factotum 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684
  1. .TH FACTOTUM 4
  2. .SH NAME
  3. factotum, fgui, secretpem\- authentication agent and its graphical interface
  4. .SH SYNOPSIS
  5. .B auth/factotum
  6. [
  7. .B -DdkSun
  8. ] [
  9. .B -a asaddr
  10. ] [
  11. .B -s
  12. .I srvname
  13. ] [
  14. .B -m
  15. .I mtpt
  16. ]
  17. .PP
  18. .B auth/factotum
  19. .B -g
  20. .IB attribute = value
  21. .B ...
  22. .IB attribute ?
  23. .B ...
  24. .PP
  25. .B auth/fgui
  26. .PP
  27. .B auth/secretpem
  28. .I key.pem
  29. .SH DESCRIPTION
  30. .I Factotum
  31. is a user-level file system that
  32. acts as the authentication agent for a user.
  33. It does so by managing a set of
  34. .IR keys .
  35. A key is a collection of information used to authenticate a particular action.
  36. Stored as a list of
  37. .IB attribute = value
  38. pairs, a key typically contains a user, an authentication domain, a protocol, and
  39. some secret data.
  40. .PP
  41. .I Factotum
  42. presents a two level directory. The first
  43. level contains a single directory
  44. .BR factotum ,
  45. which in turn contains:
  46. .TF needkey
  47. .TP
  48. .B rpc
  49. each open represents a new private channel to
  50. .I factotum
  51. .TP
  52. .B proto
  53. when read lists the protocols available
  54. .TP
  55. .B confirm
  56. for confiming the use of key
  57. .TP
  58. .B needkey
  59. allows external programs to control the addition of new keys
  60. .TP
  61. .B log
  62. a log of actions
  63. .TP
  64. .B ctl
  65. for maintaining keys; when read, it returns a list of keys.
  66. For secret attributes, only the attribute name follow by a
  67. .L ?
  68. is returned.
  69. .PD
  70. .PP
  71. In any authentication, the caller typically acts as a client
  72. and the callee as a server. The server determines
  73. the authentication domain, sometimes after a negotiation with
  74. the client. Authentication always requires the client to
  75. prove its identity to the server. Under some protocols, the
  76. authentication is mutual.
  77. Proof is accomplished using secret information kept by factotum
  78. in conjunction with a cryptographic protocol.
  79. .PP
  80. .I Factotum
  81. can act in the role of client for any process possessing the
  82. same user id as it. For select protocols such as
  83. .B p9sk1
  84. it can also act as a client for other processes provided
  85. its user id may speak for the other process' user id (see
  86. .IR authsrv (6)).
  87. .I Factotum
  88. can act in the role of server for any process.
  89. .PP
  90. .IR Factotum 's
  91. structure is independent of
  92. any particular authentication protocol.
  93. .I Factotum
  94. supports the following protocols:
  95. .TF sshrsa
  96. .TP
  97. .B p9any
  98. a metaprotocol used to negotiate which actual protocol to use.
  99. .TP
  100. .B p9sk1
  101. a Plan 9 shared key protocol described in
  102. .IR authsrv (6)'s
  103. ``File Service'' section.
  104. .TP
  105. .B p9sk2
  106. a variant of
  107. .B p9sk1
  108. described in
  109. .IR authsrv (6)'s
  110. ``Remote Execution'' section.
  111. .TP
  112. .B p9cr
  113. a Plan 9 protocol that can use either
  114. .B p9sk1
  115. keys or SecureID tokens.
  116. .TP
  117. .B apop
  118. the challenge/response protocol used by POP3 mail servers.
  119. .TP
  120. .B cram
  121. the challenge/response protocol also used by POP3 mail servers.
  122. .TP
  123. .B chap
  124. the challenge/response protocols used by PPP and PPTP.
  125. .TP
  126. .B mschap
  127. a proprietary Microsoft protocol also used by PPP and PPTP.
  128. .TP
  129. .B sshrsa
  130. an public key protocol used by ssh.
  131. .TP
  132. .B pass
  133. passwords in the clear.
  134. .TP
  135. .B vnc
  136. .IR vnc (1)'s
  137. challenge/response.
  138. .PD
  139. .PP
  140. The options are:
  141. .TP
  142. .B \-a
  143. supplies the address of the authentication server to use.
  144. Without this option, it will attempt to find an authentication server by
  145. querying the connection server, the file
  146. .BR <mtpt>/ndb ,
  147. and finally the network database in
  148. .BR /lib/ndb .
  149. .TP
  150. .B \-m
  151. specifies the mount point to use, by default
  152. .BR /mnt .
  153. .TP
  154. .B \-s
  155. specifies the service name to use.
  156. Without this option,
  157. .I factotum
  158. does not create a service file in
  159. .BR /srv .
  160. .TP
  161. .B \-D
  162. turns on 9P tracing, written to standard error.
  163. .TP
  164. .B \-d
  165. turns on debugging, written to standard error.
  166. .TP
  167. .B \-g
  168. causes the agent to prompt for the key, write it
  169. to the
  170. .B ctl
  171. file, and exit.
  172. The agent will prompt for values for any of the
  173. attributes ending with a question mark
  174. .RB ( ? )
  175. and will append all the supplied
  176. .I attribute = value
  177. pairs. See the section on key templates below.
  178. .TP
  179. .B \-n
  180. don't look for a secstore.
  181. .TP
  182. .B \-S
  183. indicates that the agent is running on a
  184. cpu server. On starting, it will attempt to get a
  185. .B 9psk1
  186. key from NVRAM using
  187. .B readnvram
  188. (see
  189. .IR authsrv (2)),
  190. prompting for anything it needs.
  191. It will never subsequently prompt for a
  192. key that it doesn't have.
  193. This option is typically used by
  194. the kernel at boot time.
  195. .TP
  196. .B \-k
  197. causes the NVRAM to be written.
  198. It is only valid with the
  199. .B \-S
  200. option.
  201. This option is typically used by
  202. the kernel at boot time.
  203. .TP
  204. .B \-u
  205. causes the agent to prompt for user
  206. id and writes it to
  207. .BR /dev/hostowner .
  208. It is mutually exclusive with
  209. .B \-k
  210. and
  211. .BR \-S .
  212. This option is typically used by
  213. the kernel at boot time.
  214. .PD
  215. .PP
  216. .I Fgui
  217. is a graphic user interface for confirming key usage and
  218. entering new keys. It hides the window in which it starts
  219. and waits reading requests from
  220. .B confirm
  221. and
  222. .BR needkey .
  223. For each requests, it unhides itself and waits for
  224. user input.
  225. See the sections on key confirmation and key prompting below.
  226. .SS "Key Tuples
  227. .PP
  228. A
  229. .I "key tuple
  230. is a space delimited list of
  231. .IB attribute = value
  232. pairs. An attribute whose name begins with an exclamation point
  233. .RB ( ! )
  234. does not appear when reading the
  235. .B ctl
  236. file.
  237. The required attributes depend on the authentication protocol.
  238. .PP
  239. .BR P9sk1 ,
  240. .BR p9sk2 ,
  241. and
  242. .BR p9cr
  243. all require a key with
  244. .BR proto = p9sk1 ,
  245. a
  246. .B dom
  247. attribute identifying the authentication domain, a
  248. .B user
  249. name valid in that domain, and either a
  250. .B !password
  251. or
  252. .B !hex
  253. attribute specifying the password or hexadecimal secret
  254. to be used. Here is an example:
  255. .PP
  256. .EX
  257. proto=p9sk1 dom=avayalabs.com user=presotto !password=lucent
  258. .EE
  259. .PP
  260. .BR Apop ,
  261. .BR cram ,
  262. .BR chap ,
  263. and
  264. .BR mschap ,
  265. require a key with a
  266. .B proto
  267. attribute whose value matches the protocol,
  268. in addition to
  269. .BR server ,
  270. .BR user ,
  271. and
  272. .B !password
  273. attributes;
  274. e.g.
  275. .PP
  276. .EX
  277. proto=apop server=mit.edu user=rsc !password=nerdsRus
  278. .EE
  279. Vnc is similar but does not require a
  280. .B user
  281. attribute.
  282. .PP
  283. .B Pass
  284. requires a key with
  285. .B proto=pass
  286. in addition to
  287. .B user
  288. and
  289. .B !password
  290. attributes; e.g.
  291. .PP
  292. .EX
  293. proto=pass user=tb !password=does.it.matter
  294. .EE
  295. .PP
  296. .B Sshrsa
  297. requires a key with
  298. .B proto=sshrsa
  299. in addition to all the hex attributes defining an RSA key:
  300. .BR ek ,
  301. .BR n ,
  302. .BR !p ,
  303. .BR !q ,
  304. .BR !kp ,
  305. .BR !kq ,
  306. .BR !c2 ,
  307. and
  308. .BR !dk .
  309. .PP
  310. All keys can have additional attibutes that act either as comments
  311. or as selectors to distinguish them in the
  312. .IR auth (2)
  313. library calls.
  314. .PP
  315. Any key may have a
  316. .B role
  317. attribute for restricting how it can be used.
  318. If this attribute is missing, the key can be used in any role.
  319. The possible values are:
  320. .TP
  321. .B client
  322. for authenticating outbound calls
  323. .TP
  324. .B server
  325. for authenticating inbound calls
  326. .TP
  327. .B speaksfor
  328. for authenticating processes whose
  329. user id does not match
  330. .IR factotum 's.
  331. .PD
  332. .PP
  333. Whenever
  334. .I factotum
  335. runs as a server, it must have a
  336. .B p9sk1
  337. key in order to communicate with the authentication
  338. server for validating passwords and challenge/responses of
  339. other users.
  340. .SS "Key Templates
  341. Key templates are used by routines that interface to
  342. .I factotum
  343. such as
  344. .B auth_proxy
  345. and
  346. .B auth_challenge
  347. (see
  348. .IR auth (2))
  349. to specify which key and protocol to use for an authentication.
  350. Like a key tuple, a key template is also a list of
  351. .IB attribute = value
  352. pairs.
  353. It must specify at least the protocol and enough
  354. other attributes to uniquely identify a key, or set of keys, to use.
  355. The keys chosen are those that match all the attributes specified
  356. in the template. The possible attribute/value formats are:
  357. .TP 1i
  358. .IB attr = val
  359. The attribute
  360. .I attr
  361. must exist in the key and its value must exactly
  362. match
  363. .I val
  364. .TP 1i
  365. .IB attr ?
  366. The attribute
  367. .I attr
  368. must exist in the key but its value doesn't matter.
  369. .TP 1i
  370. .I attr
  371. The attribute
  372. .I attr
  373. must exist in the key with a null value
  374. .PD
  375. .PP
  376. Key templates are also used by factotum to request a key either via
  377. an RPC error or via the
  378. .B needkey
  379. interface.
  380. The possible attribute/value formats are:
  381. .TP 1i
  382. .IB attr = val
  383. This pair must remain unchanged
  384. .TP 1i
  385. .IB attr ?
  386. This attribute needs a value
  387. .TP 1i
  388. .I attr
  389. The pair must remain unchanged
  390. .PD
  391. .SS "Control and Key Management
  392. .PP
  393. A number of messages can be written to the control file.
  394. The mesages are:
  395. .TP
  396. .B "key \fIattribute-value-list\fP
  397. add a new key. This will replace any old key whose
  398. public, i.e. non ! attributes, match.
  399. .TP
  400. .B "delkey \fIattribute-value-list\fP
  401. delete a key whose attributes match those given.
  402. .TP
  403. .B debug
  404. toggle debugging on and off, i.e., the debugging also
  405. turned on by the
  406. .B \-d
  407. option.
  408. .PP
  409. By default when factotum starts it looks for a
  410. .IR secstore (1)
  411. account on $auth for the user and, if one exists,
  412. prompts for a secstore password in order to fetch
  413. the file
  414. .IR factotum ,
  415. which should contain control file commands.
  416. An example would be
  417. .EX
  418. key dom=x.com proto=p9sk1 user=boyd !hex=26E522ADE2BBB2A229
  419. key proto=sshrsa size=1024 ek=3B !dk=...
  420. .EE
  421. where the first line sets a password for
  422. challenge/response authentication, strong against dictionary
  423. attack by being a long random string, and the second line
  424. sets a public/private keypair for ssh authentication,
  425. generated by
  426. .B ssh_genkey
  427. (see
  428. .IR ssh (1)).
  429. .PD
  430. .SS "Confirming key use
  431. .PP
  432. The
  433. .B confirm
  434. file provides a connection from
  435. .I factotum
  436. to a confirmation server, normally the program
  437. .IR auth/fgui .
  438. Whenever a key with the
  439. .B confirm
  440. attribute is used,
  441. .I factotum
  442. requires confirmation of its use. If no process has
  443. .B confirm
  444. opened, use of the key will be denied.
  445. However, if the file is opened a request can be read from it
  446. with the following format:
  447. .PP
  448. .B confirm
  449. .BI tag= tagno
  450. .I "<key template>
  451. .PP
  452. The reply, written back to
  453. .BR confirm ,
  454. consists of string:
  455. .PP
  456. .BI tag= tagno
  457. .BI answer= xxx
  458. .PP
  459. If
  460. .I xxx
  461. is the string
  462. .B yes
  463. then the use is confirmed and the authentication will proceed.
  464. Otherwise, it fails.
  465. .PP
  466. .B Confirm
  467. is exclusive open and can only be opened by a process with
  468. the same user id as
  469. .IR factotum .
  470. .SS "Prompting for keys
  471. .PP
  472. The
  473. .B needkey
  474. file provides a connection from
  475. .I factotum
  476. to a key server, normally the program
  477. .IR auth/fgui .
  478. Whenever
  479. .I factotum
  480. needs a new key, it first checks to see if
  481. .B needkey
  482. is opened. If it isn't, it returns a error to its client.
  483. If the file is opened a request can be read from it
  484. with the following format:
  485. .PP
  486. .B needkey
  487. .BI tag= tagno
  488. .I "<key template>
  489. .PP
  490. It is up to the reader to then query the user for any missing fields,
  491. write the key tuple into the
  492. .B ctl
  493. file, and then reply by writing into the
  494. .B needkey
  495. file the string:
  496. .PP
  497. .BI tag= tagno
  498. .PP
  499. .B Needkey
  500. is exclusive open and can only be opened by a process with
  501. the same user id as
  502. .IR factotum .
  503. .SS "The RPC Protocol
  504. Authentication is performed by
  505. .IP 1)
  506. opening
  507. .BR rpc
  508. .IP 2)
  509. setting up the protocol and key to be used (see the
  510. .B start
  511. RPC below),
  512. .IP 3)
  513. shuttling messages back and forth between
  514. .IR factotum
  515. and the other party (see the
  516. .B read
  517. and
  518. .B write
  519. RPC's) until done
  520. .IP 4)
  521. if successful, reading back an
  522. .I AuthInfo
  523. structure (see
  524. .IR authsrv (2)).
  525. .PP
  526. The RPC protocol is normally embodied by one of the
  527. routines in
  528. .IR auth (2).
  529. We describe it here should anyone want to extend
  530. the library.
  531. .PP
  532. An RPC consists of writing a request message to
  533. .B rpc
  534. followed by reading a reply message back.
  535. RPC's are strictly ordered; requests and replies of
  536. different RPC's cannot be interleaved.
  537. Messages consist of of a verb, a singe space, and data.
  538. The data format depends on the verb. The request verbs are:
  539. .TP
  540. .B "start \fIattribute-value-list\fP
  541. start a new authentication.
  542. .I Attribute-value-pair-list
  543. must include a
  544. .B proto
  545. attribute, a
  546. .B role
  547. attribute with value
  548. .B client
  549. or
  550. .BR server ,
  551. and enough other attibutes to uniquely identify a key to use.
  552. A
  553. .B start
  554. RPC is required before any others. The possible replies are:
  555. .RS
  556. .TP
  557. .B ok
  558. start succeeded.
  559. .TP
  560. .B "error \fIstring\fP
  561. where
  562. .I string
  563. is the reason.
  564. .RE
  565. .PD
  566. .TP
  567. .B read
  568. get data from
  569. .I factotum
  570. to send to the other party. The possible replies are:
  571. .RS
  572. .TP
  573. .B ok
  574. read succeeded, this is zero length message.
  575. .TP
  576. .B "ok \fIdata\fP
  577. read succeeded, the data follows the space and is
  578. unformatted.
  579. .TP
  580. .B "done
  581. authentication has succeeded, no further RPC's are
  582. necessary
  583. .TP
  584. .B "done haveai
  585. authentication has succeeded, an
  586. .B AuthInfo
  587. structure (see
  588. .IR auth (2))
  589. can be retrieved with an
  590. .B authinfo
  591. RPC
  592. .TP
  593. .B "phase \fIstring\fP
  594. its not your turn to read, get some data from
  595. the other party and return it with a write RPC.
  596. .TP
  597. .B "error \fIstring\fP
  598. authentication failed,
  599. .I string
  600. is the reason.
  601. .TP
  602. .B "protocol not started
  603. a
  604. .B start
  605. RPC needs to be preceed reads and writes
  606. .TP
  607. .B "needkey \fIattribute-value-list\fP
  608. a key matching the argument is needed. This argument
  609. may be passed as an argument to
  610. .I factotum
  611. .B -g
  612. in order to prompt for a key. After that, the
  613. authentication may proceed, i.e., the read restarted.
  614. .PD
  615. .RE
  616. .TP
  617. .B "write \fIdata\fP
  618. send data from the other party to
  619. .IR factotum .
  620. The possible replies are:
  621. .RS
  622. .TP
  623. .B "ok
  624. the write succeeded
  625. .TP
  626. .B "needkey \fIattribute-value-list\fP
  627. see above
  628. .TP
  629. .B "toosmall \fIn\fP
  630. the write is too short, get more data from the
  631. other party and retry the write.
  632. .I n
  633. specifies the maximun total number of bytes.
  634. .TP
  635. .B "phase \fIstring\fP
  636. its not your turn to write, get some data from
  637. .I factotum
  638. first.
  639. .TP
  640. .B "done
  641. see above
  642. .TP
  643. .B "done haveai
  644. see above
  645. .RE
  646. .TP
  647. .B authinfo
  648. retrieve the AuthInfo structure.
  649. The possible replies are:
  650. .RS
  651. .TP
  652. .B "ok \fIdata\fP
  653. .I data
  654. is a marshaled form of the AuthInfo structure.
  655. .TP
  656. .B "error \fIstring\fP
  657. where
  658. .I string
  659. is the reason for the error.
  660. .PD
  661. .RE
  662. .TP
  663. .B attr
  664. retrieve the attributes used in the
  665. .B start
  666. RPC.
  667. The possible replies are:
  668. .RS
  669. .TP
  670. .B "ok \fIattribute-value-list\fP
  671. .TP
  672. .B "error \fIstring\fP
  673. where
  674. .I string
  675. is the reason for the error.
  676. .PD
  677. .RE
  678. .PP
  679. .I Secretpem
  680. copies a PEM-format RSA private key onto standard output in sshrsa key syntax,
  681. suitable for writing to
  682. .IR /mnt/factotum/ctl .
  683. .SH SOURCE
  684. .B /sys/src/cmd/auth/factotum