1 /* $OpenBSD: auth.h,v 1.9 2022/02/14 03:38:59 guenther Exp $ */ 2 /* $NetBSD: auth.h,v 1.7 1995/04/29 05:27:55 cgd Exp $ */ 3 4 /* 5 * Copyright (c) 2010, Oracle America, Inc. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are 9 * met: 10 * 11 * * Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above 14 * copyright notice, this list of conditions and the following 15 * disclaimer in the documentation and/or other materials 16 * provided with the distribution. 17 * * Neither the name of the "Oracle America, Inc." nor the names of its 18 * contributors may be used to endorse or promote products derived 19 * from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 24 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 25 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 26 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 28 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 30 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 * 34 * from: @(#)auth.h 1.17 88/02/08 SMI 35 * @(#)auth.h 2.3 88/08/07 4.0 RPCSRC 36 */ 37 38 /* 39 * auth.h, Authentication interface. 40 * 41 * The data structures are completely opaque to the client. The client 42 * is required to pass a AUTH * to routines that create rpc 43 * "sessions". 44 */ 45 46 #ifndef _RPC_AUTH_H 47 #define _RPC_AUTH_H 48 #include <sys/cdefs.h> 49 50 #define MAX_AUTH_BYTES 400 51 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 52 53 /* 54 * Status returned from authentication check 55 */ 56 enum auth_stat { 57 AUTH_OK=0, 58 /* 59 * failed at remote end 60 */ 61 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 62 AUTH_REJECTEDCRED=2, /* client should begin new session */ 63 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 64 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 65 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 66 /* 67 * failed locally 68 */ 69 AUTH_INVALIDRESP=6, /* bogus response verifier */ 70 AUTH_FAILED=7 /* some unknown reason */ 71 }; 72 73 typedef u_int32_t u_int32; /* 32-bit unsigned integers */ 74 75 union des_block { 76 struct { 77 u_int32 high; 78 u_int32 low; 79 } key; 80 char c[8]; 81 }; 82 typedef union des_block des_block; 83 __BEGIN_DECLS 84 extern bool_t xdr_des_block(XDR *, des_block *); 85 __END_DECLS 86 87 /* 88 * Authentication info. Opaque to client. 89 */ 90 struct opaque_auth { 91 enum_t oa_flavor; /* flavor of auth */ 92 caddr_t oa_base; /* address of more auth stuff */ 93 unsigned int oa_length; /* not to exceed MAX_AUTH_BYTES */ 94 }; 95 96 97 /* 98 * Auth handle, interface to client side authenticators. 99 */ 100 typedef struct __rpc_auth { 101 struct opaque_auth ah_cred; 102 struct opaque_auth ah_verf; 103 union des_block ah_key; 104 const struct auth_ops { 105 void (*ah_nextverf)(struct __rpc_auth *); 106 /* nextverf & serialize */ 107 int (*ah_marshal)(struct __rpc_auth *, XDR *); 108 /* validate varifier */ 109 int (*ah_validate)(struct __rpc_auth *, 110 struct opaque_auth *); 111 /* refresh credentials */ 112 int (*ah_refresh)(struct __rpc_auth *); 113 /* destroy this structure */ 114 void (*ah_destroy)(struct __rpc_auth *); 115 } *ah_ops; 116 caddr_t ah_private; 117 } AUTH; 118 119 120 /* 121 * Authentication ops. 122 * The ops and the auth handle provide the interface to the authenticators. 123 * 124 * AUTH *auth; 125 * XDR *xdrs; 126 * struct opaque_auth verf; 127 */ 128 #define AUTH_NEXTVERF(auth) \ 129 ((*((auth)->ah_ops->ah_nextverf))(auth)) 130 #define auth_nextverf(auth) \ 131 ((*((auth)->ah_ops->ah_nextverf))(auth)) 132 133 #define AUTH_MARSHALL(auth, xdrs) \ 134 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 135 #define auth_marshall(auth, xdrs) \ 136 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 137 138 #define AUTH_VALIDATE(auth, verfp) \ 139 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 140 #define auth_validate(auth, verfp) \ 141 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 142 143 #define AUTH_REFRESH(auth) \ 144 ((*((auth)->ah_ops->ah_refresh))(auth)) 145 #define auth_refresh(auth) \ 146 ((*((auth)->ah_ops->ah_refresh))(auth)) 147 148 #define AUTH_DESTROY(auth) \ 149 ((*((auth)->ah_ops->ah_destroy))(auth)) 150 #define auth_destroy(auth) \ 151 ((*((auth)->ah_ops->ah_destroy))(auth)) 152 153 154 extern struct opaque_auth _null_auth; 155 156 157 /* 158 * These are the various implementations of client side authenticators. 159 */ 160 161 /* 162 * Unix style authentication 163 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 164 * char *machname; 165 * int uid; 166 * int gid; 167 * int len; 168 * int *aup_gids; 169 */ 170 __BEGIN_DECLS 171 struct sockaddr_in; 172 extern AUTH *authunix_create(char *, int, int, int, int *); 173 extern AUTH *authunix_create_default(void); 174 extern AUTH *authnone_create(void); 175 extern void set_rpc_maxgrouplist(int); 176 __END_DECLS 177 178 #define AUTH_NONE 0 /* no authentication */ 179 #define AUTH_NULL 0 /* backward compatibility */ 180 #define AUTH_UNIX 1 /* unix style (uid, gids) */ 181 #define AUTH_SHORT 2 /* short hand unix style */ 182 #define AUTH_DES 3 /* des style (encrypted timestamps) */ 183 184 #endif /* !_RPC_AUTH_H */ 185