a
This commit is contained in:
Russ Cox
166
include/authsrv.h
Normal file
166
include/authsrv.h
Normal file
@ -0,0 +1,166 @@
|
||||
#pragma src "/sys/src/libauthsrv"
|
||||
#pragma lib "libauthsrv.a"
|
||||
|
||||
/*
|
||||
* Interface for talking to authentication server.
|
||||
*/
|
||||
typedef struct Ticket Ticket;
|
||||
typedef struct Ticketreq Ticketreq;
|
||||
typedef struct Authenticator Authenticator;
|
||||
typedef struct Nvrsafe Nvrsafe;
|
||||
typedef struct Passwordreq Passwordreq;
|
||||
typedef struct OChapreply OChapreply;
|
||||
typedef struct OMSchapreply OMSchapreply;
|
||||
|
||||
enum
|
||||
{
|
||||
ANAMELEN= 28, /* maximum size of name in previous proto */
|
||||
AERRLEN= 64, /* maximum size of errstr in previous proto */
|
||||
DOMLEN= 48, /* length of an authentication domain name */
|
||||
DESKEYLEN= 7, /* length of a des key for encrypt/decrypt */
|
||||
CHALLEN= 8, /* length of a plan9 sk1 challenge */
|
||||
NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
|
||||
CONFIGLEN= 14,
|
||||
SECRETLEN= 32, /* max length of a secret */
|
||||
|
||||
KEYDBOFF= 8, /* length of random data at the start of key file */
|
||||
OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* length of an entry in old key file */
|
||||
KEYDBLEN= OKEYDBLEN+SECRETLEN, /* length of an entry in key file */
|
||||
OMD5LEN= 16,
|
||||
};
|
||||
|
||||
/* encryption numberings (anti-replay) */
|
||||
enum
|
||||
{
|
||||
AuthTreq=1, /* ticket request */
|
||||
AuthChal=2, /* challenge box request */
|
||||
AuthPass=3, /* change password */
|
||||
AuthOK=4, /* fixed length reply follows */
|
||||
AuthErr=5, /* error follows */
|
||||
AuthMod=6, /* modify user */
|
||||
AuthApop=7, /* apop authentication for pop3 */
|
||||
AuthOKvar=9, /* variable length reply follows */
|
||||
AuthChap=10, /* chap authentication for ppp */
|
||||
AuthMSchap=11, /* MS chap authentication for ppp */
|
||||
AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
|
||||
AuthHttp=13, /* http domain login */
|
||||
AuthVNC=14, /* VNC server login (deprecated) */
|
||||
|
||||
|
||||
AuthTs=64, /* ticket encrypted with server's key */
|
||||
AuthTc, /* ticket encrypted with client's key */
|
||||
AuthAs, /* server generated authenticator */
|
||||
AuthAc, /* client generated authenticator */
|
||||
AuthTp, /* ticket encrypted with client's key for password change */
|
||||
AuthHr, /* http reply */
|
||||
};
|
||||
|
||||
struct Ticketreq
|
||||
{
|
||||
char type;
|
||||
char authid[ANAMELEN]; /* server's encryption id */
|
||||
char authdom[DOMLEN]; /* server's authentication domain */
|
||||
char chal[CHALLEN]; /* challenge from server */
|
||||
char hostid[ANAMELEN]; /* host's encryption id */
|
||||
char uid[ANAMELEN]; /* uid of requesting user on host */
|
||||
};
|
||||
#define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
|
||||
|
||||
struct Ticket
|
||||
{
|
||||
char num; /* replay protection */
|
||||
char chal[CHALLEN]; /* server challenge */
|
||||
char cuid[ANAMELEN]; /* uid on client */
|
||||
char suid[ANAMELEN]; /* uid on server */
|
||||
char key[DESKEYLEN]; /* nonce DES key */
|
||||
};
|
||||
#define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
|
||||
|
||||
struct Authenticator
|
||||
{
|
||||
char num; /* replay protection */
|
||||
char chal[CHALLEN];
|
||||
ulong id; /* authenticator id, ++'d with each auth */
|
||||
};
|
||||
#define AUTHENTLEN (CHALLEN+4+1)
|
||||
|
||||
struct Passwordreq
|
||||
{
|
||||
char num;
|
||||
char old[ANAMELEN];
|
||||
char new[ANAMELEN];
|
||||
char changesecret;
|
||||
char secret[SECRETLEN]; /* new secret */
|
||||
};
|
||||
#define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
|
||||
|
||||
struct OChapreply
|
||||
{
|
||||
uchar id;
|
||||
char uid[ANAMELEN];
|
||||
char resp[OMD5LEN];
|
||||
};
|
||||
|
||||
struct OMSchapreply
|
||||
{
|
||||
char uid[ANAMELEN];
|
||||
char LMresp[24]; /* Lan Manager response */
|
||||
char NTresp[24]; /* NT response */
|
||||
};
|
||||
|
||||
/*
|
||||
* convert to/from wire format
|
||||
*/
|
||||
extern int convT2M(Ticket*, char*, char*);
|
||||
extern void convM2T(char*, Ticket*, char*);
|
||||
extern void convM2Tnoenc(char*, Ticket*);
|
||||
extern int convA2M(Authenticator*, char*, char*);
|
||||
extern void convM2A(char*, Authenticator*, char*);
|
||||
extern int convTR2M(Ticketreq*, char*);
|
||||
extern void convM2TR(char*, Ticketreq*);
|
||||
extern int convPR2M(Passwordreq*, char*, char*);
|
||||
extern void convM2PR(char*, Passwordreq*, char*);
|
||||
|
||||
/*
|
||||
* convert ascii password to DES key
|
||||
*/
|
||||
extern int opasstokey(char*, char*);
|
||||
extern int passtokey(char*, char*);
|
||||
|
||||
/*
|
||||
* Nvram interface
|
||||
*/
|
||||
enum {
|
||||
NVwrite = 1<<0, /* always prompt and rewrite nvram */
|
||||
NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
|
||||
};
|
||||
|
||||
struct Nvrsafe
|
||||
{
|
||||
char machkey[DESKEYLEN];
|
||||
uchar machsum;
|
||||
char authkey[DESKEYLEN];
|
||||
uchar authsum;
|
||||
char config[CONFIGLEN];
|
||||
uchar configsum;
|
||||
char authid[ANAMELEN];
|
||||
uchar authidsum;
|
||||
char authdom[DOMLEN];
|
||||
uchar authdomsum;
|
||||
};
|
||||
|
||||
extern uchar nvcsum(void*, int);
|
||||
extern int readnvram(Nvrsafe*, int);
|
||||
|
||||
/*
|
||||
* call up auth server
|
||||
*/
|
||||
extern int authdial(char *netroot, char *authdom);
|
||||
|
||||
/*
|
||||
* exchange messages with auth server
|
||||
*/
|
||||
extern int _asgetticket(int, char*, char*);
|
||||
extern int _asrdresp(int, char*, int);
|
||||
extern int sslnegotiate(int, Ticket*, char**, char**);
|
||||
extern int srvsslnegotiate(int, Ticket*, char**, char**);
|
||||
Reference in New Issue
Block a user