Home | History | Annotate | Download | only in rpc
      1 /*
      2  * auth.h, Authentication interface.
      3  *
      4  * Copyright (C) 1984, Sun Microsystems, Inc.
      5  *
      6  * Redistribution and use in source and binary forms, with or without
      7  * modification, are permitted provided that the following conditions are
      8  * met:
      9  *
     10  *     * Redistributions of source code must retain the above copyright
     11  *       notice, this list of conditions and the following disclaimer.
     12  *     * Redistributions in binary form must reproduce the above
     13  *       copyright notice, this list of conditions and the following
     14  *       disclaimer in the documentation and/or other materials
     15  *       provided with the distribution.
     16  *     * Neither the name of Sun Microsystems, Inc. nor the names of its
     17  *       contributors may be used to endorse or promote products derived
     18  *       from this software without specific prior written permission.
     19  *
     20  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     21  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     22  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
     23  *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
     24  *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
     25  *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     26  *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
     27  *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
     28  *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     29  *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
     30  *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     31  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     32  *
     33  * The data structures are completely opaque to the client.  The client
     34  * is required to pass a AUTH * to routines that create rpc
     35  * "sessions".
     36  */
     37 
     38 #ifndef _RPC_AUTH_H
     39 
     40 #define _RPC_AUTH_H	1
     41 #include <features.h>
     42 #include <rpc/xdr.h>
     43 
     44 __BEGIN_DECLS
     45 
     46 #define MAX_AUTH_BYTES	400
     47 #define MAXNETNAMELEN	255	/* maximum length of network user's name */
     48 
     49 /*
     50  * Status returned from authentication check
     51  */
     52 enum auth_stat {
     53 	AUTH_OK=0,
     54 	/*
     55 	 * failed at remote end
     56 	 */
     57 	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */
     58 	AUTH_REJECTEDCRED=2,		/* client should begin new session */
     59 	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */
     60 	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */
     61 	AUTH_TOOWEAK=5,			/* rejected due to security reasons */
     62 	/*
     63 	 * failed locally
     64 	*/
     65 	AUTH_INVALIDRESP=6,		/* bogus response verifier */
     66 	AUTH_FAILED=7			/* some unknown reason */
     67 };
     68 
     69 union des_block {
     70 	struct {
     71 		u_int32_t high;
     72 		u_int32_t low;
     73 	} key;
     74 	char c[8];
     75 };
     76 typedef union des_block des_block;
     77 extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW;
     78 
     79 /*
     80  * Authentication info.  Opaque to client.
     81  */
     82 struct opaque_auth {
     83 	enum_t	oa_flavor;		/* flavor of auth */
     84 	caddr_t	oa_base;		/* address of more auth stuff */
     85 	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */
     86 };
     87 
     88 /*
     89  * Auth handle, interface to client side authenticators.
     90  */
     91 typedef struct AUTH AUTH;
     92 struct AUTH {
     93   struct opaque_auth ah_cred;
     94   struct opaque_auth ah_verf;
     95   union des_block ah_key;
     96   struct auth_ops {
     97     void (*ah_nextverf) (AUTH *);
     98     int  (*ah_marshal) (AUTH *, XDR *);		/* nextverf & serialize */
     99     int  (*ah_validate) (AUTH *, struct opaque_auth *);
    100 						/* validate verifier */
    101     int  (*ah_refresh) (AUTH *);		/* refresh credentials */
    102     void (*ah_destroy) (AUTH *); 	    	/* destroy this structure */
    103   } *ah_ops;
    104   caddr_t ah_private;
    105 };
    106 
    107 
    108 /*
    109  * Authentication ops.
    110  * The ops and the auth handle provide the interface to the authenticators.
    111  *
    112  * AUTH	*auth;
    113  * XDR	*xdrs;
    114  * struct opaque_auth verf;
    115  */
    116 #define AUTH_NEXTVERF(auth)		\
    117 		((*((auth)->ah_ops->ah_nextverf))(auth))
    118 #define auth_nextverf(auth)		\
    119 		((*((auth)->ah_ops->ah_nextverf))(auth))
    120 
    121 #define AUTH_MARSHALL(auth, xdrs)	\
    122 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
    123 #define auth_marshall(auth, xdrs)	\
    124 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
    125 
    126 #define AUTH_VALIDATE(auth, verfp)	\
    127 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
    128 #define auth_validate(auth, verfp)	\
    129 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
    130 
    131 #define AUTH_REFRESH(auth)		\
    132 		((*((auth)->ah_ops->ah_refresh))(auth))
    133 #define auth_refresh(auth)		\
    134 		((*((auth)->ah_ops->ah_refresh))(auth))
    135 
    136 #define AUTH_DESTROY(auth)		\
    137 		((*((auth)->ah_ops->ah_destroy))(auth))
    138 #define auth_destroy(auth)		\
    139 		((*((auth)->ah_ops->ah_destroy))(auth))
    140 
    141 
    142 extern struct opaque_auth _null_auth;
    143 
    144 
    145 /*
    146  * These are the various implementations of client side authenticators.
    147  */
    148 
    149 /*
    150  * Unix style authentication
    151  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
    152  *	char *machname;
    153  *	int uid;
    154  *	int gid;
    155  *	int len;
    156  *	int *aup_gids;
    157  */
    158 extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid,
    159 			      int __len, __gid_t *__aup_gids);
    160 extern AUTH *authunix_create_default (void);
    161 extern AUTH *authnone_create (void) __THROW;
    162 extern AUTH *authdes_create (const char *__servername, u_int __window,
    163 			     struct sockaddr *__syncaddr, des_block *__ckey)
    164      __THROW;
    165 extern AUTH *authdes_pk_create (const char *, netobj *, u_int,
    166 				struct sockaddr *, des_block *) __THROW;
    167 
    168 
    169 #define AUTH_NONE	0		/* no authentication */
    170 #define	AUTH_NULL	0		/* backward compatibility */
    171 #define	AUTH_SYS	1		/* unix style (uid, gids) */
    172 #define	AUTH_UNIX	AUTH_SYS
    173 #define	AUTH_SHORT	2		/* short hand unix style */
    174 #define AUTH_DES	3		/* des style (encrypted timestamps) */
    175 #define AUTH_DH		AUTH_DES	/* Diffie-Hellman (this is DES) */
    176 #define AUTH_KERB       4               /* kerberos style */
    177 
    178 /*
    179  *  Netname manipulating functions
    180  *
    181  */
    182 extern int getnetname (char *) __THROW;
    183 extern int host2netname (char *, __const char *, __const char *) __THROW;
    184 extern int user2netname (char *, __const uid_t, __const char *) __THROW;
    185 extern int netname2user (__const char *, uid_t *, gid_t *, int *, gid_t *)
    186      __THROW;
    187 extern int netname2host (__const char *, char *, __const int) __THROW;
    188 
    189 /*
    190  *
    191  * These routines interface to the keyserv daemon
    192  *
    193  */
    194 extern int key_decryptsession (char *, des_block *);
    195 extern int key_decryptsession_pk (char *, netobj *, des_block *);
    196 extern int key_encryptsession (char *, des_block *);
    197 extern int key_encryptsession_pk (char *, netobj *, des_block *);
    198 extern int key_gendes (des_block *);
    199 extern int key_setsecret (char *);
    200 extern int key_secretkey_is_set (void);
    201 extern int key_get_conv (char *, des_block *);
    202 
    203 /*
    204  * XDR an opaque authentication struct.
    205  */
    206 extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW;
    207 
    208 __END_DECLS
    209 
    210 #endif /* rpc/auth.h */
    211