1 /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */ 2 /* 3 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 4 * unrestricted use provided that this legend is included on all tape 5 * media and as a part of the software program in whole or part. Users 6 * may copy or modify Sun RPC without charge, but are not authorized 7 * to license or distribute it to anyone else except as part of a product or 8 * program developed by the user. 9 * 10 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 11 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 12 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 13 * 14 * Sun RPC is provided with no support and without any obligation on the 15 * part of Sun Microsystems, Inc. to assist in its use, correction, 16 * modification or enhancement. 17 * 18 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 19 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 20 * OR ANY PART THEREOF. 21 * 22 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 23 * or profits or other special, indirect and consequential damages, even if 24 * Sun has been advised of the possibility of such damages. 25 * 26 * Sun Microsystems, Inc. 27 * 2550 Garcia Avenue 28 * Mountain View, California 94043 29 */ 30 31 /* 32 * auth.h, Authentication interface. 33 * 34 * Copyright (C) 1984, Sun Microsystems, Inc. 35 * 36 * The data structures are completely opaque to the client. The client 37 * is required to pass a AUTH * to routines that create rpc 38 * "sessions". 39 */ 40 41 42 #define MAX_AUTH_BYTES 400 43 #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 44 45 /* 46 * Status returned from authentication check 47 */ 48 enum auth_stat { 49 AUTH_OK=0, 50 /* 51 * failed at remote end 52 */ 53 AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 54 AUTH_REJECTEDCRED=2, /* client should begin new session */ 55 AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 56 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 57 AUTH_TOOWEAK=5, /* rejected due to security reasons */ 58 /* 59 * failed locally 60 */ 61 AUTH_INVALIDRESP=6, /* bogus response verifier */ 62 AUTH_FAILED=7 /* some unknown reason */ 63 }; 64 65 #if (mc68000 || sparc || vax || i386 || tahoe || hp300) 66 typedef u_long u_int32; /* 32-bit unsigned integers */ 67 #endif 68 69 union des_block { 70 struct { 71 u_int32 high; 72 u_int32 low; 73 } key; 74 char c[8]; 75 }; 76 typedef union des_block des_block; 77 extern bool_t xdr_des_block(); 78 79 /* 80 * Authentication info. Opaque to client. 81 */ 82 struct opaque_auth { 83 enum_t oa_flavor; /* flavor of auth */ 84 caddr_t oa_base; /* address of more auth stuff */ 85 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 86 }; 87 88 89 /* 90 * Auth handle, interface to client side authenticators. 91 */ 92 typedef struct { 93 struct opaque_auth ah_cred; 94 struct opaque_auth ah_verf; 95 union des_block ah_key; 96 struct auth_ops { 97 void (*ah_nextverf)(); 98 int (*ah_marshal)(); /* nextverf & serialize */ 99 int (*ah_validate)(); /* validate varifier */ 100 int (*ah_refresh)(); /* refresh credentials */ 101 void (*ah_destroy)(); /* destroy this structure */ 102 } *ah_ops; 103 caddr_t ah_private; 104 } AUTH; 105 106 107 /* 108 * Authentication ops. 109 * The ops and the auth handle provide the interface to the authenticators. 110 * 111 * AUTH *auth; 112 * XDR *xdrs; 113 * struct opaque_auth verf; 114 */ 115 #define AUTH_NEXTVERF(auth) \ 116 ((*((auth)->ah_ops->ah_nextverf))(auth)) 117 #define auth_nextverf(auth) \ 118 ((*((auth)->ah_ops->ah_nextverf))(auth)) 119 120 #define AUTH_MARSHALL(auth, xdrs) \ 121 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 122 #define auth_marshall(auth, xdrs) \ 123 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 124 125 #define AUTH_VALIDATE(auth, verfp) \ 126 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 127 #define auth_validate(auth, verfp) \ 128 ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 129 130 #define AUTH_REFRESH(auth) \ 131 ((*((auth)->ah_ops->ah_refresh))(auth)) 132 #define auth_refresh(auth) \ 133 ((*((auth)->ah_ops->ah_refresh))(auth)) 134 135 #define AUTH_DESTROY(auth) \ 136 ((*((auth)->ah_ops->ah_destroy))(auth)) 137 #define auth_destroy(auth) \ 138 ((*((auth)->ah_ops->ah_destroy))(auth)) 139 140 141 extern struct opaque_auth _null_auth; 142 143 144 /* 145 * These are the various implementations of client side authenticators. 146 */ 147 148 /* 149 * Unix style authentication 150 * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 151 * char *machname; 152 * int uid; 153 * int gid; 154 * int len; 155 * int *aup_gids; 156 */ 157 extern AUTH *authunix_create(); 158 extern AUTH *authunix_create_default(); /* takes no parameters */ 159 extern AUTH *authnone_create(); /* takes no parameters */ 160 extern AUTH *authdes_create(); 161 162 #define AUTH_NONE 0 /* no authentication */ 163 #define AUTH_NULL 0 /* backward compatibility */ 164 #define AUTH_UNIX 1 /* unix style (uid, gids) */ 165 #define AUTH_SHORT 2 /* short hand unix style */ 166 #define AUTH_DES 3 /* des style (encrypted timestamps) */ 167