auth.h   auth.h 
skipping to change at line 99 skipping to change at line 99
#ifdef _SYSCALL32_IMPL #ifdef _SYSCALL32_IMPL
struct des_clnt_data32 { struct des_clnt_data32 {
struct netbuf32 syncaddr; /* time sync addr */ struct netbuf32 syncaddr; /* time sync addr */
caddr32_t knconf; /* knetconfig info that associated * / caddr32_t knconf; /* knetconfig info that associated * /
/* with the syncaddr. */ /* with the syncaddr. */
caddr32_t netname; /* server's netname */ caddr32_t netname; /* server's netname */
int32_t netnamelen; /* server's netname len */ int32_t netnamelen; /* server's netname len */
}; };
#endif /* _SYSCALL32_IMPL */ #endif /* _SYSCALL32_IMPL */
#ifdef KERBEROS
/*
* flavor specific data to hold the data for AUTH_DES/AUTH_KERB(v4)
* in sec_data->data opaque field.
*/
typedef struct krb4_svc_data {
int window; /* window option value */
} krb4_svcdata_t;
typedef struct krb4_svc_data des_svcdata_t;
#endif /* KERBEROS */
/* /*
* authentication/security specific flags * authentication/security specific flags
*/ */
#define AUTH_F_RPCTIMESYNC 0x001 /* use RPC to do time sync */ #define AUTH_F_RPCTIMESYNC 0x001 /* use RPC to do time sync */
#define AUTH_F_TRYNONE 0x002 /* allow fall back to AUTH_NONE */ #define AUTH_F_TRYNONE 0x002 /* allow fall back to AUTH_NONE */
/* /*
* Status returned from authentication check * Status returned from authentication check
*/ */
enum auth_stat { enum auth_stat {
skipping to change at line 135 skipping to change at line 123
AUTH_BADCRED=1, /* bogus credentials (seal broken) * / AUTH_BADCRED=1, /* bogus credentials (seal broken) * /
AUTH_REJECTEDCRED=2, /* client should begin new session * / AUTH_REJECTEDCRED=2, /* client should begin new session * /
AUTH_BADVERF=3, /* bogus verifier (seal broken) */ AUTH_BADVERF=3, /* bogus verifier (seal broken) */
AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */ AUTH_REJECTEDVERF=4, /* verifier expired or was replayed */
AUTH_TOOWEAK=5, /* rejected due to security reasons */ AUTH_TOOWEAK=5, /* rejected due to security reasons */
/* /*
* failed locally * failed locally
*/ */
AUTH_INVALIDRESP=6, /* bogus response verifier */ AUTH_INVALIDRESP=6, /* bogus response verifier */
AUTH_FAILED=7, /* some unknown reason */ AUTH_FAILED=7, /* some unknown reason */
#ifdef KERBEROS
/* /*
* kerberos errors * kerberos errors
*/ */
AUTH_KERB_GENERIC = 8, /* kerberos generic error */ AUTH_KERB_GENERIC = 8, /* kerberos generic error */
AUTH_TIMEEXPIRE = 9, /* time of credential expired */ AUTH_TIMEEXPIRE = 9, /* time of credential expired */
AUTH_TKT_FILE = 10, /* something wrong with ticket file */ AUTH_TKT_FILE = 10, /* something wrong with ticket file */
AUTH_DECODE = 11, /* can't decode authenticator */ AUTH_DECODE = 11, /* can't decode authenticator */
AUTH_NET_ADDR = 12, /* wrong net address in ticket */ AUTH_NET_ADDR = 12, /* wrong net address in ticket */
#endif /* KERBEROS */
/* /*
* RPCSEC_GSS errors * RPCSEC_GSS errors
*/ */
RPCSEC_GSS_CREDPROBLEM = 13, RPCSEC_GSS_CREDPROBLEM = 13,
RPCSEC_GSS_CTXPROBLEM = 14 RPCSEC_GSS_CTXPROBLEM = 14
}; };
typedef u_int32_t u_int32; /* 32-bit unsigned integers */ typedef u_int32_t u_int32; /* 32-bit unsigned integers */
union des_block { union des_block {
struct { struct {
u_int32_t high; u_int32_t high;
u_int32_t low; u_int32_t low;
} key; } key;
char c[8]; char c[8];
}; };
typedef union des_block des_block; typedef union des_block des_block;
#ifdef HAVE_AUTHDES
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern bool_t xdr_des_block(XDR *, des_block *); extern bool_t xdr_des_block(XDR *, des_block *);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* HAVE_AUTHDES */
/* /*
* Authentication info. Opaque to client. * Authentication info. Opaque to client.
*/ */
struct opaque_auth { struct opaque_auth {
enum_t oa_flavor; /* flavor of auth */ enum_t oa_flavor; /* flavor of auth */
caddr_t oa_base; /* address of more auth stuff */ caddr_t oa_base; /* address of more auth stuff */
u_int oa_length; /* not to exceed MAX_AUTH_BYTES */ u_int oa_length; /* not to exceed MAX_AUTH_BYTES */
}; };
skipping to change at line 316 skipping to change at line 298
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern AUTH *authunix_create(char *, uid_t, uid_t, int, uid_t *); extern AUTH *authunix_create(char *, uid_t, uid_t, int, uid_t *);
extern AUTH *authunix_create_default(void); /* takes no parameters */ extern AUTH *authunix_create_default(void); /* takes no parameters */
extern AUTH *authnone_create(void); /* takes no parameters */ extern AUTH *authnone_create(void); /* takes no parameters */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#ifdef HAVE_AUTHDES
/* /*
* DES style authentication * DES style authentication
* AUTH *authsecdes_create(servername, window, timehost, ckey) * AUTH *authsecdes_create(servername, window, timehost, ckey)
* char *servername; - network name of server * char *servername; - network name of server
* u_int window; - time to live * u_int window; - time to live
* const char *timehost; - optional hostname to sync with * const char *timehost; - optional hostname to sync with
* des_block *ckey; - optional conversation key to use * des_block *ckey; - optional conversation key to use
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *) ; extern AUTH *authdes_create (char *, u_int, struct sockaddr *, des_block *) ;
extern AUTH *authdes_seccreate (const char *, const u_int, const char *, extern AUTH *authdes_seccreate (const char *, const u_int, const char *,
const des_block *); const des_block *);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* HAVE_AUTHDES */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *); extern bool_t xdr_opaque_auth (XDR *, struct opaque_auth *);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(i p)) #define authsys_create(c,i1,i2,i3,ip) authunix_create((c),(i1),(i2),(i3),(i p))
skipping to change at line 359 skipping to change at line 338
* Netname manipulation routines. * Netname manipulation routines.
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern int getnetname(char *); extern int getnetname(char *);
extern int host2netname(char *, const char *, const char *); extern int host2netname(char *, const char *, const char *);
extern int user2netname(char *, const uid_t, const char *); extern int user2netname(char *, const uid_t, const char *);
extern int netname2user(char *, uid_t *, gid_t *, int *, gid_t *); extern int netname2user(char *, uid_t *, gid_t *, int *, gid_t *);
extern int netname2host(char *, char *, const int); extern int netname2host(char *, char *, const int);
#ifdef HAVE_AUTHDES
extern void passwd2des ( char *, char * ); extern void passwd2des ( char *, char * );
#endif /* HAVE_AUTHDES */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#ifdef KERBEROS
/* /*
* Kerberos style authentication *
* AUTH *authkerb_seccreate(service, srv_inst, realm, window, timehost, sta * These routines interface to the keyserv daemon
tus) *
* const char *service; - service name
* const char *srv_inst; - server instance
* const char *realm; - server realm
* const u_int window; - time to live
* const char *timehost; - optional hostname to sync
with
* int *status; - kerberos status returned
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern AUTH *authkerb_seccreate(const char *, const char *, const char extern int key_decryptsession(const char *, des_block *);
*, extern int key_encryptsession(const char *, des_block *);
const u_int, const char *, int *); extern int key_gendes(des_block *);
extern int key_setsecret(const char *);
extern int key_secretkey_is_set(void);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
/* /*
* Map a kerberos credential into a unix cred. * Publickey routines.
*
* authkerb_getucred(rqst, uid, gid, grouplen, groups)
* const struct svc_req *rqst; - request pointer
* uid_t *uid;
* gid_t *gid;
* short *grouplen;
* int *groups;
*
*/ */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
extern int authkerb_getucred(/* struct svc_req *, uid_t *, gid_t *, extern int getpublickey (const char *, char *);
short *, int * */); extern int getpublicandprivatekey (char *, char *);
extern int getsecretkey (char *, char *, char *);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* KERBEROS */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
struct svc_req; struct svc_req;
struct rpc_msg; struct rpc_msg;
enum auth_stat _svcauth_none (struct svc_req *, struct rpc_msg *); enum auth_stat _svcauth_none (struct svc_req *, struct rpc_msg *);
enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *); enum auth_stat _svcauth_short (struct svc_req *, struct rpc_msg *);
enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *); enum auth_stat _svcauth_unix (struct svc_req *, struct rpc_msg *);
enum auth_stat _svcauth_gss (struct svc_req *, struct rpc_msg *, bool_t *); enum auth_stat _svcauth_gss (struct svc_req *, struct rpc_msg *, bool_t *);
 End of changes. 15 change blocks. 
49 lines changed or deleted 12 lines changed or added


 rpc.h   rpc.h 
skipping to change at line 55 skipping to change at line 55
/* Client side only authentication */ /* Client side only authentication */
#include <rpc/auth.h> /* generic authenticator (client side) */ #include <rpc/auth.h> /* generic authenticator (client side) */
/* Client side (mostly) remote procedure call */ /* Client side (mostly) remote procedure call */
#include <rpc/clnt.h> /* generic rpc stuff */ #include <rpc/clnt.h> /* generic rpc stuff */
/* semi-private protocol headers */ /* semi-private protocol headers */
#include <rpc/rpc_msg.h> /* protocol for rpc messages */ #include <rpc/rpc_msg.h> /* protocol for rpc messages */
#include <rpc/auth_unix.h> /* protocol for unix style cred */ #include <rpc/auth_unix.h> /* protocol for unix style cred */
#ifdef HAVE_AUTHDES
/* /*
* Uncomment-out the next line if you are building the rpc library with * Uncomment-out the next line if you are building the rpc library with
* DES Authentication (see the README file in the secure_rpc/ directory). * DES Authentication (see the README file in the secure_rpc/ directory).
*/ */
#include <rpc/auth_des.h> /* protocol for des style cred */ #include <rpc/auth_des.h> /* protocol for des style cred */
#endif /* HAVE_AUTHDES */
/* Server side only remote procedure callee */ /* Server side only remote procedure callee */
#include <rpc/svc_auth.h> /* service side authenticator */ #include <rpc/svc_auth.h> /* service side authenticator */
#include <rpc/svc.h> /* service manager and multiplexer */ #include <rpc/svc.h> /* service manager and multiplexer */
/* Portmapper client, server, and protocol headers */ /* Portmapper client, server, and protocol headers */
#include <rpc/pmap_clnt.h> #include <rpc/pmap_clnt.h>
#include <rpc/pmap_prot.h> #include <rpc/pmap_prot.h>
#ifndef _KERNEL #ifndef _KERNEL
 End of changes. 2 change blocks. 
2 lines changed or deleted 0 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/