1*8ccd4a63SDavid du Colombier #ifdef PLAN9 2*8ccd4a63SDavid du Colombier #pragma src "/sys/src/libauthsrv" 3*8ccd4a63SDavid du Colombier #pragma lib "libauthsrv.a" 4*8ccd4a63SDavid du Colombier #endif 5*8ccd4a63SDavid du Colombier 6*8ccd4a63SDavid du Colombier /* 7*8ccd4a63SDavid du Colombier * Interface for talking to authentication server. 8*8ccd4a63SDavid du Colombier */ 9*8ccd4a63SDavid du Colombier typedef struct Ticket Ticket; 10*8ccd4a63SDavid du Colombier typedef struct Ticketreq Ticketreq; 11*8ccd4a63SDavid du Colombier typedef struct Authenticator Authenticator; 12*8ccd4a63SDavid du Colombier typedef struct Nvrsafe Nvrsafe; 13*8ccd4a63SDavid du Colombier typedef struct Passwordreq Passwordreq; 14*8ccd4a63SDavid du Colombier typedef struct OChapreply OChapreply; 15*8ccd4a63SDavid du Colombier typedef struct OMSchapreply OMSchapreply; 16*8ccd4a63SDavid du Colombier 17*8ccd4a63SDavid du Colombier enum 18*8ccd4a63SDavid du Colombier { 19*8ccd4a63SDavid du Colombier ANAMELEN= 28, /* maximum size of name in previous proto */ 20*8ccd4a63SDavid du Colombier AERRLEN= 64, /* maximum size of errstr in previous proto */ 21*8ccd4a63SDavid du Colombier DOMLEN= 48, /* length of an authentication domain name */ 22*8ccd4a63SDavid du Colombier DESKEYLEN= 7, /* length of a des key for encrypt/decrypt */ 23*8ccd4a63SDavid du Colombier CHALLEN= 8, /* length of a plan9 sk1 challenge */ 24*8ccd4a63SDavid du Colombier NETCHLEN= 16, /* max network challenge length (used in AS protocol) */ 25*8ccd4a63SDavid du Colombier CONFIGLEN= 14, 26*8ccd4a63SDavid du Colombier SECRETLEN= 32, /* max length of a secret */ 27*8ccd4a63SDavid du Colombier 28*8ccd4a63SDavid du Colombier KEYDBOFF= 8, /* length of random data at the start of key file */ 29*8ccd4a63SDavid du Colombier OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* length of an entry in old key file */ 30*8ccd4a63SDavid du Colombier KEYDBLEN= OKEYDBLEN+SECRETLEN, /* length of an entry in key file */ 31*8ccd4a63SDavid du Colombier OMD5LEN= 16, 32*8ccd4a63SDavid du Colombier }; 33*8ccd4a63SDavid du Colombier 34*8ccd4a63SDavid du Colombier /* encryption numberings (anti-replay) */ 35*8ccd4a63SDavid du Colombier enum 36*8ccd4a63SDavid du Colombier { 37*8ccd4a63SDavid du Colombier AuthTreq=1, /* ticket request */ 38*8ccd4a63SDavid du Colombier AuthChal=2, /* challenge box request */ 39*8ccd4a63SDavid du Colombier AuthPass=3, /* change password */ 40*8ccd4a63SDavid du Colombier AuthOK=4, /* fixed length reply follows */ 41*8ccd4a63SDavid du Colombier AuthErr=5, /* error follows */ 42*8ccd4a63SDavid du Colombier AuthMod=6, /* modify user */ 43*8ccd4a63SDavid du Colombier AuthApop=7, /* apop authentication for pop3 */ 44*8ccd4a63SDavid du Colombier AuthOKvar=9, /* variable length reply follows */ 45*8ccd4a63SDavid du Colombier AuthChap=10, /* chap authentication for ppp */ 46*8ccd4a63SDavid du Colombier AuthMSchap=11, /* MS chap authentication for ppp */ 47*8ccd4a63SDavid du Colombier AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */ 48*8ccd4a63SDavid du Colombier AuthHttp=13, /* http domain login */ 49*8ccd4a63SDavid du Colombier AuthVNC=14, /* VNC server login (deprecated) */ 50*8ccd4a63SDavid du Colombier 51*8ccd4a63SDavid du Colombier 52*8ccd4a63SDavid du Colombier AuthTs=64, /* ticket encrypted with server's key */ 53*8ccd4a63SDavid du Colombier AuthTc, /* ticket encrypted with client's key */ 54*8ccd4a63SDavid du Colombier AuthAs, /* server generated authenticator */ 55*8ccd4a63SDavid du Colombier AuthAc, /* client generated authenticator */ 56*8ccd4a63SDavid du Colombier AuthTp, /* ticket encrypted with client's key for password change */ 57*8ccd4a63SDavid du Colombier AuthHr, /* http reply */ 58*8ccd4a63SDavid du Colombier }; 59*8ccd4a63SDavid du Colombier 60*8ccd4a63SDavid du Colombier struct Ticketreq 61*8ccd4a63SDavid du Colombier { 62*8ccd4a63SDavid du Colombier char type; 63*8ccd4a63SDavid du Colombier char authid[ANAMELEN]; /* server's encryption id */ 64*8ccd4a63SDavid du Colombier char authdom[DOMLEN]; /* server's authentication domain */ 65*8ccd4a63SDavid du Colombier char chal[CHALLEN]; /* challenge from server */ 66*8ccd4a63SDavid du Colombier char hostid[ANAMELEN]; /* host's encryption id */ 67*8ccd4a63SDavid du Colombier char uid[ANAMELEN]; /* uid of requesting user on host */ 68*8ccd4a63SDavid du Colombier }; 69*8ccd4a63SDavid du Colombier #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1) 70*8ccd4a63SDavid du Colombier 71*8ccd4a63SDavid du Colombier struct Ticket 72*8ccd4a63SDavid du Colombier { 73*8ccd4a63SDavid du Colombier char num; /* replay protection */ 74*8ccd4a63SDavid du Colombier char chal[CHALLEN]; /* server challenge */ 75*8ccd4a63SDavid du Colombier char cuid[ANAMELEN]; /* uid on client */ 76*8ccd4a63SDavid du Colombier char suid[ANAMELEN]; /* uid on server */ 77*8ccd4a63SDavid du Colombier char key[DESKEYLEN]; /* nonce DES key */ 78*8ccd4a63SDavid du Colombier }; 79*8ccd4a63SDavid du Colombier #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1) 80*8ccd4a63SDavid du Colombier 81*8ccd4a63SDavid du Colombier struct Authenticator 82*8ccd4a63SDavid du Colombier { 83*8ccd4a63SDavid du Colombier char num; /* replay protection */ 84*8ccd4a63SDavid du Colombier char chal[CHALLEN]; 85*8ccd4a63SDavid du Colombier ulong id; /* authenticator id, ++'d with each auth */ 86*8ccd4a63SDavid du Colombier }; 87*8ccd4a63SDavid du Colombier #define AUTHENTLEN (CHALLEN+4+1) 88*8ccd4a63SDavid du Colombier 89*8ccd4a63SDavid du Colombier struct Passwordreq 90*8ccd4a63SDavid du Colombier { 91*8ccd4a63SDavid du Colombier char num; 92*8ccd4a63SDavid du Colombier char old[ANAMELEN]; 93*8ccd4a63SDavid du Colombier char new[ANAMELEN]; 94*8ccd4a63SDavid du Colombier char changesecret; 95*8ccd4a63SDavid du Colombier char secret[SECRETLEN]; /* new secret */ 96*8ccd4a63SDavid du Colombier }; 97*8ccd4a63SDavid du Colombier #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN) 98*8ccd4a63SDavid du Colombier 99*8ccd4a63SDavid du Colombier struct OChapreply 100*8ccd4a63SDavid du Colombier { 101*8ccd4a63SDavid du Colombier uchar id; 102*8ccd4a63SDavid du Colombier char uid[ANAMELEN]; 103*8ccd4a63SDavid du Colombier char resp[OMD5LEN]; 104*8ccd4a63SDavid du Colombier }; 105*8ccd4a63SDavid du Colombier 106*8ccd4a63SDavid du Colombier struct OMSchapreply 107*8ccd4a63SDavid du Colombier { 108*8ccd4a63SDavid du Colombier char uid[ANAMELEN]; 109*8ccd4a63SDavid du Colombier char LMresp[24]; /* Lan Manager response */ 110*8ccd4a63SDavid du Colombier char NTresp[24]; /* NT response */ 111*8ccd4a63SDavid du Colombier }; 112*8ccd4a63SDavid du Colombier 113*8ccd4a63SDavid du Colombier /* 114*8ccd4a63SDavid du Colombier * convert to/from wire format 115*8ccd4a63SDavid du Colombier */ 116*8ccd4a63SDavid du Colombier extern int convT2M(Ticket*, char*, char*); 117*8ccd4a63SDavid du Colombier extern void convM2T(char*, Ticket*, char*); 118*8ccd4a63SDavid du Colombier extern void convM2Tnoenc(char*, Ticket*); 119*8ccd4a63SDavid du Colombier extern int convA2M(Authenticator*, char*, char*); 120*8ccd4a63SDavid du Colombier extern void convM2A(char*, Authenticator*, char*); 121*8ccd4a63SDavid du Colombier extern int convTR2M(Ticketreq*, char*); 122*8ccd4a63SDavid du Colombier extern void convM2TR(char*, Ticketreq*); 123*8ccd4a63SDavid du Colombier extern int convPR2M(Passwordreq*, char*, char*); 124*8ccd4a63SDavid du Colombier extern void convM2PR(char*, Passwordreq*, char*); 125*8ccd4a63SDavid du Colombier 126*8ccd4a63SDavid du Colombier /* 127*8ccd4a63SDavid du Colombier * convert ascii password to DES key 128*8ccd4a63SDavid du Colombier */ 129*8ccd4a63SDavid du Colombier extern int opasstokey(char*, char*); 130*8ccd4a63SDavid du Colombier extern int passtokey(char*, char*); 131*8ccd4a63SDavid du Colombier 132*8ccd4a63SDavid du Colombier /* 133*8ccd4a63SDavid du Colombier * Nvram interface 134*8ccd4a63SDavid du Colombier */ 135*8ccd4a63SDavid du Colombier enum { 136*8ccd4a63SDavid du Colombier NVwrite = 1<<0, /* always prompt and rewrite nvram */ 137*8ccd4a63SDavid du Colombier NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */ 138*8ccd4a63SDavid du Colombier }; 139*8ccd4a63SDavid du Colombier 140*8ccd4a63SDavid du Colombier struct Nvrsafe 141*8ccd4a63SDavid du Colombier { 142*8ccd4a63SDavid du Colombier char machkey[DESKEYLEN]; 143*8ccd4a63SDavid du Colombier uchar machsum; 144*8ccd4a63SDavid du Colombier char authkey[DESKEYLEN]; 145*8ccd4a63SDavid du Colombier uchar authsum; 146*8ccd4a63SDavid du Colombier char config[CONFIGLEN]; 147*8ccd4a63SDavid du Colombier uchar configsum; 148*8ccd4a63SDavid du Colombier char authid[ANAMELEN]; 149*8ccd4a63SDavid du Colombier uchar authidsum; 150*8ccd4a63SDavid du Colombier char authdom[DOMLEN]; 151*8ccd4a63SDavid du Colombier uchar authdomsum; 152*8ccd4a63SDavid du Colombier }; 153*8ccd4a63SDavid du Colombier 154*8ccd4a63SDavid du Colombier extern uchar nvcsum(void*, int); 155*8ccd4a63SDavid du Colombier extern int readnvram(Nvrsafe*, int); 156*8ccd4a63SDavid du Colombier 157*8ccd4a63SDavid du Colombier /* 158*8ccd4a63SDavid du Colombier * call up auth server 159*8ccd4a63SDavid du Colombier */ 160*8ccd4a63SDavid du Colombier extern int authdial(char *netroot, char *authdom); 161*8ccd4a63SDavid du Colombier 162*8ccd4a63SDavid du Colombier /* 163*8ccd4a63SDavid du Colombier * exchange messages with auth server 164*8ccd4a63SDavid du Colombier */ 165*8ccd4a63SDavid du Colombier extern int _asgetticket(int, char*, char*); 166*8ccd4a63SDavid du Colombier extern int _asrdresp(int, char*, int); 167*8ccd4a63SDavid du Colombier extern int sslnegotiate(int, Ticket*, char**, char**); 168*8ccd4a63SDavid du Colombier extern int srvsslnegotiate(int, Ticket*, char**, char**); 169