ReactOS  0.4.13-dev-100-gc8611ae
auth.h
Go to the documentation of this file.
1 /* $NetBSD: auth.h,v 1.15 2000/06/02 22:57:55 fvdl Exp $ */
2 
3 /*
4  * Copyright (c) 2009, Sun Microsystems, Inc.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions are met:
9  * - Redistributions of source code must retain the above copyright notice,
10  * this list of conditions and the following disclaimer.
11  * - Redistributions in binary form must reproduce the above copyright notice,
12  * this list of conditions and the following disclaimer in the documentation
13  * and/or other materials provided with the distribution.
14  * - Neither the name of Sun Microsystems, Inc. nor the names of its
15  * contributors may be used to endorse or promote products derived
16  * from this software without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  *
30  * from: @(#)auth.h 1.17 88/02/08 SMI
31  * from: @(#)auth.h 2.3 88/08/07 4.0 RPCSRC
32  * from: @(#)auth.h 1.43 98/02/02 SMI
33  * $FreeBSD: src/include/rpc/auth.h,v 1.20 2003/01/01 18:48:42 schweikh Exp $
34  */
35 
36 /*
37  * auth.h, Authentication interface.
38  *
39  * Copyright (C) 1984, Sun Microsystems, Inc.
40  *
41  * The data structures are completely opaque to the client. The client
42  * is required to pass an AUTH * to routines that create rpc
43  * "sessions".
44  */
45 
46 /* NFSv4.1 client for Windows
47  * Copyright 2012 The Regents of the University of Michigan
48  *
49  * Olga Kornievskaia <aglo@umich.edu>
50  * Casey Bodley <cbodley@umich.edu>
51  *
52  * This library is free software; you can redistribute it and/or modify it
53  * under the terms of the GNU Lesser General Public License as published by
54  * the Free Software Foundation; either version 2.1 of the License, or (at
55  * your option) any later version.
56  *
57  * This library is distributed in the hope that it will be useful, but
58  * without any warranty; without even the implied warranty of merchantability
59  * or fitness for a particular purpose. See the GNU Lesser General Public
60  * License for more details.
61  *
62  * You should have received a copy of the GNU Lesser General Public License
63  * along with this library; if not, write to the Free Software Foundation,
64  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA
65  */
66 
67 #ifndef _TIRPC_AUTH_H
68 #define _TIRPC_AUTH_H
69 
70 #include <rpc/xdr.h>
71 #include <rpc/clnt_stat.h>
72 //#include <sys/cdefs.h>
73 //#include <sys/socket.h>
74 #include <sys/types.h>
75 
76 
77 #define MAX_AUTH_BYTES 400
78 #define MAXNETNAMELEN 255 /* maximum length of network user's name */
79 
80 /*
81  * Client side authentication/security data
82  */
83 
84 typedef struct sec_data {
85  u_int secmod; /* security mode number e.g. in nfssec.conf */
86  u_int rpcflavor; /* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
87  int flags; /* AUTH_F_xxx flags */
88  caddr_t data; /* opaque data per flavor */
89 } sec_data_t;
90 
91 #ifdef _SYSCALL32_IMPL
92 struct sec_data32 {
93  uint32_t secmod; /* security mode number e.g. in nfssec.conf */
94  uint32_t rpcflavor; /* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
95  int32_t flags; /* AUTH_F_xxx flags */
96  caddr32_t data; /* opaque data per flavor */
97 };
98 #endif /* _SYSCALL32_IMPL */
99 
100 /*
101  * AUTH_DES flavor specific data from sec_data opaque data field.
102  * AUTH_KERB has the same structure.
103  */
104 typedef struct des_clnt_data {
105  struct netbuf syncaddr; /* time sync addr */
106  struct knetconfig *knconf; /* knetconfig info that associated */
107  /* with the syncaddr. */
108  char *netname; /* server's netname */
109  int netnamelen; /* server's netname len */
111 
112 #ifdef _SYSCALL32_IMPL
113 struct des_clnt_data32 {
114  struct netbuf32 syncaddr; /* time sync addr */
115  caddr32_t knconf; /* knetconfig info that associated */
116  /* with the syncaddr. */
117  caddr32_t netname; /* server's netname */
118  int32_t netnamelen; /* server's netname len */
119 };
120 #endif /* _SYSCALL32_IMPL */
121 
122 #ifdef KERBEROS
123 /*
124  * flavor specific data to hold the data for AUTH_DES/AUTH_KERB(v4)
125  * in sec_data->data opaque field.
126  */
127 typedef struct krb4_svc_data {
128  int window; /* window option value */
129 } krb4_svcdata_t;
130 
131 typedef struct krb4_svc_data des_svcdata_t;
132 #endif /* KERBEROS */
133 
134 /*
135  * authentication/security specific flags
136  */
137 #define AUTH_F_RPCTIMESYNC 0x001 /* use RPC to do time sync */
138 #define AUTH_F_TRYNONE 0x002 /* allow fall back to AUTH_NONE */
139 
140 
141 /*
142  * Status returned from authentication check
143  */
144 enum auth_stat {
146  /*
147  * failed at remote end
148  */
149  AUTH_BADCRED=1, /* bogus credentials (seal broken) */
150  AUTH_REJECTEDCRED=2, /* client should begin new session */
151  AUTH_BADVERF=3, /* bogus verifier (seal broken) */
152  AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
153  AUTH_TOOWEAK=5, /* rejected due to security reasons */
154  /*
155  * failed locally
156  */
157  AUTH_INVALIDRESP=6, /* bogus response verifier */
158  AUTH_FAILED=7, /* some unknown reason */
159 #ifdef KERBEROS
160  /*
161  * kerberos errors
162  */
163  AUTH_KERB_GENERIC = 8, /* kerberos generic error */
164  AUTH_TIMEEXPIRE = 9, /* time of credential expired */
165  AUTH_TKT_FILE = 10, /* something wrong with ticket file */
166  AUTH_DECODE = 11, /* can't decode authenticator */
167  AUTH_NET_ADDR = 12, /* wrong net address in ticket */
168 #endif /* KERBEROS */
169 
170  /*
171  * RPCSEC_GSS errors
172  */
175 
176 };
177 
178 typedef u_int32_t u_int32; /* 32-bit unsigned integers */
179 
180 union des_block {
181  struct {
184  } key;
185  char c[8];
186 };
187 typedef union des_block des_block;
189 extern bool_t xdr_des_block(XDR *, des_block *);
191 
192 /*
193  * Authentication info. Opaque to client.
194  */
195 struct opaque_auth {
196  enum_t oa_flavor; /* flavor of auth */
197  caddr_t oa_base; /* address of more auth stuff */
198  u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
199 };
200 
201 
202 /*
203  * Auth handle, interface to client side authenticators.
204  */
205 typedef struct __auth {
209  struct auth_ops {
210  void (*ah_nextverf) (struct __auth *);
211  /* nextverf & serialize */
212  int (*ah_marshal) (struct __auth *, XDR *, u_int *);
213  /* validate verifier */
214  int (*ah_validate) (struct __auth *, struct opaque_auth *, u_int);
215  /* refresh credentials */
216  int (*ah_refresh) (struct __auth *, void *);
217  /* destroy this structure */
218  void (*ah_destroy) (struct __auth *);
219  /* encode data for wire */
220  int (*ah_wrap) (struct __auth *, XDR *, xdrproc_t, caddr_t);
221  /* decode data for wire */
223 
224  } *ah_ops;
225  void *ah_private;
226 } AUTH;
227 
228 
229 /*
230  * Authentication ops.
231  * The ops and the auth handle provide the interface to the authenticators.
232  *
233  * AUTH *auth;
234  * XDR *xdrs;
235  * struct opaque_auth verf;
236  */
237 #define AUTH_NEXTVERF(auth) \
238  ((*((auth)->ah_ops->ah_nextverf))(auth))
239 #define auth_nextverf(auth) \
240  ((*((auth)->ah_ops->ah_nextverf))(auth))
241 
242 #define AUTH_MARSHALL(auth, xdrs, seq) \
243  ((*((auth)->ah_ops->ah_marshal))(auth, xdrs, seq))
244 #define auth_marshall(auth, xdrs, seq) \
245  ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
246 
247 #define AUTH_VALIDATE(auth, verfp, seq) \
248  ((*((auth)->ah_ops->ah_validate))((auth), verfp, seq))
249 #define auth_validate(auth, verfp, seq) \
250  ((*((auth)->ah_ops->ah_validate))((auth), verfp, seq))
251 
252 #define AUTH_REFRESH(auth, msg) \
253  ((*((auth)->ah_ops->ah_refresh))(auth, msg))
254 #define auth_refresh(auth, msg) \
255  ((*((auth)->ah_ops->ah_refresh))(auth, msg))
256 
257 #define AUTH_DESTROY(auth) \
258  ((*((auth)->ah_ops->ah_destroy))(auth))
259 #define auth_destroy(auth) \
260  ((*((auth)->ah_ops->ah_destroy))(auth))
261 
262 #define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
263  ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
264  xfunc, xwhere))
265 #define auth_wrap(auth, xdrs, xfunc, xwhere) \
266  ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
267  xfunc, xwhere))
268 
269 #define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere, seq) \
270  ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
271  xfunc, xwhere, seq))
272 #define auth_unwrap(auth, xdrs, xfunc, xwhere, seq) \
273  ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
274  xfunc, xwhere, seq))
275 
276 
278 extern struct opaque_auth _null_auth;
280 
281 /*
282  * Any style authentication. These routines can be used by any
283  * authentication style that does not use the wrap/unwrap functions.
284  */
285 int authany_wrap(void), authany_unwrap(void);
286 
287 /*
288  * These are the various implementations of client side authenticators.
289  */
290 
291 /*
292  * System style authentication
293  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
294  * char *machname;
295  * int uid;
296  * int gid;
297  * int len;
298  * int *aup_gids;
299  */
301 extern AUTH *authunix_create(char *, uid_t, uid_t, int, uid_t *);
302 extern AUTH *authunix_create_default(void); /* takes no parameters */
303 extern AUTH *authnone_create(void); /* takes no parameters */
305 /*
306  * DES style authentication
307  * AUTH *authsecdes_create(servername, window, timehost, ckey)
308  * char *servername; - network name of server
309  * u_int window; - time to live
310  * const char *timehost; - optional hostname to sync with
311  * des_block *ckey; - optional conversation key to use
312  */
314 extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
315 extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
316  const des_block *);
318 
320 extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *);
322 
323 #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
324 #define authsys_create_default() authunix_create_default()
325 
326 /*
327  * Netname manipulation routines.
328  */
330 extern int getnetname(char *);
331 extern int host2netname(char *, const char *, const char *);
332 extern int user2netname(char *, const uid_t, const char *);
333 extern int netname2user(char *, uid_t *, gid_t *, int *, gid_t *);
334 extern int netname2host(char *, char *, const int);
335 extern void passwd2des ( char *, char * );
337 
338 /*
339  *
340  * These routines interface to the keyserv daemon
341  *
342  */
344 extern int key_decryptsession(const char *, des_block *);
345 extern int key_encryptsession(const char *, des_block *);
346 extern int key_gendes(des_block *);
347 extern int key_setsecret(const char *);
348 extern int key_secretkey_is_set(void);
350 
351 /*
352  * Publickey routines.
353  */
355 extern int getpublickey (const char *, char *);
356 extern int getpublicandprivatekey (char *, char *);
357 extern int getsecretkey (char *, char *, char *);
359 
360 #ifdef KERBEROS
361 /*
362  * Kerberos style authentication
363  * AUTH *authkerb_seccreate(service, srv_inst, realm, window, timehost, status)
364  * const char *service; - service name
365  * const char *srv_inst; - server instance
366  * const char *realm; - server realm
367  * const u_int window; - time to live
368  * const char *timehost; - optional hostname to sync with
369  * int *status; - kerberos status returned
370  */
372 extern AUTH *authkerb_seccreate(const char *, const char *, const char *,
373  const u_int, const char *, int *);
375 
376 /*
377  * Map a kerberos credential into a unix cred.
378  *
379  * authkerb_getucred(rqst, uid, gid, grouplen, groups)
380  * const struct svc_req *rqst; - request pointer
381  * uid_t *uid;
382  * gid_t *gid;
383  * short *grouplen;
384  * int *groups;
385  *
386  */
388 extern int authkerb_getucred(/* struct svc_req *, uid_t *, gid_t *,
389  short *, int * */);
391 #endif /* KERBEROS */
392 
394 struct svc_req;
395 struct rpc_msg;
396 enum auth_stat _svcauth_null (struct svc_req *, struct rpc_msg *);
397 enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
398 enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
400 
401 #define AUTH_NONE 0 /* no authentication */
402 #define AUTH_NULL 0 /* backward compatibility */
403 #define AUTH_SYS 1 /* unix style (uid, gids) */
404 #define AUTH_UNIX AUTH_SYS
405 #define AUTH_SHORT 2 /* short hand unix style */
406 #define AUTH_DH 3 /* for Diffie-Hellman mechanism */
407 #define AUTH_DES AUTH_DH /* for backward compatibility */
408 #define AUTH_KERB 4 /* kerberos style */
409 #define RPCSEC_GSS 6 /* RPCSEC_GSS */
410 
411 #endif /* !_TIRPC_AUTH_H */
int getsecretkey(char *, char *, char *)
int user2netname(char *, const uid_t, const char *)
__BEGIN_DECLS AUTH * authunix_create(char *, uid_t, uid_t, int, uid_t *)
int flags
Definition: auth.h:87
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
int getpublicandprivatekey(char *, char *)
Definition: getpublickey.c:89
u_int oa_length
Definition: auth.h:198
u_int32_t high
Definition: auth.h:182
int key_setsecret(const char *)
AUTH * authunix_create_default(void)
Definition: auth_unix.c:198
int32_t bool_t
Definition: types.h:101
struct des_block::@179 key
u_int32_t u_int32
Definition: auth.h:178
u_int rpcflavor
Definition: auth.h:86
caddr_t oa_base
Definition: auth.h:197
__END_DECLS __BEGIN_DECLS int getpublickey(const char *, char *)
int netname2host(char *, char *, const int)
Definition: auth.h:205
enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *)
Definition: svc_auth_unix.c:51
__BEGIN_DECLS bool_t xdr_des_block(XDR *, des_block *)
Definition: rpc_prot.c:100
AUTH * authdes_seccreate(const char *, const u_int, const char *, const des_block *)
Definition: auth_des.c:123
long uid_t
Definition: various.h:8
char * caddr_t
Definition: rosdhcp.h:36
Definition: xdr.h:103
int(* ah_validate)(struct __auth *, struct opaque_auth *, u_int)
Definition: auth.h:214
Definition: auth.h:84
__END_DECLS int authany_unwrap(void)
int(* ah_unwrap)(struct __auth *, XDR *, xdrproc_t, caddr_t, u_int)
Definition: auth.h:222
u_int secmod
Definition: auth.h:85
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
int key_secretkey_is_set(void)
Definition: key_call.c:116
UINT gid_t
Definition: types.h:89
__BEGIN_DECLS int getnetname(char *)
auth_stat
Definition: auth.h:144
Definition: auth.h:145
int key_gendes(des_block *)
Definition: key_call.c:225
int netnamelen
Definition: auth.h:109
#define __END_DECLS
Definition: wintirpc.h:63
union des_block ah_key
Definition: auth.h:208
int(* ah_refresh)(struct __auth *, void *)
Definition: auth.h:216
void * ah_private
Definition: auth.h:225
int host2netname(char *, const char *, const char *)
struct sec_data sec_data_t
__END_DECLS __BEGIN_DECLS AUTH * authdes_create(char *, u_int, struct sockaddr *, des_block *)
struct opaque_auth ah_verf
Definition: auth.h:207
enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *)
Definition: svc_auth.c:138
caddr_t data
Definition: auth.h:88
const GLubyte * c
Definition: glext.h:8905
enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *)
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
GLbitfield flags
Definition: glext.h:7161
int(* ah_marshal)(struct __auth *, XDR *, u_int *)
Definition: auth.h:212
u_int32_t low
Definition: auth.h:183
int32_t enum_t
Definition: types.h:102
int(* ah_wrap)(struct __auth *, XDR *, xdrproc_t, caddr_t)
Definition: auth.h:220
__END_DECLS __BEGIN_DECLS int key_decryptsession(const char *, des_block *)
__END_DECLS __BEGIN_DECLS bool_t xdr_opaque_auth(XDR *, struct opaque_auth *)
Definition: rpc_prot.c:82
struct knetconfig * knconf
Definition: auth.h:106
unsigned int u_int32_t
Definition: rosdhcp.h:35
void(* ah_nextverf)(struct __auth *)
Definition: auth.h:210
void passwd2des(char *, char *)
static IHTMLWindow2 * window
Definition: events.c:77
__END_DECLS int authany_wrap(void)
INT32 int32_t
Definition: types.h:71
struct __auth AUTH
struct netbuf syncaddr
Definition: auth.h:105
#define caddr_t
Definition: ftp.c:24
UINT32 u_int
Definition: types.h:82
enum_t oa_flavor
Definition: auth.h:196
Definition: svc.h:132
struct __auth::auth_ops * ah_ops
int key_encryptsession(const char *, des_block *)
AUTH * authnone_create(void)
Definition: auth_none.c:100
UINT32 uint32_t
Definition: types.h:75
Definition: types.h:144
#define __BEGIN_DECLS
Definition: wintirpc.h:62
__BEGIN_DECLS struct opaque_auth _null_auth
struct opaque_auth ah_cred
Definition: auth.h:206
char * netname
Definition: auth.h:108
struct des_clnt_data dh_k4_clntdata_t
void(* ah_destroy)(struct __auth *)
Definition: auth.h:218
int netname2user(char *, uid_t *, gid_t *, int *, gid_t *)
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31