1 /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
3 * Copyright (c) 2010, Oracle America, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * * Neither the name of the "Oracle America, Inc." nor the names of
19 * its contributors may be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
23 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 * auth.h, Authentication interface.
38 * The data structures are completely opaque to the client. The client
39 * is required to pass a AUTH * to routines that create rpc
45 #include <gssrpc/xdr.h>
49 #define MAX_AUTH_BYTES 400
50 #define MAXNETNAMELEN 255 /* maximum length of network user's name */
53 * Status returned from authentication check
58 * failed at remote end
60 AUTH_BADCRED=1, /* bogus credentials (seal broken) */
61 AUTH_REJECTEDCRED=2, /* client should begin new session */
62 AUTH_BADVERF=3, /* bogus verifier (seal broken) */
63 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
64 AUTH_TOOWEAK=5, /* rejected due to security reasons */
68 AUTH_INVALIDRESP=6, /* bogus response verifier */
69 AUTH_FAILED=7, /* some unknown reason */
73 RPCSEC_GSS_CREDPROBLEM = 13,
74 RPCSEC_GSS_CTXPROBLEM = 14
80 typedef union des_block des_block;
81 extern bool_t xdr_des_block(XDR *, des_block *);
84 * Authentication info. Opaque to client.
87 enum_t oa_flavor; /* flavor of auth */
88 caddr_t oa_base; /* address of more auth stuff */
89 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
94 * Auth handle, interface to client side authenticators.
99 struct opaque_auth ah_cred;
100 struct opaque_auth ah_verf;
101 union des_block ah_key;
103 void (*ah_nextverf)(struct AUTH *);
104 /* nextverf & serialize */
105 int (*ah_marshal)(struct AUTH *, XDR *);
106 /* validate varifier */
107 int (*ah_validate)(struct AUTH *,
108 struct opaque_auth *);
109 /* refresh credentials */
110 int (*ah_refresh)(struct AUTH *, struct rpc_msg *);
111 /* destroy this structure */
112 void (*ah_destroy)(struct AUTH *);
113 /* encode data for wire */
114 int (*ah_wrap)(struct AUTH *, XDR *,
116 /* decode data from wire */
117 int (*ah_unwrap)(struct AUTH *, XDR *,
125 * Authentication ops.
126 * The ops and the auth handle provide the interface to the authenticators.
130 * struct opaque_auth verf;
132 #define AUTH_NEXTVERF(auth) \
133 ((*((auth)->ah_ops->ah_nextverf))(auth))
134 #define auth_nextverf(auth) \
135 ((*((auth)->ah_ops->ah_nextverf))(auth))
137 #define AUTH_MARSHALL(auth, xdrs) \
138 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
139 #define auth_marshall(auth, xdrs) \
140 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
142 #define AUTH_VALIDATE(auth, verfp) \
143 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
144 #define auth_validate(auth, verfp) \
145 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
147 #define AUTH_REFRESH(auth, msg) \
148 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
149 #define auth_refresh(auth, msg) \
150 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
152 #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
153 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
155 #define auth_wrap(auth, xdrs, xfunc, xwhere) \
156 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
158 #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
159 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
161 #define auth_unwrap(auth, xdrs, xfunc, xwhere) \
162 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
165 #define AUTH_DESTROY(auth) \
166 ((*((auth)->ah_ops->ah_destroy))(auth))
167 #define auth_destroy(auth) \
168 ((*((auth)->ah_ops->ah_destroy))(auth))
172 /* RENAMED: should be _null_auth if we can use reserved namespace. */
173 extern struct opaque_auth gssrpc__null_auth;
177 * These are the various implementations of client side authenticators.
181 * Unix style authentication
182 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
189 extern AUTH *authunix_create(char *machname, int uid, int gid, int len,
191 extern AUTH *authunix_create_default(void); /* takes no parameters */
192 extern AUTH *authnone_create(void); /* takes no parameters */
193 extern AUTH *authdes_create();
194 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
196 #define AUTH_NONE 0 /* no authentication */
197 #define AUTH_NULL 0 /* backward compatibility */
198 #define AUTH_UNIX 1 /* unix style (uid, gids) */
199 #define AUTH_SHORT 2 /* short hand unix style */
200 #define AUTH_DES 3 /* des style (encrypted timestamps) */
201 #define AUTH_GSSAPI 300001 /* GSS-API style */
202 #define RPCSEC_GSS 6 /* RPCSEC_GSS */
206 #endif /* !defined(GSSRPC_AUTH_H) */