term% cat index.txt AUTH(2) System Calls Manual AUTH(2)
NAME
auth, amount, srvauth, authenticate, getchal, chalreply, newns, auth‐
dial, passtokey, nvcsum, convT2M, convM2T, convTR2M, convM2TR, convA2M,
convM2A, convPR2M, convM2PR - network authentication
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <auth.h>
int auth(int fd)
int srvauth(int fd, char *user)
int getchal(Chalstate *c, char *user);
int chalreply(Chalstate *c, char *response);
int newns(char *user, char *nsfile)
int authdial(char *service)
int passtokey(char key[DESKEYLEN], char *password)
uchar nvcsum(void *mem, int len)
int authenticate(int fd, int afd)
int amount(int fd, char *old, int flag, char *aname)
int convT2M(Ticket *t, char *msg, char *key);
void convM2T(char *msg, Ticket *t, char *key);
int convA2M(Authenticator *a, char *msg, char *key);
void convM2A(char *msg, Authenticator *a, char *key);
int convTR2M(Ticketreq *tr, char *msg);
void convM2TR(char *msg, Ticketreq *tr);
int convPR2M(Passwordreq *pr, char *msg, char *key);
void convM2PR(char *msg, Passwordreq *pr, char *key);
DESCRIPTION
These functions perform the authentication protocol as described in
auth(6) for programs such as cpu(1), import(4), etc.
Auth and srvauth authenticate connections for Plan 9 remote execution
using the rexauth protocol described in auth(6). Auth is run by the
caller and srvauth by the server; both return 0 if successful and -1 on
error. Fd is a file descriptor to the data channel.
Srvauth authenticates the corresponding incoming call. It copies the
name of the user into user, which must be at least NAMELEN bytes long.
Getchal and chalreply authenticate an incoming network call for a ser‐
vice that does not perform the usual Plan 9 authentication. They use
the chal protocol described in auth(6). User points to the local name
of the user. Getchal reads a null-terminated textual challenge from
the authentication server and copies it to c->chal. It returns 0 if it
reaches the authentication server or -1 if it fails. The challenge
should be printed for the user to see, and the user should use a Digi‐
tal Pathways SecureNet Key or aux/netkey (see passwd(1)) to generate
the appropriate response.
Chalreply should be called with the user's response, which is also a
null-terminated text string. It returns 0 if it succeeds, or -1 if the
user was not authenticated.
Srvauth and chalreply set the process's user name (see cons(3)).
Newns builds a name space for user. It opens the file nsfile
(/lib/namespace is used if nsfile is null), copies the old environment,
and erases the current name space, sets the environment variables user
and home, and interprets the commands in nsfile. The format of nsfile
is described in namespace(6).
Authdial calls service on the local authentication server. It returns
a file descriptor to the open connection or -1 if it fails. Authdial
is used to implement many of the other functions here; it is not nor‐
mally called by users.
Passtokey converts password into a DES key and stores the result in
key. It returns 0 if password could not be converted, and 1 otherwise.
Nvcsum computes a checksum for the len byte array mem. It is used to
checksum keys stored in non-volatile RAM.
Authenticate performs authentication to a file server at the other end
of the channel referenced by fd. If afd is greater than or equal to
zero and the authentication requires calling the authentication server
then afd is used as a channel to it. Otherwise, authenticate dials the
authentication server using authdial().
Amount is like mount but performs authentication on fd. It should be
used instead of mount whenever the file server being mounted requires
authentication. See bind(2) for a definition of the arguments to mount
and amount.
ConvT2M, convA2M, convTR2M, and convPR2M convert tickets, authentica‐
tors, ticket requests, and password change request structures into
transmittable messages. ConvM2T, convM2A, convM2TR, and convM2PR are
used to convert them back. Key is used for encrypting the message be‐
fore transmission and decrypting after reception. These routines are
used by the others to communicate with the authentication server.
FILES
/lib/namespace
Default name space specification file.
SOURCE
/sys/src/libauth
SEE ALSO
passwd(1), auth(6), cons(3), dial(2)
DIAGNOSTICS
These routines set errstr. Integer-valued functions return -1 on er‐
ror.
AUTH(2)