secure_rpc, authdes_getucred, authdes_seccreate, getnetname, host2netname, key_decryptsession, key_encryptsession, key_gendes, key_setsecret, key_secretkey_is_set, netname2host, netname2user, user2netname - library routines for secure remote procedure calls
cc [ flag... ] file... -lnsl [ library...] #include <rpc/rpc.h> #include <sys/types.h> int authdes_getucred(const struct authdes_cred *adc, uid_t *uidp, gid_t *gidp, short *gidlenp, gid_t *gidlist);
AUTH *authdes_seccreate(const char *name, const uint_t window, const char *timehost, ckey);
int getnetname(char name [MAXNETNAMELEN+1]);
int host2netname(char name [MAXNETNAMELEN+1], const char *host, const char *domain);
int key_decryptsession(const char *remotename, des_block *deskey);
int key_encryptsession(const char *remotename, des_block *deskey);
int key_gendes(des_block *deskey);
int key_setsecret(const char *key);
int key_secretkey_is_set(void)
int netname2host(const char *name, char *host, const int hostlen);
int netname2user(const char *name, uid_t *uidp, gid_t *gidp, int *gidlenp, gid_t *gidlist [NGRPS]);
int user2netname(char name [MAXNETNAMELEN+1], const uid_t uid, const char *domain);
The RPC library functions allow C programs to make procedure calls on other machines across the network.
RPC supports various authentication flavors. Among them are:
AUTH_NONE
AUTH_SYS
AUTH_DES
The authdes_getucred() and authdes_seccreate() functions implement the AUTH_DES authentication style. The keyserver daemon keyserv(1M) must be running for the AUTH_DES authentication system to work and keylogin(1) must have been run. The AUTH_DES style of authentication is discussed here. For information about the AUTH_NONE and AUTH_SYS flavors of authentication, refer to rpc_clnt_auth(3NSL). See rpc(3NSL) for the definition of the AUTH data structure.
The following functions documented on this page are MT-Safe. For the MT-levels of other authentication styles, see relevant man pages.
authdes_getucred()
The *uidp parameter is set to the user's numerical ID associated with adc. The *gidp parameter is set to the numerical ID of the user's group. The *gidlist parameter contains the numerical IDs of the other groups to which the user belongs. The *gidlenp parameter is set to the number of valid group ID entries specified by the *gidlist parameter.
The authdes_getucred() function fails if the authdes_cred structure was created with the netname of a host. In such a case, netname2host() should be used to get the host name from the host netname in the authdes_cred structure.
authdes_seccreate()
The second field, window, specifies the validity of the client credential in seconds. If the difference in time between the client's clock and the server's clock exceeds window, the server rejects the client's credentials and the clock will have to be resynchronized. A small window is more secure than a large one, but choosing too small a window increases the frequency of resynchronization due to clock drift.
The third parameter, timehost, is the host's name and is optional. If timehost is NULL, the authentication system assumes that the local clock is always in sync with the timehost clock and does not attempt resynchronization. If a timehost is supplied, the system consults the remote time service whenever resynchronization is required. The timehost parameter is usually the name of the host on which the server is running.
The final parameter, ckey, is also optional. If ckey is NULL, the authentication system generates a random DES key to be used for the encryption of credentials. If ckey is supplied, it is used for encryption.
If authdes_seccreate() fails, it returns NULL.
getnetname()
host2netname()
key_decryptsession()
The key_decryptsession() function takes a server netname remotename and a DES key deskey, and decrypts the key by using the the public key of the server and the secret key associated with the effective UID of the calling process. The key_decryptsession() function is the inverse of key_encryptsession() function.
key_encryptsession()
key_gendes()
key_setsecret()
key_secretkey_is_set()
netname2host()
netname2user()
The *uidp parameter is set to the user's numerical ID associated with name. The *gidp parameter is set to the numerical ID of the user's group. The gidlist parameter contains the numerical IDs of the other groups to which the user belongs. The *gidlenp parameter is set to the number of valid group ID entries specified by the gidlist parameter.
user2netname()
See attributes(5) for descriptions of the following attributes:
|
chkey(1), keylogin(1), keyserv(1M), newkey(1M), rpc(3NSL), rpc_clnt_auth(3NSL), attributes(5)
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |