1 /* 2 * auth.h, Authentication interface. 3 * 4 * Copyright (c) 2010, Oracle America, Inc. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are 8 * met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above 13 * copyright notice, this list of conditions and the following 14 * disclaimer in the documentation and/or other materials 15 * provided with the distribution. 16 * * Neither the name of the "Oracle America, Inc." nor the names of its 17 * contributors may be used to endorse or promote products derived 18 * from this software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 27 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 32 * 33 * The data structures are completely opaque to the client. The client 34 * is required to pass a AUTH * to routines that create rpc 35 * "sessions". 36 */ 37 38 #ifndef _RPC_AUTH_H 39 40 #define _RPC_AUTH_H 1 41 #include <features.h> 42 #include <rpc/xdr.h> 43 44 __BEGIN_DECLS 45 46 #define MAX_AUTH_BYTES 400 47 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 48 49 /* 50 * Status returned from authentication check 51 */ 52 enum auth_stat { 53 AUTH_OK=0, 54 /* 55 * failed at remote end 56 */ 57 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 58 AUTH_REJECTEDCRED=2, /* client should begin new session */ 59 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 60 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 61 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 62 /* 63 * failed locally 64 */ 65 AUTH_INVALIDRESP=6, /* bogus response verifier */ 66 AUTH_FAILED=7 /* some unknown reason */ 67 }; 68 69 union des_block { 70 struct { 71 uint32_t high; 72 uint32_t low; 73 } key; 74 char c[8]; 75 }; 76 typedef union des_block des_block; 77 extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW; 78 79 /* 80 * Authentication info. Opaque to client. 81 */ 82 struct opaque_auth { 83 enum_t oa_flavor; /* flavor of auth */ 84 caddr_t oa_base; /* address of more auth stuff */ 85 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 86 }; 87 88 /* 89 * Auth handle, interface to client side authenticators. 90 */ 91 typedef struct AUTH AUTH; 92 struct AUTH { 93 struct opaque_auth ah_cred; 94 struct opaque_auth ah_verf; 95 union des_block ah_key; 96 struct auth_ops { 97 void (*ah_nextverf) (AUTH *); 98 int (*ah_marshal) (AUTH *, XDR *); /* nextverf & serialize */ 99 int (*ah_validate) (AUTH *, struct opaque_auth *); 100 /* validate verifier */ 101 int (*ah_refresh) (AUTH *); /* refresh credentials */ 102 void (*ah_destroy) (AUTH *); /* destroy this structure */ 103 } *ah_ops; 104 caddr_t ah_private; 105 }; 106 107 108 /* 109 * Authentication ops. 110 * The ops and the auth handle provide the interface to the authenticators. 111 * 112 * AUTH *auth; 113 * XDR *xdrs; 114 * struct opaque_auth verf; 115 */ 116 #define AUTH_NEXTVERF(auth) \ 117 ((*((auth)->ah_ops->ah_nextverf))(auth)) 118 #define auth_nextverf(auth) \ 119 ((*((auth)->ah_ops->ah_nextverf))(auth)) 120 121 #define AUTH_MARSHALL(auth, xdrs) \ 122 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 123 #define auth_marshall(auth, xdrs) \ 124 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 125 126 #define AUTH_VALIDATE(auth, verfp) \ 127 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 128 #define auth_validate(auth, verfp) \ 129 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 130 131 #define AUTH_REFRESH(auth) \ 132 ((*((auth)->ah_ops->ah_refresh))(auth)) 133 #define auth_refresh(auth) \ 134 ((*((auth)->ah_ops->ah_refresh))(auth)) 135 136 #define AUTH_DESTROY(auth) \ 137 ((*((auth)->ah_ops->ah_destroy))(auth)) 138 #define auth_destroy(auth) \ 139 ((*((auth)->ah_ops->ah_destroy))(auth)) 140 141 142 extern struct opaque_auth _null_auth; 143 144 145 /* 146 * These are the various implementations of client side authenticators. 147 */ 148 149 /* 150 * Unix style authentication 151 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 152 * char *machname; 153 * int uid; 154 * int gid; 155 * int len; 156 * int *aup_gids; 157 */ 158 extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid, 159 int __len, __gid_t *__aup_gids); 160 extern AUTH *authunix_create_default (void); 161 extern AUTH *authnone_create (void) __THROW; 162 extern AUTH *authdes_create (const char *__servername, u_int __window, 163 struct sockaddr *__syncaddr, des_block *__ckey) 164 __THROW; 165 extern AUTH *authdes_pk_create (const char *, netobj *, u_int, 166 struct sockaddr *, des_block *) __THROW; 167 168 169 #define AUTH_NONE 0 /* no authentication */ 170 #define AUTH_NULL 0 /* backward compatibility */ 171 #define AUTH_SYS 1 /* unix style (uid, gids) */ 172 #define AUTH_UNIX AUTH_SYS 173 #define AUTH_SHORT 2 /* short hand unix style */ 174 #define AUTH_DES 3 /* des style (encrypted timestamps) */ 175 #define AUTH_DH AUTH_DES /* Diffie-Hellman (this is DES) */ 176 #define AUTH_KERB 4 /* kerberos style */ 177 178 /* 179 * Netname manipulating functions 180 * 181 */ 182 extern int getnetname (char [MAXNETNAMELEN + 1]) __THROW; 183 extern int host2netname (char [MAXNETNAMELEN + 1], const char *, 184 const char *) __THROW; 185 extern int user2netname (char [MAXNETNAMELEN + 1], const uid_t, 186 const char *) __THROW; 187 extern int netname2user (const char *, uid_t *, gid_t *, int *, gid_t *) 188 __THROW; 189 extern int netname2host (const char *, char *, const int) __THROW; 190 191 /* 192 * 193 * These routines interface to the keyserv daemon 194 * 195 */ 196 extern int key_decryptsession (char *, des_block *); 197 extern int key_decryptsession_pk (char *, netobj *, des_block *); 198 extern int key_encryptsession (char *, des_block *); 199 extern int key_encryptsession_pk (char *, netobj *, des_block *); 200 extern int key_gendes (des_block *); 201 extern int key_setsecret (char *); 202 extern int key_secretkey_is_set (void); 203 extern int key_get_conv (char *, des_block *); 204 205 /* 206 * XDR an opaque authentication struct. 207 */ 208 extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW; 209 210 __END_DECLS 211 212 #endif /* rpc/auth.h */ 213