FACTOTUM(2)                                           FACTOTUM(2)

     NAME
          Factotum: attrtext, challenge, copyattrs, delattr, findattr,
          findattrval, getuserpassd, mount, open, parseattrs, proxy,
          publicattrs, takeattrs, respond, response, rpc, rpcattrs -
          client interface to factotum

     SYNOPSIS
          include "factotum.m";
          auth := load Factotum Factotum->PATH;

          Authinfo: adt{
              cuid: string;    # ID on caller
              suid: string;    # ID on server
              cap:  string;    # capability (only valid on server side)
              secret: array of byte;   # key for encryption
          };

          AuthRpcMax: con ...;

          init:          fn();
          mount:  fn(fd: ref Sys->FD, mnt: string, flags: int,
                      aname: string, keyspec: string): (int, ref Authinfo);

          getuserpasswd: fn(keyspec: string): (string, string);

          Challenge: adt {
              user:  string;      # user (some protocols)
              chal:  string;      # challenge string
          };

          challenge: fn(keyspec: string): ref Challenge;
          response:  fn(c: ref Challenge, resp: string): ref Authinfo;
          respond:   fn(chal: string, keyspec: string): (string, string);

          open:      fn(): ref Sys->FD;
          rpc:       fn(facfd: ref Sys->FD, verb: string, a: array of byte):
                        (string, array of byte);
          proxy:     fn(afd: ref Sys->FD, facfd: ref Sys->FD, arg: string):
                        ref Authinfo;
          rpcattrs:  fn(facfd: ref Sys->FD): list of ref Attr;

          Attr: adt {
              tag:    int;      # Aattr, Aval, or Aquery
              name:   string;
              val:    string;

              text:   fn(a: self ref Attr): string;
          };

          parseattrs:  fn(s: string): list of ref Attr;

     Page 1                       Plan 9            (printed 12/23/24)

     FACTOTUM(2)                                           FACTOTUM(2)

          copyattrs:   fn(l: list of ref Attr): list of ref Attr;
          delattr:     fn(l: list of ref Attr, n: string): list of ref Attr;
          takeattrs:   fn(l: list of ref Attr, names: list of string): list of ref Attr;
          findattr:    fn(l: list of ref Attr, n: string): ref Attr;
          findattrval: fn(l: list of ref Attr, n: string): string;
          publicattrs: fn(l: list of ref Attr): list of ref Attr;
          attrtext:    fn(l: list of ref Attr): string;

     DESCRIPTION
          Factotum interacts with an instance of the authentication
          agent factotum(4) to authenticate a client to a server.  It
          can also interact with Plan 9's factotum if that is in the
          name space (as well as or instead of factotum(4)).

          Factotum supports both the basic RPC interface to factotum
          and various high-level operations built on that.  The high-
          level functions will be described first.

          Init must be called before any other function.

          Mount is similar to Sys->mount (see sys-bind(2)), but uses
          factotum to authenticate, if the server requires it.
          Factotum->mount should be used instead of Sys->mount when
          mounting file servers that use attach(5) to authenticate.
          (If the server on fd does not require authentication,
          Factotum->mount simply calls Sys->mount.)  Mount returns
          (v,ai).  If the integer v is non-negative, the mount suc-
          ceeded; on error, v is negative, either the authentication
          or the mount failed, ai is nil, and the system error string
          contains a diagnostic.  If the server required authentica-
          tion and that was successful, ai is a non-nil reference to
          an Authinfo value containing the agreed user IDs, a capabil-
          ity for cap(3) that is valid only on the server, and an
          array of bytes containing a shared secret that can be used
          by client and server to create encryption and hashing keys
          for the conversation.

          Getuserpasswd returns a tuple (user,password) containing the
          values for the user and !password attributes of a factotum
          entry that has proto=pass and matches the given keyspec. The
          tuple values are nil if no entry matches or the caller lacks
          permission to see them.

          The pair of functions challenge and response give servers
          access to challenge/response protocols provided by factotum.
          All such authentication protocols are embedded in an
          application-level protocol such as FTP, IMAP, POP3 and so
          on, in a way specific to that protocol.  These functions
          calculate parameters for application-specific messages.

          A server calls challenge to get a challenge value to present
          to the user who will answer the challenge.  The server

     Page 2                       Plan 9            (printed 12/23/24)

     FACTOTUM(2)                                           FACTOTUM(2)

          verifies the user's response by calling response, which
          returns an Authinfo value (as described above) if the
          response is correct.  The specific challenge/response proto-
          col is selected by the proto attribute in the keyspec for
          challenge, which opens a connection to factotum, obtains a
          string representing a challenge value, and returns a refer-
          ence to a Challenge adt that gives the challenge and a user
          name.  Some protocols take the user name from a user
          attribute in the keyspec, and others negotiate it within the
          authentication protocol.  In the latter case, the user field
          of the resulting Challenge gives the name negotiated.

          In the other direction, a process uses respond to calculate
          the correct response to a given challenge.  Chal is the
          challenge presented by a server, and keyspec gives the
          attributes of the relevant key in the local factotum.
          Respond interacts with factotum and returns a tuple
          (response, user) that gives the response string to return to
          the server, and an optional user name, depending on the pro-
          tocol.  On error, the response is nil, and the system error
          string contains a diagnostic.

          Factotum(4) represents keys as attribute value pairs in tex-
          tual form, with space-separated fields.  A field can be a
          value-less attribute, an attribute=value pair, or attribute?
          to mark a required attribute with unknown value.  An
          attribute name that begins with an exclamation mark (!)  is
          to be considered hidden or secret.  Values containing white
          space or special characters can be quoted using the conven-
          tions of sh(1).

          Parseattrs parses a string s of that form into a list of
          Attr references.  Each Attr has a tag that identifies the
          value as Aattr (a value-less attribute), a Aval (an
          attribute-value pair), or Aquery (an attribute for which a
          value is needed).  Other operations include:

          copyattrs      Return a copy of attribute list l.

          delattr        Return a copy of l removing all attributes
                         with name n.

          takeattrs      Return the subset of list l that contains
                         only the attributes listed in names.

          findattr       Return a reference to the first Attr in l
                         with the name n.

          findattrval    Return the value of the first attribute in l
                         with name n; return nil if the attribute is
                         not found or has no value.

     Page 3                       Plan 9            (printed 12/23/24)

     FACTOTUM(2)                                           FACTOTUM(2)

          publicattrs    Return a copy of l in which all secret
                         attributes have been removed.

          attrtext       Return the textual representation of
                         attribute list l, acceptable to parseattrs.

          The low-level interfaces to factotum are as follows.

          Proxy links an authenticating server on afd with the
          factotum agent on facfd. Typically facfd is the result of
          calling Factotum->open, which is equivalent to

               sys->open("/mnt/factotum/rpc", Sys->ORDWR)

          Afd is a file descriptor that represents a connection to the
          service that requires authentication.  It is typically the
          result of sys-open(2), dial(2), or sys-fauth(2). Params
          gives any parameters for factotum, as a string containing
          space-separated attr=value pairs.  Proxy ferries messages
          between the server and factotum until the end of the
          selected authentication protocol.  If authentication failed,
          proxy returns nil; otherwise on success it always returns a
          non-nil reference to an Authinfo value with contents as
          above, but if the protocol does not supply that authentica-
          tion data, all the values are nil.

          Rpcattrs returns the initial attributes provided in the
          start request, and any others added later by the protocol.

          Rpc does one message exchange with the factotum on facfd. It
          writes a message containing the given verb and optional
          binary parameter a, and returns (v,a) where v is the
          response string from factotum and a is an optional binary
          parameter for that response.  Exceptionally, v is the string
          "rpc failure" if communication fails or a message is gar-
          bled, or "no key" if rpc cannot find a suitable key.  See
          factotum(4) for details of the protocol.

          AuthRpcMax is an integer constant giving the maximum size of
          a message in an rpc exchange.

     SOURCE
          /appl/lib/factotum.b

     SEE ALSO
          sys-bind(2), sys-fauth(2), factotum(4), attach(5)

     DIAGNOSTICS
          Functions that  return nil references on error also set the
          system error string.

     Page 4                       Plan 9            (printed 12/23/24)