auth.h source code [glibc/sunrpc/rpc/auth.h]

1	/*
2	* auth.h, Authentication interface.
3	*
4	* Copyright (c) 2010, Oracle America, Inc.
5	*
6	* Redistribution and use in source and binary forms, with or without
7	* modification, are permitted provided that the following conditions are
8	* met:
9	*
10	* * Redistributions of source code must retain the above copyright
11	* notice, this list of conditions and the following disclaimer.
12	* * Redistributions in binary form must reproduce the above
13	* copyright notice, this list of conditions and the following
14	* disclaimer in the documentation and/or other materials
15	* provided with the distribution.
16	* * Neither the name of the "Oracle America, Inc." nor the names of its
17	* contributors may be used to endorse or promote products derived
18	* from this software without specific prior written permission.
19	*
20	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23	* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24	* COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25	* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
27	* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28	* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
30	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32	*
33	* The data structures are completely opaque to the client. The client
34	* is required to pass a AUTH * to routines that create rpc
35	* "sessions".
36	*/
37
38	#ifndef _RPC_AUTH_H
39
40	#define _RPC_AUTH_H 1
41	#include <features.h>
42	#include <rpc/xdr.h>
43
44	__BEGIN_DECLS
45
46	#define MAX_AUTH_BYTES 400
47	#define MAXNETNAMELEN 255 /* maximum length of network user's name */
48
49	/*
50	* Status returned from authentication check
51	*/
52	enum auth_stat {
53	AUTH_OK=`0`,
54	/*
55	* failed at remote end
56	*/
57	AUTH_BADCRED=`1`, / bogus credentials (seal broken) /
58	AUTH_REJECTEDCRED=`2`, / client should begin new session /
59	AUTH_BADVERF=`3`, / bogus verifier (seal broken) /
60	AUTH_REJECTEDVERF=`4`, / verifier expired or was replayed /
61	AUTH_TOOWEAK=`5`, / rejected due to security reasons /
62	/*
63	* failed locally
64	*/
65	AUTH_INVALIDRESP=`6`, / bogus response verifier /
66	AUTH_FAILED=`7` / some unknown reason /
67	};
68
69	union des_block {
70	struct {
71	uint32_t high;
72	uint32_t low;
73	} key;
74	char c[`8`];
75	};
76	typedef union des_block des_block;
77	extern bool_t xdr_des_block (XDR __xdrs, des_block __blkp) __THROW;
78
79	/*
80	* Authentication info. Opaque to client.
81	*/
82	struct opaque_auth {
83	enum_t oa_flavor; / flavor of auth /
84	caddr_t oa_base; / address of more auth stuff /
85	u_int oa_length; / not to exceed MAX_AUTH_BYTES /
86	};
87
88	/*
89	* Auth handle, interface to client side authenticators.
90	*/
91	typedef struct AUTH AUTH;
92	struct AUTH {
93	struct opaque_auth ah_cred;
94	struct opaque_auth ah_verf;
95	union des_block ah_key;
96	struct auth_ops {
97	void (ah_nextverf) (AUTH );
98	int (ah_marshal) (AUTH , XDR ); /* nextverf & serialize /
99	int (ah_validate) (AUTH , struct opaque_auth *);
100	/ validate verifier /
101	int (ah_refresh) (AUTH ); / refresh credentials /
102	void (ah_destroy) (AUTH ); / destroy this structure /
103	} *ah_ops;
104	caddr_t ah_private;
105	};
106
107
108	/*
109	* Authentication ops.
110	* The ops and the auth handle provide the interface to the authenticators.
111	*
112	* AUTH *auth;
113	* XDR *xdrs;
114	* struct opaque_auth verf;
115	*/
116	#define AUTH_NEXTVERF(auth) \
117	((*((auth)->ah_ops->ah_nextverf))(auth))
118	#define auth_nextverf(auth) \
119	((*((auth)->ah_ops->ah_nextverf))(auth))
120
121	#define AUTH_MARSHALL(auth, xdrs) \
122	((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
123	#define auth_marshall(auth, xdrs) \
124	((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
125
126	#define AUTH_VALIDATE(auth, verfp) \
127	((*((auth)->ah_ops->ah_validate))((auth), verfp))
128	#define auth_validate(auth, verfp) \
129	((*((auth)->ah_ops->ah_validate))((auth), verfp))
130
131	#define AUTH_REFRESH(auth) \
132	((*((auth)->ah_ops->ah_refresh))(auth))
133	#define auth_refresh(auth) \
134	((*((auth)->ah_ops->ah_refresh))(auth))
135
136	#define AUTH_DESTROY(auth) \
137	((*((auth)->ah_ops->ah_destroy))(auth))
138	#define auth_destroy(auth) \
139	((*((auth)->ah_ops->ah_destroy))(auth))
140
141
142	extern struct opaque_auth _null_auth;
143
144
145	/*
146	* These are the various implementations of client side authenticators.
147	*/
148
149	/*
150	* Unix style authentication
151	* AUTH *authunix_create(machname, uid, gid, len, aup_gids)
152	* char *machname;
153	* int uid;
154	* int gid;
155	* int len;
156	* int *aup_gids;
157	*/
158	extern AUTH authunix_create (char* *__machname, __uid_t __uid, __gid_t __gid,
159	int __len, __gid_t *__aup_gids);
160	extern AUTH authunix_create_default (void*);
161	extern AUTH authnone_create (void*) __THROW;
162	extern AUTH authdes_create (const* char *__servername, u_int __window,
163	struct sockaddr __syncaddr, des_block __ckey)
164	__THROW;
165	extern AUTH authdes_pk_create (const* char , netobj , u_int,
166	struct sockaddr , des_block ) __THROW;
167
168
169	#define AUTH_NONE 0 /* no authentication */
170	#define AUTH_NULL 0 /* backward compatibility */
171	#define AUTH_SYS 1 /* unix style (uid, gids) */
172	#define AUTH_UNIX AUTH_SYS
173	#define AUTH_SHORT 2 /* short hand unix style */
174	#define AUTH_DES 3 /* des style (encrypted timestamps) */
175	#define AUTH_DH AUTH_DES /* Diffie-Hellman (this is DES) */
176	#define AUTH_KERB 4 /* kerberos style */
177
178	/*
179	* Netname manipulating functions
180	*
181	*/
182	extern int getnetname (char [MAXNETNAMELEN + `1`]) __THROW;
183	extern int host2netname (char [MAXNETNAMELEN + `1`], const char *,
184	const char *) __THROW;
185	extern int user2netname (char [MAXNETNAMELEN + `1`], const uid_t,
186	const char *) __THROW;
187	extern int netname2user (const char , uid_t , gid_t , int* , gid_t )
188	__THROW;
189	extern int netname2host (const char , char* , const* int) __THROW;
190
191	/*
192	*
193	* These routines interface to the keyserv daemon
194	*
195	*/
196	extern int key_decryptsession (char , des_block );
197	extern int key_decryptsession_pk (char , netobj , des_block *);
198	extern int key_encryptsession (char , des_block );
199	extern int key_encryptsession_pk (char , netobj , des_block *);
200	extern int key_gendes (des_block *);
201	extern int key_setsecret (char *);
202	extern int key_secretkey_is_set (void);
203	extern int key_get_conv (char , des_block );
204
205	/*
206	* XDR an opaque authentication struct.
207	*/
208	extern bool_t xdr_opaque_auth (XDR , struct* opaque_auth *) __THROW;
209
210	__END_DECLS
211
212	#endif /* rpc/auth.h */
213

source code of glibc/sunrpc/rpc/auth.h