1/*
2 * auth.h, Authentication interface.
3 *
4 * Copyright (c) 2010, Oracle America, Inc.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions are
8 * met:
9 *
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above
13 * copyright notice, this list of conditions and the following
14 * disclaimer in the documentation and/or other materials
15 * provided with the distribution.
16 * * Neither the name of the "Oracle America, Inc." nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
27 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 *
33 * The data structures are completely opaque to the client. The client
34 * is required to pass a AUTH * to routines that create rpc
35 * "sessions".
36 */
37
38#ifndef _RPC_AUTH_H
39
40#define _RPC_AUTH_H 1
41#include <features.h>
42#include <rpc/xdr.h>
43
44__BEGIN_DECLS
45
46#define MAX_AUTH_BYTES 400
47#define MAXNETNAMELEN 255 /* maximum length of network user's name */
48
49/*
50 * Status returned from authentication check
51 */
52enum auth_stat {
53 AUTH_OK=0,
54 /*
55 * failed at remote end
56 */
57 AUTH_BADCRED=1, /* bogus credentials (seal broken) */
58 AUTH_REJECTEDCRED=2, /* client should begin new session */
59 AUTH_BADVERF=3, /* bogus verifier (seal broken) */
60 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
61 AUTH_TOOWEAK=5, /* rejected due to security reasons */
62 /*
63 * failed locally
64 */
65 AUTH_INVALIDRESP=6, /* bogus response verifier */
66 AUTH_FAILED=7 /* some unknown reason */
67};
68
69union des_block {
70 struct {
71 uint32_t high;
72 uint32_t low;
73 } key;
74 char c[8];
75};
76typedef union des_block des_block;
77extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW;
78
79/*
80 * Authentication info. Opaque to client.
81 */
82struct opaque_auth {
83 enum_t oa_flavor; /* flavor of auth */
84 caddr_t oa_base; /* address of more auth stuff */
85 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
86};
87
88/*
89 * Auth handle, interface to client side authenticators.
90 */
91typedef struct AUTH AUTH;
92struct AUTH {
93 struct opaque_auth ah_cred;
94 struct opaque_auth ah_verf;
95 union des_block ah_key;
96 struct auth_ops {
97 void (*ah_nextverf) (AUTH *);
98 int (*ah_marshal) (AUTH *, XDR *); /* nextverf & serialize */
99 int (*ah_validate) (AUTH *, struct opaque_auth *);
100 /* validate verifier */
101 int (*ah_refresh) (AUTH *); /* refresh credentials */
102 void (*ah_destroy) (AUTH *); /* destroy this structure */
103 } *ah_ops;
104 caddr_t ah_private;
105};
106
107
108/*
109 * Authentication ops.
110 * The ops and the auth handle provide the interface to the authenticators.
111 *
112 * AUTH *auth;
113 * XDR *xdrs;
114 * struct opaque_auth verf;
115 */
116#define AUTH_NEXTVERF(auth) \
117 ((*((auth)->ah_ops->ah_nextverf))(auth))
118#define auth_nextverf(auth) \
119 ((*((auth)->ah_ops->ah_nextverf))(auth))
120
121#define AUTH_MARSHALL(auth, xdrs) \
122 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
123#define auth_marshall(auth, xdrs) \
124 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
125
126#define AUTH_VALIDATE(auth, verfp) \
127 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
128#define auth_validate(auth, verfp) \
129 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
130
131#define AUTH_REFRESH(auth) \
132 ((*((auth)->ah_ops->ah_refresh))(auth))
133#define auth_refresh(auth) \
134 ((*((auth)->ah_ops->ah_refresh))(auth))
135
136#define AUTH_DESTROY(auth) \
137 ((*((auth)->ah_ops->ah_destroy))(auth))
138#define auth_destroy(auth) \
139 ((*((auth)->ah_ops->ah_destroy))(auth))
140
141
142extern struct opaque_auth _null_auth;
143
144
145/*
146 * These are the various implementations of client side authenticators.
147 */
148
149/*
150 * Unix style authentication
151 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
152 * char *machname;
153 * int uid;
154 * int gid;
155 * int len;
156 * int *aup_gids;
157 */
158extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid,
159 int __len, __gid_t *__aup_gids);
160extern AUTH *authunix_create_default (void);
161extern AUTH *authnone_create (void) __THROW;
162extern AUTH *authdes_create (const char *__servername, u_int __window,
163 struct sockaddr *__syncaddr, des_block *__ckey)
164 __THROW;
165extern AUTH *authdes_pk_create (const char *, netobj *, u_int,
166 struct sockaddr *, des_block *) __THROW;
167
168
169#define AUTH_NONE 0 /* no authentication */
170#define AUTH_NULL 0 /* backward compatibility */
171#define AUTH_SYS 1 /* unix style (uid, gids) */
172#define AUTH_UNIX AUTH_SYS
173#define AUTH_SHORT 2 /* short hand unix style */
174#define AUTH_DES 3 /* des style (encrypted timestamps) */
175#define AUTH_DH AUTH_DES /* Diffie-Hellman (this is DES) */
176#define AUTH_KERB 4 /* kerberos style */
177
178/*
179 * Netname manipulating functions
180 *
181 */
182extern int getnetname (char *) __THROW;
183extern int host2netname (char *, const char *, const char *) __THROW;
184extern int user2netname (char *, const uid_t, const char *) __THROW;
185extern int netname2user (const char *, uid_t *, gid_t *, int *, gid_t *)
186 __THROW;
187extern int netname2host (const char *, char *, const int) __THROW;
188
189/*
190 *
191 * These routines interface to the keyserv daemon
192 *
193 */
194extern int key_decryptsession (char *, des_block *);
195extern int key_decryptsession_pk (char *, netobj *, des_block *);
196extern int key_encryptsession (char *, des_block *);
197extern int key_encryptsession_pk (char *, netobj *, des_block *);
198extern int key_gendes (des_block *);
199extern int key_setsecret (char *);
200extern int key_secretkey_is_set (void);
201extern int key_get_conv (char *, des_block *);
202
203/*
204 * XDR an opaque authentication struct.
205 */
206extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW;
207
208__END_DECLS
209
210#endif /* rpc/auth.h */
211