sysdeps/generic/rpc/auth.h

   1 /* @(#)auth.h   2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
   2 /*
   3  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   4  * unrestricted use provided that this legend is included on all tape
   5  * media and as a part of the software program in whole or part.  Users
   6  * may copy or modify Sun RPC without charge, but are not authorized
   7  * to license or distribute it to anyone else except as part of a product or
   8  * program developed by the user.
   9  *
  10  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  11  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  12  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  13  *
  14  * Sun RPC is provided with no support and without any obligation on the
  15  * part of Sun Microsystems, Inc. to assist in its use, correction,
  16  * modification or enhancement.
  17  *
  18  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  19  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  20  * OR ANY PART THEREOF.
  21  *
  22  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  23  * or profits or other special, indirect and consequential damages, even if
  24  * Sun has been advised of the possibility of such damages.
  25  *
  26  * Sun Microsystems, Inc.
  27  * 2550 Garcia Avenue
  28  * Mountain View, California  94043
  29  */
  30
  31 /*
  32  * auth.h, Authentication interface.
  33  *
  34  * Copyright (C) 1984, Sun Microsystems, Inc.
  35  *
  36  * The data structures are completely opaque to the client.  The client
  37  * is required to pass a AUTH * to routines that create rpc
  38  * "sessions".
  39  */
  40
  41 #ifndef _RPC_AUTH_H
  42
  43 #define _RPC_AUTH_H     1
  44 #include <features.h>
  45 #include <sys/types.h>
  46 #include <rpc/types.h>
  47 #include <rpc/xdr.h>
  48
  49 __BEGIN_DECLS
  50
  51 #define MAX_AUTH_BYTES  400
  52 #define MAXNETNAMELEN   255     /* maximum length of network user's name */
  53
  54 /*
  55  * Status returned from authentication check
  56  */
  57 enum auth_stat {
  58         AUTH_OK=0,
  59         /*
  60          * failed at remote end
  61          */
  62         AUTH_BADCRED=1,                 /* bogus credentials (seal broken) */
  63         AUTH_REJECTEDCRED=2,            /* client should begin new session */
  64         AUTH_BADVERF=3,                 /* bogus verifier (seal broken) */
  65         AUTH_REJECTEDVERF=4,            /* verifier expired or was replayed */
  66         AUTH_TOOWEAK=5,                 /* rejected due to security reasons */
  67         /*
  68          * failed locally
  69         */
  70         AUTH_INVALIDRESP=6,             /* bogus response verifier */
  71         AUTH_FAILED=7                   /* some unknown reason */
  72 };
  73
  74 union des_block {
  75         struct {
  76                 u_int32_t high;
  77                 u_int32_t low;
  78         } key;
  79         char c[8];
  80 };
  81 typedef union des_block des_block;
  82 extern bool_t xdr_des_block __P ((XDR *__xdrs, des_block *__blkp));
  83
  84 /*
  85  * Authentication info.  Opaque to client.
  86  */
  87 struct opaque_auth {
  88         enum_t  oa_flavor;              /* flavor of auth */
  89         caddr_t oa_base;                /* address of more auth stuff */
  90         u_int   oa_length;              /* not to exceed MAX_AUTH_BYTES */
  91 };
  92
  93 /*
  94  * Auth handle, interface to client side authenticators.
  95  */
  96 typedef struct AUTH AUTH;
  97 struct AUTH {
  98   struct opaque_auth ah_cred;
  99   struct opaque_auth ah_verf;
 100   union des_block ah_key;
 101   struct auth_ops {
 102     void (*ah_nextverf) __P ((AUTH *));
 103     int  (*ah_marshal) __P ((AUTH *, XDR *));   /* nextverf & serialize */
 104     int  (*ah_validate) __P ((AUTH *, struct opaque_auth *));
 105                                                 /* validate verifier */
 106     int  (*ah_refresh) __P ((AUTH *));          /* refresh credentials */
 107     void (*ah_destroy) __P ((AUTH *));          /* destroy this structure */
 108   } *ah_ops;
 109   caddr_t ah_private;
 110 };
 111
 112
 113 /*
 114  * Authentication ops.
 115  * The ops and the auth handle provide the interface to the authenticators.
 116  *
 117  * AUTH *auth;
 118  * XDR  *xdrs;
 119  * struct opaque_auth verf;
 120  */
 121 #define AUTH_NEXTVERF(auth)             \
 122                 ((*((auth)->ah_ops->ah_nextverf))(auth))
 123 #define auth_nextverf(auth)             \
 124                 ((*((auth)->ah_ops->ah_nextverf))(auth))
 125
 126 #define AUTH_MARSHALL(auth, xdrs)       \
 127                 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
 128 #define auth_marshall(auth, xdrs)       \
 129                 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
 130
 131 #define AUTH_VALIDATE(auth, verfp)      \
 132                 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
 133 #define auth_validate(auth, verfp)      \
 134                 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
 135
 136 #define AUTH_REFRESH(auth)              \
 137                 ((*((auth)->ah_ops->ah_refresh))(auth))
 138 #define auth_refresh(auth)              \
 139                 ((*((auth)->ah_ops->ah_refresh))(auth))
 140
 141 #define AUTH_DESTROY(auth)              \
 142                 ((*((auth)->ah_ops->ah_destroy))(auth))
 143 #define auth_destroy(auth)              \
 144                 ((*((auth)->ah_ops->ah_destroy))(auth))
 145
 146
 147 extern struct opaque_auth _null_auth;
 148
 149
 150 /*
 151  * These are the various implementations of client side authenticators.
 152  */
 153
 154 /*
 155  * Unix style authentication
 156  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
 157  *      char *machname;
 158  *      int uid;
 159  *      int gid;
 160  *      int len;
 161  *      int *aup_gids;
 162  */
 163 extern AUTH *authunix_create __P ((char *__machname, __uid_t __uid,
 164                                    __gid_t __gid, int __len,
 165                                    __gid_t *__aup_gids));
 166 extern AUTH *authunix_create_default __P ((void));
 167 extern AUTH *authnone_create __P ((void));
 168 extern AUTH *authdes_create __P ((char *__servername, u_int __window,
 169                                   struct sockaddr *__syncaddr,
 170                                   des_block *__ckey));
 171
 172 #define AUTH_NONE       0               /* no authentication */
 173 #define AUTH_NULL       0               /* backward compatibility */
 174 #define AUTH_SYS        1               /* unix style (uid, gids) */
 175 #define AUTH_UNIX       AUTH_SYS
 176 #define AUTH_SHORT      2               /* short hand unix style */
 177 #define AUTH_DES        3               /* des style (encrypted timestamps) */
 178 #define AUTH_KERB       4               /* kerberos style */
 179
 180 /*
 181  * XDR an opaque authentication struct.
 182  */
 183 extern bool_t xdr_opaque_auth __P ((XDR *__xdrs, struct opaque_auth *__ap));
 184
 185 __END_DECLS
 186
 187 #endif /* rpc/auth.h */