glenda.party
term% ls -F
term% cat index.txt
AUTH(2)                       System Calls Manual                      AUTH(2)



NAME
       auth,  amount,  srvauth, authenticate, getchal, chalreply, newns, auth‐
       dial, passtokey, nvcsum, convT2M, convM2T, convTR2M, convM2TR, convA2M,
       convM2A, convPR2M, convM2PR - network authentication

SYNOPSIS
       #include <u.h>
       #include <libc.h>
       #include <auth.h>

       int  auth(int fd)

       int  srvauth(int fd, char *user)

       int  getchal(Chalstate *c, char *user);

       int  chalreply(Chalstate *c, char *response);

       int  newns(char *user, char *nsfile)

       int  authdial(char *service)

       int  passtokey(char key[DESKEYLEN], char *password)

       uchar     nvcsum(void *mem, int len)

       int  authenticate(int fd, int afd)

       int  amount(int fd, char *old, int flag, char *aname)

       int  convT2M(Ticket *t, char *msg, char *key);

       void convM2T(char *msg, Ticket *t, char *key);

       int  convA2M(Authenticator *a, char *msg, char *key);

       void convM2A(char *msg, Authenticator *a, char *key);

       int  convTR2M(Ticketreq *tr, char *msg);

       void convM2TR(char *msg, Ticketreq *tr);

       int  convPR2M(Passwordreq *pr, char *msg, char *key);

       void convM2PR(char *msg, Passwordreq *pr, char *key);

DESCRIPTION
       These  functions  perform  the  authentication protocol as described in
       auth(6) for programs such as cpu(1), import(4), etc.

       Auth and srvauth authenticate connections for Plan 9  remote  execution
       using  the  rexauth  protocol described in auth(6).  Auth is run by the
       caller and srvauth by the server; both return 0 if successful and -1 on
       error.  Fd is a file descriptor to the data channel.

       Srvauth  authenticates  the corresponding incoming call.  It copies the
       name of the user into user, which must be at least NAMELEN bytes long.

       Getchal and chalreply authenticate an incoming network call for a  ser‐
       vice  that  does not perform the usual Plan 9 authentication.  They use
       the chal protocol described in auth(6).  User points to the local  name
       of  the  user.   Getchal reads a null-terminated textual challenge from
       the authentication server and copies it to c->chal.  It returns 0 if it
       reaches  the  authentication  server  or -1 if it fails.  The challenge
       should be printed for the user to see, and the user should use a  Digi‐
       tal  Pathways  SecureNet  Key or aux/netkey (see passwd(1)) to generate
       the appropriate response.

       Chalreply should be called with the user's response, which  is  also  a
       null-terminated text string.  It returns 0 if it succeeds, or -1 if the
       user was not authenticated.

       Srvauth and chalreply set the process's user name (see cons(3)).

       Newns builds  a  name  space  for  user.   It  opens  the  file  nsfile
       (/lib/namespace is used if nsfile is null), copies the old environment,
       and erases the current name space, sets the environment variables  user
       and  home, and interprets the commands in nsfile.  The format of nsfile
       is described in namespace(6).

       Authdial calls service on the local authentication server.  It  returns
       a  file  descriptor to the open connection or -1 if it fails.  Authdial
       is used to implement many of the other functions here; it is  not  nor‐
       mally called by users.

       Passtokey  converts  password  into  a DES key and stores the result in
       key.  It returns 0 if password could not be converted, and 1 otherwise.

       Nvcsum computes a checksum for the len byte array mem.  It is  used  to
       checksum keys stored in non-volatile RAM.

       Authenticate  performs authentication to a file server at the other end
       of the channel referenced by fd.  If afd is greater than  or  equal  to
       zero  and the authentication requires calling the authentication server
       then afd is used as a channel to it.  Otherwise, authenticate dials the
       authentication server using authdial().

       Amount  is  like mount but performs authentication on fd.  It should be
       used instead of mount whenever the file server being  mounted  requires
       authentication.  See bind(2) for a definition of the arguments to mount
       and amount.

       ConvT2M, convA2M, convTR2M, and convPR2M convert  tickets,  authentica‐
       tors,  ticket  requests,  and  password  change request structures into
       transmittable messages.  ConvM2T, convM2A, convM2TR, and  convM2PR  are
       used  to convert them back.  Key is used for encrypting the message be‐
       fore transmission and decrypting after reception.  These  routines  are
       used by the others to communicate with the authentication server.

FILES
       /lib/namespace
              Default name space specification file.

SOURCE
       /sys/src/libauth

SEE ALSO
       passwd(1), auth(6), cons(3), dial(2)

DIAGNOSTICS
       These  routines  set errstr.  Integer-valued functions return -1 on er‐
       ror.



                                                                       AUTH(2)