AUTHSRV(2)AUTHSRV(2)NAME
authdial, passtokey, nvcsum, readnvram, convT2M, convM2T, convTR2M,
convM2TR, convA2M, convM2A, convPR2M, convM2PR, _asgetticket, _asrdresp
- routines for communicating with authentication servers
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <authsrv.h>
int authdial(char *netroot, char *ad);
int passtokey(char key[DESKEYLEN], char *password)
uchar nvcsum(void *mem, int len)
int readnvram(Nvrsafe *nv, int flag); int convT2M(Ticket *t,
char *msg, char *key)
void convM2T(char *msg, Ticket *t, char *key)
int convA2M(Authenticator *a, char *msg, char *key)
void convM2A(char *msg, Authenticator *a, char *key)
int convTR2M(Ticketreq *tr, char *msg)
void convM2TR(char *msg, Ticketreq *tr)
int convPR2M(Passwordreq *pr, char *msg, char *key)
void convM2PR(char *msg, Passwordreq *pr, char *key)
int _asgetticket(int fd, char *trbuf, char *tbuf);
int _asrdresp(int fd, char *buf, int len);
DESCRIPTION
Authdial dials an authentication server over the network rooted at net,
default /net. The authentication domain, ad, specifies which server to
call. If ad is non-nil, the connection server cs (see ndb(8)) is
queried for an entry which contains authdom=ad or dom=ad, the former
having precedence, and which also contains an auth attribute. If it
finds neither, it tries p9auth.ad in DNS as the authentication server.
The string dialed is then netroot!server!ticket where server is the
value of the auth attribute. If no entry is found, the error string is
set to ``no authentication server found'' and -1 is returned. If auth‐
dom is nil, the string netroot!$auth!ticket is used to make the call.
Passtokey converts password into a DES key and stores the result in
key. It returns 0 if password could not be converted, and 1 otherwise.
Readnvram reads authentication information into the structure:
struct Nvrsafe
{
char machkey[DESKEYLEN];/* was file server's authid's des key */
uchar machsum;
char authkey[DESKEYLEN];/* authid's des key from password */
uchar authsum;
/*
* file server config string of device holding full configuration;
* secstore key on non-file-servers.
*/
char config[CONFIGLEN];
uchar configsum;
char authid[ANAMELEN];/* auth userid, e.g., bootes */
uchar authidsum;
char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
uchar authdomsum;
};
On Sparc, MIPS, and SGI machines this information is in non-volatile
ram, accessible in the file #r/nvram. On x86s readnvram successively
opens the following areas stopping with the first to succeed:
- the partition named by the $nvram environment variable (commonly set
via plan9.ini(8))
- the partition #S/sdC0/nvram
- a file called plan9.nvr in the partition #S/sdC0/9fat
- the partition #S/sd00/nvram
- a file called plan9.nvr in the partition #S/sd00/9fat
- a file called plan9.nvr on a DOS floppy in drive 0
- a file called plan9.nvr on a DOS floppy in drive 1
The nvcsums of the fields machkey, authid, and authdom must match their
respective checksum or that field is zeroed. If flag is NVwrite or at
least one checksum fails and flag is NVwriteonerr, readnvram will
prompt for new values on #c/cons and then write them back to the stor‐
age area. If flag is NVwritemem, readnvram will write the values in
*nv back to the storage area.
ConvT2M, convA2M, convTR2M, and convPR2M convert tickets, authentica‐
tors, ticket requests, and password change request structures into
transmittable messages. ConvM2T, convM2A, convM2TR, and convM2PR are
used to convert them back. Key is used for encrypting the message
before transmission and decrypting after reception.
The routine _asgetresp receives either a character array or an error
string. On error, it sets errstr and returns -1. If successful, it
returns the number of bytes received.
The routine _asgetticket sends a ticket request message and then uses
_asgetresp to recieve an answer.
SOURCE
/sys/src/libauthsrv
SEE ALSOpasswd(1), dial(2), cons(3), authsrv(6)DIAGNOSTICS
These routines set errstr. Integer-valued functions return -1 on
error.
AUTHSRV(2)
