Changeset 3220:c76c136e0788 in roaraudio


Ignore:
Timestamp:
01/24/10 07:52:13 (10 years ago)
Author:
phi
Branch:
default
Message:

added comments about the futur proto

File:
1 edited

Legend:

Unmodified
Added
Removed
  • libroar/auth.c

    r690 r3220  
    3535#include "libroar.h" 
    3636 
     37/* How auth works: 
     38 * 0) set stage to zero 
     39 * 1) get server address and local node name (from uname()) 
     40 * 2) look up authfile/authdb/authservice for the server+local address + stage. 
     41 *    if no data was found send NONE-Auth. 
     42 * 3) send data to server 
     43 * 4) read answer from server 
     44 * 5) if stage of server response is non-zero increment stage to server stage+1 
     45 *    and repeat from step 2) 
     46 * 6) check if we got an OK or an ERROR, return currect value 
     47 */ 
     48 
     49/* The protocol: 
     50 * Auth request: 
     51 * Byte 0: auth type 
     52 * Byte 1: stage 
     53 * Byte 2: reserved (must be zero) 
     54 * Byte 3: reserved (must be zero) 
     55 * Byte 4-end: auth type depending data. 
     56 * 
     57 * If no data is to be send bytes 2 and 3 can be omitted. 
     58 * If no data is to be send and stage is zero bytes 1, 2 and 3 can be omitted. 
     59 * 
     60 * Auth response: 
     61 * The same as the auth request. 
     62 * if the message type is OK the server accepted our auth. 
     63 * if the message type is ERROR the server recjected us. we may try other auth methodes. 
     64 * if the server accepted our data and the stage is non-zero we need to continue with the next 
     65 * stage of the auth. 
     66 * if the server rejected us the auth type value of the response is a suggested next auth type 
     67 * we should try if possible. This may help the client to find a working auth type. 
     68 */ 
     69 
     70/* The protocol by auth type: 
     71 * 
     72 * --- NONE: 
     73 * No data is send, the server accepts the connect or rejects it depending on some 
     74 * magic within the server. we do not care about this. 
     75 * The data block is not used. 
     76 * 
     77 * --- COOKIE: 
     78 * We send cookies for all stages the server ask us to provide a cookie. 
     79 * if a cookie is wrong the server rejects us or aks us for another. 
     80 * The cookie is send as binary data in the data block. 
     81 * 
     82 * --- TRUST: 
     83 * We ask the server to auth us based on ower UID/GID/PID. 
     84 * The server may reject this becasue we are not allowed or because it is not 
     85 * supported by the transport. 
     86 * If we get rejected we may try to continue with IDENT then RHOST before we use NONE. 
     87 * The data block is not used. 
     88 * 
     89 * --- PASSWORD: 
     90 * This is technikly the same as COOKIE just that the cookie is limited to 
     91 * printable ASCII chars and that the user should be asked to provide the password. 
     92 * This may be done via a GUI popup window. 
     93 * 
     94 * --- SYSUSER: 
     95 * We provide a Username + Password for a system user. 
     96 * The data block contains of two main parts: 
     97 * The first part is a one byte long subtype. 
     98 * The value must be 0x01 for username+password. 
     99 * futur versions may define other types. 
     100 * the secund part is the actual data block. 
     101 * for username+password it is splited into two fields, both terminated with \0. 
     102 * the first is the username the last one the password as clear text. 
     103 * Example: char data[] = "\001MyUser\0MyPassword\0"; 
     104 *  
     105 * --- OPENPGP_SIGN: 
     106 * 
     107 * --- OPENPGP_ENCRYPT: 
     108 * 
     109 * --- OPENPGP_AUTH: 
     110 * 
     111 * --- KERBEROS: 
     112 * We use Kerberos to auth. 
     113 * 
     114 * --- RHOST: 
     115 * The server is asked to auth us based on our source address. 
     116 * The data block is not used. 
     117 * 
     118 * --- XAUTH: 
     119 * We send an X11 Cookie. 
     120 * 
     121 * --- IDENT: 
     122 * The server is asked to auth us based on our source address using the IDENT protocol. 
     123 * The data block is not used. 
     124 * 
     125 */ 
     126 
    37127int roar_auth   (struct roar_connection * con) { 
    38128 struct roar_message mes; 
Note: See TracChangeset for help on using the changeset viewer.