/*

 * auth.h, Authentication interface.

 *

 * Copyright (c) 2010, Oracle America, Inc.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions are

 * met:

 *

 *     * Redistributions of source code must retain the above copyright

 *       notice, this list of conditions and the following disclaimer.

 *     * Redistributions in binary form must reproduce the above

 *       copyright notice, this list of conditions and the following

 *       disclaimer in the documentation and/or other materials

 *       provided with the distribution.

 *     * Neither the name of the "Oracle America, Inc." nor the names of its

 *       contributors may be used to endorse or promote products derived

 *       from this software without specific prior written permission.

 *

 *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS

 *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT

 *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

 *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE

 *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,

 *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

 *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE

 *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

 *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,

 *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING

 *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 *

 * The data structures are completely opaque to the client.  The client

 * is required to pass a AUTH * to routines that create rpc

 * "sessions".

 */

#ifndef _RPC_AUTH_H

#define _RPC_AUTH_H	1

#include <features.h>

#include <rpc/xdr.h>

__BEGIN_DECLS

#define MAX_AUTH_BYTES	400

#define MAXNETNAMELEN	255	/* maximum length of network user's name */

/*

 * Status returned from authentication check

 */

enum auth_stat {

	AUTH_OK=0,

	/*

	 * failed at remote end

	 */

	AUTH_BADCRED=1,			/* bogus credentials (seal broken) */

	AUTH_REJECTEDCRED=2,		/* client should begin new session */

	AUTH_BADVERF=3,			/* bogus verifier (seal broken) */

	AUTH_REJECTEDVERF=4,		/* verifier expired or was replayed */

	AUTH_TOOWEAK=5,			/* rejected due to security reasons */

	/*

	 * failed locally

	*/

	AUTH_INVALIDRESP=6,		/* bogus response verifier */

	AUTH_FAILED=7			/* some unknown reason */

};

union des_block {

	struct {

		uint32_t high;

		uint32_t low;

	} key;

	char c[8];

};

typedef union des_block des_block;

extern bool_t xdr_des_block (XDR *__xdrs, des_block *__blkp) __THROW;

/*

 * Authentication info.  Opaque to client.

 */

struct opaque_auth {

	enum_t	oa_flavor;		/* flavor of auth */

	caddr_t	oa_base;		/* address of more auth stuff */

	u_int	oa_length;		/* not to exceed MAX_AUTH_BYTES */

};

/*

 * Auth handle, interface to client side authenticators.

 */

typedef struct AUTH AUTH;

struct AUTH {

  struct opaque_auth ah_cred;

  struct opaque_auth ah_verf;

  union des_block ah_key;

  struct auth_ops {

    void (*ah_nextverf) (AUTH *);

    int  (*ah_marshal) (AUTH *, XDR *);		/* nextverf & serialize */

    int  (*ah_validate) (AUTH *, struct opaque_auth *);

						/* validate verifier */

    int  (*ah_refresh) (AUTH *);		/* refresh credentials */

    void (*ah_destroy) (AUTH *); 	    	/* destroy this structure */

  } *ah_ops;

  caddr_t ah_private;

};

/*

 * Authentication ops.

 * The ops and the auth handle provide the interface to the authenticators.

 *

 * AUTH	*auth;

 * XDR	*xdrs;

 * struct opaque_auth verf;

 */

#define AUTH_NEXTVERF(auth)		\

		((*((auth)->ah_ops->ah_nextverf))(auth))

#define auth_nextverf(auth)		\

		((*((auth)->ah_ops->ah_nextverf))(auth))

#define AUTH_MARSHALL(auth, xdrs)	\

		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))

#define auth_marshall(auth, xdrs)	\

		((*((auth)->ah_ops->ah_marshal))(auth, xdrs))

#define AUTH_VALIDATE(auth, verfp)	\

		((*((auth)->ah_ops->ah_validate))((auth), verfp))

#define auth_validate(auth, verfp)	\

		((*((auth)->ah_ops->ah_validate))((auth), verfp))

#define AUTH_REFRESH(auth)		\

		((*((auth)->ah_ops->ah_refresh))(auth))

#define auth_refresh(auth)		\

		((*((auth)->ah_ops->ah_refresh))(auth))

#define AUTH_DESTROY(auth)		\

		((*((auth)->ah_ops->ah_destroy))(auth))

#define auth_destroy(auth)		\

		((*((auth)->ah_ops->ah_destroy))(auth))

extern struct opaque_auth _null_auth;

/*

 * These are the various implementations of client side authenticators.

 */

/*

 * Unix style authentication

 * AUTH *authunix_create(machname, uid, gid, len, aup_gids)

 *	char *machname;

 *	int uid;

 *	int gid;

 *	int len;

 *	int *aup_gids;

 */

extern AUTH *authunix_create (char *__machname, __uid_t __uid, __gid_t __gid,

			      int __len, __gid_t *__aup_gids);

extern AUTH *authunix_create_default (void);

extern AUTH *authnone_create (void) __THROW;

extern AUTH *authdes_create (const char *__servername, u_int __window,

			     struct sockaddr *__syncaddr, des_block *__ckey)

     __THROW;

extern AUTH *authdes_pk_create (const char *, netobj *, u_int,

				struct sockaddr *, des_block *) __THROW;

#define AUTH_NONE	0		/* no authentication */

#define	AUTH_NULL	0		/* backward compatibility */

#define	AUTH_SYS	1		/* unix style (uid, gids) */

#define	AUTH_UNIX	AUTH_SYS

#define	AUTH_SHORT	2		/* short hand unix style */

#define AUTH_DES	3		/* des style (encrypted timestamps) */

#define AUTH_DH		AUTH_DES	/* Diffie-Hellman (this is DES) */

#define AUTH_KERB       4               /* kerberos style */

/*

 *  Netname manipulating functions

 *

 */

extern int getnetname (char *) __THROW;

extern int host2netname (char *, const char *, const char *) __THROW;

extern int user2netname (char *, const uid_t, const char *) __THROW;

extern int netname2user (const char *, uid_t *, gid_t *, int *, gid_t *)

     __THROW;

extern int netname2host (const char *, char *, const int) __THROW;

/*

 *

 * These routines interface to the keyserv daemon

 *

 */

extern int key_decryptsession (char *, des_block *);

extern int key_decryptsession_pk (char *, netobj *, des_block *);

extern int key_encryptsession (char *, des_block *);

extern int key_encryptsession_pk (char *, netobj *, des_block *);

extern int key_gendes (des_block *);

extern int key_setsecret (char *);

extern int key_secretkey_is_set (void);

extern int key_get_conv (char *, des_block *);

/*

 * XDR an opaque authentication struct.

 */

extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *) __THROW;

__END_DECLS

#endif /* rpc/auth.h */