Provided by: libtirpc-dev_1.3.4+ds-1.1build1_amd64 
NAME
rpc_secure — library routines for secure remote procedure calls
SYNOPSIS
#include <rpc/rpc.h>
AUTH *
authdes_create(char *name, unsigned window, struct sockaddr *addr, des_block *ckey);
AUTH *
authdes_pk_create(char *name, netobj *publickey, unsigned window, struct sockaddr *addr,
des_block *ckey);
int
authdes_getucred(struct authdes_cred *adc, uid_t *uid, gid_t *gid, int *grouplen, gid_t *groups);
int
getnetname(char *name);
int
host2netname(char *name, const char *host, const char *domain);
int
key_decryptsession(const char *remotename, des_block *deskey);
int
key_encryptsession(const char *remotename, des_block *deskey);
int
key_gendes(des_block *deskey);
int
key_setsecret(const char *key);
int
netname2host(char *name, char *host, int hostlen);
int
netname2user(char *name, uid_t *uidp, gid_t *gidp, int *gidlenp, gid_t *gidlist);
int
user2netname(char *name, const uid_t uid, const char *domain);
DESCRIPTION
These routines are part of the RPC library. They implement DES Authentication. See rpc(3) for further
details about RPC.
The authdes_create() is the first of two routines which interface to the RPC secure authentication
system, known as DES authentication. The second is authdes_getucred(), below.
Note: the keyserver daemon keyserv(8) must be running for the DES authentication system to work.
The authdes_create() function, used on the client side, returns an authentication handle that will enable
the use of the secure authentication system. The first argument name is the network name, or netname, of
the owner of the server process. This field usually represents a hostname derived from the utility
routine host2netname(), but could also represent a user name using user2netname(). The second field is
window on the validity of the client credential, given in seconds. A small window is more secure than a
large one, but choosing too small of a window will increase the frequency of resynchronizations because
of clock drift. The third argument addr is optional. If it is NULL, then the authentication system will
assume that the local clock is always in sync with the server's clock, and will not attempt
resynchronizations. If an address is supplied, however, then the system will use the address for
consulting the remote time service whenever resynchronization is required. This argument is usually the
address of the RPC server itself. The final argument ckey is also optional. If it is NULL, then the
authentication system will generate a random DES key to be used for the encryption of credentials. If it
is supplied, however, then it will be used instead.
The authdes_pk_create() function is identical to authdes_create(), except that the public key needs to be
provided at calling time and will not looked up by this function itself.
The authdes_getucred() function, the second of the two DES authentication routines, is used on the server
side for converting a DES credential, which is operating system independent, into a Unix credential.
This routine differs from utility routine netname2user() in that authdes_getucred() pulls its information
from a cache, and does not have to do a Yellow Pages lookup every time it is called to get its
information.
The getnetname() function installs the unique, operating-system independent netname of the caller in the
fixed-length array name. Returns TRUE if it succeeds and FALSE if it fails.
The host2netname() function converts from a domain-specific hostname to an operating-system independent
netname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of netname2host().
The key_decryptsession() function is an interface to the keyserver daemon, which is associated with RPC's
secure authentication system (DES authentication). User programs rarely need to call it, or its
associated routines key_encryptsession(), key_gendes() and key_setsecret(). System commands such as
login(1) and the RPC library are the main clients of these four routines.
The key_decryptsession() function takes a server netname and a DES key, and decrypts the key by using the
public key of the server and the secret key associated with the effective uid of the calling process. It
is the inverse of key_encryptsession().
The key_encryptsession() function is a keyserver interface routine. It takes a server netname and a des
key, and encrypts it using the public key of the server and the secret key associated with the effective
uid of the calling process. It is the inverse of key_decryptsession().
The key_gendes() function is a keyserver interface routine. It is used to ask the keyserver for a secure
conversation key. Choosing one "random" is usually not good enough, because the common ways of choosing
random numbers, such as using the current time, are very easy to guess.
The key_setsecret() function is a keyserver interface routine. It is used to set the key for the
effective uid of the calling process.
The netname2host() function converts from an operating-system independent netname to a domain-specific
hostname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of host2netname().
The netname2user() function converts from an operating-system independent netname to a domain-specific
user ID. Returns TRUE if it succeeds and FALSE if it fails. Inverse of user2netname().
The user2netname() function converts from a domain-specific username to an operating-system independent
netname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of netname2user().
AVAILABILITY
These functions are part of libtirpc.
SEE ALSO
rpc(3), xdr(3)
The following manuals:
Remote Procedure Calls: Protocol Specification.
Remote Procedure Call Programming Guide.
Rpcgen Programming Guide.
RPC: Remote Procedure Call Protocol Specification, RFC1050, Sun Microsystems Inc., USC-ISI.
Debian February 16, 1988 RPC(3)