2 * auth.h, Authentication interface.
4 * Copyright (C) 1984, Sun Microsystems, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above
13 * copyright notice, this list of conditions and the following
14 * disclaimer in the documentation and/or other materials
15 * provided with the distribution.
16 * * Neither the name of Sun Microsystems, Inc. nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
27 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 * The data structures are completely opaque to the client. The client
34 * is required to pass a AUTH * to routines that create rpc
46 #define MAX_AUTH_BYTES 400
47 #define MAXNETNAMELEN 255 /* maximum length of network user's name */
50 * Status returned from authentication check
55 * failed at remote end
57 AUTH_BADCRED
=1, /* bogus credentials (seal broken) */
58 AUTH_REJECTEDCRED
=2, /* client should begin new session */
59 AUTH_BADVERF
=3, /* bogus verifier (seal broken) */
60 AUTH_REJECTEDVERF
=4, /* verifier expired or was replayed */
61 AUTH_TOOWEAK
=5, /* rejected due to security reasons */
65 AUTH_INVALIDRESP
=6, /* bogus response verifier */
66 AUTH_FAILED
=7 /* some unknown reason */
76 typedef union des_block des_block
;
77 extern bool_t
xdr_des_block (XDR
*__xdrs
, des_block
*__blkp
) __THROW
;
80 * Authentication info. Opaque to client.
83 enum_t oa_flavor
; /* flavor of auth */
84 caddr_t oa_base
; /* address of more auth stuff */
85 u_int oa_length
; /* not to exceed MAX_AUTH_BYTES */
89 * Auth handle, interface to client side authenticators.
91 typedef struct AUTH AUTH
;
93 struct opaque_auth ah_cred
;
94 struct opaque_auth ah_verf
;
95 union des_block ah_key
;
97 void (*ah_nextverf
) (AUTH
*);
98 int (*ah_marshal
) (AUTH
*, XDR
*); /* nextverf & serialize */
99 int (*ah_validate
) (AUTH
*, struct opaque_auth
*);
100 /* validate verifier */
101 int (*ah_refresh
) (AUTH
*); /* refresh credentials */
102 void (*ah_destroy
) (AUTH
*); /* destroy this structure */
109 * Authentication ops.
110 * The ops and the auth handle provide the interface to the authenticators.
114 * struct opaque_auth verf;
116 #define AUTH_NEXTVERF(auth) \
117 ((*((auth)->ah_ops->ah_nextverf))(auth))
118 #define auth_nextverf(auth) \
119 ((*((auth)->ah_ops->ah_nextverf))(auth))
121 #define AUTH_MARSHALL(auth, xdrs) \
122 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
123 #define auth_marshall(auth, xdrs) \
124 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
126 #define AUTH_VALIDATE(auth, verfp) \
127 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
128 #define auth_validate(auth, verfp) \
129 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
131 #define AUTH_REFRESH(auth) \
132 ((*((auth)->ah_ops->ah_refresh))(auth))
133 #define auth_refresh(auth) \
134 ((*((auth)->ah_ops->ah_refresh))(auth))
136 #define AUTH_DESTROY(auth) \
137 ((*((auth)->ah_ops->ah_destroy))(auth))
138 #define auth_destroy(auth) \
139 ((*((auth)->ah_ops->ah_destroy))(auth))
142 extern struct opaque_auth _null_auth
;
146 * These are the various implementations of client side authenticators.
150 * Unix style authentication
151 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
158 extern AUTH
*authunix_create (char *__machname
, __uid_t __uid
, __gid_t __gid
,
159 int __len
, __gid_t
*__aup_gids
);
160 extern AUTH
*authunix_create_default (void);
161 extern AUTH
*authnone_create (void) __THROW
;
162 extern AUTH
*authdes_create (const char *__servername
, u_int __window
,
163 struct sockaddr
*__syncaddr
, des_block
*__ckey
)
165 extern AUTH
*authdes_pk_create (const char *, netobj
*, u_int
,
166 struct sockaddr
*, des_block
*) __THROW
;
169 #define AUTH_NONE 0 /* no authentication */
170 #define AUTH_NULL 0 /* backward compatibility */
171 #define AUTH_SYS 1 /* unix style (uid, gids) */
172 #define AUTH_UNIX AUTH_SYS
173 #define AUTH_SHORT 2 /* short hand unix style */
174 #define AUTH_DES 3 /* des style (encrypted timestamps) */
175 #define AUTH_DH AUTH_DES /* Diffie-Hellman (this is DES) */
176 #define AUTH_KERB 4 /* kerberos style */
179 * Netname manipulating functions
182 extern int getnetname (char *) __THROW
;
183 extern int host2netname (char *, __const
char *, __const
char *) __THROW
;
184 extern int user2netname (char *, __const uid_t
, __const
char *) __THROW
;
185 extern int netname2user (__const
char *, uid_t
*, gid_t
*, int *, gid_t
*)
187 extern int netname2host (__const
char *, char *, __const
int) __THROW
;
191 * These routines interface to the keyserv daemon
194 extern int key_decryptsession (char *, des_block
*);
195 extern int key_decryptsession_pk (char *, netobj
*, des_block
*);
196 extern int key_encryptsession (char *, des_block
*);
197 extern int key_encryptsession_pk (char *, netobj
*, des_block
*);
198 extern int key_gendes (des_block
*);
199 extern int key_setsecret (char *);
200 extern int key_secretkey_is_set (void);
201 extern int key_get_conv (char *, des_block
*);
204 * XDR an opaque authentication struct.
206 extern bool_t
xdr_opaque_auth (XDR
*, struct opaque_auth
*) __THROW
;
210 #endif /* rpc/auth.h */