ReactOS 0.4.15-dev-7788-g1ad9096
auth.h
Go to the documentation of this file.
1/* $NetBSD: auth.h,v 1.15 2000/06/02 22:57:55 fvdl Exp $ */
2
3/*
4 * Copyright (c) 2009, Sun Microsystems, Inc.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 * - Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * - Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 * - Neither the name of Sun Microsystems, Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
19 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
22 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28 * POSSIBILITY OF SUCH DAMAGE.
29 *
30 * from: @(#)auth.h 1.17 88/02/08 SMI
31 * from: @(#)auth.h 2.3 88/08/07 4.0 RPCSRC
32 * from: @(#)auth.h 1.43 98/02/02 SMI
33 * $FreeBSD: src/include/rpc/auth.h,v 1.20 2003/01/01 18:48:42 schweikh Exp $
34 */
35
36/*
37 * auth.h, Authentication interface.
38 *
39 * Copyright (C) 1984, Sun Microsystems, Inc.
40 *
41 * The data structures are completely opaque to the client. The client
42 * is required to pass an AUTH * to routines that create rpc
43 * "sessions".
44 */
45
46/* NFSv4.1 client for Windows
47 * Copyright © 2012 The Regents of the University of Michigan
48 *
49 * Olga Kornievskaia <aglo@umich.edu>
50 * Casey Bodley <cbodley@umich.edu>
51 *
52 * This library is free software; you can redistribute it and/or modify it
53 * under the terms of the GNU Lesser General Public License as published by
54 * the Free Software Foundation; either version 2.1 of the License, or (at
55 * your option) any later version.
56 *
57 * This library is distributed in the hope that it will be useful, but
58 * without any warranty; without even the implied warranty of merchantability
59 * or fitness for a particular purpose. See the GNU Lesser General Public
60 * License for more details.
61 *
62 * You should have received a copy of the GNU Lesser General Public License
63 * along with this library; if not, write to the Free Software Foundation,
64 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA
65 */
66
67#ifndef _TIRPC_AUTH_H
68#define _TIRPC_AUTH_H
69
70#include <rpc/xdr.h>
71#include <rpc/clnt_stat.h>
72//#include <sys/cdefs.h>
73//#include <sys/socket.h>
74#include <sys/types.h>
75
76
77#define MAX_AUTH_BYTES 400
78#define MAXNETNAMELEN 255 /* maximum length of network user's name */
79
80/*
81 * Client side authentication/security data
82 */
83
84typedef struct sec_data {
85 u_int secmod; /* security mode number e.g. in nfssec.conf */
86 u_int rpcflavor; /* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
87 int flags; /* AUTH_F_xxx flags */
88 caddr_t data; /* opaque data per flavor */
90
91#ifdef _SYSCALL32_IMPL
92struct sec_data32 {
93 uint32_t secmod; /* security mode number e.g. in nfssec.conf */
94 uint32_t rpcflavor; /* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
95 int32_t flags; /* AUTH_F_xxx flags */
96 caddr32_t data; /* opaque data per flavor */
97};
98#endif /* _SYSCALL32_IMPL */
99
100/*
101 * AUTH_DES flavor specific data from sec_data opaque data field.
102 * AUTH_KERB has the same structure.
103 */
104typedef struct des_clnt_data {
105 struct netbuf syncaddr; /* time sync addr */
106 struct knetconfig *knconf; /* knetconfig info that associated */
107 /* with the syncaddr. */
108 char *netname; /* server's netname */
109 int netnamelen; /* server's netname len */
111
112#ifdef _SYSCALL32_IMPL
113struct des_clnt_data32 {
114 struct netbuf32 syncaddr; /* time sync addr */
115 caddr32_t knconf; /* knetconfig info that associated */
116 /* with the syncaddr. */
117 caddr32_t netname; /* server's netname */
118 int32_t netnamelen; /* server's netname len */
119};
120#endif /* _SYSCALL32_IMPL */
121
122#ifdef KERBEROS
123/*
124 * flavor specific data to hold the data for AUTH_DES/AUTH_KERB(v4)
125 * in sec_data->data opaque field.
126 */
127typedef struct krb4_svc_data {
128 int window; /* window option value */
129} krb4_svcdata_t;
130
131typedef struct krb4_svc_data des_svcdata_t;
132#endif /* KERBEROS */
133
134/*
135 * authentication/security specific flags
136 */
137#define AUTH_F_RPCTIMESYNC 0x001 /* use RPC to do time sync */
138#define AUTH_F_TRYNONE 0x002 /* allow fall back to AUTH_NONE */
139
140
141/*
142 * Status returned from authentication check
143 */
146 /*
147 * failed at remote end
148 */
149 AUTH_BADCRED=1, /* bogus credentials (seal broken) */
150 AUTH_REJECTEDCRED=2, /* client should begin new session */
151 AUTH_BADVERF=3, /* bogus verifier (seal broken) */
152 AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
153 AUTH_TOOWEAK=5, /* rejected due to security reasons */
154 /*
155 * failed locally
156 */
157 AUTH_INVALIDRESP=6, /* bogus response verifier */
158 AUTH_FAILED=7, /* some unknown reason */
159#ifdef KERBEROS
160 /*
161 * kerberos errors
162 */
163 AUTH_KERB_GENERIC = 8, /* kerberos generic error */
164 AUTH_TIMEEXPIRE = 9, /* time of credential expired */
165 AUTH_TKT_FILE = 10, /* something wrong with ticket file */
166 AUTH_DECODE = 11, /* can't decode authenticator */
167 AUTH_NET_ADDR = 12, /* wrong net address in ticket */
168#endif /* KERBEROS */
169
170 /*
171 * RPCSEC_GSS errors
172 */
175
177
178typedef u_int32_t u_int32; /* 32-bit unsigned integers */
179
181 struct {
185 char c[8];
186};
187typedef union des_block des_block;
189extern bool_t xdr_des_block(XDR *, des_block *);
191
192/*
193 * Authentication info. Opaque to client.
194 */
196 enum_t oa_flavor; /* flavor of auth */
197 caddr_t oa_base; /* address of more auth stuff */
198 u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
199};
200
201
202/*
203 * Auth handle, interface to client side authenticators.
204 */
205typedef struct __auth {
209 struct auth_ops {
210 void (*ah_nextverf) (struct __auth *);
211 /* nextverf & serialize */
212 int (*ah_marshal) (struct __auth *, XDR *, u_int *);
213 /* validate verifier */
214 int (*ah_validate) (struct __auth *, struct opaque_auth *, u_int);
215 /* refresh credentials */
216 int (*ah_refresh) (struct __auth *, void *);
217 /* destroy this structure */
218 void (*ah_destroy) (struct __auth *);
219 /* encode data for wire */
220 int (*ah_wrap) (struct __auth *, XDR *, xdrproc_t, caddr_t);
221 /* decode data for wire */
223
227
228
229/*
230 * Authentication ops.
231 * The ops and the auth handle provide the interface to the authenticators.
232 *
233 * AUTH *auth;
234 * XDR *xdrs;
235 * struct opaque_auth verf;
236 */
237#define AUTH_NEXTVERF(auth) \
238 ((*((auth)->ah_ops->ah_nextverf))(auth))
239#define auth_nextverf(auth) \
240 ((*((auth)->ah_ops->ah_nextverf))(auth))
241
242#define AUTH_MARSHALL(auth, xdrs, seq) \
243 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs, seq))
244#define auth_marshall(auth, xdrs, seq) \
245 ((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
246
247#define AUTH_VALIDATE(auth, verfp, seq) \
248 ((*((auth)->ah_ops->ah_validate))((auth), verfp, seq))
249#define auth_validate(auth, verfp, seq) \
250 ((*((auth)->ah_ops->ah_validate))((auth), verfp, seq))
251
252#define AUTH_REFRESH(auth, msg) \
253 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
254#define auth_refresh(auth, msg) \
255 ((*((auth)->ah_ops->ah_refresh))(auth, msg))
256
257#define AUTH_DESTROY(auth) \
258 ((*((auth)->ah_ops->ah_destroy))(auth))
259#define auth_destroy(auth) \
260 ((*((auth)->ah_ops->ah_destroy))(auth))
261
262#define AUTH_WRAP(auth, xdrs, xfunc, xwhere) \
263 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
264 xfunc, xwhere))
265#define auth_wrap(auth, xdrs, xfunc, xwhere) \
266 ((*((auth)->ah_ops->ah_wrap))(auth, xdrs, \
267 xfunc, xwhere))
268
269#define AUTH_UNWRAP(auth, xdrs, xfunc, xwhere, seq) \
270 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
271 xfunc, xwhere, seq))
272#define auth_unwrap(auth, xdrs, xfunc, xwhere, seq) \
273 ((*((auth)->ah_ops->ah_unwrap))(auth, xdrs, \
274 xfunc, xwhere, seq))
275
276
278extern struct opaque_auth _null_auth;
280
281/*
282 * Any style authentication. These routines can be used by any
283 * authentication style that does not use the wrap/unwrap functions.
284 */
286
287/*
288 * These are the various implementations of client side authenticators.
289 */
290
291/*
292 * System style authentication
293 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
294 * char *machname;
295 * int uid;
296 * int gid;
297 * int len;
298 * int *aup_gids;
299 */
301extern AUTH *authunix_create(char *, uid_t, uid_t, int, uid_t *);
302extern AUTH *authunix_create_default(void); /* takes no parameters */
303extern AUTH *authnone_create(void); /* takes no parameters */
305/*
306 * DES style authentication
307 * AUTH *authsecdes_create(servername, window, timehost, ckey)
308 * char *servername; - network name of server
309 * u_int window; - time to live
310 * const char *timehost; - optional hostname to sync with
311 * des_block *ckey; - optional conversation key to use
312 */
314extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
315extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
316 const des_block *);
318
320extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *);
322
323#define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
324#define authsys_create_default() authunix_create_default()
325
326/*
327 * Netname manipulation routines.
328 */
330extern int getnetname(char *);
331extern int host2netname(char *, const char *, const char *);
332extern int user2netname(char *, const uid_t, const char *);
333extern int netname2user(char *, uid_t *, gid_t *, int *, gid_t *);
334extern int netname2host(char *, char *, const int);
335extern void passwd2des ( char *, char * );
337
338/*
339 *
340 * These routines interface to the keyserv daemon
341 *
342 */
344extern int key_decryptsession(const char *, des_block *);
345extern int key_encryptsession(const char *, des_block *);
346extern int key_gendes(des_block *);
347extern int key_setsecret(const char *);
348extern int key_secretkey_is_set(void);
350
351/*
352 * Publickey routines.
353 */
355extern int getpublickey (const char *, char *);
356extern int getpublicandprivatekey (char *, char *);
357extern int getsecretkey (char *, char *, char *);
359
360#ifdef KERBEROS
361/*
362 * Kerberos style authentication
363 * AUTH *authkerb_seccreate(service, srv_inst, realm, window, timehost, status)
364 * const char *service; - service name
365 * const char *srv_inst; - server instance
366 * const char *realm; - server realm
367 * const u_int window; - time to live
368 * const char *timehost; - optional hostname to sync with
369 * int *status; - kerberos status returned
370 */
372extern AUTH *authkerb_seccreate(const char *, const char *, const char *,
373 const u_int, const char *, int *);
375
376/*
377 * Map a kerberos credential into a unix cred.
378 *
379 * authkerb_getucred(rqst, uid, gid, grouplen, groups)
380 * const struct svc_req *rqst; - request pointer
381 * uid_t *uid;
382 * gid_t *gid;
383 * short *grouplen;
384 * int *groups;
385 *
386 */
388extern int authkerb_getucred(/* struct svc_req *, uid_t *, gid_t *,
389 short *, int * */);
391#endif /* KERBEROS */
392
394struct svc_req;
395struct rpc_msg;
396enum auth_stat _svcauth_null (struct svc_req *, struct rpc_msg *);
397enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
398enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
400
401#define AUTH_NONE 0 /* no authentication */
402#define AUTH_NULL 0 /* backward compatibility */
403#define AUTH_SYS 1 /* unix style (uid, gids) */
404#define AUTH_UNIX AUTH_SYS
405#define AUTH_SHORT 2 /* short hand unix style */
406#define AUTH_DH 3 /* for Diffie-Hellman mechanism */
407#define AUTH_DES AUTH_DH /* for backward compatibility */
408#define AUTH_KERB 4 /* kerberos style */
409#define RPCSEC_GSS 6 /* RPCSEC_GSS */
410
411#endif /* !_TIRPC_AUTH_H */
bool_t xdr_opaque_auth()
long uid_t
Definition: various.h:8
#define caddr_t
Definition: ftp.c:24
enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *)
Definition: svc_auth_unix.c:51
int netname2host(char *, char *, const int)
int user2netname(char *, const uid_t, const char *)
int host2netname(char *, const char *, const char *)
__BEGIN_DECLS int getnetname(char *)
__END_DECLS int authany_unwrap(void)
int key_setsecret(const char *)
AUTH * authnone_create(void)
Definition: auth_none.c:100
enum auth_stat _svcauth_null(struct svc_req *, struct rpc_msg *)
Definition: svc_auth.c:138
u_int32_t u_int32
Definition: auth.h:178
__END_DECLS __BEGIN_DECLS int getpublickey(const char *, char *)
struct des_clnt_data dh_k4_clntdata_t
AUTH * authunix_create_default(void)
Definition: auth_unix.c:198
auth_stat
Definition: auth.h:144
@ RPCSEC_GSS_CREDPROBLEM
Definition: auth.h:173
@ AUTH_REJECTEDVERF
Definition: auth.h:152
@ AUTH_FAILED
Definition: auth.h:158
@ AUTH_BADCRED
Definition: auth.h:149
@ AUTH_BADVERF
Definition: auth.h:151
@ AUTH_TOOWEAK
Definition: auth.h:153
@ AUTH_OK
Definition: auth.h:145
@ AUTH_INVALIDRESP
Definition: auth.h:157
@ RPCSEC_GSS_CTXPROBLEM
Definition: auth.h:174
@ AUTH_REJECTEDCRED
Definition: auth.h:150
__BEGIN_DECLS bool_t xdr_des_block(XDR *, des_block *)
Definition: rpc_prot.c:100
struct __auth AUTH
void passwd2des(char *, char *)
int getpublicandprivatekey(char *, char *)
Definition: getpublickey.c:89
AUTH * authdes_seccreate(const char *, const u_int, const char *, const des_block *)
Definition: auth_des.c:123
int key_gendes(des_block *)
Definition: key_call.c:225
int key_secretkey_is_set(void)
Definition: key_call.c:116
__BEGIN_DECLS struct opaque_auth _null_auth
int netname2user(char *, uid_t *, gid_t *, int *, gid_t *)
__END_DECLS int authany_wrap(void)
__END_DECLS __BEGIN_DECLS AUTH * authdes_create(char *, u_int, struct sockaddr *, des_block *)
int getsecretkey(char *, char *, char *)
int key_encryptsession(const char *, des_block *)
struct sec_data sec_data_t
__END_DECLS __BEGIN_DECLS int key_decryptsession(const char *, des_block *)
__BEGIN_DECLS AUTH * authunix_create(char *, uid_t, uid_t, int, uid_t *)
enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *)
UINT32 u_int
Definition: types.h:82
int32_t bool_t
Definition: types.h:101
INT32 int32_t
Definition: types.h:71
UINT32 uint32_t
Definition: types.h:75
int32_t enum_t
Definition: types.h:102
UINT gid_t
Definition: types.h:89
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31
GLint GLenum GLsizei GLsizei GLsizei GLint GLsizei const GLvoid * data
Definition: gl.h:1950
const GLubyte * c
Definition: glext.h:8905
GLbitfield flags
Definition: glext.h:7161
static IHTMLWindow2 * window
Definition: events.c:77
unsigned int u_int32_t
Definition: rosdhcp.h:35
char * caddr_t
Definition: rosdhcp.h:36
void(* ah_destroy)(struct __auth *)
Definition: auth.h:218
int(* ah_refresh)(struct __auth *, void *)
Definition: auth.h:216
void(* ah_nextverf)(struct __auth *)
Definition: auth.h:210
int(* ah_unwrap)(struct __auth *, XDR *, xdrproc_t, caddr_t, u_int)
Definition: auth.h:222
int(* ah_marshal)(struct __auth *, XDR *, u_int *)
Definition: auth.h:212
int(* ah_wrap)(struct __auth *, XDR *, xdrproc_t, caddr_t)
Definition: auth.h:220
int(* ah_validate)(struct __auth *, struct opaque_auth *, u_int)
Definition: auth.h:214
Definition: auth.h:205
union des_block ah_key
Definition: auth.h:208
struct opaque_auth ah_cred
Definition: auth.h:206
void * ah_private
Definition: auth.h:225
struct __auth::auth_ops * ah_ops
struct opaque_auth ah_verf
Definition: auth.h:207
Definition: xdr.h:103
int netnamelen
Definition: auth.h:109
struct knetconfig * knconf
Definition: auth.h:106
struct netbuf syncaddr
Definition: auth.h:105
char * netname
Definition: auth.h:108
Definition: types.h:144
u_int oa_length
Definition: auth.h:198
caddr_t oa_base
Definition: auth.h:197
enum_t oa_flavor
Definition: auth.h:196
Definition: auth.h:84
int flags
Definition: auth.h:87
u_int secmod
Definition: auth.h:85
caddr_t data
Definition: auth.h:88
u_int rpcflavor
Definition: auth.h:86
Definition: svc.h:132
struct des_block::@194 key
u_int32_t high
Definition: auth.h:182
u_int32_t low
Definition: auth.h:183
#define __END_DECLS
Definition: wintirpc.h:63
#define __BEGIN_DECLS
Definition: wintirpc.h:62
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144