authsrv.h - vx32 - Local 9vx git repository for patches.
(HTM) git clone git://r-36.net/vx32
(DIR) Log
(DIR) Files
(DIR) Refs
---
authsrv.h (4792B)
---
1
2 /*
3 * Interface for talking to authentication server.
4 */
5 typedef struct Ticket Ticket;
6 typedef struct Ticketreq Ticketreq;
7 typedef struct Authenticator Authenticator;
8 typedef struct Nvrsafe Nvrsafe;
9 typedef struct Passwordreq Passwordreq;
10 typedef struct OChapreply OChapreply;
11 typedef struct OMSchapreply OMSchapreply;
12
13 enum
14 {
15 ANAMELEN= 28, /* name max size in previous proto */
16 AERRLEN= 64, /* errstr max size in previous proto */
17 DOMLEN= 48, /* authentication domain name length */
18 DESKEYLEN= 7, /* encrypt/decrypt des key length */
19 CHALLEN= 8, /* plan9 sk1 challenge length */
20 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */
21 CONFIGLEN= 14,
22 SECRETLEN= 32, /* secret max size */
23
24 KEYDBOFF= 8, /* bytes of random data at key file's start */
25 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* old key file entry length */
26 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* key file entry length */
27 OMD5LEN= 16,
28 };
29
30 /* encryption numberings (anti-replay) */
31 enum
32 {
33 AuthTreq=1, /* ticket request */
34 AuthChal=2, /* challenge box request */
35 AuthPass=3, /* change password */
36 AuthOK=4, /* fixed length reply follows */
37 AuthErr=5, /* error follows */
38 AuthMod=6, /* modify user */
39 AuthApop=7, /* apop authentication for pop3 */
40 AuthOKvar=9, /* variable length reply follows */
41 AuthChap=10, /* chap authentication for ppp */
42 AuthMSchap=11, /* MS chap authentication for ppp */
43 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */
44 AuthHttp=13, /* http domain login */
45 AuthVNC=14, /* VNC server login (deprecated) */
46
47
48 AuthTs=64, /* ticket encrypted with server's key */
49 AuthTc, /* ticket encrypted with client's key */
50 AuthAs, /* server generated authenticator */
51 AuthAc, /* client generated authenticator */
52 AuthTp, /* ticket encrypted with client's key for password change */
53 AuthHr, /* http reply */
54 };
55
56 struct Ticketreq
57 {
58 char type;
59 char authid[ANAMELEN]; /* server's encryption id */
60 char authdom[DOMLEN]; /* server's authentication domain */
61 char chal[CHALLEN]; /* challenge from server */
62 char hostid[ANAMELEN]; /* host's encryption id */
63 char uid[ANAMELEN]; /* uid of requesting user on host */
64 };
65 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1)
66
67 struct Ticket
68 {
69 char num; /* replay protection */
70 char chal[CHALLEN]; /* server challenge */
71 char cuid[ANAMELEN]; /* uid on client */
72 char suid[ANAMELEN]; /* uid on server */
73 char key[DESKEYLEN]; /* nonce DES key */
74 };
75 #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1)
76
77 struct Authenticator
78 {
79 char num; /* replay protection */
80 char chal[CHALLEN];
81 ulong id; /* authenticator id, ++'d with each auth */
82 };
83 #define AUTHENTLEN (CHALLEN+4+1)
84
85 struct Passwordreq
86 {
87 char num;
88 char old[ANAMELEN];
89 char new[ANAMELEN];
90 char changesecret;
91 char secret[SECRETLEN]; /* new secret */
92 };
93 #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN)
94
95 struct OChapreply
96 {
97 uchar id;
98 char uid[ANAMELEN];
99 char resp[OMD5LEN];
100 };
101
102 struct OMSchapreply
103 {
104 char uid[ANAMELEN];
105 char LMresp[24]; /* Lan Manager response */
106 char NTresp[24]; /* NT response */
107 };
108
109 /*
110 * convert to/from wire format
111 */
112 extern int convT2M(Ticket*, char*, char*);
113 extern void convM2T(char*, Ticket*, char*);
114 extern void convM2Tnoenc(char*, Ticket*);
115 extern int convA2M(Authenticator*, char*, char*);
116 extern void convM2A(char*, Authenticator*, char*);
117 extern int convTR2M(Ticketreq*, char*);
118 extern void convM2TR(char*, Ticketreq*);
119 extern int convPR2M(Passwordreq*, char*, char*);
120 extern void convM2PR(char*, Passwordreq*, char*);
121
122 /*
123 * convert ascii password to DES key
124 */
125 extern int opasstokey(char*, char*);
126 extern int passtokey(char*, char*);
127
128 /*
129 * Nvram interface
130 */
131 enum {
132 NVread = 0, /* just read */
133 NVwrite = 1<<0, /* always prompt and rewrite nvram */
134 NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */
135 NVwritemem = 1<<2, /* don't prompt, write nvram from argument */
136 };
137
138 /* storage layout */
139 struct Nvrsafe
140 {
141 char machkey[DESKEYLEN]; /* was file server's authid's des key */
142 uchar machsum;
143 char authkey[DESKEYLEN]; /* authid's des key from password */
144 uchar authsum;
145 /*
146 * file server config string of device holding full configuration;
147 * secstore key on non-file-servers.
148 */
149 char config[CONFIGLEN];
150 uchar configsum;
151 char authid[ANAMELEN]; /* auth userid, e.g., bootes */
152 uchar authidsum;
153 char authdom[DOMLEN]; /* auth domain, e.g., cs.bell-labs.com */
154 uchar authdomsum;
155 };
156
157 extern uchar nvcsum(void*, int);
158 extern int readnvram(Nvrsafe*, int);
159
160 /*
161 * call up auth server
162 */
163 extern int authdial(char *netroot, char *authdom);
164
165 /*
166 * exchange messages with auth server
167 */
168 extern int _asgetticket(int, char*, char*);
169 extern int _asrdresp(int, char*, int);
170 extern int sslnegotiate(int, Ticket*, char**, char**);
171 extern int srvsslnegotiate(int, Ticket*, char**, char**);