1 #ifdef PLAN9 2 #pragma src "/sys/src/libauthsrv" 3 #pragma lib "libauthsrv.a" 4 #endif 5 6 /* 7 * Interface for talking to authentication server. 8 */ 9 typedef struct Ticket Ticket; 10 typedef struct Ticketreq Ticketreq; 11 typedef struct Authenticator Authenticator; 12 typedef struct Nvrsafe Nvrsafe; 13 typedef struct Passwordreq Passwordreq; 14 typedef struct OChapreply OChapreply; 15 typedef struct OMSchapreply OMSchapreply; 16 17 enum 18 { 19 ANAMELEN= 28, /* maximum size of name in previous proto */ 20 AERRLEN= 64, /* maximum size of errstr in previous proto */ 21 DOMLEN= 48, /* length of an authentication domain name */ 22 DESKEYLEN= 7, /* length of a des key for encrypt/decrypt */ 23 CHALLEN= 8, /* length of a plan9 sk1 challenge */ 24 NETCHLEN= 16, /* max network challenge length (used in AS protocol) */ 25 CONFIGLEN= 14, 26 SECRETLEN= 32, /* max length of a secret */ 27 28 KEYDBOFF= 8, /* length of random data at the start of key file */ 29 OKEYDBLEN= ANAMELEN+DESKEYLEN+4+2, /* length of an entry in old key file */ 30 KEYDBLEN= OKEYDBLEN+SECRETLEN, /* length of an entry in key file */ 31 OMD5LEN= 16, 32 }; 33 34 /* encryption numberings (anti-replay) */ 35 enum 36 { 37 AuthTreq=1, /* ticket request */ 38 AuthChal=2, /* challenge box request */ 39 AuthPass=3, /* change password */ 40 AuthOK=4, /* fixed length reply follows */ 41 AuthErr=5, /* error follows */ 42 AuthMod=6, /* modify user */ 43 AuthApop=7, /* apop authentication for pop3 */ 44 AuthOKvar=9, /* variable length reply follows */ 45 AuthChap=10, /* chap authentication for ppp */ 46 AuthMSchap=11, /* MS chap authentication for ppp */ 47 AuthCram=12, /* CRAM verification for IMAP (RFC2195 & rfc2104) */ 48 AuthHttp=13, /* http domain login */ 49 AuthVNC=14, /* VNC server login (deprecated) */ 50 51 52 AuthTs=64, /* ticket encrypted with server's key */ 53 AuthTc, /* ticket encrypted with client's key */ 54 AuthAs, /* server generated authenticator */ 55 AuthAc, /* client generated authenticator */ 56 AuthTp, /* ticket encrypted with client's key for password change */ 57 AuthHr, /* http reply */ 58 }; 59 60 struct Ticketreq 61 { 62 char type; 63 char authid[ANAMELEN]; /* server's encryption id */ 64 char authdom[DOMLEN]; /* server's authentication domain */ 65 char chal[CHALLEN]; /* challenge from server */ 66 char hostid[ANAMELEN]; /* host's encryption id */ 67 char uid[ANAMELEN]; /* uid of requesting user on host */ 68 }; 69 #define TICKREQLEN (3*ANAMELEN+CHALLEN+DOMLEN+1) 70 71 struct Ticket 72 { 73 char num; /* replay protection */ 74 char chal[CHALLEN]; /* server challenge */ 75 char cuid[ANAMELEN]; /* uid on client */ 76 char suid[ANAMELEN]; /* uid on server */ 77 char key[DESKEYLEN]; /* nonce DES key */ 78 }; 79 #define TICKETLEN (CHALLEN+2*ANAMELEN+DESKEYLEN+1) 80 81 struct Authenticator 82 { 83 char num; /* replay protection */ 84 char chal[CHALLEN]; 85 ulong id; /* authenticator id, ++'d with each auth */ 86 }; 87 #define AUTHENTLEN (CHALLEN+4+1) 88 89 struct Passwordreq 90 { 91 char num; 92 char old[ANAMELEN]; 93 char new[ANAMELEN]; 94 char changesecret; 95 char secret[SECRETLEN]; /* new secret */ 96 }; 97 #define PASSREQLEN (2*ANAMELEN+1+1+SECRETLEN) 98 99 struct OChapreply 100 { 101 uchar id; 102 char uid[ANAMELEN]; 103 char resp[OMD5LEN]; 104 }; 105 106 struct OMSchapreply 107 { 108 char uid[ANAMELEN]; 109 char LMresp[24]; /* Lan Manager response */ 110 char NTresp[24]; /* NT response */ 111 }; 112 113 /* 114 * convert to/from wire format 115 */ 116 extern int convT2M(Ticket*, char*, char*); 117 extern void convM2T(char*, Ticket*, char*); 118 extern void convM2Tnoenc(char*, Ticket*); 119 extern int convA2M(Authenticator*, char*, char*); 120 extern void convM2A(char*, Authenticator*, char*); 121 extern int convTR2M(Ticketreq*, char*); 122 extern void convM2TR(char*, Ticketreq*); 123 extern int convPR2M(Passwordreq*, char*, char*); 124 extern void convM2PR(char*, Passwordreq*, char*); 125 126 /* 127 * convert ascii password to DES key 128 */ 129 extern int opasstokey(char*, char*); 130 extern int passtokey(char*, char*); 131 132 /* 133 * Nvram interface 134 */ 135 enum { 136 NVwrite = 1<<0, /* always prompt and rewrite nvram */ 137 NVwriteonerr = 1<<1, /* prompt and rewrite nvram when corrupt */ 138 }; 139 140 struct Nvrsafe 141 { 142 char machkey[DESKEYLEN]; 143 uchar machsum; 144 char authkey[DESKEYLEN]; 145 uchar authsum; 146 char config[CONFIGLEN]; 147 uchar configsum; 148 char authid[ANAMELEN]; 149 uchar authidsum; 150 char authdom[DOMLEN]; 151 uchar authdomsum; 152 }; 153 154 extern uchar nvcsum(void*, int); 155 extern int readnvram(Nvrsafe*, int); 156 157 /* 158 * call up auth server 159 */ 160 extern int authdial(char *netroot, char *authdom); 161 162 /* 163 * exchange messages with auth server 164 */ 165 extern int _asgetticket(int, char*, char*); 166 extern int _asrdresp(int, char*, int); 167 extern int sslnegotiate(int, Ticket*, char**, char**); 168 extern int srvsslnegotiate(int, Ticket*, char**, char**); 169