xref: /freebsd/include/rpc/auth.h (revision 2321c474185e657ad1bdb4ef0a323cb10ba09cfc)
18360efbdSAlfred Perlstein /*	$NetBSD: auth.h,v 1.15 2000/06/02 22:57:55 fvdl Exp $	*/
28360efbdSAlfred Perlstein 
32e322d37SHiroki Sato /*-
4*2321c474SPedro F. Giffuni  * SPDX-License-Identifier: BSD-3-Clause
5*2321c474SPedro F. Giffuni  *
62e322d37SHiroki Sato  * Copyright (c) 2009, Sun Microsystems, Inc.
72e322d37SHiroki Sato  * All rights reserved.
8dba7a33eSGarrett Wollman  *
92e322d37SHiroki Sato  * Redistribution and use in source and binary forms, with or without
102e322d37SHiroki Sato  * modification, are permitted provided that the following conditions are met:
112e322d37SHiroki Sato  * - Redistributions of source code must retain the above copyright notice,
122e322d37SHiroki Sato  *   this list of conditions and the following disclaimer.
132e322d37SHiroki Sato  * - Redistributions in binary form must reproduce the above copyright notice,
142e322d37SHiroki Sato  *   this list of conditions and the following disclaimer in the documentation
152e322d37SHiroki Sato  *   and/or other materials provided with the distribution.
162e322d37SHiroki Sato  * - Neither the name of Sun Microsystems, Inc. nor the names of its
172e322d37SHiroki Sato  *   contributors may be used to endorse or promote products derived
182e322d37SHiroki Sato  *   from this software without specific prior written permission.
19dba7a33eSGarrett Wollman  *
202e322d37SHiroki Sato  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
212e322d37SHiroki Sato  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
222e322d37SHiroki Sato  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
232e322d37SHiroki Sato  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
242e322d37SHiroki Sato  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
252e322d37SHiroki Sato  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
262e322d37SHiroki Sato  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
272e322d37SHiroki Sato  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
282e322d37SHiroki Sato  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
292e322d37SHiroki Sato  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
302e322d37SHiroki Sato  * POSSIBILITY OF SUCH DAMAGE.
3186b9a9ccSGarrett Wollman  *
3286b9a9ccSGarrett Wollman  *	from: @(#)auth.h 1.17 88/02/08 SMI
3386b9a9ccSGarrett Wollman  *	from: @(#)auth.h	2.3 88/08/07 4.0 RPCSRC
348360efbdSAlfred Perlstein  *	from: @(#)auth.h	1.43 	98/02/02 SMI
35a4add9a9SPeter Wemm  * $FreeBSD$
36dba7a33eSGarrett Wollman  */
37dba7a33eSGarrett Wollman 
38dba7a33eSGarrett Wollman /*
39dba7a33eSGarrett Wollman  * auth.h, Authentication interface.
40dba7a33eSGarrett Wollman  *
41dba7a33eSGarrett Wollman  * Copyright (C) 1984, Sun Microsystems, Inc.
42dba7a33eSGarrett Wollman  *
43dba7a33eSGarrett Wollman  * The data structures are completely opaque to the client.  The client
449d5abbddSJens Schweikhardt  * is required to pass an AUTH * to routines that create rpc
45dba7a33eSGarrett Wollman  * "sessions".
46dba7a33eSGarrett Wollman  */
47dba7a33eSGarrett Wollman 
4886b9a9ccSGarrett Wollman #ifndef _RPC_AUTH_H
4986b9a9ccSGarrett Wollman #define _RPC_AUTH_H
508360efbdSAlfred Perlstein #include <rpc/xdr.h>
518360efbdSAlfred Perlstein #include <rpc/clnt_stat.h>
5286b9a9ccSGarrett Wollman #include <sys/cdefs.h>
53f26dae2bSBill Paul #include <sys/socket.h>
54dba7a33eSGarrett Wollman 
55dba7a33eSGarrett Wollman #define MAX_AUTH_BYTES	400
56dba7a33eSGarrett Wollman #define MAXNETNAMELEN	255	/* maximum length of network user's name */
57dba7a33eSGarrett Wollman 
58dba7a33eSGarrett Wollman /*
598360efbdSAlfred Perlstein  *  Client side authentication/security data
608360efbdSAlfred Perlstein  */
618360efbdSAlfred Perlstein 
628360efbdSAlfred Perlstein typedef struct sec_data {
638360efbdSAlfred Perlstein 	u_int	secmod;		/* security mode number e.g. in nfssec.conf */
648360efbdSAlfred Perlstein 	u_int	rpcflavor;	/* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
658360efbdSAlfred Perlstein 	int	flags;		/* AUTH_F_xxx flags */
668360efbdSAlfred Perlstein 	caddr_t data;		/* opaque data per flavor */
678360efbdSAlfred Perlstein } sec_data_t;
688360efbdSAlfred Perlstein 
698360efbdSAlfred Perlstein #ifdef _SYSCALL32_IMPL
708360efbdSAlfred Perlstein struct sec_data32 {
718360efbdSAlfred Perlstein 	uint32_t secmod;	/* security mode number e.g. in nfssec.conf */
728360efbdSAlfred Perlstein 	uint32_t rpcflavor;	/* rpc flavors:AUTH_UNIX,AUTH_DES,RPCSEC_GSS */
738360efbdSAlfred Perlstein 	int32_t flags;		/* AUTH_F_xxx flags */
748360efbdSAlfred Perlstein 	caddr32_t data;		/* opaque data per flavor */
758360efbdSAlfred Perlstein };
768360efbdSAlfred Perlstein #endif /* _SYSCALL32_IMPL */
778360efbdSAlfred Perlstein 
788360efbdSAlfred Perlstein /*
798360efbdSAlfred Perlstein  * AUTH_DES flavor specific data from sec_data opaque data field.
808360efbdSAlfred Perlstein  * AUTH_KERB has the same structure.
818360efbdSAlfred Perlstein  */
828360efbdSAlfred Perlstein typedef struct des_clnt_data {
838360efbdSAlfred Perlstein 	struct netbuf	syncaddr;	/* time sync addr */
848360efbdSAlfred Perlstein 	struct knetconfig *knconf;	/* knetconfig info that associated */
858360efbdSAlfred Perlstein 					/* with the syncaddr. */
868360efbdSAlfred Perlstein 	char		*netname;	/* server's netname */
878360efbdSAlfred Perlstein 	int		netnamelen;	/* server's netname len */
888360efbdSAlfred Perlstein } dh_k4_clntdata_t;
898360efbdSAlfred Perlstein 
908360efbdSAlfred Perlstein #ifdef _SYSCALL32_IMPL
918360efbdSAlfred Perlstein struct des_clnt_data32 {
928360efbdSAlfred Perlstein 	struct netbuf32 syncaddr;	/* time sync addr */
938360efbdSAlfred Perlstein 	caddr32_t knconf;		/* knetconfig info that associated */
948360efbdSAlfred Perlstein 					/* with the syncaddr. */
958360efbdSAlfred Perlstein 	caddr32_t netname;		/* server's netname */
968360efbdSAlfred Perlstein 	int32_t netnamelen;		/* server's netname len */
978360efbdSAlfred Perlstein };
988360efbdSAlfred Perlstein #endif /* _SYSCALL32_IMPL */
998360efbdSAlfred Perlstein 
1008360efbdSAlfred Perlstein #ifdef KERBEROS
1018360efbdSAlfred Perlstein /*
1028360efbdSAlfred Perlstein  * flavor specific data to hold the data for AUTH_DES/AUTH_KERB(v4)
1038360efbdSAlfred Perlstein  * in sec_data->data opaque field.
1048360efbdSAlfred Perlstein  */
1058360efbdSAlfred Perlstein typedef struct krb4_svc_data {
1068360efbdSAlfred Perlstein 	int		window;		/* window option value */
1078360efbdSAlfred Perlstein } krb4_svcdata_t;
1088360efbdSAlfred Perlstein 
1098360efbdSAlfred Perlstein typedef struct krb4_svc_data	des_svcdata_t;
1108360efbdSAlfred Perlstein #endif /* KERBEROS */
1118360efbdSAlfred Perlstein 
1128360efbdSAlfred Perlstein /*
1138360efbdSAlfred Perlstein  * authentication/security specific flags
1148360efbdSAlfred Perlstein  */
1158360efbdSAlfred Perlstein #define AUTH_F_RPCTIMESYNC	0x001	/* use RPC to do time sync */
1168360efbdSAlfred Perlstein #define AUTH_F_TRYNONE		0x002	/* allow fall back to AUTH_NONE */
1178360efbdSAlfred Perlstein 
1188360efbdSAlfred Perlstein 
1198360efbdSAlfred Perlstein /*
120dba7a33eSGarrett Wollman  * Status returned from authentication check
121dba7a33eSGarrett Wollman  */
122dba7a33eSGarrett Wollman enum auth_stat {
123dba7a33eSGarrett Wollman 	AUTH_OK=0,
124dba7a33eSGarrett Wollman 	/*
125dba7a33eSGarrett Wollman 	 * failed at remote end
126dba7a33eSGarrett Wollman 	 */
127dba7a33eSGarrett Wollman 	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */
128dba7a33eSGarrett Wollman 	AUTH_REJECTEDCRED=2,		/* client should begin new session */
129dba7a33eSGarrett Wollman 	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */
130dba7a33eSGarrett Wollman 	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */
131dba7a33eSGarrett Wollman 	AUTH_TOOWEAK=5,			/* rejected due to security reasons */
132dba7a33eSGarrett Wollman 	/*
133dba7a33eSGarrett Wollman 	 * failed locally
134dba7a33eSGarrett Wollman 	*/
135dba7a33eSGarrett Wollman 	AUTH_INVALIDRESP=6,		/* bogus response verifier */
1368f55a568SDoug Rabson 	AUTH_FAILED=7,			/* some unknown reason */
1378360efbdSAlfred Perlstein #ifdef KERBEROS
1388360efbdSAlfred Perlstein 	/*
1398360efbdSAlfred Perlstein 	 * kerberos errors
1408360efbdSAlfred Perlstein 	 */
141f91b492aSAlfred Perlstein 	,
1428360efbdSAlfred Perlstein 	AUTH_KERB_GENERIC = 8,		/* kerberos generic error */
1438360efbdSAlfred Perlstein 	AUTH_TIMEEXPIRE = 9,		/* time of credential expired */
1448360efbdSAlfred Perlstein 	AUTH_TKT_FILE = 10,		/* something wrong with ticket file */
1458360efbdSAlfred Perlstein 	AUTH_DECODE = 11,			/* can't decode authenticator */
1468f55a568SDoug Rabson 	AUTH_NET_ADDR = 12,		/* wrong net address in ticket */
1478360efbdSAlfred Perlstein #endif /* KERBEROS */
1488f55a568SDoug Rabson 	/*
1498f55a568SDoug Rabson 	 * RPCSEC_GSS errors
1508f55a568SDoug Rabson 	 */
1518f55a568SDoug Rabson 	RPCSEC_GSS_CREDPROBLEM = 13,
1528f55a568SDoug Rabson 	RPCSEC_GSS_CTXPROBLEM = 14,
1538f55a568SDoug Rabson 	RPCSEC_GSS_NODISPATCH = 0x8000000
154dba7a33eSGarrett Wollman };
155dba7a33eSGarrett Wollman 
156dba7a33eSGarrett Wollman union des_block {
157dba7a33eSGarrett Wollman 	struct {
1588360efbdSAlfred Perlstein 		uint32_t high;
1598360efbdSAlfred Perlstein 		uint32_t low;
160dba7a33eSGarrett Wollman 	} key;
161dba7a33eSGarrett Wollman 	char c[8];
162dba7a33eSGarrett Wollman };
163dba7a33eSGarrett Wollman typedef union des_block des_block;
16486b9a9ccSGarrett Wollman __BEGIN_DECLS
1658360efbdSAlfred Perlstein extern bool_t xdr_des_block(XDR *, des_block *);
16686b9a9ccSGarrett Wollman __END_DECLS
167dba7a33eSGarrett Wollman 
168dba7a33eSGarrett Wollman /*
169dba7a33eSGarrett Wollman  * Authentication info.  Opaque to client.
170dba7a33eSGarrett Wollman  */
171dba7a33eSGarrett Wollman struct opaque_auth {
172dba7a33eSGarrett Wollman 	enum_t	oa_flavor;		/* flavor of auth */
173dba7a33eSGarrett Wollman 	caddr_t	oa_base;		/* address of more auth stuff */
174dba7a33eSGarrett Wollman 	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */
175dba7a33eSGarrett Wollman };
176dba7a33eSGarrett Wollman 
177dba7a33eSGarrett Wollman 
178dba7a33eSGarrett Wollman /*
179dba7a33eSGarrett Wollman  * Auth handle, interface to client side authenticators.
180dba7a33eSGarrett Wollman  */
1818360efbdSAlfred Perlstein typedef struct __auth {
182dba7a33eSGarrett Wollman 	struct	opaque_auth	ah_cred;
183dba7a33eSGarrett Wollman 	struct	opaque_auth	ah_verf;
184dba7a33eSGarrett Wollman 	union	des_block	ah_key;
185dba7a33eSGarrett Wollman 	struct auth_ops {
1868360efbdSAlfred Perlstein 		void	(*ah_nextverf) (struct __auth *);
18770de0abfSPeter Wemm 		/* nextverf & serialize */
1888360efbdSAlfred Perlstein 		int	(*ah_marshal) (struct __auth *, XDR *);
18970de0abfSPeter Wemm 		/* validate verifier */
1908360efbdSAlfred Perlstein 		int	(*ah_validate) (struct __auth *,
1918360efbdSAlfred Perlstein 			    struct opaque_auth *);
19270de0abfSPeter Wemm 		/* refresh credentials */
1938360efbdSAlfred Perlstein 		int	(*ah_refresh) (struct __auth *, void *);
19470de0abfSPeter Wemm 		/* destroy this structure */
1958360efbdSAlfred Perlstein 		void	(*ah_destroy) (struct __auth *);
196dba7a33eSGarrett Wollman 	} *ah_ops;
197f91b492aSAlfred Perlstein 	void *ah_private;
198dba7a33eSGarrett Wollman } AUTH;
199dba7a33eSGarrett Wollman 
200dba7a33eSGarrett Wollman 
201dba7a33eSGarrett Wollman /*
202dba7a33eSGarrett Wollman  * Authentication ops.
203dba7a33eSGarrett Wollman  * The ops and the auth handle provide the interface to the authenticators.
204dba7a33eSGarrett Wollman  *
205dba7a33eSGarrett Wollman  * AUTH	*auth;
206dba7a33eSGarrett Wollman  * XDR	*xdrs;
207dba7a33eSGarrett Wollman  * struct opaque_auth verf;
208dba7a33eSGarrett Wollman  */
209dba7a33eSGarrett Wollman #define AUTH_NEXTVERF(auth)		\
210dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_nextverf))(auth))
211dba7a33eSGarrett Wollman #define auth_nextverf(auth)		\
212dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_nextverf))(auth))
213dba7a33eSGarrett Wollman 
214dba7a33eSGarrett Wollman #define AUTH_MARSHALL(auth, xdrs)	\
215dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
216dba7a33eSGarrett Wollman #define auth_marshall(auth, xdrs)	\
217dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))
218dba7a33eSGarrett Wollman 
219dba7a33eSGarrett Wollman #define AUTH_VALIDATE(auth, verfp)	\
220dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
221dba7a33eSGarrett Wollman #define auth_validate(auth, verfp)	\
222dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_validate))((auth), verfp))
223dba7a33eSGarrett Wollman 
2248360efbdSAlfred Perlstein #define AUTH_REFRESH(auth, msg)		\
2258360efbdSAlfred Perlstein 		((*((auth)->ah_ops->ah_refresh))(auth, msg))
2268360efbdSAlfred Perlstein #define auth_refresh(auth, msg)		\
2278360efbdSAlfred Perlstein 		((*((auth)->ah_ops->ah_refresh))(auth, msg))
228dba7a33eSGarrett Wollman 
229dba7a33eSGarrett Wollman #define AUTH_DESTROY(auth)		\
230dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_destroy))(auth))
231dba7a33eSGarrett Wollman #define auth_destroy(auth)		\
232dba7a33eSGarrett Wollman 		((*((auth)->ah_ops->ah_destroy))(auth))
233dba7a33eSGarrett Wollman 
234dba7a33eSGarrett Wollman 
2358360efbdSAlfred Perlstein __BEGIN_DECLS
236dba7a33eSGarrett Wollman extern struct opaque_auth _null_auth;
2378360efbdSAlfred Perlstein __END_DECLS
238dba7a33eSGarrett Wollman 
239dba7a33eSGarrett Wollman /*
240dba7a33eSGarrett Wollman  * These are the various implementations of client side authenticators.
241dba7a33eSGarrett Wollman  */
242dba7a33eSGarrett Wollman 
243dba7a33eSGarrett Wollman /*
2448360efbdSAlfred Perlstein  * System style authentication
245dba7a33eSGarrett Wollman  * AUTH *authunix_create(machname, uid, gid, len, aup_gids)
246dba7a33eSGarrett Wollman  *	char *machname;
2470d1040e5SPedro F. Giffuni  *	u_int uid;
2480d1040e5SPedro F. Giffuni  *	u_int gid;
249dba7a33eSGarrett Wollman  *	int len;
2500d1040e5SPedro F. Giffuni  *	u_int *aup_gids;
251dba7a33eSGarrett Wollman  */
25286b9a9ccSGarrett Wollman __BEGIN_DECLS
2530d1040e5SPedro F. Giffuni extern AUTH *authunix_create(char *, u_int, u_int, int, u_int *);
2548360efbdSAlfred Perlstein extern AUTH *authunix_create_default(void);	/* takes no parameters */
2558360efbdSAlfred Perlstein extern AUTH *authnone_create(void);		/* takes no parameters */
25686b9a9ccSGarrett Wollman __END_DECLS
257f26dae2bSBill Paul /*
258f26dae2bSBill Paul  * DES style authentication
2598360efbdSAlfred Perlstein  * AUTH *authsecdes_create(servername, window, timehost, ckey)
260f26dae2bSBill Paul  * 	char *servername;		- network name of server
261f26dae2bSBill Paul  *	u_int window;			- time to live
2628360efbdSAlfred Perlstein  * 	const char *timehost;			- optional hostname to sync with
263f26dae2bSBill Paul  * 	des_block *ckey;		- optional conversation key to use
264f26dae2bSBill Paul  */
265f26dae2bSBill Paul __BEGIN_DECLS
2668360efbdSAlfred Perlstein extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *);
2678360efbdSAlfred Perlstein extern AUTH *authdes_seccreate (const char *, const u_int, const  char *,
2688360efbdSAlfred Perlstein     const  des_block *);
269f26dae2bSBill Paul __END_DECLS
270f26dae2bSBill Paul 
2718360efbdSAlfred Perlstein __BEGIN_DECLS
2728d630135SAlfred Perlstein extern bool_t xdr_opaque_auth		(XDR *, struct opaque_auth *);
2738360efbdSAlfred Perlstein __END_DECLS
2748360efbdSAlfred Perlstein 
2758360efbdSAlfred Perlstein #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(ip))
2768360efbdSAlfred Perlstein #define authsys_create_default() authunix_create_default()
2778360efbdSAlfred Perlstein 
278f26dae2bSBill Paul /*
279f26dae2bSBill Paul  * Netname manipulation routines.
280f26dae2bSBill Paul  */
281f26dae2bSBill Paul __BEGIN_DECLS
2828360efbdSAlfred Perlstein extern int getnetname(char *);
2838360efbdSAlfred Perlstein extern int host2netname(char *, const char *, const char *);
2848360efbdSAlfred Perlstein extern int user2netname(char *, const uid_t, const char *);
2858360efbdSAlfred Perlstein extern int netname2user(char *, uid_t *, gid_t *, int *, gid_t *);
2868360efbdSAlfred Perlstein extern int netname2host(char *, char *, const int);
2878360efbdSAlfred Perlstein extern void passwd2des ( char *, char * );
288f26dae2bSBill Paul __END_DECLS
289f26dae2bSBill Paul 
290f26dae2bSBill Paul /*
2918360efbdSAlfred Perlstein  *
2928360efbdSAlfred Perlstein  * These routines interface to the keyserv daemon
2938360efbdSAlfred Perlstein  *
294f26dae2bSBill Paul  */
295f26dae2bSBill Paul __BEGIN_DECLS
2968360efbdSAlfred Perlstein extern int key_decryptsession(const char *, des_block *);
2978360efbdSAlfred Perlstein extern int key_encryptsession(const char *, des_block *);
2988360efbdSAlfred Perlstein extern int key_gendes(des_block *);
2998360efbdSAlfred Perlstein extern int key_setsecret(const char *);
3008360efbdSAlfred Perlstein extern int key_secretkey_is_set(void);
3018360efbdSAlfred Perlstein __END_DECLS
3028360efbdSAlfred Perlstein 
3038d630135SAlfred Perlstein /*
3048d630135SAlfred Perlstein  * Publickey routines.
3058d630135SAlfred Perlstein  */
3068d630135SAlfred Perlstein __BEGIN_DECLS
3078d630135SAlfred Perlstein extern int getpublickey (const char *, char *);
3080411773bSDaniel Eischen extern int getpublicandprivatekey (const char *, char *);
3098d630135SAlfred Perlstein extern int getsecretkey (char *, char *, char *);
3108d630135SAlfred Perlstein __END_DECLS
3118d630135SAlfred Perlstein 
3128360efbdSAlfred Perlstein #ifdef KERBEROS
3138360efbdSAlfred Perlstein /*
3148360efbdSAlfred Perlstein  * Kerberos style authentication
3158360efbdSAlfred Perlstein  * AUTH *authkerb_seccreate(service, srv_inst, realm, window, timehost, status)
3168360efbdSAlfred Perlstein  *	const char *service;			- service name
3178360efbdSAlfred Perlstein  *	const char *srv_inst;			- server instance
3188360efbdSAlfred Perlstein  *	const char *realm;			- server realm
3198360efbdSAlfred Perlstein  *	const u_int window;			- time to live
3208360efbdSAlfred Perlstein  *	const char *timehost;			- optional hostname to sync with
3218360efbdSAlfred Perlstein  *	int *status;				- kerberos status returned
3228360efbdSAlfred Perlstein  */
3238360efbdSAlfred Perlstein __BEGIN_DECLS
3248360efbdSAlfred Perlstein extern AUTH	*authkerb_seccreate(const char *, const char *, const  char *,
3258360efbdSAlfred Perlstein 		    const u_int, const char *, int *);
326f26dae2bSBill Paul __END_DECLS
327f26dae2bSBill Paul 
328f26dae2bSBill Paul /*
3298360efbdSAlfred Perlstein  * Map a kerberos credential into a unix cred.
3308360efbdSAlfred Perlstein  *
3318360efbdSAlfred Perlstein  *	authkerb_getucred(rqst, uid, gid, grouplen, groups)
3328360efbdSAlfred Perlstein  *	const struct svc_req *rqst;		- request pointer
3338360efbdSAlfred Perlstein  *	uid_t *uid;
3348360efbdSAlfred Perlstein  *	gid_t *gid;
3358360efbdSAlfred Perlstein  *	short *grouplen;
3368360efbdSAlfred Perlstein  *	int *groups;
3378360efbdSAlfred Perlstein  *
338f26dae2bSBill Paul  */
339f26dae2bSBill Paul __BEGIN_DECLS
3408360efbdSAlfred Perlstein extern int	authkerb_getucred(/* struct svc_req *, uid_t *, gid_t *,
3418360efbdSAlfred Perlstein 		    short *, int * */);
342f26dae2bSBill Paul __END_DECLS
3438360efbdSAlfred Perlstein #endif /* KERBEROS */
344f26dae2bSBill Paul 
3458360efbdSAlfred Perlstein __BEGIN_DECLS
3468360efbdSAlfred Perlstein struct svc_req;
3478360efbdSAlfred Perlstein struct rpc_msg;
3488d630135SAlfred Perlstein enum auth_stat _svcauth_null (struct svc_req *, struct rpc_msg *);
3498d630135SAlfred Perlstein enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
3508d630135SAlfred Perlstein enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
3518360efbdSAlfred Perlstein __END_DECLS
352f26dae2bSBill Paul 
353dba7a33eSGarrett Wollman #define AUTH_NONE	0		/* no authentication */
354dba7a33eSGarrett Wollman #define	AUTH_NULL	0		/* backward compatibility */
3558360efbdSAlfred Perlstein #define	AUTH_SYS	1		/* unix style (uid, gids) */
3568360efbdSAlfred Perlstein #define AUTH_UNIX	AUTH_SYS
357dba7a33eSGarrett Wollman #define	AUTH_SHORT	2		/* short hand unix style */
3588360efbdSAlfred Perlstein #define AUTH_DH		3		/* for Diffie-Hellman mechanism */
3598360efbdSAlfred Perlstein #define AUTH_DES	AUTH_DH		/* for backward compatibility */
3608360efbdSAlfred Perlstein #define AUTH_KERB	4		/* kerberos style */
3618f55a568SDoug Rabson #define RPCSEC_GSS	6		/* RPCSEC_GSS */
3628f55a568SDoug Rabson 
3638f55a568SDoug Rabson /*
3648f55a568SDoug Rabson  * Pseudo auth flavors for RPCSEC_GSS.
3658f55a568SDoug Rabson  */
3668f55a568SDoug Rabson #define	RPCSEC_GSS_KRB5		390003
3678f55a568SDoug Rabson #define	RPCSEC_GSS_KRB5I	390004
3688f55a568SDoug Rabson #define	RPCSEC_GSS_KRB5P	390005
36986b9a9ccSGarrett Wollman 
37086b9a9ccSGarrett Wollman #endif /* !_RPC_AUTH_H */
371