plan9fox/sys/man/2/authsrv

.TH AUTHSRV 2
.SH NAME
authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrdresp \- routines for communicating with authentication servers
.SH SYNOPSIS
.nf
.PP
.ft L
#include <u.h>
#include <libc.h>
#include <authsrv.h>
.fi
.ta 8n +4n +4n +4n +4n +4n +4n
.PP
.B
int	authdial(char *netroot, char *ad);
.PP
.B
int	passtokey(char key[DESKEYLEN], char *password)
.PP
.B
uchar	nvcsum(void *mem, int len)
.PP
.B
int	readnvram(Nvrsafe *nv, int flag);
.PPP
.B
int	convT2M(Ticket *t, char *msg, char *key)
.PP
.B
void	convM2T(char *msg, Ticket *t, char *key)
.PP
.B
int	convA2M(Authenticator *a, char *msg, char *key)
.PP
.B
void	convM2A(char *msg, Authenticator *a, char *key)
.PP
.B
int	convTR2M(Ticketreq *tr, char *msg)
.PP
.B
void	convM2TR(char *msg, Ticketreq *tr)
.PP
.B
int	convPR2M(Passwordreq *pr, char *msg, char *key)
.PP
.B
void	convM2PR(char *msg, Passwordreq *pr, char *key)
.PP
.B
int	_asgetticket(int fd, char *trbuf, char *tbuf);
.PP
.B
int	_asrdresp(int fd, char *buf, int len);
.SH DESCRIPTION
.I Authdial
dials an authentication server over the
network rooted at
.IR net ,
default
.BR /net  .
The authentication domain,
.IR ad ,
specifies which server to call.
If
.I ad
is non-nil,
the connection server
.B cs
(see
.IR ndb (8))
is queried for an entry which contains
.B authdom=\fIad\fP
or
.BR dom=\fIad\fP ,
the former having precedence,
and which also contains an
.B auth
attribute.
If it finds neither, it tries
.BI p9auth. ad
in DNS as the authentication server.
The string dialed is then
.I netroot\fP!\fIserver\fP!ticket
where
.I server
is the value of the
.B auth
attribute.
If no entry is found, the error string is
set to ``no authentication server found''
and -1 is returned.
If
.I authdom
is nil, the string
.IB netroot !$auth! ticket
is used to make the call.
.PP
.I Passtokey
converts
.I password
into a DES key and stores the result in
.IR key .
It returns 0 if
.I password
could not be converted,
and 1 otherwise.
.PP
.I Readnvram
reads authentication information into the structure:
.PP
.EX
.ta 4n +4n +8n +4n +4n +4n +4n
struct Nvrsafe
{
	char	machkey[DESKEYLEN];	/* was file server's authid's des key */
	uchar	machsum;
	char	authkey[DESKEYLEN];	/* authid's des key from password */
	uchar	authsum;
	/*
	 * file server config string of device holding full configuration;
	 * secstore key on non-file-servers.
	 */
	char	config[CONFIGLEN];
	uchar	configsum;
	char	authid[ANAMELEN];	/* auth userid, e.g., bootes */
	uchar	authidsum;
	char	authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
	uchar	authdomsum;
};
.EE
.PP
On Sparc, MIPS, and SGI machines this information is
in non-volatile ram, accessible in the file
.BR #r/nvram .
On x86s and Alphas
.I readnvram
successively opens the following areas stopping with the
first to succeed:
.PP
\- the partition named by the
.B $nvram
environment variable
(commonly set via
.IR plan9.ini (8))
.br
\- the partition
.B #S/sdC0/nvram
.br
\- a file called
.B plan9.nvr
in the partition
.B #S/sdC0/9fat
.br
\- the partition
.B #S/sd00/nvram
.br
\- a file called
.B plan9.nvr
in the partition
.B #S/sd00/9fat
.br
\- a file called
.B plan9.nvr
on a DOS floppy in drive 0
.br
\- a file called
.B plan9.nvr
on a DOS floppy in drive 1
.PP
The
.IR nvcsum s
of the fields
.BR machkey ,
.BR authid ,
and
.B authdom
must match their respective checksum or that field is zeroed.
If
.I flag
is
.B NVwrite
or at least one checksum fails and
.I flag
is
.BR NVwriteonerr ,
.I readnvram
will prompt for new values on
.B #c/cons
and then write them back to the storage area.
If
.I flag
is
.BR NVwritemem ,
.I readnvram
will write the values in
.I *nv
back to the storage area.
.PP
.IR ConvT2M ,
.IR convA2M ,
.IR convTR2M ,
and
.I convPR2M
convert tickets, authenticators, ticket requests, and password change request
structures into transmittable messages.
.IR ConvM2T ,
.IR convM2A ,
.IR convM2TR ,
and
.I convM2PR
are used to convert them back.
.I Key
is used for encrypting the message before transmission and decrypting
after reception.
.PP
The routine
.I _asgetresp
receives either a character array or an error string.
On error, it sets errstr and returns -1.  If successful,
it returns the number of bytes received.
.PP
The routine
.I _asgetticket
sends a ticket request message and then uses
.I _asgetresp
to recieve an answer.
.SH SOURCE
.B /sys/src/libauthsrv
.SH SEE ALSO
.IR passwd (1),
.IR cons (3),
.IR dial (2),
.IR authsrv (6),
.SH DIAGNOSTICS
These routines set
.IR errstr .
Integer-valued functions return -1 on error.
Import sources from 2011-03-30 iso image - sys/man 2011-03-30 13:49:47 +00:00			`.TH AUTHSRV 2`
			`.SH NAME`
			`authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrdresp \- routines for communicating with authentication servers`
			`.SH SYNOPSIS`
			`.nf`
			`.PP`
			`.ft L`
			`#include <u.h>`
			`#include <libc.h>`
			`#include <authsrv.h>`
			`.fi`
			`.ta 8n +4n +4n +4n +4n +4n +4n`
			`.PP`
			`.B`
			`int authdial(char netroot, char ad);`
			`.PP`
			`.B`
			`int passtokey(char key[DESKEYLEN], char *password)`
			`.PP`
			`.B`
			`uchar nvcsum(void *mem, int len)`
			`.PP`
			`.B`
			`int readnvram(Nvrsafe *nv, int flag);`
			`.PPP`
			`.B`
			`int convT2M(Ticket t, char msg, char *key)`
			`.PP`
			`.B`
			`void convM2T(char msg, Ticket t, char *key)`
			`.PP`
			`.B`
			`int convA2M(Authenticator a, char msg, char *key)`
			`.PP`
			`.B`
			`void convM2A(char msg, Authenticator a, char *key)`
			`.PP`
			`.B`
			`int convTR2M(Ticketreq tr, char msg)`
			`.PP`
			`.B`
			`void convM2TR(char msg, Ticketreq tr)`
			`.PP`
			`.B`
			`int convPR2M(Passwordreq pr, char msg, char *key)`
			`.PP`
			`.B`
			`void convM2PR(char msg, Passwordreq pr, char *key)`
			`.PP`
			`.B`
			`int _asgetticket(int fd, char trbuf, char tbuf);`
			`.PP`
			`.B`
			`int _asrdresp(int fd, char *buf, int len);`
			`.SH DESCRIPTION`
			`.I Authdial`
			`dials an authentication server over the`
			`network rooted at`
			`.IR net ,`
			`default`
			`.BR /net .`
			`The authentication domain,`
			`.IR ad ,`
			`specifies which server to call.`
			`If`
			`.I ad`
			`is non-nil,`
			`the connection server`
			`.B cs`
			`(see`
			`.IR ndb (8))`
			`is queried for an entry which contains`
			`.B authdom=\fIad\fP`
			`or`
			`.BR dom=\fIad\fP ,`
			`the former having precedence,`
			`and which also contains an`
			`.B auth`
			`attribute.`
			`If it finds neither, it tries`
			`.BI p9auth. ad`
			`in DNS as the authentication server.`
			`The string dialed is then`
			`.I netroot\fP!\fIserver\fP!ticket`
			`where`
			`.I server`
			`is the value of the`
			`.B auth`
			`attribute.`
			`If no entry is found, the error string is`
			set to ``no authentication server found''
			`and -1 is returned.`
			`If`
			`.I authdom`
			`is nil, the string`
			`.IB netroot !$auth! ticket`
			`is used to make the call.`
			`.PP`
			`.I Passtokey`
			`converts`
			`.I password`
			`into a DES key and stores the result in`
			`.IR key .`
			`It returns 0 if`
			`.I password`
			`could not be converted,`
			`and 1 otherwise.`
			`.PP`
			`.I Readnvram`
			`reads authentication information into the structure:`
			`.PP`
			`.EX`
			`.ta 4n +4n +8n +4n +4n +4n +4n`
			`struct Nvrsafe`
			`{`
			`char machkey[DESKEYLEN]; /* was file server's authid's des key */`
			`uchar machsum;`
			`char authkey[DESKEYLEN]; /* authid's des key from password */`
			`uchar authsum;`
			`/*`
			`* file server config string of device holding full configuration;`
			`* secstore key on non-file-servers.`
			`*/`
			`char config[CONFIGLEN];`
			`uchar configsum;`
			`char authid[ANAMELEN]; /* auth userid, e.g., bootes */`
			`uchar authidsum;`
			`char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */`
			`uchar authdomsum;`
			`};`
			`.EE`
			`.PP`
			`On Sparc, MIPS, and SGI machines this information is`
			`in non-volatile ram, accessible in the file`
			`.BR #r/nvram .`
			`On x86s and Alphas`
			`.I readnvram`
			`successively opens the following areas stopping with the`
			`first to succeed:`
			`.PP`
			`\- the partition named by the`
			`.B $nvram`
			`environment variable`
			`(commonly set via`
			`.IR plan9.ini (8))`
			`.br`
			`\- the partition`
			`.B #S/sdC0/nvram`
			`.br`
			`\- a file called`
			`.B plan9.nvr`
			`in the partition`
			`.B #S/sdC0/9fat`
			`.br`
			`\- the partition`
			`.B #S/sd00/nvram`
			`.br`
			`\- a file called`
			`.B plan9.nvr`
			`in the partition`
			`.B #S/sd00/9fat`
			`.br`
			`\- a file called`
			`.B plan9.nvr`
			`on a DOS floppy in drive 0`
			`.br`
			`\- a file called`
			`.B plan9.nvr`
			`on a DOS floppy in drive 1`
			`.PP`
			`The`
			`.IR nvcsum s`
			`of the fields`
			`.BR machkey ,`
			`.BR authid ,`
			`and`
			`.B authdom`
			`must match their respective checksum or that field is zeroed.`
			`If`
			`.I flag`
			`is`
			`.B NVwrite`
			`or at least one checksum fails and`
			`.I flag`
			`is`
			`.BR NVwriteonerr ,`
			`.I readnvram`
			`will prompt for new values on`
			`.B #c/cons`
			`and then write them back to the storage area.`
			`If`
			`.I flag`
			`is`
			`.BR NVwritemem ,`
			`.I readnvram`
			`will write the values in`
			`.I *nv`
			`back to the storage area.`
			`.PP`
			`.IR ConvT2M ,`
			`.IR convA2M ,`
			`.IR convTR2M ,`
			`and`
			`.I convPR2M`
			`convert tickets, authenticators, ticket requests, and password change request`
			`structures into transmittable messages.`
			`.IR ConvM2T ,`
			`.IR convM2A ,`
			`.IR convM2TR ,`
			`and`
			`.I convM2PR`
			`are used to convert them back.`
			`.I Key`
			`is used for encrypting the message before transmission and decrypting`
			`after reception.`
			`.PP`
			`The routine`
			`.I _asgetresp`
			`receives either a character array or an error string.`
			`On error, it sets errstr and returns -1. If successful,`
			`it returns the number of bytes received.`
			`.PP`
			`The routine`
			`.I _asgetticket`
			`sends a ticket request message and then uses`
			`.I _asgetresp`
			`to recieve an answer.`
			`.SH SOURCE`
			`.B /sys/src/libauthsrv`
			`.SH SEE ALSO`
			`.IR passwd (1),`
			`.IR cons (3),`
			`.IR dial (2),`
			`.IR authsrv (6),`
			`.SH DIAGNOSTICS`
			`These routines set`
			`.IR errstr .`
			`Integer-valued functions return -1 on error.`