3 auth_proxy, fauth_proxy, auth_allocrpc, auth_freerpc, auth_rpc, auth_getkey, amount_getkey, auth_freeAI, auth_chuid, auth_challenge, auth_response, auth_freechal, auth_respond, auth_userpasswd, auth_getuserpasswd, auth_getinfo, fsauth_proxy, fsfauth_proxy, fsamount, nsamount\- routines for authenticating users
12 .ta 11n +4n +4n +4n +4n +4n +4n
15 .\" int newns(char *user, char *nsfile);
18 .\" int addns(char *user, char *nsfile);
21 .\" int amount(int fd, char *old, int flag, char *aname);
24 .\" int login(char *user, char *password, char *namespace);
27 .\" int noworld(char *user);
30 AuthInfo* auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...);
33 AuthInfo* fauth_proxy(int fd, AuthRpc *rpc, AuthGetkey *getkey,
38 AuthRpc* auth_allocrpc(void);
41 void auth_freerpc(AuthRpc *rpc);
44 uint auth_rpc(AuthRpc *rpc, char *verb, void *a, int n);
47 int auth_getkey(char *proto, char *dom);
50 int (*amount_getkey)(char*, char*);
53 void auth_freeAI(AuthInfo *ai);
56 int auth_chuid(AuthInfo *ai, char *ns);
59 Chalstate* auth_challenge(char *fmt, ...);
62 AuthInfo* auth_response(Chalstate*);
65 void auth_freechal(Chalstate*);
68 int auth_respond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp, AuthGetkey *getkey, char *fmt, ...);
71 AuthInfo* auth_userpasswd(char*user, char*password);
74 UserPasswd* auth_getuserpasswd(AuthGetkey *getkey, char*fmt, ...);
77 AuthInfo* auth_getinfo(AuthRpc *rpc);
83 AuthInfo* fsauth_proxy(CFid *fid, AuthGetkey *getkey, char *fmt, ...);
86 AuthInfo* fsfauth_proxy(CFid *fid, AuthRpc *rpc, AuthGetkey *getkey,
91 CFsys* fsamount(int fd, char *aname);
94 CFsys* nsamount(char *name, char *aname);
97 This library, in concert with
99 is used to authenticate users.
100 It provides the primary interface to
104 .\" builds a name space for
106 .\" It opens the file
108 .\" .RB ( /lib/namespace
112 .\" copies the old environment, erases the current name space,
113 .\" sets the environment variables
117 .\" and interprets the commands in
122 .\" .IR namespace (6).
125 .\" also interprets and executes the commands in
129 .\" it applies the command to the current name space
130 .\" rather than starting from scratch.
135 .\" but performs any authentication required.
136 .\" It should be used instead of
138 .\" whenever the file server being mounted requires authentication.
141 .\" for a definition of the arguments to
147 .\" changes the user id of the process
149 .\" and recreates the namespace using the file
152 .\" .BR /lib/nnamespace ).
154 .\" .I auth_userpassword
159 .\" returns 1 if the user is in the group
163 .\" Otherwise, it returns 0.
165 .\" is used by telnetd and ftpd to provide sandboxed
166 .\" access for some users.
168 The following routines use the
170 structure returned after a successful authentication by
175 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
178 char *cuid; /* caller id */
179 char *suid; /* server id */
180 char *cap; /* capability */
181 int nsecret; /* length of secret */
182 uchar *secret; /* secret */
190 point to the authenticated ids of the client and server.
192 is a capability returned only to the server.
193 It is meaningful only on Plan 9.
194 .\" It can be passed to the
196 .\" device to change the user id of the process.
200 shared secret that can be used by the client and server to
201 create encryption and hashing keys for the rest of the
205 proxies an authentication conversation between a remote
206 server reading and writing
218 and the variable arg list yields a key template (see
220 specifying the key to use.
221 The template must specify at least the protocol (
228 either returns an allocated
230 structure, or sets the error string and
234 can be used instead of
236 if a single connection to
238 will be used for multiple authentications.
239 This is necessary, for example, for
243 file before wiping out the namespace.
245 takes as an argument a pointer to an
247 structure which contains an fd for an open connection to
249 in addition to storage and state information for
253 structure is obtained by calling
256 arranges a connection to
264 service posted in the current name space.
265 The returned connection
268 Individual commands can be sent to
277 take a pointer to a routine,
281 not posess a key for the authentication. If
283 is nil, the authentication fails.
285 is called with a key template for the desired
287 We have provided a generic routine,
289 which queries the user for
290 the key information and passes it to
292 This is the default for the global variable,
294 which holds a pointer to the key prompting routine used by
304 structure to change the user id of the current
309 to build it a new name space.
314 perform challenge/response protocols with
316 State between the challenge and response phase are
330 /* for implementation only */
333 char userbuf[MAXNAMELEN];
339 requires a key template generated by an
343 and the variable arguments. It must contain the protocol
345 and depending on the protocol, the user name (
346 .BI user= xxx \fR).\fP
350 expect the user specified as an attribute in
360 For all protocols, the response is returned
368 must be the length of the response.
372 a challenge string and the fmt and args specifying a key,
375 to return the proper user and response.
378 verifies a simple user/password pair.
379 .I Auth_getuserpasswd
380 retrieves a user/password pair from
387 message from factotum
388 and converts it into a structure. It is only
389 used by the other routines in this library when
395 .ta 4n +4n +4n +4n +4n +4n +4n +4n +4n
396 typedef struct UserPasswd {
406 structure returned by one of these routines.
409 frees a challenge/response state.
418 but execute the protocol on a
422 instead of a file descriptor.
435 to authenticate to the file servers.
