1 .\" @(#)rpc_secure.3n 2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
2 .\" $FreeBSD: src/lib/libc/rpc/rpc_secure.3,v 1.6.2.5 2001/12/14 18:33:57 ru Exp $
3 .\" $DragonFly: src/lib/libc/rpc/rpc_secure.3,v 1.2 2003/06/17 04:26:45 dillon Exp $
10 .Nd library routines for secure remote procedure calls
17 .Fa "struct sockaddr *addr"
21 .Fn authdes_getucred "struct authdes_cred *adc" "uid_t *uid" "gid_t *gid" "int *grouplen" "gid_t *groups"
23 .Fn getnetname "char *name"
25 .Fn host2netname "char *name" "char *host" "char *domain"
27 .Fn key_decryptsession "const char *remotename" "des_block *deskey"
29 .Fn key_encryptsession "const char *remotename" "des_block *deskey"
31 .Fn key_gendes "des_block *deskey"
33 .Fn key_setsecret "const char *key"
35 .Fn netname2host "char *name" "char *host" "int hostlen"
37 .Fn netname2user "char *name" "uid_t *uidp" "gid_t *gidp" "int *gidlenp" "gid_t *gidlist"
39 .Fn user2netname "char *name" "uid_t uid" "char *domain"
41 These routines are part of the
43 library. They implement
47 for further details about
52 is the first of two routines which interface to the
54 secure authentication system, known as
58 .Fn authdes_getucred ,
61 Note: the keyserver daemon
63 must be running for the
65 authentication system to work.
68 used on the client side, returns an authentication handle that
69 will enable the use of the secure authentication system.
72 is the network name, or
74 of the owner of the server process.
78 derived from the utility routine
80 but could also represent a user name using
82 The second field is window on the validity of
83 the client credential, given in seconds. A small
84 window is more secure than a large one, but choosing
85 too small of a window will increase the frequency of
86 resynchronizations because of clock drift.
92 then the authentication system will assume
93 that the local clock is always in sync with the server's
94 clock, and will not attempt resynchronizations.
96 is supplied, however, then the system will use the address
97 for consulting the remote time service whenever
100 This parameter is usually the
106 is also optional. If it is
108 then the authentication system will
111 key to be used for the encryption of credentials.
112 If it is supplied, however, then it will be used instead.
114 .Fn Authdes_getucred ,
115 the second of the two
117 authentication routines,
118 is used on the server side for converting a
121 operating system independent, into a
124 This routine differs from utility routine
128 pulls its information from a cache, and does not have to do a
129 Yellow Pages lookup every time it is called to get its information.
132 installs the unique, operating-system independent netname of
134 caller in the fixed-length array
143 converts from a domain-specific hostname to an
144 operating-system independent netname.
153 .Fn Key_decryptsession
154 is an interface to the keyserver daemon, which is associated
157 secure authentication system
160 User programs rarely need to call it, or its associated routines
161 .Fn key_encryptsession ,
165 System commands such as
169 library are the main clients of these four routines.
171 .Fn Key_decryptsession
172 takes a server netname and a
174 key, and decrypts the key by
175 using the public key of the server and the secret key
176 associated with the effective uid of the calling process. It
178 .Fn key_encryptsession .
180 .Fn Key_encryptsession
181 is a keyserver interface routine.
183 takes a server netname and a des key, and encrypts
184 it using the public key of the server and the secret key
185 associated with the effective uid of the calling process. It
187 .Fn key_decryptsession .
190 is a keyserver interface routine.
192 is used to ask the keyserver for a secure conversation key.
195 is usually not good enough,
197 the common ways of choosing random numbers, such as using the
198 current time, are very easy to guess.
201 is a keyserver interface routine.
202 It is used to set the key for
205 of the calling process.
208 converts from an operating-system independent netname to a
209 domain-specific hostname.
214 if it fails. Inverse of
218 converts from an operating-system independent netname to a
219 domain-specific user ID.
229 converts from a domain-specific username to an operating-system
243 The following manuals:
245 .%B Remote Procedure Calls: Protocol Specification
248 .%B Remote Procedure Call Programming Guide
251 .%B Rpcgen Programming Guide
254 .%B RPC: Remote Procedure Call Protocol Specification
255 .%O RFC1050, Sun Microsystems Inc., USC-ISI