authsrv.h (4792B)
1 2 /* 3 * Interface for talking to authentication server. 4 */ 5 typedef struct Ticket Ticket; 6 typedef struct Ticketreq Ticketreq; 7 typedef struct Authenticator Authenticator; 8 typedef struct Nvrsafe Nvrsafe; 9 typedef struct Passwordreq Passwordreq; 10 typedef struct OChapreply OChapreply; 11 typedef struct OMSchapreply OMSchapreply; 12 13 enum 14 { 15 ANAMELEN= 28, /* name max size in previous proto */ 16 AERRLEN= 64, /* errstr max size in previous proto */ 17 DOMLEN= 48, /* authentication domain name length */ 18 DESKEYLEN= 7, /* encrypt/decrypt des key length */ 19 CHALLEN= 8, /* plan9 sk1 challenge length */ 20 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */ 21 CONFIGLEN= 14, 22 SECRETLEN= 32, /* secret max size */ 23 24 KEYDBOFF= 8, /* bytes of random data at key file's start */ 25 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */ 26 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */ 27 OMD5LEN= 16, 28 }; 29 30 /* encryption numberings (anti-replay) */ 31 enum 32 { 33 AuthTreq=1, /* ticket request */ 34 AuthChal=2, /* challenge box request */ 35 AuthPass=3, /* change password */ 36 AuthOK=4, /* fixed length reply follows */ 37 AuthErr=5, /* error follows */ 38 AuthMod=6, /* modify user */ 39 AuthApop=7, /* apop authentication for pop3 */ 40 AuthOKvar=9, /* variable length reply follows */ 41 AuthChap=10, /* chap authentication for ppp */ 42 AuthMSchap=11, /* MS chap authentication for ppp */ 43 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */ 44 AuthHttp=13, /* http domain login */ 45 AuthVNC=14, /* VNC server login (deprecated) */ 46 47 48 AuthTs=64, /* ticket encrypted with server's key */ 49 AuthTc, /* ticket encrypted with client's key */ 50 AuthAs, /* server generated authenticator */ 51 AuthAc, /* client generated authenticator */ 52 AuthTp, /* ticket encrypted with client's key for password change */ 53 AuthHr, /* http reply */ 54 }; 55 56 struct Ticketreq 57 { 58 char type; 59 char authid[ANAMELEN]; /* server's encryption id */ 60 char authdom[DOMLEN]; /* server's authentication domain */ 61 char chal[CHALLEN]; /* challenge from server */ 62 char hostid[ANAMELEN]; /* host's encryption id */ 63 char uid[ANAMELEN]; /* uid of requesting user on host */ 64 }; 65 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1) 66 67 struct Ticket 68 { 69 char num; /* replay protection */ 70 char chal[CHALLEN]; /* server challenge */ 71 char cuid[ANAMELEN]; /* uid on client */ 72 char suid[ANAMELEN]; /* uid on server */ 73 char key[DESKEYLEN]; /* nonce DES key */ 74 }; 75 #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1) 76 77 struct Authenticator 78 { 79 char num; /* replay protection */ 80 char chal[CHALLEN]; 81 ulong id; /* authenticator id, ++'d with each auth */ 82 }; 83 #define AUTHENTLEN (CHALLEN+4+1) 84 85 struct Passwordreq 86 { 87 char num; 88 char old[ANAMELEN]; 89 char new[ANAMELEN]; 90 char changesecret; 91 char secret[SECRETLEN]; /* new secret */ 92 }; 93 #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN) 94 95 struct OChapreply 96 { 97 uchar id; 98 char uid[ANAMELEN]; 99 char resp[OMD5LEN]; 100 }; 101 102 struct OMSchapreply 103 { 104 char uid[ANAMELEN]; 105 char LMresp[24]; /* Lan Manager response */ 106 char NTresp[24]; /* NT response */ 107 }; 108 109 /* 110 * convert to/from wire format 111 */ 112 extern int convT2M(Ticket*, char*, char*); 113 extern void convM2T(char*, Ticket*, char*); 114 extern void convM2Tnoenc(char*, Ticket*); 115 extern int convA2M(Authenticator*, char*, char*); 116 extern void convM2A(char*, Authenticator*, char*); 117 extern int convTR2M(Ticketreq*, char*); 118 extern void convM2TR(char*, Ticketreq*); 119 extern int convPR2M(Passwordreq*, char*, char*); 120 extern void convM2PR(char*, Passwordreq*, char*); 121 122 /* 123 * convert ascii password to DES key 124 */ 125 extern int opasstokey(char*, char*); 126 extern int passtokey(char*, char*); 127 128 /* 129 * Nvram interface 130 */ 131 enum { 132 NVread = 0, /* just read */ 133 NVwrite = 1<<0, /* always prompt and rewrite nvram */ 134 NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */ 135 NVwritemem = 1<<2, /* don't prompt, write nvram from argument */ 136 }; 137 138 /* storage layout */ 139 struct Nvrsafe 140 { 141 char machkey[DESKEYLEN]; /* was file server's authid's des key */ 142 uchar machsum; 143 char authkey[DESKEYLEN]; /* authid's des key from password */ 144 uchar authsum; 145 /* 146 * file server config string of device holding full configuration; 147 * secstore key on non-file-servers. 148 */ 149 char config[CONFIGLEN]; 150 uchar configsum; 151 char authid[ANAMELEN]; /* auth userid, e.g., bootes */ 152 uchar authidsum; 153 char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */ 154 uchar authdomsum; 155 }; 156 157 extern uchar nvcsum(void*, int); 158 extern int readnvram(Nvrsafe*, int); 159 160 /* 161 * call up auth server 162 */ 163 extern int authdial(char *netroot, char *authdom); 164 165 /* 166 * exchange messages with auth server 167 */ 168 extern int _asgetticket(int, char*, char*); 169 extern int _asrdresp(int, char*, int); 170 extern int sslnegotiate(int, Ticket*, char**, char**); 171 extern int srvsslnegotiate(int, Ticket*, char**, char**);