| 2 |
- |
1 |
#pragma src "/sys/src/libauthsrv"
|
|
|
2 |
#pragma lib "libauthsrv.a"
|
|
|
3 |
|
|
|
4 |
/*
|
|
|
5 |
* Interface for talking to authentication server.
|
|
|
6 |
*/
|
|
|
7 |
typedef struct Ticket Ticket;
|
|
|
8 |
typedef struct Ticketreq Ticketreq;
|
|
|
9 |
typedef struct Authenticator Authenticator;
|
|
|
10 |
typedef struct Nvrsafe Nvrsafe;
|
|
|
11 |
typedef struct Passwordreq Passwordreq;
|
|
|
12 |
typedef struct OChapreply OChapreply;
|
|
|
13 |
typedef struct OMSchapreply OMSchapreply;
|
|
|
14 |
|
|
|
15 |
enum
|
|
|
16 |
{
|
|
|
17 |
ANAMELEN= 28, /* name max size in previous proto */
|
|
|
18 |
AERRLEN= 64, /* errstr max size in previous proto */
|
|
|
19 |
DOMLEN= 48, /* authentication domain name length */
|
|
|
20 |
DESKEYLEN= 7, /* encrypt/decrypt des key length */
|
|
|
21 |
CHALLEN= 8, /* plan9 sk1 challenge length */
|
|
|
22 |
NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
|
|
|
23 |
CONFIGLEN= 14,
|
|
|
24 |
SECRETLEN= 32, /* secret max size */
|
|
|
25 |
|
|
|
26 |
KEYDBOFF= 8, /* bytes of random data at key file's start */
|
|
|
27 |
OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
|
|
|
28 |
KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
|
|
|
29 |
OMD5LEN= 16,
|
|
|
30 |
};
|
|
|
31 |
|
|
|
32 |
/* encryption numberings (anti-replay) */
|
|
|
33 |
enum
|
|
|
34 |
{
|
|
|
35 |
AuthTreq=1, /* ticket request */
|
|
|
36 |
AuthChal=2, /* challenge box request */
|
|
|
37 |
AuthPass=3, /* change password */
|
|
|
38 |
AuthOK=4, /* fixed length reply follows */
|
|
|
39 |
AuthErr=5, /* error follows */
|
|
|
40 |
AuthMod=6, /* modify user */
|
|
|
41 |
AuthApop=7, /* apop authentication for pop3 */
|
|
|
42 |
AuthOKvar=9, /* variable length reply follows */
|
|
|
43 |
AuthChap=10, /* chap authentication for ppp */
|
|
|
44 |
AuthMSchap=11, /* MS chap authentication for ppp */
|
|
|
45 |
AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
|
|
|
46 |
AuthHttp=13, /* http domain login */
|
|
|
47 |
AuthVNC=14, /* VNC server login (deprecated) */
|
|
|
48 |
|
|
|
49 |
|
|
|
50 |
AuthTs=64, /* ticket encrypted with server's key */
|
|
|
51 |
AuthTc, /* ticket encrypted with client's key */
|
|
|
52 |
AuthAs, /* server generated authenticator */
|
|
|
53 |
AuthAc, /* client generated authenticator */
|
|
|
54 |
AuthTp, /* ticket encrypted with client's key for password change */
|
|
|
55 |
AuthHr, /* http reply */
|
|
|
56 |
};
|
|
|
57 |
|
|
|
58 |
struct Ticketreq
|
|
|
59 |
{
|
|
|
60 |
char type;
|
|
|
61 |
char authid[ANAMELEN]; /* server's encryption id */
|
|
|
62 |
char authdom[DOMLEN]; /* server's authentication domain */
|
|
|
63 |
char chal[CHALLEN]; /* challenge from server */
|
|
|
64 |
char hostid[ANAMELEN]; /* host's encryption id */
|
|
|
65 |
char uid[ANAMELEN]; /* uid of requesting user on host */
|
|
|
66 |
};
|
|
|
67 |
#define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
|
|
|
68 |
|
|
|
69 |
struct Ticket
|
|
|
70 |
{
|
|
|
71 |
char num; /* replay protection */
|
|
|
72 |
char chal[CHALLEN]; /* server challenge */
|
|
|
73 |
char cuid[ANAMELEN]; /* uid on client */
|
|
|
74 |
char suid[ANAMELEN]; /* uid on server */
|
|
|
75 |
char key[DESKEYLEN]; /* nonce DES key */
|
|
|
76 |
};
|
|
|
77 |
#define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
|
|
|
78 |
|
|
|
79 |
struct Authenticator
|
|
|
80 |
{
|
|
|
81 |
char num; /* replay protection */
|
|
|
82 |
char chal[CHALLEN];
|
|
|
83 |
ulong id; /* authenticator id, ++'d with each auth */
|
|
|
84 |
};
|
|
|
85 |
#define AUTHENTLEN (CHALLEN+4+1)
|
|
|
86 |
|
|
|
87 |
struct Passwordreq
|
|
|
88 |
{
|
|
|
89 |
char num;
|
|
|
90 |
char old[ANAMELEN];
|
|
|
91 |
char new[ANAMELEN];
|
|
|
92 |
char changesecret;
|
|
|
93 |
char secret[SECRETLEN]; /* new secret */
|
|
|
94 |
};
|
|
|
95 |
#define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
|
|
|
96 |
|
|
|
97 |
struct OChapreply
|
|
|
98 |
{
|
|
|
99 |
uchar id;
|
|
|
100 |
char uid[ANAMELEN];
|
|
|
101 |
char resp[OMD5LEN];
|
|
|
102 |
};
|
|
|
103 |
|
|
|
104 |
struct OMSchapreply
|
|
|
105 |
{
|
|
|
106 |
char uid[ANAMELEN];
|
|
|
107 |
char LMresp[24]; /* Lan Manager response */
|
|
|
108 |
char NTresp[24]; /* NT response */
|
|
|
109 |
};
|
|
|
110 |
|
|
|
111 |
/*
|
|
|
112 |
* convert to/from wire format
|
|
|
113 |
*/
|
|
|
114 |
extern int convT2M(Ticket*, char*, char*);
|
|
|
115 |
extern void convM2T(char*, Ticket*, char*);
|
|
|
116 |
extern void convM2Tnoenc(char*, Ticket*);
|
|
|
117 |
extern int convA2M(Authenticator*, char*, char*);
|
|
|
118 |
extern void convM2A(char*, Authenticator*, char*);
|
|
|
119 |
extern int convTR2M(Ticketreq*, char*);
|
|
|
120 |
extern void convM2TR(char*, Ticketreq*);
|
|
|
121 |
extern int convPR2M(Passwordreq*, char*, char*);
|
|
|
122 |
extern void convM2PR(char*, Passwordreq*, char*);
|
|
|
123 |
|
|
|
124 |
/*
|
|
|
125 |
* convert ascii password to DES key
|
|
|
126 |
*/
|
|
|
127 |
extern int opasstokey(char*, char*);
|
|
|
128 |
extern int passtokey(char*, char*);
|
|
|
129 |
|
|
|
130 |
/*
|
|
|
131 |
* Nvram interface
|
|
|
132 |
*/
|
|
|
133 |
enum {
|
|
|
134 |
NVread = 0, /* just read */
|
|
|
135 |
NVwrite = 1<<0, /* always prompt and rewrite nvram */
|
|
|
136 |
NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
|
|
|
137 |
NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
|
|
|
138 |
};
|
|
|
139 |
|
|
|
140 |
/* storage layout */
|
|
|
141 |
struct Nvrsafe
|
|
|
142 |
{
|
|
|
143 |
char machkey[DESKEYLEN]; /* was file server's authid's des key */
|
|
|
144 |
uchar machsum;
|
|
|
145 |
char authkey[DESKEYLEN]; /* authid's des key from password */
|
|
|
146 |
uchar authsum;
|
|
|
147 |
/*
|
|
|
148 |
* file server config string of device holding full configuration;
|
|
|
149 |
* secstore key on non-file-servers.
|
|
|
150 |
*/
|
|
|
151 |
char config[CONFIGLEN];
|
|
|
152 |
uchar configsum;
|
|
|
153 |
char authid[ANAMELEN]; /* auth userid, e.g., bootes */
|
|
|
154 |
uchar authidsum;
|
|
|
155 |
char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
|
|
|
156 |
uchar authdomsum;
|
|
|
157 |
};
|
|
|
158 |
|
|
|
159 |
extern uchar nvcsum(void*, int);
|
|
|
160 |
extern int readnvram(Nvrsafe*, int);
|
|
|
161 |
|
|
|
162 |
/*
|
|
|
163 |
* call up auth server
|
|
|
164 |
*/
|
|
|
165 |
extern int authdial(char *netroot, char *authdom);
|
|
|
166 |
|
|
|
167 |
/*
|
|
|
168 |
* exchange messages with auth server
|
|
|
169 |
*/
|
|
|
170 |
extern int _asgetticket(int, char*, char*);
|
|
|
171 |
extern int _asrdresp(int, char*, int);
|
|
|
172 |
extern int sslnegotiate(int, Ticket*, char**, char**);
|
|
|
173 |
extern int srvsslnegotiate(int, Ticket*, char**, char**);
|