AUTH(2) AUTH(2)
NAME
auth, amount, srvauth, authenticate, getchal, chalreply,
newns, authdial, passtokey, nvcsum, convT2M, convM2T,
convTR2M, convM2TR, convA2M, convM2A, convPR2M, convM2PR -
network authentication
SYNOPSIS
#include <u.h>
#include <libc.h>
#include <auth.h>
int auth(int fd)
int srvauth(int fd, char *user)
int getchal(Chalstate *c, char *user);
int chalreply(Chalstate *c, char *response);
int newns(char *user, char *nsfile)
int authdial(char *service)
int passtokey(char key[DESKEYLEN], char *password)
uchar nvcsum(void *mem, int len)
int authenticate(int fd, int afd)
int amount(int fd, char *old, int flag, char *aname)
int convT2M(Ticket *t, char *msg, char *key);
void convM2T(char *msg, Ticket *t, char *key);
int convA2M(Authenticator *a, char *msg, char *key);
void convM2A(char *msg, Authenticator *a, char *key);
int convTR2M(Ticketreq *tr, char *msg);
void convM2TR(char *msg, Ticketreq *tr);
int convPR2M(Passwordreq *pr, char *msg, char *key);
void convM2PR(char *msg, Passwordreq *pr, char *key);
DESCRIPTION
These functions perform the authentication protocol as
described in auth(6) for programs such as cpu(1), import(4),
Page 1 Plan 9 (printed 10/29/25)
AUTH(2) AUTH(2)
etc.
Auth and srvauth authenticate connections for Plan 9 remote
execution using the rexauth protocol described in auth(6).
Auth is run by the caller and srvauth by the server; both
return 0 if successful and -1 on error. Fd is a file
descriptor to the data channel.
Srvauth authenticates the corresponding incoming call. It
copies the name of the user into user, which must be at
least NAMELEN bytes long.
Getchal and chalreply authenticate an incoming network call
for a service that does not perform the usual Plan 9 authen-
tication. They use the chal protocol described in auth(6).
User points to the local name of the user. Getchal reads a
null-terminated textual challenge from the authentication
server and copies it to c->chal. It returns 0 if it reaches
the authentication server or -1 if it fails. The challenge
should be printed for the user to see, and the user should
use a Digital Pathways SecureNet Key or aux/netkey (see
passwd(1)) to generate the appropriate response.
Chalreply should be called with the user's response, which
is also a null-terminated text string. It returns 0 if it
succeeds, or -1 if the user was not authenticated.
Srvauth and chalreply set the process's user name (see
cons(3)).
Newns builds a name space for user. It opens the file nsfile
(/lib/namespace is used if nsfile is null), copies the old
environment, and erases the current name space, sets the
environment variables user and home, and interprets the com-
mands in nsfile. The format of nsfile is described in
namespace(6).
Authdial calls service on the local authentication server.
It returns a file descriptor to the open connection or -1 if
it fails. Authdial is used to implement many of the other
functions here; it is not normally called by users.
Passtokey converts password into a DES key and stores the
result in key. It returns 0 if password could not be con-
verted, and 1 otherwise.
Nvcsum computes a checksum for the len byte array mem. It is
used to checksum keys stored in non-volatile RAM.
Authenticate performs authentication to a file server at the
other end of the channel referenced by fd. If afd is greater
than or equal to zero and the authentication requires
Page 2 Plan 9 (printed 10/29/25)
AUTH(2) AUTH(2)
calling the authentication server then afd is used as a
channel to it. Otherwise, authenticate dials the authenti-
cation server using authdial().
Amount is like mount but performs authentication on fd. It
should be used instead of mount whenever the file server
being mounted requires authentication. See bind(2) for a
definition of the arguments to mount and amount.
ConvT2M, convA2M, convTR2M, and convPR2M convert tickets,
authenticators, ticket requests, and password change request
structures into transmittable messages. ConvM2T, convM2A,
convM2TR, and convM2PR are used to convert them back. Key
is used for encrypting the message before transmission and
decrypting after reception. These routines are used by the
others to communicate with the authentication server.
FILES
/lib/namespace Default name space specification file.
SOURCE
/sys/src/libauth
SEE ALSO
passwd(1), auth(6), cons(3), dial(2)
DIAGNOSTICS
These routines set errstr. Integer-valued functions return
-1 on error.
Page 3 Plan 9 (printed 10/29/25)