1 #pragma src "/sys/src/libauthsrv"
2 #pragma lib "libauthsrv.a"
5 * Interface for talking to authentication server.
7 typedef struct Ticket Ticket;
8 typedef struct Ticketreq Ticketreq;
9 typedef struct Authenticator Authenticator;
10 typedef struct Nvrsafe Nvrsafe;
11 typedef struct Passwordreq Passwordreq;
12 typedef struct OChapreply OChapreply;
13 typedef struct OMSchapreply OMSchapreply;
15 typedef struct Authkey Authkey;
19 ANAMELEN= 28, /* name max size in previous proto */
20 AERRLEN= 64, /* errstr max size in previous proto */
21 DOMLEN= 48, /* authentication domain name length */
22 DESKEYLEN= 7, /* encrypt/decrypt des key length */
24 CHALLEN= 8, /* plan9 sk1 challenge length */
25 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
27 SECRETLEN= 32, /* secret max size */
29 KEYDBOFF= 8, /* bytes of random data at key file's start */
30 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
31 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
35 /* encryption numberings (anti-replay) */
38 AuthTreq=1, /* ticket request */
39 AuthChal=2, /* challenge box request */
40 AuthPass=3, /* change password */
41 AuthOK=4, /* fixed length reply follows */
42 AuthErr=5, /* error follows */
43 AuthMod=6, /* modify user */
44 AuthApop=7, /* apop authentication for pop3 */
45 AuthOKvar=9, /* variable length reply follows */
46 AuthChap=10, /* chap authentication for ppp */
47 AuthMSchap=11, /* MS chap authentication for ppp */
48 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
49 AuthHttp=13, /* http domain login */
50 AuthVNC=14, /* VNC server login (deprecated) */
53 AuthTs=64, /* ticket encrypted with server's key */
54 AuthTc, /* ticket encrypted with client's key */
55 AuthAs, /* server generated authenticator */
56 AuthAc, /* client generated authenticator */
57 AuthTp, /* ticket encrypted with client's key for password change */
58 AuthHr, /* http reply */
64 char authid[ANAMELEN]; /* server's encryption id */
65 char authdom[DOMLEN]; /* server's authentication domain */
66 char chal[CHALLEN]; /* challenge from server */
67 char hostid[ANAMELEN]; /* host's encryption id */
68 char uid[ANAMELEN]; /* uid of requesting user on host */
70 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
74 char num; /* replay protection */
75 char chal[CHALLEN]; /* server challenge */
76 char cuid[ANAMELEN]; /* uid on client */
77 char suid[ANAMELEN]; /* uid on server */
78 char key[DESKEYLEN]; /* nonce DES key */
80 #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
84 char num; /* replay protection */
86 ulong id; /* authenticator id, ++'d with each auth */
88 #define AUTHENTLEN (CHALLEN+4+1)
96 char secret[SECRETLEN]; /* new secret */
98 #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
106 #define OCHAPREPLYLEN (1+ANAMELEN+OMD5LEN)
111 char LMresp[24]; /* Lan Manager response */
112 char NTresp[24]; /* NT response */
114 #define OMSCHAPREPLYLEN (ANAMELEN+24+24)
119 uchar aes[AESKEYLEN];
123 * convert to/from wire format
125 extern int convT2M(Ticket*, char*, int, Authkey*);
126 extern int convM2T(char*, int, Ticket*, Authkey*);
127 extern int convA2M(Authenticator*, char*, int, Ticket*);
128 extern int convM2A(char*, int, Authenticator*, Ticket*);
129 extern int convTR2M(Ticketreq*, char*, int);
130 extern int convM2TR(char*, int, Ticketreq*);
131 extern int convPR2M(Passwordreq*, char*, int, Ticket*);
132 extern int convM2PR(char*, int, Passwordreq*, Ticket*);
135 * convert ascii password to DES key
137 extern void passtokey(Authkey*, char*);
143 NVread = 0, /* just read */
144 NVwrite = 1<<0, /* always prompt and rewrite nvram */
145 NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
146 NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
152 char machkey[DESKEYLEN]; /* file server's authid's des key */
154 char authkey[DESKEYLEN]; /* authid's des key from password */
157 * file server config string of device holding full configuration;
158 * secstore key on non-file-servers.
160 char config[CONFIGLEN];
162 char authid[ANAMELEN]; /* auth userid, e.g., bootes */
164 char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
167 uchar aesmachkey[AESKEYLEN];
171 extern uchar nvcsum(void*, int);
172 extern int readnvram(Nvrsafe*, int);
175 * call up auth server
177 extern int authdial(char *netroot, char *authdom);
180 * exchange messages with auth server
182 extern int _asgetticket(int, Ticketreq*, char*, int);
183 extern int _asrequest(int, Ticketreq*);
184 extern int _asgetresp(int, Ticket*, Authenticator*, Authkey *);
185 extern int _asrdresp(int, char*, int);