include/rpc/auth.h

   1 /*      $NetBSD: auth.h,v 1.17 2005/12/26 19:01:47 perry Exp $  */
   2
   3 /*
   4  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   5  * unrestricted use provided that this legend is included on all tape
   6  * media and as a part of the software program in whole or part.  Users
   7  * may copy or modify Sun RPC without charge, but are not authorized
   8  * to license or distribute it to anyone else except as part of a product or
   9  * program developed by the user.
  10  *
  11  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  12  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  13  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  14  *
  15  * Sun RPC is provided with no support and without any obligation on the
  16  * part of Sun Microsystems, Inc. to assist in its use, correction,
  17  * modification or enhancement.
  18  *
  19  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  20  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  21  * OR ANY PART THEREOF.
  22  *
  23  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  24  * or profits or other special, indirect and consequential damages, even if
  25  * Sun has been advised of the possibility of such damages.
  26  *
  27  * Sun Microsystems, Inc.
  28  * 2550 Garcia Avenue
  29  * Mountain View, California  94043
  30  *
  31  *      from: @(#)auth.h 1.17 88/02/08 SMI
  32  *      @(#)auth.h      2.3 88/08/07 4.0 RPCSRC
  33  */
  34
  35 /*
  36  * auth.h, Authentication interface.
  37  *
  38  * Copyright (C) 1984, Sun Microsystems, Inc.
  39  *
  40  * The data structures are completely opaque to the client.  The client
  41  * is required to pass a AUTH * to routines that create rpc
  42  * "sessions".
  43  */
  44
  45 #ifndef _RPC_AUTH_H_
  46 #define _RPC_AUTH_H_
  47 #include <sys/cdefs.h>
  48
  49 #define MAX_AUTH_BYTES  400
  50 #define MAXNETNAMELEN   255     /* maximum length of network user's name */
  51
  52 /*
  53  * Status returned from authentication check
  54  */
  55 enum auth_stat {
  56         AUTH_OK=0,
  57         /*
  58          * failed at remote end
  59          */
  60         AUTH_BADCRED=1,                 /* bogus credentials (seal broken) */
  61         AUTH_REJECTEDCRED=2,            /* client should begin new session */
  62         AUTH_BADVERF=3,                 /* bogus verifier (seal broken) */
  63         AUTH_REJECTEDVERF=4,            /* verifier expired or was replayed */
  64         AUTH_TOOWEAK=5,                 /* rejected due to security reasons */
  65         /*
  66          * failed locally
  67         */
  68         AUTH_INVALIDRESP=6,             /* bogus response verifier */
  69         AUTH_FAILED=7                   /* some unknown reason */
  70 };
  71
  72 union des_block {
  73         struct {
  74                 uint32_t high;
  75                 uint32_t low;
  76         } key;
  77         char c[8];
  78 };
  79 typedef union des_block des_block;
  80 __BEGIN_DECLS
  81 extern bool_t xdr_des_block(XDR *, des_block *);
  82 __END_DECLS
  83
  84 /*
  85  * Authentication info.  Opaque to client.
  86  */
  87 struct opaque_auth {
  88         enum_t  oa_flavor;              /* flavor of auth */
  89         caddr_t oa_base;                /* address of more auth stuff */
  90         u_int   oa_length;              /* not to exceed MAX_AUTH_BYTES */
  91 };
  92
  93
  94 /*
  95  * Auth handle, interface to client side authenticators.
  96  */
  97 typedef struct __rpc_auth {
  98         struct  opaque_auth     ah_cred;
  99         struct  opaque_auth     ah_verf;
 100         union   des_block       ah_key;
 101         const struct auth_ops {
 102                 void    (*ah_nextverf)(struct __rpc_auth *);
 103                 /* nextverf & serialize */
 104                 int     (*ah_marshal)(struct __rpc_auth *, XDR *);
 105                 /* validate varifier */
 106                 int     (*ah_validate)(struct __rpc_auth *,
 107                             struct opaque_auth *);
 108                 /* refresh credentials */
 109                 int     (*ah_refresh)(struct __rpc_auth *);
 110                 /* destroy this structure */
 111                 void    (*ah_destroy)(struct __rpc_auth *);
 112         } *ah_ops;
 113         void *ah_private;
 114 } AUTH;
 115
 116
 117 /*
 118  * Authentication ops.
 119  * The ops and the auth handle provide the interface to the authenticators.
 120  *
 121  * AUTH *auth;
 122  * XDR  *xdrs;
 123  * struct opaque_auth verf;
 124  */
 125 #define AUTH_NEXTVERF(auth)             \
 126                 ((*((auth)->ah_ops->ah_nextverf))(auth))
 127 #define auth_nextverf(auth)             \
 128                 ((*((auth)->ah_ops->ah_nextverf))(auth))
 129
 130 #define AUTH_MARSHALL(auth, xdrs)       \
 131                 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
 132 #define auth_marshall(auth, xdrs)       \
 133                 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
 134
 135 #define AUTH_VALIDATE(auth, verfp)      \
 136                 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
 137 #define auth_validate(auth, verfp)      \
 138                 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
 139
 140 #define AUTH_REFRESH(auth)              \
 141                 ((*((auth)->ah_ops->ah_refresh))(auth))
 142 #define auth_refresh(auth)              \
 143                 ((*((auth)->ah_ops->ah_refresh))(auth))
 144
 145 #define AUTH_DESTROY(auth)              \
 146                 ((*((auth)->ah_ops->ah_destroy))(auth))
 147 #define auth_destroy(auth)              \
 148                 ((*((auth)->ah_ops->ah_destroy))(auth))
 149
 150
 151 extern struct opaque_auth _null_auth;
 152
 153
 154 /*
 155  * These are the various implementations of client side authenticators.
 156  */
 157
 158 /*
 159  * Unix style authentication
 160  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
 161  *      char *machname;
 162  *      int uid;
 163  *      int gid;
 164  *      int len;
 165  *      int *aup_gids;
 166  */
 167 __BEGIN_DECLS
 168 struct sockaddr_in;
 169 extern AUTH *authunix_create            (char *, int, int, int, int *);
 170 extern AUTH *authunix_create_default    (void);
 171 extern AUTH *authnone_create            (void);
 172 extern AUTH *authdes_create             (char *, u_int,
 173                                             struct sockaddr_in *, des_block *);
 174 extern bool_t xdr_opaque_auth           (XDR *, struct opaque_auth *);
 175
 176 #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
 177 #define authsys_create_default() authunix_create_default()
 178
 179 struct svc_req;
 180 struct rpc_msg;
 181 enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *);
 182 enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *);
 183 enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *);
 184 __END_DECLS
 185
 186 #define AUTH_NONE       0               /* no authentication */
 187 #define AUTH_NULL       0               /* backward compatibility */
 188 #define AUTH_SYS        1               /* unix style (uid, gids) */
 189 #define AUTH_UNIX       AUTH_SYS        /* backward compatibility */
 190 #define AUTH_SHORT      2               /* short hand unix style */
 191 #define AUTH_DES        3               /* des style (encrypted timestamps) */
 192
 193 #endif /* !_RPC_AUTH_H_ */