1*45064Smckusick /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */ 2*45064Smckusick /* 3*45064Smckusick * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 4*45064Smckusick * unrestricted use provided that this legend is included on all tape 5*45064Smckusick * media and as a part of the software program in whole or part. Users 6*45064Smckusick * may copy or modify Sun RPC without charge, but are not authorized 7*45064Smckusick * to license or distribute it to anyone else except as part of a product or 8*45064Smckusick * program developed by the user. 9*45064Smckusick * 10*45064Smckusick * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 11*45064Smckusick * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 12*45064Smckusick * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 13*45064Smckusick * 14*45064Smckusick * Sun RPC is provided with no support and without any obligation on the 15*45064Smckusick * part of Sun Microsystems, Inc. to assist in its use, correction, 16*45064Smckusick * modification or enhancement. 17*45064Smckusick * 18*45064Smckusick * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 19*45064Smckusick * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 20*45064Smckusick * OR ANY PART THEREOF. 21*45064Smckusick * 22*45064Smckusick * In no event will Sun Microsystems, Inc. be liable for any lost revenue 23*45064Smckusick * or profits or other special, indirect and consequential damages, even if 24*45064Smckusick * Sun has been advised of the possibility of such damages. 25*45064Smckusick * 26*45064Smckusick * Sun Microsystems, Inc. 27*45064Smckusick * 2550 Garcia Avenue 28*45064Smckusick * Mountain View, California 94043 29*45064Smckusick */ 30*45064Smckusick 31*45064Smckusick /* 32*45064Smckusick * auth.h, Authentication interface. 33*45064Smckusick * 34*45064Smckusick * Copyright (C) 1984, Sun Microsystems, Inc. 35*45064Smckusick * 36*45064Smckusick * The data structures are completely opaque to the client. The client 37*45064Smckusick * is required to pass a AUTH * to routines that create rpc 38*45064Smckusick * "sessions". 39*45064Smckusick */ 40*45064Smckusick 41*45064Smckusick 42*45064Smckusick #define MAX_AUTH_BYTES 400 43*45064Smckusick #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 44*45064Smckusick 45*45064Smckusick /* 46*45064Smckusick * Status returned from authentication check 47*45064Smckusick */ 48*45064Smckusick enum auth_stat { 49*45064Smckusick AUTH_OK=0, 50*45064Smckusick /* 51*45064Smckusick * failed at remote end 52*45064Smckusick */ 53*45064Smckusick AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 54*45064Smckusick AUTH_REJECTEDCRED=2, /* client should begin new session */ 55*45064Smckusick AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 56*45064Smckusick AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 57*45064Smckusick AUTH_TOOWEAK=5, /* rejected due to security reasons */ 58*45064Smckusick /* 59*45064Smckusick * failed locally 60*45064Smckusick */ 61*45064Smckusick AUTH_INVALIDRESP=6, /* bogus response verifier */ 62*45064Smckusick AUTH_FAILED=7 /* some unknown reason */ 63*45064Smckusick }; 64*45064Smckusick 65*45064Smckusick #if (mc68000 || sparc || vax || i386) 66*45064Smckusick typedef u_long u_int32; /* 32-bit unsigned integers */ 67*45064Smckusick #endif 68*45064Smckusick 69*45064Smckusick union des_block { 70*45064Smckusick struct { 71*45064Smckusick u_int32 high; 72*45064Smckusick u_int32 low; 73*45064Smckusick } key; 74*45064Smckusick char c[8]; 75*45064Smckusick }; 76*45064Smckusick typedef union des_block des_block; 77*45064Smckusick extern bool_t xdr_des_block(); 78*45064Smckusick 79*45064Smckusick /* 80*45064Smckusick * Authentication info. Opaque to client. 81*45064Smckusick */ 82*45064Smckusick struct opaque_auth { 83*45064Smckusick enum_t oa_flavor; /* flavor of auth */ 84*45064Smckusick caddr_t oa_base; /* address of more auth stuff */ 85*45064Smckusick u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 86*45064Smckusick }; 87*45064Smckusick 88*45064Smckusick 89*45064Smckusick /* 90*45064Smckusick * Auth handle, interface to client side authenticators. 91*45064Smckusick */ 92*45064Smckusick typedef struct { 93*45064Smckusick struct opaque_auth ah_cred; 94*45064Smckusick struct opaque_auth ah_verf; 95*45064Smckusick union des_block ah_key; 96*45064Smckusick struct auth_ops { 97*45064Smckusick void (*ah_nextverf)(); 98*45064Smckusick int (*ah_marshal)(); /* nextverf & serialize */ 99*45064Smckusick int (*ah_validate)(); /* validate varifier */ 100*45064Smckusick int (*ah_refresh)(); /* refresh credentials */ 101*45064Smckusick void (*ah_destroy)(); /* destroy this structure */ 102*45064Smckusick } *ah_ops; 103*45064Smckusick caddr_t ah_private; 104*45064Smckusick } AUTH; 105*45064Smckusick 106*45064Smckusick 107*45064Smckusick /* 108*45064Smckusick * Authentication ops. 109*45064Smckusick * The ops and the auth handle provide the interface to the authenticators. 110*45064Smckusick * 111*45064Smckusick * AUTH *auth; 112*45064Smckusick * XDR *xdrs; 113*45064Smckusick * struct opaque_auth verf; 114*45064Smckusick */ 115*45064Smckusick #define AUTH_NEXTVERF(auth) \ 116*45064Smckusick ((*((auth)->ah_ops->ah_nextverf))(auth)) 117*45064Smckusick #define auth_nextverf(auth) \ 118*45064Smckusick ((*((auth)->ah_ops->ah_nextverf))(auth)) 119*45064Smckusick 120*45064Smckusick #define AUTH_MARSHALL(auth, xdrs) \ 121*45064Smckusick ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 122*45064Smckusick #define auth_marshall(auth, xdrs) \ 123*45064Smckusick ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 124*45064Smckusick 125*45064Smckusick #define AUTH_VALIDATE(auth, verfp) \ 126*45064Smckusick ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 127*45064Smckusick #define auth_validate(auth, verfp) \ 128*45064Smckusick ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 129*45064Smckusick 130*45064Smckusick #define AUTH_REFRESH(auth) \ 131*45064Smckusick ((*((auth)->ah_ops->ah_refresh))(auth)) 132*45064Smckusick #define auth_refresh(auth) \ 133*45064Smckusick ((*((auth)->ah_ops->ah_refresh))(auth)) 134*45064Smckusick 135*45064Smckusick #define AUTH_DESTROY(auth) \ 136*45064Smckusick ((*((auth)->ah_ops->ah_destroy))(auth)) 137*45064Smckusick #define auth_destroy(auth) \ 138*45064Smckusick ((*((auth)->ah_ops->ah_destroy))(auth)) 139*45064Smckusick 140*45064Smckusick 141*45064Smckusick extern struct opaque_auth _null_auth; 142*45064Smckusick 143*45064Smckusick 144*45064Smckusick /* 145*45064Smckusick * These are the various implementations of client side authenticators. 146*45064Smckusick */ 147*45064Smckusick 148*45064Smckusick /* 149*45064Smckusick * Unix style authentication 150*45064Smckusick * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 151*45064Smckusick * char *machname; 152*45064Smckusick * int uid; 153*45064Smckusick * int gid; 154*45064Smckusick * int len; 155*45064Smckusick * int *aup_gids; 156*45064Smckusick */ 157*45064Smckusick extern AUTH *authunix_create(); 158*45064Smckusick extern AUTH *authunix_create_default(); /* takes no parameters */ 159*45064Smckusick extern AUTH *authnone_create(); /* takes no parameters */ 160*45064Smckusick extern AUTH *authdes_create(); 161*45064Smckusick 162*45064Smckusick #define AUTH_NONE 0 /* no authentication */ 163*45064Smckusick #define AUTH_NULL 0 /* backward compatibility */ 164*45064Smckusick #define AUTH_UNIX 1 /* unix style (uid, gids) */ 165*45064Smckusick #define AUTH_SHORT 2 /* short hand unix style */ 166*45064Smckusick #define AUTH_DES 3 /* des style (encrypted timestamps) */ 167