Changeset 3220:c76c136e0788 in roaraudio for libroar/auth.c
- Timestamp:
- 01/24/10 07:52:13 (14 years ago)
- Branch:
- default
- Phase:
- public
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
libroar/auth.c
r690 r3220 35 35 #include "libroar.h" 36 36 37 /* How auth works: 38 * 0) set stage to zero 39 * 1) get server address and local node name (from uname()) 40 * 2) look up authfile/authdb/authservice for the server+local address + stage. 41 * if no data was found send NONE-Auth. 42 * 3) send data to server 43 * 4) read answer from server 44 * 5) if stage of server response is non-zero increment stage to server stage+1 45 * and repeat from step 2) 46 * 6) check if we got an OK or an ERROR, return currect value 47 */ 48 49 /* The protocol: 50 * Auth request: 51 * Byte 0: auth type 52 * Byte 1: stage 53 * Byte 2: reserved (must be zero) 54 * Byte 3: reserved (must be zero) 55 * Byte 4-end: auth type depending data. 56 * 57 * If no data is to be send bytes 2 and 3 can be omitted. 58 * If no data is to be send and stage is zero bytes 1, 2 and 3 can be omitted. 59 * 60 * Auth response: 61 * The same as the auth request. 62 * if the message type is OK the server accepted our auth. 63 * if the message type is ERROR the server recjected us. we may try other auth methodes. 64 * if the server accepted our data and the stage is non-zero we need to continue with the next 65 * stage of the auth. 66 * if the server rejected us the auth type value of the response is a suggested next auth type 67 * we should try if possible. This may help the client to find a working auth type. 68 */ 69 70 /* The protocol by auth type: 71 * 72 * --- NONE: 73 * No data is send, the server accepts the connect or rejects it depending on some 74 * magic within the server. we do not care about this. 75 * The data block is not used. 76 * 77 * --- COOKIE: 78 * We send cookies for all stages the server ask us to provide a cookie. 79 * if a cookie is wrong the server rejects us or aks us for another. 80 * The cookie is send as binary data in the data block. 81 * 82 * --- TRUST: 83 * We ask the server to auth us based on ower UID/GID/PID. 84 * The server may reject this becasue we are not allowed or because it is not 85 * supported by the transport. 86 * If we get rejected we may try to continue with IDENT then RHOST before we use NONE. 87 * The data block is not used. 88 * 89 * --- PASSWORD: 90 * This is technikly the same as COOKIE just that the cookie is limited to 91 * printable ASCII chars and that the user should be asked to provide the password. 92 * This may be done via a GUI popup window. 93 * 94 * --- SYSUSER: 95 * We provide a Username + Password for a system user. 96 * The data block contains of two main parts: 97 * The first part is a one byte long subtype. 98 * The value must be 0x01 for username+password. 99 * futur versions may define other types. 100 * the secund part is the actual data block. 101 * for username+password it is splited into two fields, both terminated with \0. 102 * the first is the username the last one the password as clear text. 103 * Example: char data[] = "\001MyUser\0MyPassword\0"; 104 * 105 * --- OPENPGP_SIGN: 106 * 107 * --- OPENPGP_ENCRYPT: 108 * 109 * --- OPENPGP_AUTH: 110 * 111 * --- KERBEROS: 112 * We use Kerberos to auth. 113 * 114 * --- RHOST: 115 * The server is asked to auth us based on our source address. 116 * The data block is not used. 117 * 118 * --- XAUTH: 119 * We send an X11 Cookie. 120 * 121 * --- IDENT: 122 * The server is asked to auth us based on our source address using the IDENT protocol. 123 * The data block is not used. 124 * 125 */ 126 37 127 int roar_auth (struct roar_connection * con) { 38 128 struct roar_message mes;
Note: See TracChangeset
for help on using the changeset viewer.