1 /* @(#)auth.h 2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
3 * Copyright (c) 2010, Oracle America, Inc.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
18 * * Neither the name of the "Oracle America, Inc." nor the names of
19 * its contributors may be used to endorse or promote products
20 * derived from this software without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
23 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 * auth.h, Authentication interface.
38 * The data structures are completely opaque to the client. The client
39 * is required to pass a AUTH * to routines that create rpc
45 #include <gssrpc/xdr.h>
49 #define MAX_AUTH_BYTES 400
50 #define MAXNETNAMELEN 255 /* maximum length of network user's name */
53 * Status returned from authentication check
58 * failed at remote end
60 AUTH_BADCRED=1, /* bogus credentials (seal broken) */
61 AUTH_REJECTEDCRED=2, /* client should begin new session */
62 AUTH_BADVERF=3, /* bogus verifier (seal broken) */
63 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
64 AUTH_TOOWEAK=5, /* rejected due to security reasons */
68 AUTH_INVALIDRESP=6, /* bogus response verifier */
69 AUTH_FAILED=7, /* some unknown reason */
73 RPCSEC_GSS_CREDPROBLEM = 13,
74 RPCSEC_GSS_CTXPROBLEM = 14
78 #if 0 /* XXX nothing uses this, anyway */
86 typedef union des_block des_block;
87 extern bool_t xdr_des_block(XDR *, des_block *);
90 * Authentication info. Opaque to client.
93 enum_t oa_flavor; /* flavor of auth */
94 caddr_t oa_base; /* address of more auth stuff */
95 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
100 * Auth handle, interface to client side authenticators.
104 typedef struct AUTH {
105 struct opaque_auth ah_cred;
106 struct opaque_auth ah_verf;
107 union des_block ah_key;
109 void (*ah_nextverf)(struct AUTH *);
110 /* nextverf & serialize */
111 int (*ah_marshal)(struct AUTH *, XDR *);
112 /* validate varifier */
113 int (*ah_validate)(struct AUTH *,
114 struct opaque_auth *);
115 /* refresh credentials */
116 int (*ah_refresh)(struct AUTH *, struct rpc_msg *);
117 /* destroy this structure */
118 void (*ah_destroy)(struct AUTH *);
119 /* encode data for wire */
120 int (*ah_wrap)(struct AUTH *, XDR *,
122 /* decode data from wire */
123 int (*ah_unwrap)(struct AUTH *, XDR *,
131 * Authentication ops.
132 * The ops and the auth handle provide the interface to the authenticators.
136 * struct opaque_auth verf;
138 #define AUTH_NEXTVERF(auth) \
139 ((*((auth)->ah_ops->ah_nextverf))(auth))
140 #define auth_nextverf(auth) \
141 ((*((auth)->ah_ops->ah_nextverf))(auth))
143 #define AUTH_MARSHALL(auth, xdrs) \
144 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
145 #define auth_marshall(auth, xdrs) \
146 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
148 #define AUTH_VALIDATE(auth, verfp) \
149 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
150 #define auth_validate(auth, verfp) \
151 ((*((auth)->ah_ops->ah_validate))((auth), verfp))
153 #define AUTH_REFRESH(auth, msg) \
154 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
155 #define auth_refresh(auth, msg) \
156 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
158 #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
159 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
161 #define auth_wrap(auth, xdrs, xfunc, xwhere) \
162 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
164 #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere) \
165 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
167 #define auth_unwrap(auth, xdrs, xfunc, xwhere) \
168 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
171 #define AUTH_DESTROY(auth) \
172 ((*((auth)->ah_ops->ah_destroy))(auth))
173 #define auth_destroy(auth) \
174 ((*((auth)->ah_ops->ah_destroy))(auth))
178 /* RENAMED: should be _null_auth if we can use reserved namespace. */
179 extern struct opaque_auth gssrpc__null_auth;
183 * These are the various implementations of client side authenticators.
187 * Unix style authentication
188 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
195 extern AUTH *authunix_create(char *machname, int uid, int gid, int len,
197 extern AUTH *authunix_create_default(void); /* takes no parameters */
198 extern AUTH *authnone_create(void); /* takes no parameters */
199 extern AUTH *authdes_create();
200 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
202 #define AUTH_NONE 0 /* no authentication */
203 #define AUTH_NULL 0 /* backward compatibility */
204 #define AUTH_UNIX 1 /* unix style (uid, gids) */
205 #define AUTH_SHORT 2 /* short hand unix style */
206 #define AUTH_DES 3 /* des style (encrypted timestamps) */
207 #define AUTH_GSSAPI 300001 /* GSS-API style */
208 #define RPCSEC_GSS 6 /* RPCSEC_GSS */
212 * BACKWARDS COMPATIBILIY! OpenV*Secure 1.0 had AUTH_GSSAPI == 4. We
213 * need to accept this value until 1.0 is dead.
215 /* This conflicts with AUTH_KERB (Solaris). */
216 #define AUTH_GSSAPI_COMPAT 4
221 #endif /* !defined(GSSRPC_AUTH_H) */