Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/krb5/src/include/gssrpc/auth.h
34907 views
1
/* @(#)auth.h	2.3 88/08/07 4.0 RPCSRC; from 1.17 88/02/08 SMI */

2
/*

3
 * Copyright (c) 2010, Oracle America, Inc.

4
 *

5
 * All rights reserved.

6
 *

7
 * Redistribution and use in source and binary forms, with or without

8
 * modification, are permitted provided that the following conditions are met:

9
 *

10
 *     * Redistributions of source code must retain the above copyright

11
 *       notice, this list of conditions and the following disclaimer.

12
 *

13
 *     * Redistributions in binary form must reproduce the above copyright

14
 *       notice, this list of conditions and the following disclaimer in

15
 *       the documentation and/or other materials provided with the

16
 *       distribution.

17
 *

18
 *     * Neither the name of the "Oracle America, Inc." nor the names of

19
 *       its contributors may be used to endorse or promote products

20
 *       derived from this software without specific prior written permission.

21
 *

22
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS

23
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED

24
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A

25
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT

26
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

27
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

28
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

29
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF

30
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

31
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS

32
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

33
 */

34


35
/*

36
 * auth.h, Authentication interface.

37
 *

38
 * The data structures are completely opaque to the client.  The client

39
 * is required to pass a AUTH * to routines that create rpc

40
 * "sessions".

41
 */

42
#ifndef GSSRPC_AUTH_H

43
#define GSSRPC_AUTH_H

44


45
#include <gssrpc/xdr.h>

46


47
GSSRPC__BEGIN_DECLS

48


49
#define MAX_AUTH_BYTES	400

50
#define MAXNETNAMELEN	255	/* maximum length of network user's name */

51


52
/*

53
 * Status returned from authentication check

54
 */

55
enum auth_stat {

56
	AUTH_OK=0,

57
	/*

58
	 * failed at remote end

59
	 */

60
	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */

61
	AUTH_REJECTEDCRED=2,		/* client should begin new session */

62
	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */

63
	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */

64
	AUTH_TOOWEAK=5,			/* rejected due to security reasons */

65
	/*

66
	 * failed locally

67
	*/

68
	AUTH_INVALIDRESP=6,		/* bogus response verifier */

69
	AUTH_FAILED=7,			/* some unknown reason */

70
	/*

71
	 * RPCSEC_GSS errors

72
	 */

73
	RPCSEC_GSS_CREDPROBLEM = 13,

74
	RPCSEC_GSS_CTXPROBLEM = 14

75
};

76


77
union des_block {

78
	char c[8];

79
};

80
typedef union des_block des_block;

81
extern bool_t	xdr_des_block(XDR *, des_block *);

82


83
/*

84
 * Authentication info.  Opaque to client.

85
 */

86
struct opaque_auth {

87
	enum_t	oa_flavor;		/* flavor of auth */

88
	caddr_t	oa_base;		/* address of more auth stuff */

89
	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */

90
};

91


92


93
/*

94
 * Auth handle, interface to client side authenticators.

95
 */

96
struct rpc_msg;

97


98
typedef struct AUTH {

99
	struct	opaque_auth	ah_cred;

100
	struct	opaque_auth	ah_verf;

101
	union	des_block	ah_key;

102
	struct auth_ops {

103
		void	(*ah_nextverf)(struct AUTH *);

104
	        /* nextverf & serialize */

105
		int	(*ah_marshal)(struct AUTH *, XDR *);

106
	        /* validate varifier */

107
		int	(*ah_validate)(struct AUTH *,

108
				       struct opaque_auth *);

109
	        /* refresh credentials */

110
		int	(*ah_refresh)(struct AUTH *, struct rpc_msg *);

111
	        /* destroy this structure */

112
		void	(*ah_destroy)(struct AUTH *);

113
		/* encode data for wire */

114
		int     (*ah_wrap)(struct AUTH *, XDR *,

115
				   xdrproc_t, caddr_t);

116
	        /* decode data from wire */

117
  	        int	(*ah_unwrap)(struct AUTH *, XDR *,

118
				     xdrproc_t, caddr_t);

119
	} *ah_ops;

120
	void *ah_private;

121
} AUTH;

122


123


124
/*

125
 * Authentication ops.

126
 * The ops and the auth handle provide the interface to the authenticators.

127
 *

128
 * AUTH	*auth;

129
 * XDR	*xdrs;

130
 * struct opaque_auth verf;

131
 */

132
#define AUTH_NEXTVERF(auth)		\

133
		((*((auth)->ah_ops->ah_nextverf))(auth))

134
#define auth_nextverf(auth)		\

135
		((*((auth)->ah_ops->ah_nextverf))(auth))

136


137
#define AUTH_MARSHALL(auth, xdrs)	\

138
		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))

139
#define auth_marshall(auth, xdrs)	\

140
		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))

141


142
#define AUTH_VALIDATE(auth, verfp)	\

143
		((*((auth)->ah_ops->ah_validate))((auth), verfp))

144
#define auth_validate(auth, verfp)	\

145
		((*((auth)->ah_ops->ah_validate))((auth), verfp))

146


147
#define AUTH_REFRESH(auth, msg)		\

148
		((*((auth)->ah_ops->ah_refresh))(auth, msg))

149
#define auth_refresh(auth, msg)		\

150
		((*((auth)->ah_ops->ah_refresh))(auth, msg))

151


152
#define AUTH_WRAP(auth, xdrs, xfunc, xwhere)		\

153
		((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \

154
					      xfunc, xwhere))

155
#define auth_wrap(auth, xdrs, xfunc, xwhere)		\

156
		((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \

157
					      xfunc, xwhere))

158
#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere)		\

159
		((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \

160
					      xfunc, xwhere))

161
#define auth_unwrap(auth, xdrs, xfunc, xwhere)		\

162
		((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \

163
					      xfunc, xwhere))

164


165
#define AUTH_DESTROY(auth)		\

166
		((*((auth)->ah_ops->ah_destroy))(auth))

167
#define auth_destroy(auth)		\

168
		((*((auth)->ah_ops->ah_destroy))(auth))

169


170


171
#ifdef GSSRPC__IMPL

172
/* RENAMED: should be _null_auth if we can use reserved namespace. */

173
extern struct opaque_auth gssrpc__null_auth;

174
#endif

175


176
/*

177
 * These are the various implementations of client side authenticators.

178
 */

179


180
/*

181
 * Unix style authentication

182
 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)

183
 *	char *machname;

184
 *	int uid;

185
 *	int gid;

186
 *	int len;

187
 *	int *aup_gids;

188
 */

189
extern AUTH *authunix_create(char *machname, int uid, int gid, int len,

190
			     int *aup_gids);

191
extern AUTH *authunix_create_default(void);	/* takes no parameters */

192
extern AUTH *authnone_create(void);		/* takes no parameters */

193
extern bool_t xdr_opaque_auth(XDR *, struct opaque_auth *);

194


195
#define AUTH_NONE	0		/* no authentication */

196
#define	AUTH_NULL	0		/* backward compatibility */

197
#define	AUTH_UNIX	1		/* unix style (uid, gids) */

198
#define	AUTH_SHORT	2		/* short hand unix style */

199
#define AUTH_DES	3		/* des style (encrypted timestamps) */

200
#define AUTH_GSSAPI	300001		/* GSS-API style */

201
#define RPCSEC_GSS	6		/* RPCSEC_GSS */

202


203
GSSRPC__END_DECLS

204


205
#endif /* !defined(GSSRPC_AUTH_H) */

206


207