1 /*        $NetBSD: auth.h,v 1.20 2020/10/03 18:30:39 christos Exp $   */
2 
3 /*
4  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
5  * unrestricted use provided that this legend is included on all tape
6  * media and as a part of the software program in whole or part.  Users
7  * may copy or modify Sun RPC without charge, but are not authorized
8  * to license or distribute it to anyone else except as part of a product or
9  * program developed by the user.
10  *
11  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
12  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
13  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
14  *
15  * Sun RPC is provided with no support and without any obligation on the
16  * part of Sun Microsystems, Inc. to assist in its use, correction,
17  * modification or enhancement.
18  *
19  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
20  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
21  * OR ANY PART THEREOF.
22  *
23  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
24  * or profits or other special, indirect and consequential damages, even if
25  * Sun has been advised of the possibility of such damages.
26  *
27  * Sun Microsystems, Inc.
28  * 2550 Garcia Avenue
29  * Mountain View, California  94043
30  *
31  *        from: @(#)auth.h 1.17 88/02/08 SMI
32  *        @(#)auth.h          2.3 88/08/07 4.0 RPCSRC
33  */
34 
35 /*
36  * auth.h, Authentication interface.
37  *
38  * Copyright (C) 1984, Sun Microsystems, Inc.
39  *
40  * The data structures are completely opaque to the client.  The client
41  * is required to pass a AUTH * to routines that create rpc
42  * "sessions".
43  */
44 
45 #ifndef _RPC_AUTH_H_
46 #define _RPC_AUTH_H_
47 #include <sys/cdefs.h>
48 
49 #define MAX_AUTH_BYTES        400
50 #define MAXNETNAMELEN         255       /* maximum length of network user's name */
51 
52 /*
53  * Status returned from authentication check
54  */
55 enum auth_stat {
56           AUTH_OK=0,
57           /*
58            * failed at remote end
59            */
60           AUTH_BADCRED=1,                         /* bogus credentials (seal broken) */
61           AUTH_REJECTEDCRED=2,                    /* client should begin new session */
62           AUTH_BADVERF=3,                         /* bogus verifier (seal broken) */
63           AUTH_REJECTEDVERF=4,                    /* verifier expired or was replayed */
64           AUTH_TOOWEAK=5,                         /* rejected due to security reasons */
65           /*
66            * failed locally
67           */
68           AUTH_INVALIDRESP=6,           /* bogus response verifier */
69           AUTH_FAILED=7                           /* some unknown reason */
70 };
71 
72 union des_block {
73           struct {
74                     uint32_t high;
75                     uint32_t low;
76           } key;
77           char c[8];
78 };
79 typedef union des_block des_block;
80 __BEGIN_DECLS
81 extern bool_t xdr_des_block(XDR *, des_block *);
82 __END_DECLS
83 
84 /*
85  * Authentication info.  Opaque to client.
86  */
87 struct opaque_auth {
88           enum_t    oa_flavor;                    /* flavor of auth */
89           caddr_t   oa_base;            /* address of more auth stuff */
90           unsigned int oa_length;                 /* not to exceed MAX_AUTH_BYTES */
91 };
92 
93 
94 /*
95  * Auth handle, interface to client side authenticators.
96  */
97 typedef struct __rpc_auth {
98           struct    opaque_auth         ah_cred;
99           struct    opaque_auth         ah_verf;
100           union     des_block ah_key;
101           const struct auth_ops {
102                     void      (*ah_nextverf)(struct __rpc_auth *);
103                     /* nextverf & serialize */
104                     int       (*ah_marshal)(struct __rpc_auth *, XDR *);
105                     /* validate varifier */
106                     int       (*ah_validate)(struct __rpc_auth *,
107                                   struct opaque_auth *);
108                     /* refresh credentials */
109                     int       (*ah_refresh)(struct __rpc_auth *);
110                     /* destroy this structure */
111                     void      (*ah_destroy)(struct __rpc_auth *);
112           } *ah_ops;
113           void *ah_private;
114 } AUTH;
115 
116 
117 /*
118  * Authentication ops.
119  * The ops and the auth handle provide the interface to the authenticators.
120  *
121  * AUTH   *auth;
122  * XDR    *xdrs;
123  * struct opaque_auth verf;
124  */
125 #define AUTH_NEXTVERF(auth)             \
126                     ((*((auth)->ah_ops->ah_nextverf))(auth))
127 #define auth_nextverf(auth)             \
128                     ((*((auth)->ah_ops->ah_nextverf))(auth))
129 
130 #define AUTH_MARSHALL(auth, xdrs)       \
131                     ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
132 #define auth_marshall(auth, xdrs)       \
133                     ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
134 
135 #define AUTH_VALIDATE(auth, verfp)      \
136                     ((*((auth)->ah_ops->ah_validate))((auth), verfp))
137 #define auth_validate(auth, verfp)      \
138                     ((*((auth)->ah_ops->ah_validate))((auth), verfp))
139 
140 #define AUTH_REFRESH(auth)              \
141                     ((*((auth)->ah_ops->ah_refresh))(auth))
142 #define auth_refresh(auth)              \
143                     ((*((auth)->ah_ops->ah_refresh))(auth))
144 
145 #define AUTH_DESTROY(auth)              \
146                     ((*((auth)->ah_ops->ah_destroy))(auth))
147 #define auth_destroy(auth)              \
148                     ((*((auth)->ah_ops->ah_destroy))(auth))
149 
150 
151 extern struct opaque_auth _null_auth;
152 
153 
154 /*
155  * These are the various implementations of client side authenticators.
156  */
157 
158 /*
159  * Unix style authentication
160  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
161  *        char *machname;
162  *        int uid;
163  *        int gid;
164  *        int len;
165  *        int *aup_gids;
166  */
167 __BEGIN_DECLS
168 struct sockaddr_in;
169 extern AUTH *authunix_create            (char *, int, int, int, int *);
170 extern AUTH *authunix_create_default    (void);
171 extern AUTH *authnone_create            (void);
172 extern AUTH *authdes_create             (char *, unsigned int,
173                                                       struct sockaddr_in *, des_block *);
174 extern bool_t xdr_opaque_auth           (XDR *, struct opaque_auth *);
175 extern void set_rpc_maxgrouplist        (int);
176 
177 #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
178 #define authsys_create_default() authunix_create_default()
179 
180 struct svc_req;
181 struct rpc_msg;
182 enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *);
183 enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *);
184 enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *);
185 __END_DECLS
186 
187 #define AUTH_NONE   0                   /* no authentication */
188 #define   AUTH_NULL 0                   /* backward compatibility */
189 #define   AUTH_SYS  1                   /* unix style (uid, gids) */
190 #define AUTH_UNIX   AUTH_SYS  /* backward compatibility */
191 #define   AUTH_SHORT          2                   /* short hand unix style */
192 #define AUTH_DES    3                   /* des style (encrypted timestamps) */
193 
194 #endif /* !_RPC_AUTH_H_ */
195