authsrv.h (4682B)
1 #ifndef __AUTHSRV_H__ 2 #define __AUTHSRV_H__ 1 3 #ifdef __cplusplus 4 extern "C" { 5 #endif 6 /* 7 #pragma src "/sys/src/libauthsrv" 8 #pragma lib "libauthsrv.a" 9 */ 10 AUTOLIB(authsrv) 11 12 /* 13 * Interface for talking to authentication server. 14 */ 15 typedef struct Ticket Ticket; 16 typedef struct Ticketreq Ticketreq; 17 typedef struct Authenticator Authenticator; 18 typedef struct Nvrsafe Nvrsafe; 19 typedef struct Passwordreq Passwordreq; 20 typedef struct OChapreply OChapreply; 21 typedef struct OMSchapreply OMSchapreply; 22 23 enum 24 { 25 ANAMELEN= 28, /* maximum size of name in previous proto */ 26 AERRLEN= 64, /* maximum size of errstr in previous proto */ 27 DOMLEN= 48, /* length of an authentication domain name */ 28 DESKEYLEN= 7, /* length of a des key for encrypt/decrypt */ 29 CHALLEN= 8, /* length of a plan9 sk1 challenge */ 30 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */ 31 CONFIGLEN= 14, 32 SECRETLEN= 32, /* max length of a secret */ 33 34 KEYDBOFF= 8, /* length of random data at the start of key file */ 35 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* length of an entry in old key file */ 36 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* length of an entry in key file */ 37 OMD5LEN= 16 38 }; 39 40 /* encryption numberings (anti-replay) */ 41 enum 42 { 43 AuthTreq=1, /* ticket request */ 44 AuthChal=2, /* challenge box request */ 45 AuthPass=3, /* change password */ 46 AuthOK=4, /* fixed length reply follows */ 47 AuthErr=5, /* error follows */ 48 AuthMod=6, /* modify user */ 49 AuthApop=7, /* apop authentication for pop3 */ 50 AuthOKvar=9, /* variable length reply follows */ 51 AuthChap=10, /* chap authentication for ppp */ 52 AuthMSchap=11, /* MS chap authentication for ppp */ 53 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */ 54 AuthHttp=13, /* http domain login */ 55 AuthVNC=14, /* VNC server login (deprecated) */ 56 57 58 AuthTs=64, /* ticket encrypted with server's key */ 59 AuthTc, /* ticket encrypted with client's key */ 60 AuthAs, /* server generated authenticator */ 61 AuthAc, /* client generated authenticator */ 62 AuthTp, /* ticket encrypted with client's key for password change */ 63 AuthHr /* http reply */ 64 }; 65 66 struct Ticketreq 67 { 68 char type; 69 char authid[ANAMELEN]; /* server's encryption id */ 70 char authdom[DOMLEN]; /* server's authentication domain */ 71 char chal[CHALLEN]; /* challenge from server */ 72 char hostid[ANAMELEN]; /* host's encryption id */ 73 char uid[ANAMELEN]; /* uid of requesting user on host */ 74 }; 75 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1) 76 77 struct Ticket 78 { 79 char num; /* replay protection */ 80 char chal[CHALLEN]; /* server challenge */ 81 char cuid[ANAMELEN]; /* uid on client */ 82 char suid[ANAMELEN]; /* uid on server */ 83 char key[DESKEYLEN]; /* nonce DES key */ 84 }; 85 #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1) 86 87 struct Authenticator 88 { 89 char num; /* replay protection */ 90 char chal[CHALLEN]; 91 ulong id; /* authenticator id, ++'d with each auth */ 92 }; 93 #define AUTHENTLEN (CHALLEN+4+1) 94 95 struct Passwordreq 96 { 97 char num; 98 char old[ANAMELEN]; 99 char new[ANAMELEN]; 100 char changesecret; 101 char secret[SECRETLEN]; /* new secret */ 102 }; 103 #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN) 104 105 struct OChapreply 106 { 107 uchar id; 108 char uid[ANAMELEN]; 109 char resp[OMD5LEN]; 110 }; 111 112 struct OMSchapreply 113 { 114 char uid[ANAMELEN]; 115 char LMresp[24]; /* Lan Manager response */ 116 char NTresp[24]; /* NT response */ 117 }; 118 119 /* 120 * convert to/from wire format 121 */ 122 extern int convT2M(Ticket*, char*, char*); 123 extern void convM2T(char*, Ticket*, char*); 124 extern void convM2Tnoenc(char*, Ticket*); 125 extern int convA2M(Authenticator*, char*, char*); 126 extern void convM2A(char*, Authenticator*, char*); 127 extern int convTR2M(Ticketreq*, char*); 128 extern void convM2TR(char*, Ticketreq*); 129 extern int convPR2M(Passwordreq*, char*, char*); 130 extern void convM2PR(char*, Passwordreq*, char*); 131 132 /* 133 * convert ascii password to DES key 134 */ 135 extern int opasstokey(char*, char*); 136 extern int passtokey(char*, char*); 137 138 /* 139 * Nvram interface 140 */ 141 enum { 142 NVwrite = 1<<0, /* always prompt and rewrite nvram */ 143 NVwriteonerr = 1<<1 /* prompt and rewrite nvram when corrupt */ 144 }; 145 146 struct Nvrsafe 147 { 148 char machkey[DESKEYLEN]; 149 uchar machsum; 150 char authkey[DESKEYLEN]; 151 uchar authsum; 152 char config[CONFIGLEN]; 153 uchar configsum; 154 char authid[ANAMELEN]; 155 uchar authidsum; 156 char authdom[DOMLEN]; 157 uchar authdomsum; 158 }; 159 160 extern uchar nvcsum(void*, int); 161 extern int readnvram(Nvrsafe*, int); 162 163 /* 164 * call up auth server 165 */ 166 extern int authdial(char *netroot, char *authdom); 167 168 /* 169 * exchange messages with auth server 170 */ 171 extern int _asgetticket(int, char*, char*); 172 extern int _asrdresp(int, char*, int); 173 extern int sslnegotiate(int, Ticket*, char**, char**); 174 extern int srvsslnegotiate(int, Ticket*, char**, char**); 175 #ifdef __cplusplus 176 } 177 #endif 178 #endif