1RPC(3) BSD Library Functions Manual RPC(3)
2
4 rpc_secure — library routines for secure remote procedure calls
5
7 #include <rpc/rpc.h>
8 AUTH *
10 authdes_create(char *name, unsigned window, struct sockaddr *addr,
11 des_block *ckey);
12 int
14 authdes_getucred(struct authdes_cred *adc, uid_t *uid, gid_t *gid,
15 int *grouplen, gid_t *groups);
16 int
18 getnetname(char *name);
19 int
21 host2netname(char *name, const char *host, const char *domain);
22 int
24 key_decryptsession(const char *remotename, des_block *deskey);
25 int
27 key_encryptsession(const char *remotename, des_block *deskey);
28 int
30 key_gendes(des_block *deskey);
31 int
33 key_setsecret(const char *key);
34 int
36 netname2host(char *name, char *host, int hostlen);
37 int
39 netname2user(char *name, uid_t *uidp, gid_t *gidp, int *gidlenp,
40 gid_t *gidlist);
41 int
43 user2netname(char *name, const uid_t uid, const char *domain);
44
46 These routines are part of the RPC library. They implement DES Authenti‐
47 cation. See rpc(3) for further details about RPC.
48 The authdes_create() is the first of two routines which interface to the
50 RPC secure authentication system, known as DES authentication. The sec‐
51 ond is authdes_getucred(), below.
52 Note: the keyserver daemon keyserv(8) must be running for the DES authen‐
54 tication system to work.
55 The authdes_create() function, used on the client side, returns an
57 authentication handle that will enable the use of the secure authentica‐
58 tion system. The first argument name is the network name, or netname, of
59 the owner of the server process. This field usually represents a
60 hostname derived from the utility routine host2netname(), but could also
61 represent a user name using user2netname(). The second field is window
62 on the validity of the client credential, given in seconds. A small win‐
63 dow is more secure than a large one, but choosing too small of a window
64 will increase the frequency of resynchronizations because of clock drift.
65 The third argument addr is optional. If it is NULL, then the authentica‐
66 tion system will assume that the local clock is always in sync with the
67 server's clock, and will not attempt resynchronizations. If an address
68 is supplied, however, then the system will use the address for consulting
69 the remote time service whenever resynchronization is required. This
70 argument is usually the address of the RPC server itself. The final
71 argument ckey is also optional. If it is NULL, then the authentication
72 system will generate a random DES key to be used for the encryption of
73 credentials. If it is supplied, however, then it will be used instead.
74 The authdes_getucred() function, the second of the two DES authentication
76 routines, is used on the server side for converting a DES credential,
77 which is operating system independent, into a UNIX credential. This rou‐
78 tine differs from utility routine netname2user() in that
79 authdes_getucred() pulls its information from a cache, and does not have
80 to do a Yellow Pages lookup every time it is called to get its informa‐
81 tion.
82 The getnetname() function installs the unique, operating-system indepen‐
84 dent netname of the caller in the fixed-length array name. Returns TRUE
85 if it succeeds and FALSE if it fails.
86 The host2netname() function converts from a domain-specific hostname to
88 an operating-system independent netname. Returns TRUE if it succeeds and
89 FALSE if it fails. Inverse of netname2host().
90 The key_decryptsession() function is an interface to the keyserver dae‐
92 mon, which is associated with RPC's secure authentication system (DES
93 authentication). User programs rarely need to call it, or its associated
94 routines key_encryptsession(), key_gendes() and key_setsecret(). System
95 commands such as login(1) and the RPC library are the main clients of
96 these four routines.
97 The key_decryptsession() function takes a server netname and a DES key,
99 and decrypts the key by using the public key of the server and the secret
100 key associated with the effective uid of the calling process. It is the
101 inverse of key_encryptsession().
102 The key_encryptsession() function is a keyserver interface routine. It
104 takes a server netname and a des key, and encrypts it using the public
105 key of the server and the secret key associated with the effective uid of
106 the calling process. It is the inverse of key_decryptsession().
107 The key_gendes() function is a keyserver interface routine. It is used
109 to ask the keyserver for a secure conversation key. Choosing one
110 "random" is usually not good enough, because the common ways of choosing
111 random numbers, such as using the current time, are very easy to guess.
112 The key_setsecret() function is a keyserver interface routine. It is
114 used to set the key for the effective uid of the calling process.
115 The netname2host() function converts from an operating-system independent
117 netname to a domain-specific hostname. Returns TRUE if it succeeds and
118 FALSE if it fails. Inverse of host2netname().
119 The netname2user() function converts from an operating-system independent
121 netname to a domain-specific user ID. Returns TRUE if it succeeds and
122 FALSE if it fails. Inverse of user2netname().
123 The user2netname() function converts from a domain-specific username to
125 an operating-system independent netname. Returns TRUE if it succeeds and
126 FALSE if it fails. Inverse of netname2user().
127
129 rpc(3), xdr(3), keyserv(8)
130 The following manuals:
132 Remote Procedure Calls: Protocol Specification.
134 Remote Procedure Call Programming Guide.
136 Rpcgen Programming Guide.
138 RPC: Remote Procedure Call Protocol Specification, RFC1050, Sun
140 Microsystems Inc., USC-ISI.
141BSD February 16, 1988 BSD