3 amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_respondAI, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
12 .ta 11n +4n +4n +4n +4n +4n +4n
15 int newns(char *user, char *nsfile);
18 int addns(char *user, char *nsfile);
21 int amount(int fd, char *old, int flag, char *aname);
24 int login(char *user, char *password, char *namespace);
27 int noworld(char *user);
30 AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
33 AuthInfo* fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey,
38 AuthRpc* auth_allocrpc(int afd);
41 void auth_freerpc(AuthRpc *rpc);
44 uint auth_rpc(AuthRpc *rpc, char *verb, void *a, int n);
47 int auth_getkey(char *params);
50 int (*amount_getkey)(char*);
53 void auth_freeAI(AuthInfo *ai);
56 int auth_chuid(AuthInfo *ai, char *ns);
59 Chalstate* auth_challenge(char *fmt, ...);
62 AuthInfo* auth_response(Chalstate*);
65 void auth_freechal(Chalstate*);
68 int auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...);
71 int auth_respondAI(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthInfo **ai, AuthGetkey *getkey, char *fmt, ...);
74 AuthInfo* auth_userpasswd(char*user, char*password);
77 UserPasswd* auth_getuserpasswd(AuthGetkey *getkey, char*fmt, ...);
80 AuthInfo* auth_getinfo(AuthRpc*);
83 This library, in concert with
85 is used to authenticate users.
86 It provides the primary interface to
90 builds a name space for
98 copies the old environment, erases the current name space,
99 sets the environment variables
103 and interprets the commands in
111 also interprets and executes the commands in
115 it applies the command to the current name space
116 rather than starting from scratch.
121 but performs any authentication required.
122 It should be used instead of
124 whenever the file server being mounted requires authentication.
127 for a definition of the arguments to
133 changes the user id of the process
135 and recreates the namespace using the file
138 .BR /lib/namespace ).
145 returns 1 if the user is in the group
149 Otherwise, it returns 0.
151 is used by telnetd and ftpd to provide sandboxed
152 access for some users.
154 The following routines use the
156 structure returned after a successful authentication by
161 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
164 char *cuid; /* caller id */
165 char *suid; /* server id */
166 char *cap; /* capability */
167 int nsecret; /* length of secret */
168 uchar *secret; /* secret */
176 point to the authenticated ids of the client and server.
178 is a capability returned only to the server.
179 It can be passed to the
181 device to change the user id of the process.
185 shared secret that can be used by the client and server to
186 create encryption and hashing keys for the rest of the
190 proxies an authentication conversation between a remote
191 server reading and writing
198 .BR /mnt/factotum/rpc .
205 and the variable arg list yields a key template (see
207 specifying the key to use.
208 The template must specify at least the protocol (
215 either returns an allocated
217 structure, or sets the error string and
221 can be used instead of
223 if a single connection to
225 will be used for multiple authentications.
226 This is necessary, for example, for
230 file before wiping out the namespace.
232 takes as an argument a pointer to an
234 structure which contains an fd for an open connection to
236 in addition to storage and state information for
240 structure is obtained by calling
242 with the fd of an open
247 Individual commands can be sent to
256 take a pointer to a routine,
260 not posess a key for the authentication. If
262 is nil, the authentication fails.
264 is called with a key template for the desired
266 We have provided a generic routine,
268 which queries the user for
269 the key information and passes it to
271 This is the default for the global variable,
273 which holds a pointer to the key prompting routine used by
283 structure to change the user id of the current
288 to build it a new name space.
293 perform challenge/response protocols with
295 State between the challenge and response phase are
309 /* for implementation only */
312 char userbuf[MAXNAMELEN];
318 requires a key template generated by an
322 and the variable arguments. It must contain the protocol
324 and depending on the protocol, the user name (\c
325 .BI user= xxx \fR).\fP
329 expect the user specified as an attribute in
339 For all protocols, the response is returned
347 must be the length of the response.
351 a challenge string and the fmt and args specifying a key,
354 to return the proper user and response.
359 but has an additional
361 output parameter to return an
363 structure on success that holds protocol specific secret keys
364 derived from the exchange. The returned
366 structure should be freed with
371 verifies a simple user/password pair.
372 .I Auth_getuserpasswd
373 retrieves a user/password pair from
379 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
380 typedef struct UserPasswd {
391 and converts it into a structure. It is only
392 used by the other routines in this library when
399 structure returned by one of these routines.
402 frees a challenge/response state.