include/gssrpc/auth.h

0001 /* @(#)auth.h   2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */
0002 /*
0003  * Copyright (c) 2010, Oracle America, Inc.
0004  *
0005  * All rights reserved.
0006  *
0007  * Redistribution and use in source and binary forms, with or without
0008  * modification, are permitted provided that the following conditions are met:
0009  *
0010  *     * Redistributions of source code must retain the above copyright
0011  *       notice, this list of conditions and the following disclaimer.
0012  *
0013  *     * Redistributions in binary form must reproduce the above copyright
0014  *       notice, this list of conditions and the following disclaimer in
0015  *       the documentation and/or other materials provided with the
0016  *       distribution.
0017  *
0018  *     * Neither the name of the "Oracle America, Inc." nor the names of
0019  *       its contributors may be used to endorse or promote products
0020  *       derived from this software without specific prior written permission.
0021  *
0022  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
0023  * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
0024  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
0025  * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
0026  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
0027  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
0028  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
0029  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
0030  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
0031  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
0032  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0033  */
0034
0035 /*
0036  * auth.h, Authentication interface.
0037  *
0038  * The data structures are completely opaque to the client.  The client
0039  * is required to pass a AUTH * to routines that create rpc
0040  * "sessions".
0041  */
0042 #ifndef GSSRPC_AUTH_H
0043 #define GSSRPC_AUTH_H
0044
0045 #include <gssrpc/xdr.h>
0046
0047 GSSRPC__BEGIN_DECLS
0048
0049 #define MAX_AUTH_BYTES  400
0050 #define MAXNETNAMELEN   255 /* maximum length of network user's name */
0051
0052 /*
0053  * Status returned from authentication check
0054  */
0055 enum auth_stat {
0056     AUTH_OK=0,
0057     /*
0058      * failed at remote end
0059      */
0060     AUTH_BADCRED=1,         /* bogus credentials (seal broken) */
0061     AUTH_REJECTEDCRED=2,        /* client should begin new session */
0062     AUTH_BADVERF=3,         /* bogus verifier (seal broken) */
0063     AUTH_REJECTEDVERF=4,        /* verifier expired or was replayed */
0064     AUTH_TOOWEAK=5,         /* rejected due to security reasons */
0065     /*
0066      * failed locally
0067     */
0068     AUTH_INVALIDRESP=6,     /* bogus response verifier */
0069     AUTH_FAILED=7,          /* some unknown reason */
0070     /*
0071      * RPCSEC_GSS errors
0072      */
0073     RPCSEC_GSS_CREDPROBLEM = 13,
0074     RPCSEC_GSS_CTXPROBLEM = 14
0075 };
0076
0077 union des_block {
0078     char c[8];
0079 };
0080 typedef union des_block des_block;
0081 extern bool_t   xdr_des_block(XDR *, des_block *);
0082
0083 /*
0084  * Authentication info.  Opaque to client.
0085  */
0086 struct opaque_auth {
0087     enum_t  oa_flavor;      /* flavor of auth */
0088     caddr_t oa_base;        /* address of more auth stuff */
0089     u_int   oa_length;      /* not to exceed MAX_AUTH_BYTES */
0090 };
0091
0092
0093 /*
0094  * Auth handle, interface to client side authenticators.
0095  */
0096 struct rpc_msg;
0097
0098 typedef struct AUTH {
0099     struct  opaque_auth ah_cred;
0100     struct  opaque_auth ah_verf;
0101     union   des_block   ah_key;
0102     struct auth_ops {
0103         void    (*ah_nextverf)(struct AUTH *);
0104             /* nextverf & serialize */
0105         int (*ah_marshal)(struct AUTH *, XDR *);
0106             /* validate varifier */
0107         int (*ah_validate)(struct AUTH *,
0108                        struct opaque_auth *);
0109             /* refresh credentials */
0110         int (*ah_refresh)(struct AUTH *, struct rpc_msg *);
0111             /* destroy this structure */
0112         void    (*ah_destroy)(struct AUTH *);
0113         /* encode data for wire */
0114         int     (*ah_wrap)(struct AUTH *, XDR *,
0115                    xdrproc_t, caddr_t);
0116             /* decode data from wire */
0117             int (*ah_unwrap)(struct AUTH *, XDR *,
0118                      xdrproc_t, caddr_t);
0119     } *ah_ops;
0120     void *ah_private;
0121 } AUTH;
0122
0123
0124 /*
0125  * Authentication ops.
0126  * The ops and the auth handle provide the interface to the authenticators.
0127  *
0128  * AUTH *auth;
0129  * XDR  *xdrs;
0130  * struct opaque_auth verf;
0131  */
0132 #define AUTH_NEXTVERF(auth)     \
0133         ((*((auth)->ah_ops->ah_nextverf))(auth))
0134 #define auth_nextverf(auth)     \
0135         ((*((auth)->ah_ops->ah_nextverf))(auth))
0136
0137 #define AUTH_MARSHALL(auth, xdrs)   \
0138         ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
0139 #define auth_marshall(auth, xdrs)   \
0140         ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
0141
0142 #define AUTH_VALIDATE(auth, verfp)  \
0143         ((*((auth)->ah_ops->ah_validate))((auth), verfp))
0144 #define auth_validate(auth, verfp)  \
0145         ((*((auth)->ah_ops->ah_validate))((auth), verfp))
0146
0147 #define AUTH_REFRESH(auth, msg)     \
0148         ((*((auth)->ah_ops->ah_refresh))(auth, msg))
0149 #define auth_refresh(auth, msg)     \
0150         ((*((auth)->ah_ops->ah_refresh))(auth, msg))
0151
0152 #define AUTH_WRAP(auth, xdrs, xfunc, xwhere)        \
0153         ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
0154                           xfunc, xwhere))
0155 #define auth_wrap(auth, xdrs, xfunc, xwhere)        \
0156         ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
0157                           xfunc, xwhere))
0158 #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere)      \
0159         ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
0160                           xfunc, xwhere))
0161 #define auth_unwrap(auth, xdrs, xfunc, xwhere)      \
0162         ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
0163                           xfunc, xwhere))
0164
0165 #define AUTH_DESTROY(auth)      \
0166         ((*((auth)->ah_ops->ah_destroy))(auth))
0167 #define auth_destroy(auth)      \
0168         ((*((auth)->ah_ops->ah_destroy))(auth))
0169
0170
0171 #ifdef GSSRPC__IMPL
0172 /* RENAMED: should be _null_auth if we can use reserved namespace. */
0173 extern struct opaque_auth gssrpc__null_auth;
0174 #endif
0175
0176 /*
0177  * These are the various implementations of client side authenticators.
0178  */
0179
0180 /*
0181  * Unix style authentication
0182  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
0183  *  char *machname;
0184  *  int uid;
0185  *  int gid;
0186  *  int len;
0187  *  int *aup_gids;
0188  */
0189 extern AUTH *authunix_create(char *machname, int uid, int gid, int len,
0190                  int *aup_gids);
0191 extern AUTH *authunix_create_default(void); /* takes no parameters */
0192 extern AUTH *authnone_create(void);     /* takes no parameters */
0193 extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);
0194
0195 #define AUTH_NONE   0       /* no authentication */
0196 #define AUTH_NULL   0       /* backward compatibility */
0197 #define AUTH_UNIX   1       /* unix style (uid, gids) */
0198 #define AUTH_SHORT  2       /* short hand unix style */
0199 #define AUTH_DES    3       /* des style (encrypted timestamps) */
0200 #define AUTH_GSSAPI 300001      /* GSS-API style */
0201 #define RPCSEC_GSS  6       /* RPCSEC_GSS */
0202
0203 GSSRPC__END_DECLS
0204
0205 #endif /* !defined(GSSRPC_AUTH_H) */