Google Git
Sign in
plan9port / plan9 / 7103ceb031c14761d31d8f343e8978c6fec248d6 / . / include / authsrv.h
blob: c349605cca76a60ad3d6b71a502441444b09d251 [file] [log] [blame]
rsc2277c5d2004-03-21 04:33:13 +0000[diff] [blame]1#ifndef __AUTHSRV_H__
2#define __AUTHSRV_H__ 1
3#ifdef __cplusplus
4extern "C" {
5#endif
6/*
7#pragma src "/sys/src/libauthsrv"
8#pragma lib "libauthsrv.a"
9*/
rscbaf3dc22005-02-08 21:04:13 +0000[diff] [blame]10AUTOLIB(authsrv)
rsc2277c5d2004-03-21 04:33:13 +0000[diff] [blame]11
12/*
13 * Interface for talking to authentication server.
14 */
15typedef struct Ticket Ticket;
16typedef struct Ticketreq Ticketreq;
17typedef struct Authenticator Authenticator;
18typedef struct Nvrsafe Nvrsafe;
19typedef struct Passwordreq Passwordreq;
20typedef struct OChapreply OChapreply;
21typedef struct OMSchapreply OMSchapreply;
22
23enum
24{
25 ANAMELEN= 28, /* maximum size of name in previous proto */
26 AERRLEN= 64, /* maximum size of errstr in previous proto */
27 DOMLEN= 48, /* length of an authentication domain name */
28 DESKEYLEN= 7, /* length of a des key for encrypt/decrypt */
29 CHALLEN= 8, /* length of a plan9 sk1 challenge */
30 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
31 CONFIGLEN= 14,
32 SECRETLEN= 32, /* max length of a secret */
33
34 KEYDBOFF= 8, /* length of random data at the start of key file */
35 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* length of an entry in old key file */
36 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* length of an entry in key file */
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]37 OMD5LEN= 16
rsc2277c5d2004-03-21 04:33:13 +0000[diff] [blame]38};
39
40/* encryption numberings (anti-replay) */
41enum
42{
43 AuthTreq=1, /* ticket request */
44 AuthChal=2, /* challenge box request */
45 AuthPass=3, /* change password */
46 AuthOK=4, /* fixed length reply follows */
47 AuthErr=5, /* error follows */
48 AuthMod=6, /* modify user */
49 AuthApop=7, /* apop authentication for pop3 */
50 AuthOKvar=9, /* variable length reply follows */
51 AuthChap=10, /* chap authentication for ppp */
52 AuthMSchap=11, /* MS chap authentication for ppp */
53 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
54 AuthHttp=13, /* http domain login */
55 AuthVNC=14, /* VNC server login (deprecated) */
56
57
58 AuthTs=64, /* ticket encrypted with server's key */
59 AuthTc, /* ticket encrypted with client's key */
60 AuthAs, /* server generated authenticator */
61 AuthAc, /* client generated authenticator */
62 AuthTp, /* ticket encrypted with client's key for password change */
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]63 AuthHr /* http reply */
rsc2277c5d2004-03-21 04:33:13 +0000[diff] [blame]64};
65
66struct Ticketreq
67{
68 char type;
69 char authid[ANAMELEN]; /* server's encryption id */
70 char authdom[DOMLEN]; /* server's authentication domain */
71 char chal[CHALLEN]; /* challenge from server */
72 char hostid[ANAMELEN]; /* host's encryption id */
73 char uid[ANAMELEN]; /* uid of requesting user on host */
74};
75#define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
76
77struct Ticket
78{
79 char num; /* replay protection */
80 char chal[CHALLEN]; /* server challenge */
81 char cuid[ANAMELEN]; /* uid on client */
82 char suid[ANAMELEN]; /* uid on server */
83 char key[DESKEYLEN]; /* nonce DES key */
84};
85#define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
86
87struct Authenticator
88{
89 char num; /* replay protection */
90 char chal[CHALLEN];
91 ulong id; /* authenticator id, ++'d with each auth */
92};
93#define AUTHENTLEN (CHALLEN+4+1)
94
95struct Passwordreq
96{
97 char num;
98 char old[ANAMELEN];
99 char new[ANAMELEN];
100 char changesecret;
101 char secret[SECRETLEN]; /* new secret */
102};
103#define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
104
105struct OChapreply
106{
107 uchar id;
108 char uid[ANAMELEN];
109 char resp[OMD5LEN];
110};
111
112struct OMSchapreply
113{
114 char uid[ANAMELEN];
115 char LMresp[24]; /* Lan Manager response */
116 char NTresp[24]; /* NT response */
117};
118
119/*
120 * convert to/from wire format
121 */
122extern int convT2M(Ticket*, char*, char*);
123extern void convM2T(char*, Ticket*, char*);
124extern void convM2Tnoenc(char*, Ticket*);
125extern int convA2M(Authenticator*, char*, char*);
126extern void convM2A(char*, Authenticator*, char*);
127extern int convTR2M(Ticketreq*, char*);
128extern void convM2TR(char*, Ticketreq*);
129extern int convPR2M(Passwordreq*, char*, char*);
130extern void convM2PR(char*, Passwordreq*, char*);
131
132/*
133 * convert ascii password to DES key
134 */
135extern int opasstokey(char*, char*);
136extern int passtokey(char*, char*);
137
138/*
139 * Nvram interface
140 */
141enum {
142 NVwrite = 1<<0, /* always prompt and rewrite nvram */
rsccbeb0b22006-04-01 19:24:03 +0000[diff] [blame]143 NVwriteonerr = 1<<1 /* prompt and rewrite nvram when corrupt */
rsc2277c5d2004-03-21 04:33:13 +0000[diff] [blame]144};
145
146struct Nvrsafe
147{
148 char machkey[DESKEYLEN];
149 uchar machsum;
150 char authkey[DESKEYLEN];
151 uchar authsum;
152 char config[CONFIGLEN];
153 uchar configsum;
154 char authid[ANAMELEN];
155 uchar authidsum;
156 char authdom[DOMLEN];
157 uchar authdomsum;
158};
159
160extern uchar nvcsum(void*, int);
161extern int readnvram(Nvrsafe*, int);
162
163/*
164 * call up auth server
165 */
166extern int authdial(char *netroot, char *authdom);
167
168/*
169 * exchange messages with auth server
170 */
171extern int _asgetticket(int, char*, char*);
172extern int _asrdresp(int, char*, int);
173extern int sslnegotiate(int, Ticket*, char**, char**);
174extern int srvsslnegotiate(int, Ticket*, char**, char**);
175#ifdef __cplusplus
176}
177#endif
178#endif