1 /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */ 2 /* 3 * Copyright (c) 2010, Oracle America, Inc. 4 * 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 18 * * Neither the name of the "Oracle America, Inc." nor the names of 19 * its contributors may be used to endorse or promote products 20 * derived from this software without specific prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS 23 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 /* 36 * auth.h, Authentication interface. 37 * 38 * The data structures are completely opaque to the client. The client 39 * is required to pass a AUTH * to routines that create rpc 40 * "sessions". 41 */ 42 #ifndef GSSRPC_AUTH_H 43 #define GSSRPC_AUTH_H 44 45 #include <gssrpc/xdr.h> 46 47 GSSRPC__BEGIN_DECLS 48 49 #define MAX_AUTH_BYTES 400 50 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 51 52 /* 53 * Status returned from authentication check 54 */ 55 enum auth_stat { 56 AUTH_OK=0, 57 /* 58 * failed at remote end 59 */ 60 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 61 AUTH_REJECTEDCRED=2, /* client should begin new session */ 62 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 63 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 64 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 65 /* 66 * failed locally 67 */ 68 AUTH_INVALIDRESP=6, /* bogus response verifier */ 69 AUTH_FAILED=7, /* some unknown reason */ 70 /* 71 * RPCSEC_GSS errors 72 */ 73 RPCSEC_GSS_CREDPROBLEM = 13, 74 RPCSEC_GSS_CTXPROBLEM = 14 75 }; 76 77 union des_block { 78 char c[8]; 79 }; 80 typedef union des_block des_block; 81 extern bool_t xdr_des_block(XDR *, des_block *); 82 83 /* 84 * Authentication info. Opaque to client. 85 */ 86 struct opaque_auth { 87 enum_t oa_flavor; /* flavor of auth */ 88 caddr_t oa_base; /* address of more auth stuff */ 89 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 90 }; 91 92 93 /* 94 * Auth handle, interface to client side authenticators. 95 */ 96 struct rpc_msg; 97 98 typedef struct AUTH { 99 struct opaque_auth ah_cred; 100 struct opaque_auth ah_verf; 101 union des_block ah_key; 102 struct auth_ops { 103 void (*ah_nextverf)(struct AUTH *); 104 /* nextverf & serialize */ 105 int (*ah_marshal)(struct AUTH *, XDR *); 106 /* validate varifier */ 107 int (*ah_validate)(struct AUTH *, 108 struct opaque_auth *); 109 /* refresh credentials */ 110 int (*ah_refresh)(struct AUTH *, struct rpc_msg *); 111 /* destroy this structure */ 112 void (*ah_destroy)(struct AUTH *); 113 /* encode data for wire */ 114 int (*ah_wrap)(struct AUTH *, XDR *, 115 xdrproc_t, caddr_t); 116 /* decode data from wire */ 117 int (*ah_unwrap)(struct AUTH *, XDR *, 118 xdrproc_t, caddr_t); 119 } *ah_ops; 120 void *ah_private; 121 } AUTH; 122 123 124 /* 125 * Authentication ops. 126 * The ops and the auth handle provide the interface to the authenticators. 127 * 128 * AUTH *auth; 129 * XDR *xdrs; 130 * struct opaque_auth verf; 131 */ 132 #define AUTH_NEXTVERF(auth) \ 133 ((*((auth)->ah_ops->ah_nextverf))(auth)) 134 #define auth_nextverf(auth) \ 135 ((*((auth)->ah_ops->ah_nextverf))(auth)) 136 137 #define AUTH_MARSHALL(auth, xdrs) \ 138 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 139 #define auth_marshall(auth, xdrs) \ 140 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 141 142 #define AUTH_VALIDATE(auth, verfp) \ 143 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 144 #define auth_validate(auth, verfp) \ 145 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 146 147 #define AUTH_REFRESH(auth, msg) \ 148 ((*((auth)->ah_ops->ah_refresh))(auth, msg)) 149 #define auth_refresh(auth, msg) \ 150 ((*((auth)->ah_ops->ah_refresh))(auth, msg)) 151 152 #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \ 153 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \ 154 xfunc, xwhere)) 155 #define auth_wrap(auth, xdrs, xfunc, xwhere) \ 156 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \ 157 xfunc, xwhere)) 158 #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \ 159 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \ 160 xfunc, xwhere)) 161 #define auth_unwrap(auth, xdrs, xfunc, xwhere) \ 162 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \ 163 xfunc, xwhere)) 164 165 #define AUTH_DESTROY(auth) \ 166 ((*((auth)->ah_ops->ah_destroy))(auth)) 167 #define auth_destroy(auth) \ 168 ((*((auth)->ah_ops->ah_destroy))(auth)) 169 170 171 #ifdef GSSRPC__IMPL 172 /* RENAMED: should be _null_auth if we can use reserved namespace. */ 173 extern struct opaque_auth gssrpc__null_auth; 174 #endif 175 176 /* 177 * These are the various implementations of client side authenticators. 178 */ 179 180 /* 181 * Unix style authentication 182 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 183 * char *machname; 184 * int uid; 185 * int gid; 186 * int len; 187 * int *aup_gids; 188 */ 189 extern AUTH *authunix_create(char *machname, int uid, int gid, int len, 190 int *aup_gids); 191 extern AUTH *authunix_create_default(void); /* takes no parameters */ 192 extern AUTH *authnone_create(void); /* takes no parameters */ 193 extern AUTH *authdes_create(); 194 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *); 195 196 #define AUTH_NONE 0 /* no authentication */ 197 #define AUTH_NULL 0 /* backward compatibility */ 198 #define AUTH_UNIX 1 /* unix style (uid, gids) */ 199 #define AUTH_SHORT 2 /* short hand unix style */ 200 #define AUTH_DES 3 /* des style (encrypted timestamps) */ 201 #define AUTH_GSSAPI 300001 /* GSS-API style */ 202 #define RPCSEC_GSS 6 /* RPCSEC_GSS */ 203 204 GSSRPC__END_DECLS 205 206 #endif /* !defined(GSSRPC_AUTH_H) */ 207