xref: /illumos-gate/usr/src/uts/common/rpc/auth_sys.h (revision 66582b606a8194f7f3ba5b3a3a6dca5b0d346361)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
24  * Copyright 2017 Joyent Inc
25  */
26 
27 /*
28  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
29  * Use is subject to license terms.
30  */
31 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
32 /* All Rights Reserved */
33 /*
34  * Portions of this source code were derived from Berkeley
35  * 4.3 BSD under license from the Regents of the University of
36  * California.
37  */
38 
39 /*
40  * auth_sys.h, Protocol for UNIX style authentication parameters for RPC
41  */
42 
43 #ifndef	_RPC_AUTH_SYS_H
44 #define	_RPC_AUTH_SYS_H
45 
46 /*
47  * The system is very weak.  The client uses no encryption for  it
48  * credentials and only sends null verifiers.  The server sends backs
49  * null verifiers or optionally a verifier that suggests a new short hand
50  * for the credentials.
51  */
52 
53 #include <sys/types.h>
54 #include <sys/param.h>
55 #include <rpc/types.h>
56 #include <rpc/xdr.h>
57 #include <rpc/auth.h>
58 
59 #ifdef	__cplusplus
60 extern "C" {
61 #endif
62 
63 /* The machine name is part of a credential; it may not exceed 255 bytes */
64 #define	 MAX_MACHINE_NAME 255
65 
66 /* gids compose part of a credential; there may not be more than 16 of them */
67 #define	 NGRPS 16
68 
69 /*
70  * "sys" (Old UNIX) style credentials.
71  */
72 struct authsys_parms {
73 	uint_t	 aup_time;
74 	char	*aup_machname;
75 	uid_t	 aup_uid;
76 	gid_t	 aup_gid;
77 	uint_t	 aup_len;
78 	gid_t	*aup_gids;
79 };
80 /* For backward compatibility */
81 #define	 authunix_parms authsys_parms
82 
83 /*
84  * Ideally, we would like this to be NGROUPS_UMAX, but the RFC mandates that
85  * auth sections must not exceed 400 bytes. For AUTH_LOOPBACK, that means the
86  * largest number of groups we can have without breaking RFC compat is 92
87  * groups.
88  *
89  * NOTE: changing this value changes the size of authlpbk_area in
90  * svc_auth_loopb.c, which means RQCRED_SIZE *must* be updated!
91  */
92 #define	 NGRPS_LOOPBACK 92
93 
94 #ifdef __STDC__
95 extern bool_t xdr_authsys_parms(XDR *, struct authsys_parms *);
96 #else
97 extern bool_t xdr_authsys_parms();
98 #endif
99 
100 
101 /* For backward compatibility */
102 #define	xdr_authunix_parms(xdrs, p) xdr_authsys_parms(xdrs, p)
103 
104 /*
105  * If a response verifier has flavor AUTH_SHORT, then the body of
106  * the response verifier encapsulates the following structure;
107  * again it is serialized in the obvious fashion.
108  */
109 struct short_hand_verf {
110 	struct opaque_auth new_cred;
111 };
112 
113 struct svc_req;
114 
115 extern bool_t xdr_gid_t(XDR *, gid_t *);
116 extern bool_t xdr_uid_t(XDR *, uid_t *);
117 
118 #ifdef _KERNEL
119 extern bool_t xdr_authkern(XDR *, cred_t *);
120 extern bool_t xdr_authloopback(XDR *, cred_t *);
121 extern enum auth_stat _svcauth_unix(struct svc_req *, struct rpc_msg *);
122 extern enum auth_stat _svcauth_short(struct svc_req *, struct rpc_msg *);
123 #endif
124 
125 #ifdef	__cplusplus
126 }
127 #endif
128 
129 #endif	/* !_RPC_AUTH_SYS_H */
130