1 /* $OpenBSD: auth.h,v 1.6 2006/11/10 17:29:31 grunk Exp $ */ 2 /* $NetBSD: auth.h,v 1.7 1995/04/29 05:27:55 cgd Exp $ */ 3 4 /* 5 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 6 * unrestricted use provided that this legend is included on all tape 7 * media and as a part of the software program in whole or part. Users 8 * may copy or modify Sun RPC without charge, but are not authorized 9 * to license or distribute it to anyone else except as part of a product or 10 * program developed by the user. 11 * 12 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 13 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 14 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 15 * 16 * Sun RPC is provided with no support and without any obligation on the 17 * part of Sun Microsystems, Inc. to assist in its use, correction, 18 * modification or enhancement. 19 * 20 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 21 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 22 * OR ANY PART THEREOF. 23 * 24 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 25 * or profits or other special, indirect and consequential damages, even if 26 * Sun has been advised of the possibility of such damages. 27 * 28 * Sun Microsystems, Inc. 29 * 2550 Garcia Avenue 30 * Mountain View, California 94043 31 * 32 * from: @(#)auth.h 1.17 88/02/08 SMI 33 * @(#)auth.h 2.3 88/08/07 4.0 RPCSRC 34 */ 35 36 /* 37 * auth.h, Authentication interface. 38 * 39 * Copyright (C) 1984, Sun Microsystems, Inc. 40 * 41 * The data structures are completely opaque to the client. The client 42 * is required to pass a AUTH * to routines that create rpc 43 * "sessions". 44 */ 45 46 #ifndef _RPC_AUTH_H 47 #define _RPC_AUTH_H 48 #include <sys/cdefs.h> 49 50 #define MAX_AUTH_BYTES 400 51 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 52 53 /* 54 * Status returned from authentication check 55 */ 56 enum auth_stat { 57 AUTH_OK=0, 58 /* 59 * failed at remote end 60 */ 61 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 62 AUTH_REJECTEDCRED=2, /* client should begin new session */ 63 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 64 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 65 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 66 /* 67 * failed locally 68 */ 69 AUTH_INVALIDRESP=6, /* bogus response verifier */ 70 AUTH_FAILED=7 /* some unknown reason */ 71 }; 72 73 typedef u_int32_t u_int32; /* 32-bit unsigned integers */ 74 75 union des_block { 76 struct { 77 u_int32 high; 78 u_int32 low; 79 } key; 80 char c[8]; 81 }; 82 typedef union des_block des_block; 83 __BEGIN_DECLS 84 extern bool_t xdr_des_block(XDR *, des_block *); 85 __END_DECLS 86 87 /* 88 * Authentication info. Opaque to client. 89 */ 90 struct opaque_auth { 91 enum_t oa_flavor; /* flavor of auth */ 92 caddr_t oa_base; /* address of more auth stuff */ 93 unsigned int oa_length; /* not to exceed MAX_AUTH_BYTES */ 94 }; 95 96 97 /* 98 * Auth handle, interface to client side authenticators. 99 */ 100 typedef struct __rpc_auth { 101 struct opaque_auth ah_cred; 102 struct opaque_auth ah_verf; 103 union des_block ah_key; 104 struct auth_ops { 105 void (*ah_nextverf)(struct __rpc_auth *); 106 /* nextverf & serialize */ 107 int (*ah_marshal)(struct __rpc_auth *, XDR *); 108 /* validate varifier */ 109 int (*ah_validate)(struct __rpc_auth *, 110 struct opaque_auth *); 111 /* refresh credentials */ 112 int (*ah_refresh)(struct __rpc_auth *); 113 /* destroy this structure */ 114 void (*ah_destroy)(struct __rpc_auth *); 115 } *ah_ops; 116 caddr_t ah_private; 117 } AUTH; 118 119 120 /* 121 * Authentication ops. 122 * The ops and the auth handle provide the interface to the authenticators. 123 * 124 * AUTH *auth; 125 * XDR *xdrs; 126 * struct opaque_auth verf; 127 */ 128 #define AUTH_NEXTVERF(auth) \ 129 ((*((auth)->ah_ops->ah_nextverf))(auth)) 130 #define auth_nextverf(auth) \ 131 ((*((auth)->ah_ops->ah_nextverf))(auth)) 132 133 #define AUTH_MARSHALL(auth, xdrs) \ 134 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 135 #define auth_marshall(auth, xdrs) \ 136 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 137 138 #define AUTH_VALIDATE(auth, verfp) \ 139 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 140 #define auth_validate(auth, verfp) \ 141 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 142 143 #define AUTH_REFRESH(auth) \ 144 ((*((auth)->ah_ops->ah_refresh))(auth)) 145 #define auth_refresh(auth) \ 146 ((*((auth)->ah_ops->ah_refresh))(auth)) 147 148 #define AUTH_DESTROY(auth) \ 149 ((*((auth)->ah_ops->ah_destroy))(auth)) 150 #define auth_destroy(auth) \ 151 ((*((auth)->ah_ops->ah_destroy))(auth)) 152 153 154 extern struct opaque_auth _null_auth; 155 156 157 /* 158 * These are the various implementations of client side authenticators. 159 */ 160 161 /* 162 * Unix style authentication 163 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 164 * char *machname; 165 * int uid; 166 * int gid; 167 * int len; 168 * int *aup_gids; 169 */ 170 __BEGIN_DECLS 171 struct sockaddr_in; 172 extern AUTH *authunix_create(char *, int, int, int, int *); 173 extern AUTH *authunix_create_default(void); 174 extern AUTH *authnone_create(void); 175 extern AUTH *authdes_create(char *, unsigned int, struct sockaddr_in *, 176 des_block *); 177 extern void set_rpc_maxgrouplist(int); 178 __END_DECLS 179 180 #define AUTH_NONE 0 /* no authentication */ 181 #define AUTH_NULL 0 /* backward compatibility */ 182 #define AUTH_UNIX 1 /* unix style (uid, gids) */ 183 #define AUTH_SHORT 2 /* short hand unix style */ 184 #define AUTH_DES 3 /* des style (encrypted timestamps) */ 185 186 #endif /* !_RPC_AUTH_H */ 187