3 amount, newns, addns, login, noworld, auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_userpasswd, auth_getuserpasswd, auth_getinfo \- routines for authenticating users
12 .ta 11n +4n +4n +4n +4n +4n +4n
15 int newns(char *user, char *nsfile);
18 int addns(char *user, char *nsfile);
21 int amount(int fd, char *old, int flag, char *aname);
24 int login(char *user, char *password, char *namespace);
27 int noworld(char *user);
30 AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
33 AuthInfo* fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey,
38 AuthRpc* auth_allocrpc(int afd);
41 void auth_freerpc(AuthRpc *rpc);
44 uint auth_rpc(AuthRpc *rpc, char *verb, void *a, int n);
47 int auth_getkey(char *params);
50 int (*amount_getkey)(char*, char*);
53 void auth_freeAI(AuthInfo *ai);
56 int auth_chuid(AuthInfo *ai, char *ns);
59 Chalstate* auth_challenge(char *fmt, ...);
62 AuthInfo* auth_response(Chalstate*);
65 void auth_freechal(Chalstate*);
68 int auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...);
71 AuthInfo* auth_userpasswd(char*user, char*password);
74 UserPasswd* auth_getuserpasswd(AuthGetkey *getkey, char*fmt, ...);
77 AuthInfo* auth_getinfo(int fd);
80 This library, in concert with
82 is used to authenticate users.
83 It provides the primary interface to
87 builds a name space for
95 copies the old environment, erases the current name space,
96 sets the environment variables
100 and interprets the commands in
108 also interprets and executes the commands in
112 it applies the command to the current name space
113 rather than starting from scratch.
118 but performs any authentication required.
119 It should be used instead of
121 whenever the file server being mounted requires authentication.
124 for a definition of the arguments to
130 changes the user id of the process
132 and recreates the namespace using the file
135 .BR /lib/namespace ).
142 returns 1 if the user is in the group
146 Otherwise, it returns 0.
148 is used by telnetd and ftpd to provide sandboxed
149 access for some users.
151 The following routines use the
153 structure returned after a successful authentication by
158 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
161 char *cuid; /* caller id */
162 char *suid; /* server id */
163 char *cap; /* capability */
164 int nsecret; /* length of secret */
165 uchar *secret; /* secret */
173 point to the authenticated ids of the client and server.
175 is a capability returned only to the server.
176 It can be passed to the
178 device to change the user id of the process.
182 shared secret that can be used by the client and server to
183 create encryption and hashing keys for the rest of the
187 proxies an authentication conversation between a remote
188 server reading and writing
195 .BR /mnt/factotum/rpc .
202 and the variable arg list yields a key template (see
204 specifying the key to use.
205 The template must specify at least the protocol (
212 either returns an allocated
214 structure, or sets the error string and
218 can be used instead of
220 if a single connection to
222 will be used for multiple authentications.
223 This is necessary, for example, for
227 file before wiping out the namespace.
229 takes as an argument a pointer to an
231 structure which contains an fd for an open connection to
233 in addition to storage and state information for
237 structure is obtained by calling
239 with the fd of an open
244 Individual commands can be sent to
253 take a pointer to a routine,
257 not posess a key for the authentication. If
259 is nil, the authentication fails.
261 is called with a key template for the desired
263 We have provided a generic routine,
265 which queries the user for
266 the key information and passes it to
268 This is the default for the global variable,
270 which holds a pointer to the key prompting routine used by
280 structure to change the user id of the current
285 to build it a new name space.
290 perform challenge/response protocols with
292 State between the challenge and response phase are
306 /* for implementation only */
309 char userbuf[MAXNAMELEN];
315 requires a key template generated by an
319 and the variable arguments. It must contain the protocol
321 and depending on the protocol, the user name (\c
322 .BI user= xxx \fR).\fP
326 expect the user specified as an attribute in
336 For all protocols, the response is returned
344 must be the length of the response.
348 a challenge string and the fmt and args specifying a key,
351 to return the proper user and response.
354 verifies a simple user/password pair.
355 .I Auth_getuserpasswd
356 retrieves a user/password pair from
362 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
363 typedef struct UserPasswd {
374 and converts it into a structure. It is only
375 used by the other routines in this library when
382 structure returned by one of these routines.
385 frees a challenge/response state.