HP-UX Reference (11i v1 00/12) - 3 Library Functions N-Z (vol 7)
__________________________________________________________________________________________________________________________________________________________________________________________________
__________________________________________________________________________________________________________________________________________________________________________________________________
STANDARD Printed by: Nora Chuang [nchuang] STANDARD
/build/1111/BRICK/man3/nan.3m
________________________________________________________________
___ ___
s
secure_rpc(3N) secure_rpc(3N)
The HP-UX implementation of RPC only supports the X/Open Transport Interface (XTI). Applications that
are written using the Transport Layer Interface (TLI) and wish to use RPC, must convert their application
to XTI.
Routines
See rpc(3N) for the definition of the AUTH data structure.
int authdes_getucred()
authdes_getucred()
is the first of the two routines which interface to the RPC secure authenti-
cation system known as AUTH_DES. The second is authdes_seccreate(), below.
authdes_getucred() is used on the server side for converting an AUTH_DES credential, which
is operating system independent, into an AUTH_SYS credential. This routine returns 1 if it succeeds,
0 if it fails.
*uidp is set to the user’s numerical ID associated with adc. *gidp is set to the numerical ID of the
user’s group. *gidlist contains the numerical IDs of the other groups to which the user belongs.
*gidlenp is set to the number of valid group ID entries in *gidlist (see netname2user(), below).
Warning: authdes_getucred() will fail if the authdes_cred structure was created with the net-
name of a host. In such a case, netname2host()
should be used on the host netname in the
authdes_cred structure to get the host name.
AUTH *authdes_seccreate()
authdes_seccreate()
, the second of two AUTH_DES authentication routines, is used on the
client side to return an authentication handle that will enable the use of the secure authentication sys-
tem. The first parameter name is the network name, or netname, of the owner of the server process.
This field usually represents a hostname derived from the utility routine
host2netname()
, but
could also represent a user name using
user2netname()
, described below.
The second field is window on the validity of the client credential, given in seconds. If the difference
in time between the client’s clock and the server’s clock exceeds window, the server will reject the
client’s credentials, and the clock will have to be resynchronized. A small window is more secure than
a large one, but choosing too small of a window will increase the frequency of resynchronizations
because of clock drift.
The third parameter, timehost, the host’s name, is optional. If it is
NULL, then the authentication
system will assume that the local clock is always in sync with the timehost clock, and will not attempt
resynchronizations. If a timehost is supplied, however, then the system will consult with the remote
time service whenever resynchronization is required. This parameter is usually the name of the host
on which the server is running.
The final parameter ckey is also optional. If it is
NULL, then the authentication system will generate
a random DES key to be used for the encryption of credentials. If ckey is supplied, then it will be used
instead.
If
authdes_seccreate() fails, it returns NULL.
int getnetname()
getnetname()
returns the unique, operating system independent netname of the caller in the
fixed-length array name. Returns 1 if it succeeds, and 0 if it fails.
int host2netname()
Convert from a domain-specific hostname host to an operating system independent netname. Returns
1 if it succeeds, and 0 if it fails. Inverse of netname2host()
.Ifdomain is NULL,
host2netname() uses the default domain name of the machine. If host is
NULL, it defaults to
that machine itself.
int key_decryptsession()
key_decryptsession()
is an interface to the keyserver daemon, which is associated with RPC’s
secure authentication system (AUTH_DES authentication). User programs rarely need to call it, or its
associated routines key_encryptsession(), key_gendes() , and key_setsecret()
.
key_decryptsession() takes a server netname remotename and a DES key deskey, and
decrypts the key by using the the public key of the the server and the secret key associated with the
effective UID of the calling process. It is the inverse of
key_encryptsession().
int key_encryptsession()
key_encryptsession()
is a keyserver interface routine. It takes a server netname remotename
and a DES key deskey, and encrypts it using the public key of the the server and the secret key
Section 3−−834 − 2 − HP-UX Release 11i: December 2000
___
___