Commit | Line | Data |
---|---|---|
b1052012 C |
1 | |
2 | ||
3 | ||
4 | KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3) | |
5 | ||
6 | ||
7 | N\bNA\bAM\bME\bE | |
8 | krb_sendauth, krb_recvauth, krb_net_write, krb_net_read - | |
9 | Kerberos routines for sending authentication via network | |
10 | stream sockets | |
11 | ||
12 | S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS | |
13 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/k\bkr\brb\bb.\b.h\bh>\b> | |
14 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<k\bke\ber\brb\bbe\ber\bro\bos\bsI\bIV\bV/\b/d\bde\bes\bs.\b.h\bh>\b> | |
15 | #\b#i\bin\bnc\bcl\blu\bud\bde\be <\b<n\bne\bet\bti\bin\bne\bet\bt/\b/i\bin\bn.\b.h\bh>\b> | |
16 | ||
17 | ||
18 | i\bin\bnt\bt k\bkr\brb\bb_\b_s\bse\ben\bnd\bda\bau\but\bth\bh(\b(o\bop\bpt\bti\bio\bon\bns\bs,\b, f\bfd\bd,\b, k\bkt\bte\bex\bxt\bt,\b, s\bse\ber\brv\bvi\bic\bce\be,\b, i\bin\bns\bst\bt,\b, r\bre\bea\bal\blm\bm,\b, | |
19 | c\bch\bhe\bec\bck\bks\bsu\bum\bm,\b, m\bms\bsg\bg_\b_d\bda\bat\bta\ba,\b, c\bcr\bre\bed\bd,\b, s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b, l\bla\bad\bdd\bdr\br,\b, | |
20 | f\bfa\bad\bdd\bdr\br,\b, v\bve\ber\brs\bsi\bio\bon\bn)\b) | |
21 | l\blo\bon\bng\bg o\bop\bpt\bti\bio\bon\bns\bs;\b; | |
22 | i\bin\bnt\bt f\bfd\bd;\b; | |
23 | K\bKT\bTE\bEX\bXT\bT k\bkt\bte\bex\bxt\bt;\b; | |
24 | c\bch\bha\bar\br *\b*s\bse\ber\brv\bvi\bic\bce\be,\b, *\b*i\bin\bns\bst\bt,\b, *\b*r\bre\bea\bal\blm\bm;\b; | |
25 | u\bu_\b_l\blo\bon\bng\bg c\bch\bhe\bec\bck\bks\bsu\bum\bm;\b; | |
26 | M\bMS\bSG\bG_\b_D\bDA\bAT\bT *\b*m\bms\bsg\bg_\b_d\bda\bat\bta\ba;\b; | |
27 | C\bCR\bRE\bED\bDE\bEN\bNT\bTI\bIA\bAL\bLS\bS *\b*c\bcr\bre\bed\bd;\b; | |
28 | K\bKe\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; | |
29 | s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*l\bla\bad\bdd\bdr\br,\b, *\b*f\bfa\bad\bdd\bdr\br;\b; | |
30 | c\bch\bha\bar\br *\b*v\bve\ber\brs\bsi\bio\bon\bn;\b; | |
31 | ||
32 | ||
33 | i\bin\bnt\bt k\bkr\brb\bb_\b_r\bre\bec\bcv\bva\bau\but\bth\bh(\b(o\bop\bpt\bti\bio\bon\bns\bs,\b, f\bfd\bd,\b, k\bkt\bte\bex\bxt\bt,\b, s\bse\ber\brv\bvi\bic\bce\be,\b, i\bin\bns\bst\bt,\b, f\bfa\bad\bdd\bdr\br,\b, | |
34 | l\bla\bad\bdd\bdr\br,\b, a\bau\but\bth\bh_\b_d\bda\bat\bta\ba,\b, f\bfi\bil\ble\ben\bna\bam\bme\be,\b, s\bsc\bch\bhe\bed\bdu\bul\ble\be,\b, v\bve\ber\brs\bsi\bio\bon\bn)\b) | |
35 | l\blo\bon\bng\bg o\bop\bpt\bti\bio\bon\bns\bs;\b; | |
36 | i\bin\bnt\bt f\bfd\bd;\b; | |
37 | K\bKT\bTE\bEX\bXT\bT k\bkt\bte\bex\bxt\bt;\b; | |
38 | c\bch\bha\bar\br *\b*s\bse\ber\brv\bvi\bic\bce\be,\b, *\b*i\bin\bns\bst\bt;\b; | |
39 | s\bst\btr\bru\buc\bct\bt s\bso\boc\bck\bka\bad\bdd\bdr\br_\b_i\bin\bn *\b*f\bfa\bad\bdd\bdr\br,\b, *\b*l\bla\bad\bdd\bdr\br;\b; | |
40 | A\bAU\bUT\bTH\bH_\b_D\bDA\bAT\bT *\b*a\bau\but\bth\bh_\b_d\bda\bat\bta\ba;\b; | |
41 | c\bch\bha\bar\br *\b*f\bfi\bil\ble\ben\bna\bam\bme\be;\b; | |
42 | K\bKe\bey\by_\b_s\bsc\bch\bhe\bed\bdu\bul\ble\be s\bsc\bch\bhe\bed\bdu\bul\ble\be;\b; | |
43 | c\bch\bha\bar\br *\b*v\bve\ber\brs\bsi\bio\bon\bn;\b; | |
44 | ||
45 | i\bin\bnt\bt k\bkr\brb\bb_\b_n\bne\bet\bt_\b_w\bwr\bri\bit\bte\be(\b(f\bfd\bd,\b, b\bbu\buf\bf,\b, l\ble\ben\bn)\b) | |
46 | i\bin\bnt\bt f\bfd\bd;\b; | |
47 | c\bch\bha\bar\br *\b*b\bbu\buf\bf;\b; | |
48 | i\bin\bnt\bt l\ble\ben\bn;\b; | |
49 | ||
50 | i\bin\bnt\bt k\bkr\brb\bb_\b_n\bne\bet\bt_\b_r\bre\bea\bad\bd(\b(f\bfd\bd,\b, b\bbu\buf\bf,\b, l\ble\ben\bn)\b) | |
51 | i\bin\bnt\bt f\bfd\bd;\b; | |
52 | c\bch\bha\bar\br *\b*b\bbu\buf\bf;\b; | |
53 | i\bin\bnt\bt l\ble\ben\bn;\b; | |
54 | ||
55 | D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN | |
56 | These functions, which are built on top of the core Ker- | |
57 | beros library, provide a convenient means for client and | |
58 | ||
59 | ||
60 | ||
61 | MIT Project Athena Kerberos Version 4.0 1 | |
62 | ||
63 | ||
64 | ||
65 | ||
66 | ||
67 | ||
68 | ||
69 | ||
70 | KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3) | |
71 | ||
72 | ||
73 | server programs to send authentication messages to one | |
74 | another through network connections. The _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh | |
75 | function sends an authenticated ticket from the client | |
76 | program to the server program by writing the ticket to a | |
77 | network socket. The _\bk_\br_\bb_\b__\br_\be_\bc_\bv_\ba_\bu_\bt_\bh function receives the | |
78 | ticket from the client by reading from a network socket. | |
79 | ||
80 | ||
81 | K\bKR\bRB\bB_\b_S\bSE\bEN\bND\bDA\bAU\bUT\bTH\bH | |
82 | This function writes the ticket to the network socket | |
83 | specified by the file descriptor _\bf_\bd_\b, returning KSUCCESS if | |
84 | the write proceeds successfully, and an error code if it | |
85 | does not. | |
86 | ||
87 | The _\bk_\bt_\be_\bx_\bt argument should point to an allocated KTEXT_ST | |
88 | structure. The _\bs_\be_\br_\bv_\bi_\bc_\be_\b, _\bi_\bn_\bs_\bt_\b, and _\br_\be_\ba_\bl_\bm arguments specify | |
89 | the server program's Kerberos principal name, instance, | |
90 | and realm. If you are writing a client that uses the | |
91 | local realm exclusively, you can set the _\br_\be_\ba_\bl_\bm argument to | |
92 | NULL. | |
93 | ||
94 | The _\bv_\be_\br_\bs_\bi_\bo_\bn argument allows the client program to pass an | |
95 | application-specific version string that the server pro- | |
96 | gram can then match against its own version string. The | |
97 | _\bv_\be_\br_\bs_\bi_\bo_\bn string can be up to KSEND_VNO_LEN (see _\b<_\bk_\br_\bb_\b._\bh_\b>) | |
98 | characters in length. | |
99 | ||
100 | The _\bc_\bh_\be_\bc_\bk_\bs_\bu_\bm argument can be used to pass checksum infor- | |
101 | mation to the server program. The client program is | |
102 | responsible for specifying this information. This check- | |
103 | sum information is difficult to corrupt because | |
104 | _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh passes it over the network in encrypted form. | |
105 | The _\bc_\bh_\be_\bc_\bk_\bs_\bu_\bm argument is passed as the checksum argument | |
106 | to _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq. | |
107 | ||
108 | You can set _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh_\b'_\bs other arguments to NULL unless | |
109 | you want the client and server programs to mutually | |
110 | authenticate themselves. In the case of mutual authenti- | |
111 | cation, the client authenticates itself to the server pro- | |
112 | gram, and demands that the server in turn authenticate | |
113 | itself to the client. | |
114 | ||
115 | ||
116 | K\bKR\bRB\bB_\b_S\bSE\bEN\bND\bDA\bAU\bUT\bTH\bH A\bAN\bND\bD M\bMU\bUT\bTU\bUA\bAL\bL A\bAU\bUT\bTH\bHE\bEN\bNT\bTI\bIC\bCA\bAT\bTI\bIO\bON\bN | |
117 | If you want mutual authentication, make sure that you read | |
118 | all pending data from the local socket before calling | |
119 | _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh_\b. Set _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh_\b'_\bs _\bo_\bp_\bt_\bi_\bo_\bn_\bs argument to | |
120 | K\bKO\bOP\bPT\bT_\b_D\bDO\bO_\b_M\bMU\bUT\bTU\bUA\bAL\bL (this macro is defined in the _\bk_\br_\bb_\b._\bh file); | |
121 | make sure that the _\bl_\ba_\bd_\bd_\br argument points to the address of | |
122 | the local socket, and that _\bf_\ba_\bd_\bd_\br points to the foreign | |
123 | socket's network address. | |
124 | ||
125 | ||
126 | ||
127 | MIT Project Athena Kerberos Version 4.0 2 | |
128 | ||
129 | ||
130 | ||
131 | ||
132 | ||
133 | ||
134 | ||
135 | ||
136 | KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3) | |
137 | ||
138 | ||
139 | _\bK_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh fills in the other arguments-- _\bm_\bs_\bg_\b__\bd_\ba_\bt_\ba, | |
140 | _\bc_\br_\be_\bd, and _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be--before sending the ticket to the | |
141 | server program. You must, however, allocate space for | |
142 | these arguments before calling the function. | |
143 | ||
144 | _\bK_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh supports two other options: K\bKO\bOP\bPT\bT_\b_D\bDO\bON\bNT\bT_\b_M\bMK\bK_\b_R\bRE\bEQ\bQ,\b, | |
145 | and K\bKO\bOP\bPT\bT_\b_D\bDO\bON\bNT\bT_\b_C\bCA\bAN\bNO\bON\bN.\b. If called with _\bo_\bp_\bt_\bi_\bo_\bn_\bs set as | |
146 | KOPT_DONT_MK_REQ, _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh will not use the _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq | |
147 | function to retrieve the ticket from the Kerberos server. | |
148 | The _\bk_\bt_\be_\bx_\bt argument must point to an existing ticket and | |
149 | authenticator (such as would be created by _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq), | |
150 | and the _\bs_\be_\br_\bv_\bi_\bc_\be_\b, _\bi_\bn_\bs_\bt_\b, and _\br_\be_\ba_\bl_\bm arguments can be set to | |
151 | NULL. | |
152 | ||
153 | If called with _\bo_\bp_\bt_\bi_\bo_\bn_\bs set as KOPT_DONT_CANON, | |
154 | _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh will not convert the service's instance to | |
155 | canonical form using _\bk_\br_\bb_\b__\bg_\be_\bt_\b__\bp_\bh_\bo_\bs_\bt(3). | |
156 | ||
157 | If you want to call _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh with a multiple _\bo_\bp_\bt_\bi_\bo_\bn_\bs | |
158 | specification, construct _\bo_\bp_\bt_\bi_\bo_\bn_\bs as a bitwise-OR of the | |
159 | options you want to specify. | |
160 | ||
161 | ||
162 | K\bKR\bRB\bB_\b_R\bRE\bEC\bCV\bVA\bAU\bUT\bTH\bH | |
163 | The _\bk_\br_\bb_\b__\br_\be_\bc_\bv_\ba_\bu_\bt_\bh function reads a ticket/authenticator | |
164 | pair from the socket pointed to by the _\bf_\bd argument. Set | |
165 | the _\bo_\bp_\bt_\bi_\bo_\bn_\bs argument as a bitwise-OR of the options | |
166 | desired. Currently only KOPT_DO_MUTUAL is useful to the | |
167 | receiver. | |
168 | ||
169 | The _\bk_\bt_\be_\bx_\bt argument should point to an allocated KTEXT_ST | |
170 | structure. _\bK_\br_\bb_\b__\br_\be_\bc_\bv_\ba_\bu_\bt_\bh fills _\bk_\bt_\be_\bx_\bt with the | |
171 | ticket/authenticator pair read from _\bf_\bd, then passes it to | |
172 | _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq. | |
173 | ||
174 | The _\bs_\be_\br_\bv_\bi_\bc_\be and _\bi_\bn_\bs_\bt arguments specify the expected ser- | |
175 | vice and instance for which the ticket was generated. | |
176 | They are also passed to _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq_\b. The _\bi_\bn_\bs_\bt argument may | |
177 | be set to "*" if the caller wishes _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq to fill in | |
178 | the instance used (note that there must be space in the | |
179 | _\bi_\bn_\bs_\bt argument to hold a full instance name, see | |
180 | _\bk_\br_\bb_\b__\bm_\bk_\b__\br_\be_\bq(3)). | |
181 | ||
182 | The _\bf_\ba_\bd_\bd_\br argument should point to the address of the peer | |
183 | which is presenting the ticket. It is also passed to | |
184 | _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq. | |
185 | ||
186 | If the client and server plan to mutually authenticate one | |
187 | another, the _\bl_\ba_\bd_\bd_\br argument should point to the local | |
188 | address of the file descriptor. Otherwise you can set | |
189 | this argument to NULL. | |
190 | ||
191 | ||
192 | ||
193 | MIT Project Athena Kerberos Version 4.0 3 | |
194 | ||
195 | ||
196 | ||
197 | ||
198 | ||
199 | ||
200 | ||
201 | ||
202 | KRB_SENDAUTH(3) BSD Programmer's Manual KRB_SENDAUTH(3) | |
203 | ||
204 | ||
205 | The _\ba_\bu_\bt_\bh_\b__\bd_\ba_\bt_\ba argument should point to an allocated | |
206 | AUTH_DAT area. It is passed to and filled in by | |
207 | _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq. The checksum passed to the corresponding | |
208 | _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh is available as part of the filled-in | |
209 | AUTH_DAT area. | |
210 | ||
211 | The _\bf_\bi_\bl_\be_\bn_\ba_\bm_\be argument specifies the filename which the | |
212 | service program should use to obtain its service key. | |
213 | _\bK_\br_\bb_\b__\br_\be_\bc_\bv_\ba_\bu_\bt_\bh passes _\bf_\bi_\bl_\be_\bn_\ba_\bm_\be to the _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq function. | |
214 | If you set this argument to "", _\bk_\br_\bb_\b__\br_\bd_\b__\br_\be_\bq looks for the | |
215 | service key in the file _\b/_\be_\bt_\bc_\b/_\bk_\be_\br_\bb_\be_\br_\bo_\bs_\bI_\bV_\b/_\bs_\br_\bv_\bt_\ba_\bb_\b. | |
216 | ||
217 | If the client and server are performing mutual authentica- | |
218 | tion, the _\bs_\bc_\bh_\be_\bd_\bu_\bl_\be argument should point to an allocated | |
219 | Key_schedule. Otherwise it is ignored and may be NULL. | |
220 | ||
221 | The _\bv_\be_\br_\bs_\bi_\bo_\bn argument should point to a character array of | |
222 | at least KSEND_VNO_LEN characters. It is filled in with | |
223 | the version string passed by the client to _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh_\b. | |
224 | ||
225 | ||
226 | K\bKR\bRB\bB_\b_N\bNE\bET\bT_\b_W\bWR\bRI\bIT\bTE\bE A\bAN\bND\bD K\bKR\bRB\bB_\b_N\bNE\bET\bT_\b_R\bRE\bEA\bAD\bD | |
227 | The _\bk_\br_\bb_\b__\bn_\be_\bt_\b__\bw_\br_\bi_\bt_\be function emulates the write(2) system | |
228 | call, but guarantees that all data specified is written to | |
229 | _\bf_\bd before returning, unless an error condition occurs. | |
230 | ||
231 | The _\bk_\br_\bb_\b__\bn_\be_\bt_\b__\br_\be_\ba_\bd function emulates the read(2) system | |
232 | call, but guarantees that the requested amount of data is | |
233 | read from _\bf_\bd before returning, unless an error condition | |
234 | occurs. | |
235 | ||
236 | ||
237 | B\bBU\bUG\bGS\bS | |
238 | _\bk_\br_\bb_\b__\bs_\be_\bn_\bd_\ba_\bu_\bt_\bh_\b, _\bk_\br_\bb_\b__\br_\be_\bc_\bv_\ba_\bu_\bt_\bh_\b, _\bk_\br_\bb_\b__\bn_\be_\bt_\b__\bw_\br_\bi_\bt_\be_\b, and | |
239 | _\bk_\br_\bb_\b__\bn_\be_\bt_\b__\br_\be_\ba_\bd will not work properly on sockets set to non- | |
240 | blocking I/O mode. | |
241 | ||
242 | ||
243 | S\bSE\bEE\bE A\bAL\bLS\bSO\bO | |
244 | krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) | |
245 | ||
246 | ||
247 | A\bAU\bUT\bTH\bHO\bOR\bR | |
248 | John T. Kohl, MIT Project Athena | |
249 | ||
250 | R\bRE\bES\bST\bTR\bRI\bIC\bCT\bTI\bIO\bON\bNS\bS | |
251 | Copyright 1988, Massachusetts Instititute of Technology. | |
252 | For copying and distribution information, please see the | |
253 | file <mit-copyright.h>. | |
254 | ||
255 | ||
256 | ||
257 | ||
258 | ||
259 | MIT Project Athena Kerberos Version 4.0 4 | |
260 | ||
261 | ||
262 | ||
263 | ||
264 |