_create_default(); /* takes no parameters */ 15945064Smckusick extern AUTH *authnone_create(); /* takes no parameters */ 16045064Smckusick extern AUTH *authdes_create(); 16145064Smckusick 16245064Smckusick #define AUTH_NONE 0 /* no authentication */ 16345064Smckusick #define AUTH_NULL 0 /* backward compatibility */ 16445064Smckusick #define AUTH_UNIX 1 /* unix style (uid, gids) */ 16545064Smckusick #define AUTH_SHORT 2 /* short hand unix style */ 16645064Smckusick #define AUTH_DES 3 /* des style (encrypted timestamps) */ 167