1RPC(3) BSD Library Functions Manual RPC(3)
2
4 rpc_secure — library routines for secure remote procedure calls
5
7 #include <rpc/rpc.h>
8 AUTH *
10 authdes_create(char *name, unsigned window, struct sockaddr *addr,
11 des_block *ckey);
12 AUTH *
14 authdes_pk_create(char *name, netobj *publickey, unsigned window,
15 struct sockaddr *addr, des_block *ckey);
16 int
18 authdes_getucred(struct authdes_cred *adc, uid_t *uid, gid_t *gid,
19 int *grouplen, gid_t *groups);
20 int
22 getnetname(char *name);
23 int
25 host2netname(char *name, const char *host, const char *domain);
26 int
28 key_decryptsession(const char *remotename, des_block *deskey);
29 int
31 key_encryptsession(const char *remotename, des_block *deskey);
32 int
34 key_gendes(des_block *deskey);
35 int
37 key_setsecret(const char *key);
38 int
40 netname2host(char *name, char *host, int hostlen);
41 int
43 netname2user(char *name, uid_t *uidp, gid_t *gidp, int *gidlenp,
44 gid_t *gidlist);
45 int
47 user2netname(char *name, const uid_t uid, const char *domain);
48
50 These routines are part of the RPC library. They implement DES Authenti‐
51 cation. See rpc(3) for further details about RPC.
52 The authdes_create() is the first of two routines which interface to the
54 RPC secure authentication system, known as DES authentication. The sec‐
55 ond is authdes_getucred(), below.
56 Note: the keyserver daemon keyserv(8) must be running for the DES authen‐
58 tication system to work.
59 The authdes_create() function, used on the client side, returns an
61 authentication handle that will enable the use of the secure authentica‐
62 tion system. The first argument name is the network name, or netname, of
63 the owner of the server process. This field usually represents a
64 hostname derived from the utility routine host2netname(), but could also
65 represent a user name using user2netname(). The second field is window
66 on the validity of the client credential, given in seconds. A small win‐
67 dow is more secure than a large one, but choosing too small of a window
68 will increase the frequency of resynchronizations because of clock drift.
69 The third argument addr is optional. If it is NULL, then the authentica‐
70 tion system will assume that the local clock is always in sync with the
71 server's clock, and will not attempt resynchronizations. If an address
72 is supplied, however, then the system will use the address for consulting
73 the remote time service whenever resynchronization is required. This
74 argument is usually the address of the RPC server itself. The final
75 argument ckey is also optional. If it is NULL, then the authentication
76 system will generate a random DES key to be used for the encryption of
77 credentials. If it is supplied, however, then it will be used instead.
78 The authdes_pk_create() function is identical to authdes_create(), except
80 that the public key needs to be provided at calling time and will not
81 looked up by this function itself.
82 The authdes_getucred() function, the second of the two DES authentication
84 routines, is used on the server side for converting a DES credential,
85 which is operating system independent, into a UNIX credential. This rou‐
86 tine differs from utility routine netname2user() in that
87 authdes_getucred() pulls its information from a cache, and does not have
88 to do a Yellow Pages lookup every time it is called to get its informa‐
89 tion.
90 The getnetname() function installs the unique, operating-system indepen‐
92 dent netname of the caller in the fixed-length array name. Returns TRUE
93 if it succeeds and FALSE if it fails.
94 The host2netname() function converts from a domain-specific hostname to
96 an operating-system independent netname. Returns TRUE if it succeeds and
97 FALSE if it fails. Inverse of netname2host().
98 The key_decryptsession() function is an interface to the keyserver dae‐
100 mon, which is associated with RPC's secure authentication system (DES
101 authentication). User programs rarely need to call it, or its associated
102 routines key_encryptsession(), key_gendes() and key_setsecret(). System
103 commands such as login(1) and the RPC library are the main clients of
104 these four routines.
105 The key_decryptsession() function takes a server netname and a DES key,
107 and decrypts the key by using the public key of the server and the secret
108 key associated with the effective uid of the calling process. It is the
109 inverse of key_encryptsession().
110 The key_encryptsession() function is a keyserver interface routine. It
112 takes a server netname and a des key, and encrypts it using the public
113 key of the server and the secret key associated with the effective uid of
114 the calling process. It is the inverse of key_decryptsession().
115 The key_gendes() function is a keyserver interface routine. It is used
117 to ask the keyserver for a secure conversation key. Choosing one
118 "random" is usually not good enough, because the common ways of choosing
119 random numbers, such as using the current time, are very easy to guess.
120 The key_setsecret() function is a keyserver interface routine. It is
122 used to set the key for the effective uid of the calling process.
123 The netname2host() function converts from an operating-system independent
125 netname to a domain-specific hostname. Returns TRUE if it succeeds and
126 FALSE if it fails. Inverse of host2netname().
127 The netname2user() function converts from an operating-system independent
129 netname to a domain-specific user ID. Returns TRUE if it succeeds and
130 FALSE if it fails. Inverse of user2netname().
131 The user2netname() function converts from a domain-specific username to
133 an operating-system independent netname. Returns TRUE if it succeeds and
134 FALSE if it fails. Inverse of netname2user().
135
137 These functions are part of libtirpc.
138
140 rpc(3), xdr(3)
141 The following manuals:
143 Remote Procedure Calls: Protocol Specification.
145 Remote Procedure Call Programming Guide.
147 Rpcgen Programming Guide.
149 RPC: Remote Procedure Call Protocol Specification, RFC1050, Sun
151 Microsystems Inc., USC-ISI.
152BSD February 16, 1988 BSD