1RPC(3)                   BSD Library Functions Manual                   RPC(3)
2

NAME

4     rpc_secure — library routines for secure remote procedure calls
5

SYNOPSIS

7     #include <rpc/rpc.h>
8
9     AUTH *
10     authdes_create(char *name, unsigned window, struct sockaddr *addr,
11         des_block *ckey);
12
13     AUTH *
14     authdes_pk_create(char *name, netobj *publickey, unsigned window,
15         struct sockaddr *addr, des_block *ckey);
16
17     int
18     authdes_getucred(struct authdes_cred *adc, uid_t *uid, gid_t *gid,
19         int *grouplen, gid_t *groups);
20
21     int
22     getnetname(char *name);
23
24     int
25     host2netname(char *name, const char *host, const char *domain);
26
27     int
28     key_decryptsession(const char *remotename, des_block *deskey);
29
30     int
31     key_encryptsession(const char *remotename, des_block *deskey);
32
33     int
34     key_gendes(des_block *deskey);
35
36     int
37     key_setsecret(const char *key);
38
39     int
40     netname2host(char *name, char *host, int hostlen);
41
42     int
43     netname2user(char *name, uid_t *uidp, gid_t *gidp, int *gidlenp,
44         gid_t *gidlist);
45
46     int
47     user2netname(char *name, const uid_t uid, const char *domain);
48

DESCRIPTION

50     These routines are part of the RPC library.  They implement DES Authenti‐
51     cation.  See rpc(3) for further details about RPC.
52
53     The authdes_create() is the first of two routines which interface to the
54     RPC secure authentication system, known as DES authentication.  The sec‐
55     ond is authdes_getucred(), below.
56
57     Note: the keyserver daemon keyserv(8) must be running for the DES authen‐
58     tication system to work.
59
60     The authdes_create() function, used on the client side, returns an
61     authentication handle that will enable the use of the secure authentica‐
62     tion system.  The first argument name is the network name, or netname, of
63     the owner of the server process.  This field usually represents a
64     hostname derived from the utility routine host2netname(), but could also
65     represent a user name using user2netname().  The second field is window
66     on the validity of the client credential, given in seconds.  A small win‐
67     dow is more secure than a large one, but choosing too small of a window
68     will increase the frequency of resynchronizations because of clock drift.
69     The third argument addr is optional.  If it is NULL, then the authentica‐
70     tion system will assume that the local clock is always in sync with the
71     server's clock, and will not attempt resynchronizations.  If an address
72     is supplied, however, then the system will use the address for consulting
73     the remote time service whenever resynchronization is required.  This
74     argument is usually the address of the RPC server itself.  The final
75     argument ckey is also optional.  If it is NULL, then the authentication
76     system will generate a random DES key to be used for the encryption of
77     credentials.  If it is supplied, however, then it will be used instead.
78
79     The authdes_pk_create() function is identical to authdes_create(), except
80     that the public key needs to be provided at calling time and will not
81     looked up by this function itself.
82
83     The authdes_getucred() function, the second of the two DES authentication
84     routines, is used on the server side for converting a DES credential,
85     which is operating system independent, into a UNIX credential.  This rou‐
86     tine differs from utility routine netname2user() in that
87     authdes_getucred() pulls its information from a cache, and does not have
88     to do a Yellow Pages lookup every time it is called to get its informa‐
89     tion.
90
91     The getnetname() function installs the unique, operating-system indepen‐
92     dent netname of the caller in the fixed-length array name.  Returns TRUE
93     if it succeeds and FALSE if it fails.
94
95     The host2netname() function converts from a domain-specific hostname to
96     an operating-system independent netname.  Returns TRUE if it succeeds and
97     FALSE if it fails.  Inverse of netname2host().
98
99     The key_decryptsession() function is an interface to the keyserver dae‐
100     mon, which is associated with RPC's secure authentication system (DES
101     authentication).  User programs rarely need to call it, or its associated
102     routines key_encryptsession(), key_gendes() and key_setsecret().  System
103     commands such as login(1) and the RPC library are the main clients of
104     these four routines.
105
106     The key_decryptsession() function takes a server netname and a DES key,
107     and decrypts the key by using the public key of the server and the secret
108     key associated with the effective uid of the calling process.  It is the
109     inverse of key_encryptsession().
110
111     The key_encryptsession() function is a keyserver interface routine.  It
112     takes a server netname and a des key, and encrypts it using the public
113     key of the server and the secret key associated with the effective uid of
114     the calling process.  It is the inverse of key_decryptsession().
115
116     The key_gendes() function is a keyserver interface routine.  It is used
117     to ask the keyserver for a secure conversation key.  Choosing one
118     "random" is usually not good enough, because the common ways of choosing
119     random numbers, such as using the current time, are very easy to guess.
120
121     The key_setsecret() function is a keyserver interface routine.  It is
122     used to set the key for the effective uid of the calling process.
123
124     The netname2host() function converts from an operating-system independent
125     netname to a domain-specific hostname.  Returns TRUE if it succeeds and
126     FALSE if it fails.  Inverse of host2netname().
127
128     The netname2user() function converts from an operating-system independent
129     netname to a domain-specific user ID.  Returns TRUE if it succeeds and
130     FALSE if it fails.  Inverse of user2netname().
131
132     The user2netname() function converts from a domain-specific username to
133     an operating-system independent netname.  Returns TRUE if it succeeds and
134     FALSE if it fails.  Inverse of netname2user().
135

AVAILABILITY

137     These functions are part of libtirpc.
138

SEE ALSO

140     rpc(3), xdr(3)
141
142     The following manuals:
143
144     Remote Procedure Calls: Protocol Specification.
145
146     Remote Procedure Call Programming Guide.
147
148     Rpcgen Programming Guide.
149
150     RPC: Remote Procedure Call Protocol Specification, RFC1050, Sun
151     Microsystems Inc., USC-ISI.
152
153BSD                            February 16, 1988                           BSD
Impressum