Home | History | Annotate | Download | only in rpc 
      1 /* @(#)auth.h	2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
      2 /*
      3  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
      4  * unrestricted use provided that this legend is included on all tape
      5  * media and as a part of the software program in whole or part.  Users
      6  * may copy or modify Sun RPC without charge, but are not authorized
      7  * to license or distribute it to anyone else except as part of a product or
      8  * program developed by the user.
      9  *
     10  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
     11  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
     12  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
     13  *
     14  * Sun RPC is provided with no support and without any obligation on the
     15  * part of Sun Microsystems, Inc. to assist in its use, correction,
     16  * modification or enhancement.
     17  *
     18  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
     19  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
     20  * OR ANY PART THEREOF.
     21  *
     22  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
     23  * or profits or other special, indirect and consequential damages, even if
     24  * Sun has been advised of the possibility of such damages.
     25  *
     26  * Sun Microsystems, Inc.
     27  * 2550 Garcia Avenue
     28  * Mountain View, California  94043
     29  */
     30 
     31 /*
     32  * auth.h, Authentication interface.
     33  *
     34  * Copyright (C) 1984, Sun Microsystems, Inc.
     35  *
     36  * The data structures are completely opaque to the client.  The client
     37  * is required to pass a AUTH * to routines that create rpc
     38  * "sessions".
     39  */
     40 
     41 #ifndef _RPC_AUTH_H
     42 
     43 #define _RPC_AUTH_H	1
     44 #include <features.h>
     45 #include <rpc/xdr.h>
     46 
     47 __BEGIN_DECLS
     48 
     49 #define MAX_AUTH_BYTES	400
     50 #define MAXNETNAMELEN	255	/* maximum length of network user's name */
     51 
     52 /*
     53  * Status returned from authentication check
     54  */
     55 enum auth_stat {
     56 	AUTH_OK=0,
     57 	/*
     58 	 * failed at remote end
     59 	 */
     60 	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */
     61 	AUTH_REJECTEDCRED=2,		/* client should begin new session */
     62 	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */
     63 	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */
     64 	AUTH_TOOWEAK=5,			/* rejected due to security reasons */
     65 	/*
     66 	 * failed locally
     67 	*/
     68 	AUTH_INVALIDRESP=6,		/* bogus response verifier */
     69 	AUTH_FAILED=7			/* some unknown reason */
     70 };
     71 
     72 union des_block {
     73 	struct {
     74 		u_int32_t high;
     75 		u_int32_t low;
     76 	} key;
     77 	char c[8];
     78 };
     79 typedef union des_block des_block;
     80 extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW;
     81 
     82 /*
     83  * Authentication info.  Opaque to client.
     84  */
     85 struct opaque_auth {
     86 	enum_t	oa_flavor;		/* flavor of auth */
     87 	caddr_t	oa_base;		/* address of more auth stuff */
     88 	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */
     89 };
     90 
     91 /*
     92  * Auth handle, interface to client side authenticators.
     93  */
     94 typedef struct AUTH AUTH;
     95 struct AUTH {
     96   struct opaque_auth ah_cred;
     97   struct opaque_auth ah_verf;
     98   union des_block ah_key;
     99   struct auth_ops {
    100     void (*ah_nextverf) (AUTH *);
    101     int  (*ah_marshal) (AUTH *, XDR *);		/* nextverf & serialize */
    102     int  (*ah_validate) (AUTH *, struct opaque_auth *);
    103 						/* validate verifier */
    104     int  (*ah_refresh) (AUTH *);		/* refresh credentials */
    105     void (*ah_destroy) (AUTH *); 	    	/* destroy this structure */
    106   } *ah_ops;
    107   caddr_t ah_private;
    108 };
    109 
    110 
    111 /*
    112  * Authentication ops.
    113  * The ops and the auth handle provide the interface to the authenticators.
    114  *
    115  * AUTH	*auth;
    116  * XDR	*xdrs;
    117  * struct opaque_auth verf;
    118  */
    119 #define AUTH_NEXTVERF(auth)		\
    120 		((*((auth)->ah_ops->ah_nextverf))(auth))
    121 #define auth_nextverf(auth)		\
    122 		((*((auth)->ah_ops->ah_nextverf))(auth))
    123 
    124 #define AUTH_MARSHALL(auth, xdrs)	\
    125 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
    126 #define auth_marshall(auth, xdrs)	\
    127 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
    128 
    129 #define AUTH_VALIDATE(auth, verfp)	\
    130 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
    131 #define auth_validate(auth, verfp)	\
    132 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
    133 
    134 #define AUTH_REFRESH(auth)		\
    135 		((*((auth)->ah_ops->ah_refresh))(auth))
    136 #define auth_refresh(auth)		\
    137 		((*((auth)->ah_ops->ah_refresh))(auth))
    138 
    139 #define AUTH_DESTROY(auth)		\
    140 		((*((auth)->ah_ops->ah_destroy))(auth))
    141 #define auth_destroy(auth)		\
    142 		((*((auth)->ah_ops->ah_destroy))(auth))
    143 
    144 
    145 extern struct opaque_auth _null_auth;
    146 
    147 
    148 /*
    149  * These are the various implementations of client side authenticators.
    150  */
    151 
    152 /*
    153  * Unix style authentication
    154  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
    155  *	char *machname;
    156  *	int uid;
    157  *	int gid;
    158  *	int len;
    159  *	int *aup_gids;
    160  */
    161 extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid,
    162 			      int __len, __gid_t *__aup_gids);
    163 extern AUTH *authunix_create_default (void);
    164 extern AUTH *authnone_create (void) __THROW;
    165 extern AUTH *authdes_create (const char *__servername, u_int __window,
    166 			     struct sockaddr *__syncaddr, des_block *__ckey)
    167      __THROW;
    168 extern AUTH *authdes_pk_create (const char *, netobj *, u_int,
    169 				struct sockaddr *, des_block *) __THROW;
    170 
    171 
    172 #define AUTH_NONE	0		/* no authentication */
    173 #define	AUTH_NULL	0		/* backward compatibility */
    174 #define	AUTH_SYS	1		/* unix style (uid, gids) */
    175 #define	AUTH_UNIX	AUTH_SYS
    176 #define	AUTH_SHORT	2		/* short hand unix style */
    177 #define AUTH_DES	3		/* des style (encrypted timestamps) */
    178 #define AUTH_DH		AUTH_DES	/* Diffie-Hellman (this is DES) */
    179 #define AUTH_KERB       4               /* kerberos style */
    180 
    181 /*
    182  *  Netname manipulating functions
    183  *
    184  */
    185 extern int getnetname (char *) __THROW;
    186 extern int host2netname (char *, __const char *, __const char *) __THROW;
    187 extern int user2netname (char *, __const uid_t, __const char *) __THROW;
    188 extern int netname2user (__const char *, uid_t *, gid_t *, int *, gid_t *)
    189      __THROW;
    190 extern int netname2host (__const char *, char *, __const int) __THROW;
    191 
    192 /*
    193  *
    194  * These routines interface to the keyserv daemon
    195  *
    196  */
    197 extern int key_decryptsession (char *, des_block *);
    198 extern int key_decryptsession_pk (char *, netobj *, des_block *);
    199 extern int key_encryptsession (char *, des_block *);
    200 extern int key_encryptsession_pk (char *, netobj *, des_block *);
    201 extern int key_gendes (des_block *);
    202 extern int key_setsecret (char *);
    203 extern int key_secretkey_is_set (void);
    204 extern int key_get_conv (char *, des_block *);
    205 
    206 /*
    207  * XDR an opaque authentication struct.
    208  */
    209 extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW;
    210 
    211 __END_DECLS
    212 
    213 #endif /* rpc/auth.h */
    214