authsrv.h 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. /*
  2. * This file is part of the UCB release of Plan 9. It is subject to the license
  3. * terms in the LICENSE file found in the top-level directory of this
  4. * distribution and at http://akaros.cs.berkeley.edu/files/Plan9License. No
  5. * part of the UCB release of Plan 9, including this file, may be copied,
  6. * modified, propagated, or distributed except according to the terms contained
  7. * in the LICENSE file.
  8. */
  9. #pragma src "/sys/src/libauthsrv"
  10. #pragma lib "libauthsrv.a"
  11. /*
  12. * Interface for talking to authentication server.
  13. */
  14. typedef struct Ticket Ticket;
  15. typedef struct Ticketreq Ticketreq;
  16. typedef struct Authenticator Authenticator;
  17. typedef struct Nvrsafe Nvrsafe;
  18. typedef struct Passwordreq Passwordreq;
  19. typedef struct OChapreply OChapreply;
  20. typedef struct OMSchapreply OMSchapreply;
  21. enum
  22. {
  23. ANAMELEN= 28, /* name max size in previous proto */
  24. AERRLEN= 64, /* errstr max size in previous proto */
  25. DOMLEN= 48, /* authentication domain name length */
  26. DESKEYLEN= 7, /* encrypt/decrypt des key length */
  27. CHALLEN= 8, /* plan9 sk1 challenge length */
  28. NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
  29. CONFIGLEN= 14,
  30. SECRETLEN= 32, /* secret max size */
  31. KEYDBOFF= 8, /* bytes of random data at key file's start */
  32. OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
  33. KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
  34. OMD5LEN= 16,
  35. };
  36. /* encryption numberings (anti-replay) */
  37. enum
  38. {
  39. AuthTreq=1, /* ticket request */
  40. AuthChal=2, /* challenge box request */
  41. AuthPass=3, /* change password */
  42. AuthOK=4, /* fixed length reply follows */
  43. AuthErr=5, /* error follows */
  44. AuthMod=6, /* modify user */
  45. AuthApop=7, /* apop authentication for pop3 */
  46. AuthOKvar=9, /* variable length reply follows */
  47. AuthChap=10, /* chap authentication for ppp */
  48. AuthMSchap=11, /* MS chap authentication for ppp */
  49. AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
  50. AuthHttp=13, /* http domain login */
  51. AuthVNC=14, /* VNC server login (deprecated) */
  52. AuthTs=64, /* ticket encrypted with server's key */
  53. AuthTc, /* ticket encrypted with client's key */
  54. AuthAs, /* server generated authenticator */
  55. AuthAc, /* client generated authenticator */
  56. AuthTp, /* ticket encrypted with client's key for password change */
  57. AuthHr, /* http reply */
  58. };
  59. struct Ticketreq
  60. {
  61. char type;
  62. char authid[ANAMELEN]; /* server's encryption id */
  63. char authdom[DOMLEN]; /* server's authentication domain */
  64. char chal[CHALLEN]; /* challenge from server */
  65. char hostid[ANAMELEN]; /* host's encryption id */
  66. char uid[ANAMELEN]; /* uid of requesting user on host */
  67. };
  68. #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
  69. struct Ticket
  70. {
  71. char num; /* replay protection */
  72. char chal[CHALLEN]; /* server challenge */
  73. char cuid[ANAMELEN]; /* uid on client */
  74. char suid[ANAMELEN]; /* uid on server */
  75. char key[DESKEYLEN]; /* nonce DES key */
  76. };
  77. #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
  78. struct Authenticator
  79. {
  80. char num; /* replay protection */
  81. char chal[CHALLEN];
  82. uint32_t id; /* authenticator id, ++'d with each auth */
  83. };
  84. #define AUTHENTLEN (CHALLEN+4+1)
  85. struct Passwordreq
  86. {
  87. char num;
  88. char old[ANAMELEN];
  89. char new[ANAMELEN];
  90. char changesecret;
  91. char secret[SECRETLEN]; /* new secret */
  92. };
  93. #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
  94. struct OChapreply
  95. {
  96. uint8_t id;
  97. char uid[ANAMELEN];
  98. char resp[OMD5LEN];
  99. };
  100. struct OMSchapreply
  101. {
  102. char uid[ANAMELEN];
  103. char LMresp[24]; /* Lan Manager response */
  104. char NTresp[24]; /* NT response */
  105. };
  106. /*
  107. * convert to/from wire format
  108. */
  109. extern int convT2M(Ticket*, char*, char*);
  110. extern void convM2T(char*, Ticket*, char*);
  111. extern void convM2Tnoenc(char*, Ticket*);
  112. extern int convA2M(Authenticator*, char*, char*);
  113. extern void convM2A(char*, Authenticator*, char*);
  114. extern int convTR2M(Ticketreq*, char*);
  115. extern void convM2TR(char*, Ticketreq*);
  116. extern int convPR2M(Passwordreq*, char*, char*);
  117. extern void convM2PR(char*, Passwordreq*, char*);
  118. /*
  119. * convert ascii password to DES key
  120. */
  121. extern int opasstokey(char*, char*);
  122. extern int passtokey(char*, char*);
  123. /*
  124. * Nvram interface
  125. */
  126. enum {
  127. NVread = 0, /* just read */
  128. NVwrite = 1<<0, /* always prompt and rewrite nvram */
  129. NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
  130. NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
  131. };
  132. /* storage layout */
  133. struct Nvrsafe
  134. {
  135. char machkey[DESKEYLEN]; /* was file server's authid's des key */
  136. uint8_t machsum;
  137. char authkey[DESKEYLEN]; /* authid's des key from password */
  138. uint8_t authsum;
  139. /*
  140. * file server config string of device holding full configuration;
  141. * secstore key on non-file-servers.
  142. */
  143. char config[CONFIGLEN];
  144. uint8_t configsum;
  145. char authid[ANAMELEN]; /* auth userid, e.g., bootes */
  146. uint8_t authidsum;
  147. char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
  148. uint8_t authdomsum;
  149. };
  150. extern uint8_t nvcsum(void*, int);
  151. extern int readnvram(Nvrsafe*, int);
  152. /*
  153. * call up auth server
  154. */
  155. extern int authdial(char *netroot, char *authdom);
  156. /*
  157. * exchange messages with auth server
  158. */
  159. extern int _asgetticket(int, char*, char*);
  160. extern int _asrdresp(int, char*, int);
  161. extern int sslnegotiate(int, Ticket*, char**, char**);
  162. extern int srvsslnegotiate(int, Ticket*, char**, char**);