xref: /plan9/sys/include/authsrv.h (revision ec59a3ddbfceee0efe34584c2c9981a5e5ff1ec4) 
1 #pragma	src	"/sys/src/libauthsrv"
2 #pragma	lib	"libauthsrv.a"
3 
4 /*
5  * Interface for talking to authentication server.
6  */
7 typedef struct	Ticket		Ticket;
8 typedef struct	Ticketreq	Ticketreq;
9 typedef struct	Authenticator	Authenticator;
10 typedef struct	Nvrsafe		Nvrsafe;
11 typedef struct	Passwordreq	Passwordreq;
12 typedef struct	OChapreply	OChapreply;
13 typedef struct	OMSchapreply	OMSchapreply;
14 
15 enum
16 {
17 	ANAMELEN=	28,		/* maximum size of name in previous proto */
18 	AERRLEN=	64,		/* maximum size of errstr in previous proto */
19 	DOMLEN=		48,		/* length of an authentication domain name */
20 	DESKEYLEN=	7,		/* length of a des key for encrypt/decrypt */
21 	CHALLEN=	8,		/* length of a plan9 sk1 challenge */
22 	NETCHLEN=	16,		/* max network challenge length (used in AS protocol) */
23 	CONFIGLEN=	14,
24 	SECRETLEN=	32,		/* max length of a secret */
25 
26 	KEYDBOFF=	8,		/* length of random data at the start of key file */
27 	OKEYDBLEN=	ANAMELEN+DESKEYLEN+4+2,	/* length of an entry in old key file */
28 	KEYDBLEN=	OKEYDBLEN+SECRETLEN,	/* length of an entry in key file */
29 	OMD5LEN=	16,
30 };
31 
32 /* encryption numberings (anti-replay) */
33 enum
34 {
35 	AuthTreq=1,	/* ticket request */
36 	AuthChal=2,	/* challenge box request */
37 	AuthPass=3,	/* change password */
38 	AuthOK=4,	/* fixed length reply follows */
39 	AuthErr=5,	/* error follows */
40 	AuthMod=6,	/* modify user */
41 	AuthApop=7,	/* apop authentication for pop3 */
42 	AuthOKvar=9,	/* variable length reply follows */
43 	AuthChap=10,	/* chap authentication for ppp */
44 	AuthMSchap=11,	/* MS chap authentication for ppp */
45 	AuthCram=12,	/* CRAM verification for IMAP (RFC2195 & rfc2104) */
46 	AuthHttp=13,	/* http domain login */
47 	AuthVNC=14,	/* VNC server login (deprecated) */
48 
49 
50 	AuthTs=64,	/* ticket encrypted with server's key */
51 	AuthTc,		/* ticket encrypted with client's key */
52 	AuthAs,		/* server generated authenticator */
53 	AuthAc,		/* client generated authenticator */
54 	AuthTp,		/* ticket encrypted with client's key for password change */
55 	AuthHr,		/* http reply */
56 };
57 
58 struct Ticketreq
59 {
60 	char	type;
61 	char	authid[ANAMELEN];	/* server's encryption id */
62 	char	authdom[DOMLEN];	/* server's authentication domain */
63 	char	chal[CHALLEN];		/* challenge from server */
64 	char	hostid[ANAMELEN];	/* host's encryption id */
65 	char	uid[ANAMELEN];		/* uid of requesting user on host */
66 };
67 #define	TICKREQLEN	(3*ANAMELEN+CHALLEN+DOMLEN+1)
68 
69 struct Ticket
70 {
71 	char	num;			/* replay protection */
72 	char	chal[CHALLEN];		/* server challenge */
73 	char	cuid[ANAMELEN];		/* uid on client */
74 	char	suid[ANAMELEN];		/* uid on server */
75 	char	key[DESKEYLEN];		/* nonce DES key */
76 };
77 #define	TICKETLEN	(CHALLEN+2*ANAMELEN+DESKEYLEN+1)
78 
79 struct Authenticator
80 {
81 	char	num;			/* replay protection */
82 	char	chal[CHALLEN];
83 	ulong	id;			/* authenticator id, ++'d with each auth */
84 };
85 #define	AUTHENTLEN	(CHALLEN+4+1)
86 
87 struct Passwordreq
88 {
89 	char	num;
90 	char	old[ANAMELEN];
91 	char	new[ANAMELEN];
92 	char	changesecret;
93 	char	secret[SECRETLEN];	/* new secret */
94 };
95 #define	PASSREQLEN	(2*ANAMELEN+1+1+SECRETLEN)
96 
97 struct	OChapreply
98 {
99 	uchar	id;
100 	char	uid[ANAMELEN];
101 	char	resp[OMD5LEN];
102 };
103 
104 struct	OMSchapreply
105 {
106 	char	uid[ANAMELEN];
107 	char	LMresp[24];		/* Lan Manager response */
108 	char	NTresp[24];		/* NT response */
109 };
110 
111 /*
112  *  convert to/from wire format
113  */
114 extern	int	convT2M(Ticket*, char*, char*);
115 extern	void	convM2T(char*, Ticket*, char*);
116 extern	void	convM2Tnoenc(char*, Ticket*);
117 extern	int	convA2M(Authenticator*, char*, char*);
118 extern	void	convM2A(char*, Authenticator*, char*);
119 extern	int	convTR2M(Ticketreq*, char*);
120 extern	void	convM2TR(char*, Ticketreq*);
121 extern	int	convPR2M(Passwordreq*, char*, char*);
122 extern	void	convM2PR(char*, Passwordreq*, char*);
123 
124 /*
125  *  convert ascii password to DES key
126  */
127 extern	int	opasstokey(char*, char*);
128 extern	int	passtokey(char*, char*);
129 
130 /*
131  *  Nvram interface
132  */
133 enum {
134 	NVwrite = 1<<0,		/* always prompt and rewrite nvram */
135 	NVwriteonerr = 1<<1,	/* prompt and rewrite nvram when corrupt */
136 };
137 
138 struct Nvrsafe
139 {
140 	char	machkey[DESKEYLEN];
141 	uchar	machsum;
142 	char	authkey[DESKEYLEN];
143 	uchar	authsum;
144 	char	config[CONFIGLEN];
145 	uchar	configsum;
146 	char	authid[ANAMELEN];
147 	uchar	authidsum;
148 	char	authdom[DOMLEN];
149 	uchar	authdomsum;
150 };
151 
152 extern	uchar	nvcsum(void*, int);
153 extern int	readnvram(Nvrsafe*, int);
154 
155 /*
156  *  call up auth server
157  */
158 extern	int	authdial(char *netroot, char *authdom);
159 
160 /*
161  *  exchange messages with auth server
162  */
163 extern	int	_asgetticket(int, char*, char*);
164 extern	int	_asrdresp(int, char*, int);
165 extern	int	sslnegotiate(int, Ticket*, char**, char**);
166 extern	int	srvsslnegotiate(int, Ticket*, char**, char**);
167