authsrv.h 4.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. #pragma src "/sys/src/libauthsrv"
  2. #pragma lib "libauthsrv.a"
  3. /*
  4. * Interface for talking to authentication server.
  5. */
  6. typedef struct Ticket Ticket;
  7. typedef struct Ticketreq Ticketreq;
  8. typedef struct Authenticator Authenticator;
  9. typedef struct Nvrsafe Nvrsafe;
  10. typedef struct Passwordreq Passwordreq;
  11. typedef struct OChapreply OChapreply;
  12. typedef struct OMSchapreply OMSchapreply;
  13. enum
  14. {
  15. ANAMELEN= 28, /* name max size in previous proto */
  16. AERRLEN= 64, /* errstr max size in previous proto */
  17. DOMLEN= 48, /* authentication domain name length */
  18. DESKEYLEN= 7, /* encrypt/decrypt des key length */
  19. CHALLEN= 8, /* plan9 sk1 challenge length */
  20. NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
  21. CONFIGLEN= 14,
  22. SECRETLEN= 32, /* secret max size */
  23. KEYDBOFF= 8, /* bytes of random data at key file's start */
  24. OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
  25. KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
  26. OMD5LEN= 16,
  27. };
  28. /* encryption numberings (anti-replay) */
  29. enum
  30. {
  31. AuthTreq=1, /* ticket request */
  32. AuthChal=2, /* challenge box request */
  33. AuthPass=3, /* change password */
  34. AuthOK=4, /* fixed length reply follows */
  35. AuthErr=5, /* error follows */
  36. AuthMod=6, /* modify user */
  37. AuthApop=7, /* apop authentication for pop3 */
  38. AuthOKvar=9, /* variable length reply follows */
  39. AuthChap=10, /* chap authentication for ppp */
  40. AuthMSchap=11, /* MS chap authentication for ppp */
  41. AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
  42. AuthHttp=13, /* http domain login */
  43. AuthVNC=14, /* VNC server login (deprecated) */
  44. AuthTs=64, /* ticket encrypted with server's key */
  45. AuthTc, /* ticket encrypted with client's key */
  46. AuthAs, /* server generated authenticator */
  47. AuthAc, /* client generated authenticator */
  48. AuthTp, /* ticket encrypted with client's key for password change */
  49. AuthHr, /* http reply */
  50. };
  51. struct Ticketreq
  52. {
  53. char type;
  54. char authid[ANAMELEN]; /* server's encryption id */
  55. char authdom[DOMLEN]; /* server's authentication domain */
  56. char chal[CHALLEN]; /* challenge from server */
  57. char hostid[ANAMELEN]; /* host's encryption id */
  58. char uid[ANAMELEN]; /* uid of requesting user on host */
  59. };
  60. #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
  61. struct Ticket
  62. {
  63. char num; /* replay protection */
  64. char chal[CHALLEN]; /* server challenge */
  65. char cuid[ANAMELEN]; /* uid on client */
  66. char suid[ANAMELEN]; /* uid on server */
  67. char key[DESKEYLEN]; /* nonce DES key */
  68. };
  69. #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
  70. struct Authenticator
  71. {
  72. char num; /* replay protection */
  73. char chal[CHALLEN];
  74. ulong id; /* authenticator id, ++'d with each auth */
  75. };
  76. #define AUTHENTLEN (CHALLEN+4+1)
  77. struct Passwordreq
  78. {
  79. char num;
  80. char old[ANAMELEN];
  81. char new[ANAMELEN];
  82. char changesecret;
  83. char secret[SECRETLEN]; /* new secret */
  84. };
  85. #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
  86. struct OChapreply
  87. {
  88. uchar id;
  89. char uid[ANAMELEN];
  90. char resp[OMD5LEN];
  91. };
  92. struct OMSchapreply
  93. {
  94. char uid[ANAMELEN];
  95. char LMresp[24]; /* Lan Manager response */
  96. char NTresp[24]; /* NT response */
  97. };
  98. /*
  99. * convert to/from wire format
  100. */
  101. extern int convT2M(Ticket*, char*, char*);
  102. extern void convM2T(char*, Ticket*, char*);
  103. extern void convM2Tnoenc(char*, Ticket*);
  104. extern int convA2M(Authenticator*, char*, char*);
  105. extern void convM2A(char*, Authenticator*, char*);
  106. extern int convTR2M(Ticketreq*, char*);
  107. extern void convM2TR(char*, Ticketreq*);
  108. extern int convPR2M(Passwordreq*, char*, char*);
  109. extern void convM2PR(char*, Passwordreq*, char*);
  110. /*
  111. * convert ascii password to DES key
  112. */
  113. extern int opasstokey(char*, char*);
  114. extern int passtokey(char*, char*);
  115. /*
  116. * Nvram interface
  117. */
  118. enum {
  119. NVread = 0, /* just read */
  120. NVwrite = 1<<0, /* always prompt and rewrite nvram */
  121. NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
  122. NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
  123. };
  124. /* storage layout */
  125. struct Nvrsafe
  126. {
  127. char machkey[DESKEYLEN]; /* was file server's authid's des key */
  128. uchar machsum;
  129. char authkey[DESKEYLEN]; /* authid's des key from password */
  130. uchar authsum;
  131. /*
  132. * file server config string of device holding full configuration;
  133. * secstore key on non-file-servers.
  134. */
  135. char config[CONFIGLEN];
  136. uchar configsum;
  137. char authid[ANAMELEN]; /* auth userid, e.g., bootes */
  138. uchar authidsum;
  139. char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
  140. uchar authdomsum;
  141. };
  142. extern uchar nvcsum(void*, int);
  143. extern int readnvram(Nvrsafe*, int);
  144. /*
  145. * call up auth server
  146. */
  147. extern int authdial(char *netroot, char *authdom);
  148. /*
  149. * exchange messages with auth server
  150. */
  151. extern int _asgetticket(int, char*, char*);
  152. extern int _asrdresp(int, char*, int);
  153. extern int sslnegotiate(int, Ticket*, char**, char**);
  154. extern int srvsslnegotiate(int, Ticket*, char**, char**);