1*53ee8cc1Swenshuai.xi /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */ 2*53ee8cc1Swenshuai.xi /* 3*53ee8cc1Swenshuai.xi * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 4*53ee8cc1Swenshuai.xi * unrestricted use provided that this legend is included on all tape 5*53ee8cc1Swenshuai.xi * media and as a part of the software program in whole or part. Users 6*53ee8cc1Swenshuai.xi * may copy or modify Sun RPC without charge, but are not authorized 7*53ee8cc1Swenshuai.xi * to license or distribute it to anyone else except as part of a product or 8*53ee8cc1Swenshuai.xi * program developed by the user. 9*53ee8cc1Swenshuai.xi * 10*53ee8cc1Swenshuai.xi * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 11*53ee8cc1Swenshuai.xi * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 12*53ee8cc1Swenshuai.xi * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 13*53ee8cc1Swenshuai.xi * 14*53ee8cc1Swenshuai.xi * Sun RPC is provided with no support and without any obligation on the 15*53ee8cc1Swenshuai.xi * part of Sun Microsystems, Inc. to assist in its use, correction, 16*53ee8cc1Swenshuai.xi * modification or enhancement. 17*53ee8cc1Swenshuai.xi * 18*53ee8cc1Swenshuai.xi * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 19*53ee8cc1Swenshuai.xi * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 20*53ee8cc1Swenshuai.xi * OR ANY PART THEREOF. 21*53ee8cc1Swenshuai.xi * 22*53ee8cc1Swenshuai.xi * In no event will Sun Microsystems, Inc. be liable for any lost revenue 23*53ee8cc1Swenshuai.xi * or profits or other special, indirect and consequential damages, even if 24*53ee8cc1Swenshuai.xi * Sun has been advised of the possibility of such damages. 25*53ee8cc1Swenshuai.xi * 26*53ee8cc1Swenshuai.xi * Sun Microsystems, Inc. 27*53ee8cc1Swenshuai.xi * 2550 Garcia Avenue 28*53ee8cc1Swenshuai.xi * Mountain View, California 94043 29*53ee8cc1Swenshuai.xi */ 30*53ee8cc1Swenshuai.xi 31*53ee8cc1Swenshuai.xi /* 32*53ee8cc1Swenshuai.xi * auth.h, Authentication interface. 33*53ee8cc1Swenshuai.xi * 34*53ee8cc1Swenshuai.xi * Copyright (C) 1984, Sun Microsystems, Inc. 35*53ee8cc1Swenshuai.xi * 36*53ee8cc1Swenshuai.xi * The data structures are completely opaque to the client. The client 37*53ee8cc1Swenshuai.xi * is required to pass a AUTH * to routines that create rpc 38*53ee8cc1Swenshuai.xi * "sessions". 39*53ee8cc1Swenshuai.xi */ 40*53ee8cc1Swenshuai.xi 41*53ee8cc1Swenshuai.xi #ifndef _RPC_AUTH_H 42*53ee8cc1Swenshuai.xi 43*53ee8cc1Swenshuai.xi #define _RPC_AUTH_H 1 44*53ee8cc1Swenshuai.xi #include <features.h> 45*53ee8cc1Swenshuai.xi #include <rpc/xdr.h> 46*53ee8cc1Swenshuai.xi 47*53ee8cc1Swenshuai.xi __BEGIN_DECLS 48*53ee8cc1Swenshuai.xi 49*53ee8cc1Swenshuai.xi #define MAX_AUTH_BYTES 400 50*53ee8cc1Swenshuai.xi #define MAXNETNAMELEN 255 /* maximum length of network user's name */ 51*53ee8cc1Swenshuai.xi 52*53ee8cc1Swenshuai.xi /* 53*53ee8cc1Swenshuai.xi * Status returned from authentication check 54*53ee8cc1Swenshuai.xi */ 55*53ee8cc1Swenshuai.xi enum auth_stat { 56*53ee8cc1Swenshuai.xi AUTH_OK=0, 57*53ee8cc1Swenshuai.xi /* 58*53ee8cc1Swenshuai.xi * failed at remote end 59*53ee8cc1Swenshuai.xi */ 60*53ee8cc1Swenshuai.xi AUTH_BADCRED=1, /* bogus credentials (seal broken) */ 61*53ee8cc1Swenshuai.xi AUTH_REJECTEDCRED=2, /* client should begin new session */ 62*53ee8cc1Swenshuai.xi AUTH_BADVERF=3, /* bogus verifier (seal broken) */ 63*53ee8cc1Swenshuai.xi AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ 64*53ee8cc1Swenshuai.xi AUTH_TOOWEAK=5, /* rejected due to security reasons */ 65*53ee8cc1Swenshuai.xi /* 66*53ee8cc1Swenshuai.xi * failed locally 67*53ee8cc1Swenshuai.xi */ 68*53ee8cc1Swenshuai.xi AUTH_INVALIDRESP=6, /* bogus response verifier */ 69*53ee8cc1Swenshuai.xi AUTH_FAILED=7 /* some unknown reason */ 70*53ee8cc1Swenshuai.xi }; 71*53ee8cc1Swenshuai.xi 72*53ee8cc1Swenshuai.xi union des_block { 73*53ee8cc1Swenshuai.xi struct { 74*53ee8cc1Swenshuai.xi u_int32_t high; 75*53ee8cc1Swenshuai.xi u_int32_t low; 76*53ee8cc1Swenshuai.xi } key; 77*53ee8cc1Swenshuai.xi char c[8]; 78*53ee8cc1Swenshuai.xi }; 79*53ee8cc1Swenshuai.xi typedef union des_block des_block; 80*53ee8cc1Swenshuai.xi extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW; 81*53ee8cc1Swenshuai.xi 82*53ee8cc1Swenshuai.xi /* 83*53ee8cc1Swenshuai.xi * Authentication info. Opaque to client. 84*53ee8cc1Swenshuai.xi */ 85*53ee8cc1Swenshuai.xi struct opaque_auth { 86*53ee8cc1Swenshuai.xi enum_t oa_flavor; /* flavor of auth */ 87*53ee8cc1Swenshuai.xi caddr_t oa_base; /* address of more auth stuff */ 88*53ee8cc1Swenshuai.xi u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ 89*53ee8cc1Swenshuai.xi }; 90*53ee8cc1Swenshuai.xi 91*53ee8cc1Swenshuai.xi /* 92*53ee8cc1Swenshuai.xi * Auth handle, interface to client side authenticators. 93*53ee8cc1Swenshuai.xi */ 94*53ee8cc1Swenshuai.xi typedef struct AUTH AUTH; 95*53ee8cc1Swenshuai.xi struct AUTH { 96*53ee8cc1Swenshuai.xi struct opaque_auth ah_cred; 97*53ee8cc1Swenshuai.xi struct opaque_auth ah_verf; 98*53ee8cc1Swenshuai.xi union des_block ah_key; 99*53ee8cc1Swenshuai.xi struct auth_ops { 100*53ee8cc1Swenshuai.xi void (*ah_nextverf) (AUTH *); 101*53ee8cc1Swenshuai.xi int (*ah_marshal) (AUTH *, XDR *); /* nextverf & serialize */ 102*53ee8cc1Swenshuai.xi int (*ah_validate) (AUTH *, struct opaque_auth *); 103*53ee8cc1Swenshuai.xi /* validate verifier */ 104*53ee8cc1Swenshuai.xi int (*ah_refresh) (AUTH *); /* refresh credentials */ 105*53ee8cc1Swenshuai.xi void (*ah_destroy) (AUTH *); /* destroy this structure */ 106*53ee8cc1Swenshuai.xi } *ah_ops; 107*53ee8cc1Swenshuai.xi caddr_t ah_private; 108*53ee8cc1Swenshuai.xi }; 109*53ee8cc1Swenshuai.xi 110*53ee8cc1Swenshuai.xi 111*53ee8cc1Swenshuai.xi /* 112*53ee8cc1Swenshuai.xi * Authentication ops. 113*53ee8cc1Swenshuai.xi * The ops and the auth handle provide the interface to the authenticators. 114*53ee8cc1Swenshuai.xi * 115*53ee8cc1Swenshuai.xi * AUTH *auth; 116*53ee8cc1Swenshuai.xi * XDR *xdrs; 117*53ee8cc1Swenshuai.xi * struct opaque_auth verf; 118*53ee8cc1Swenshuai.xi */ 119*53ee8cc1Swenshuai.xi #define AUTH_NEXTVERF(auth) \ 120*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_nextverf))(auth)) 121*53ee8cc1Swenshuai.xi #define auth_nextverf(auth) \ 122*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_nextverf))(auth)) 123*53ee8cc1Swenshuai.xi 124*53ee8cc1Swenshuai.xi #define AUTH_MARSHALL(auth, xdrs) \ 125*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 126*53ee8cc1Swenshuai.xi #define auth_marshall(auth, xdrs) \ 127*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_marshal))(auth, xdrs)) 128*53ee8cc1Swenshuai.xi 129*53ee8cc1Swenshuai.xi #define AUTH_VALIDATE(auth, verfp) \ 130*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 131*53ee8cc1Swenshuai.xi #define auth_validate(auth, verfp) \ 132*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_validate))((auth), verfp)) 133*53ee8cc1Swenshuai.xi 134*53ee8cc1Swenshuai.xi #define AUTH_REFRESH(auth) \ 135*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_refresh))(auth)) 136*53ee8cc1Swenshuai.xi #define auth_refresh(auth) \ 137*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_refresh))(auth)) 138*53ee8cc1Swenshuai.xi 139*53ee8cc1Swenshuai.xi #define AUTH_DESTROY(auth) \ 140*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_destroy))(auth)) 141*53ee8cc1Swenshuai.xi #define auth_destroy(auth) \ 142*53ee8cc1Swenshuai.xi ((*((auth)->ah_ops->ah_destroy))(auth)) 143*53ee8cc1Swenshuai.xi 144*53ee8cc1Swenshuai.xi 145*53ee8cc1Swenshuai.xi extern struct opaque_auth _null_auth; 146*53ee8cc1Swenshuai.xi 147*53ee8cc1Swenshuai.xi 148*53ee8cc1Swenshuai.xi /* 149*53ee8cc1Swenshuai.xi * These are the various implementations of client side authenticators. 150*53ee8cc1Swenshuai.xi */ 151*53ee8cc1Swenshuai.xi 152*53ee8cc1Swenshuai.xi /* 153*53ee8cc1Swenshuai.xi * Unix style authentication 154*53ee8cc1Swenshuai.xi * AUTH *authunix_create(machname, uid, gid, len, aup_gids) 155*53ee8cc1Swenshuai.xi * char *machname; 156*53ee8cc1Swenshuai.xi * int uid; 157*53ee8cc1Swenshuai.xi * int gid; 158*53ee8cc1Swenshuai.xi * int len; 159*53ee8cc1Swenshuai.xi * int *aup_gids; 160*53ee8cc1Swenshuai.xi */ 161*53ee8cc1Swenshuai.xi extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid, 162*53ee8cc1Swenshuai.xi int __len, __gid_t *__aup_gids); 163*53ee8cc1Swenshuai.xi extern AUTH *authunix_create_default (void); 164*53ee8cc1Swenshuai.xi extern AUTH *authnone_create (void) __THROW; 165*53ee8cc1Swenshuai.xi extern AUTH *authdes_create (const char *__servername, u_int __window, 166*53ee8cc1Swenshuai.xi struct sockaddr *__syncaddr, des_block *__ckey) 167*53ee8cc1Swenshuai.xi __THROW; 168*53ee8cc1Swenshuai.xi extern AUTH *authdes_pk_create (const char *, netobj *, u_int, 169*53ee8cc1Swenshuai.xi struct sockaddr *, des_block *) __THROW; 170*53ee8cc1Swenshuai.xi 171*53ee8cc1Swenshuai.xi 172*53ee8cc1Swenshuai.xi #define AUTH_NONE 0 /* no authentication */ 173*53ee8cc1Swenshuai.xi #define AUTH_NULL 0 /* backward compatibility */ 174*53ee8cc1Swenshuai.xi #define AUTH_SYS 1 /* unix style (uid, gids) */ 175*53ee8cc1Swenshuai.xi #define AUTH_UNIX AUTH_SYS 176*53ee8cc1Swenshuai.xi #define AUTH_SHORT 2 /* short hand unix style */ 177*53ee8cc1Swenshuai.xi #define AUTH_DES 3 /* des style (encrypted timestamps) */ 178*53ee8cc1Swenshuai.xi #define AUTH_DH AUTH_DES /* Diffie-Hellman (this is DES) */ 179*53ee8cc1Swenshuai.xi #define AUTH_KERB 4 /* kerberos style */ 180*53ee8cc1Swenshuai.xi 181*53ee8cc1Swenshuai.xi /* 182*53ee8cc1Swenshuai.xi * Netname manipulating functions 183*53ee8cc1Swenshuai.xi * 184*53ee8cc1Swenshuai.xi */ 185*53ee8cc1Swenshuai.xi extern int getnetname (char *) __THROW; 186*53ee8cc1Swenshuai.xi extern int host2netname (char *, __const char *, __const char *) __THROW; 187*53ee8cc1Swenshuai.xi extern int user2netname (char *, __const uid_t, __const char *) __THROW; 188*53ee8cc1Swenshuai.xi extern int netname2user (__const char *, uid_t *, gid_t *, int *, gid_t *) 189*53ee8cc1Swenshuai.xi __THROW; 190*53ee8cc1Swenshuai.xi extern int netname2host (__const char *, char *, __const int) __THROW; 191*53ee8cc1Swenshuai.xi 192*53ee8cc1Swenshuai.xi /* 193*53ee8cc1Swenshuai.xi * 194*53ee8cc1Swenshuai.xi * These routines interface to the keyserv daemon 195*53ee8cc1Swenshuai.xi * 196*53ee8cc1Swenshuai.xi */ 197*53ee8cc1Swenshuai.xi extern int key_decryptsession (char *, des_block *); 198*53ee8cc1Swenshuai.xi extern int key_decryptsession_pk (char *, netobj *, des_block *); 199*53ee8cc1Swenshuai.xi extern int key_encryptsession (char *, des_block *); 200*53ee8cc1Swenshuai.xi extern int key_encryptsession_pk (char *, netobj *, des_block *); 201*53ee8cc1Swenshuai.xi extern int key_gendes (des_block *); 202*53ee8cc1Swenshuai.xi extern int key_setsecret (char *); 203*53ee8cc1Swenshuai.xi extern int key_secretkey_is_set (void); 204*53ee8cc1Swenshuai.xi extern int key_get_conv (char *, des_block *); 205*53ee8cc1Swenshuai.xi 206*53ee8cc1Swenshuai.xi /* 207*53ee8cc1Swenshuai.xi * XDR an opaque authentication struct. 208*53ee8cc1Swenshuai.xi */ 209*53ee8cc1Swenshuai.xi extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW; 210*53ee8cc1Swenshuai.xi 211*53ee8cc1Swenshuai.xi __END_DECLS 212*53ee8cc1Swenshuai.xi 213*53ee8cc1Swenshuai.xi #endif /* rpc/auth.h */ 214