{ "content": [ { "type": "text", "text": "# rpc_secure (man)\n\n## NAME\n\nrpcsecure — library routines for secure remote procedure calls\n\n## DESCRIPTION\n\nThese routines are part of the RPC library. They implement DES Authentication. See rpc(3) for\nfurther details about RPC.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS** (1 subsections)\n- **DESCRIPTION**\n- **AVAILABILITY**\n- **SEE ALSO**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "rpc_secure", "section": "", "mode": "man", "summary": "rpcsecure — library routines for secure remote procedure calls", "synopsis": "", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [ { "name": "rpc", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/rpc/3/json" }, { "name": "xdr", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/xdr/3/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 1, "subsections": [ { "name": "#include ", "lines": 38 } ] }, { "name": "DESCRIPTION", "lines": 73, "subsections": [] }, { "name": "AVAILABILITY", "lines": 2, "subsections": [] }, { "name": "SEE ALSO", "lines": 13, "subsections": [] } ], "sections": { "NAME": { "content": "rpcsecure — library routines for secure remote procedure calls\n", "subsections": [] }, "SYNOPSIS": { "content": "", "subsections": [ { "name": "#include ", "content": "AUTH *\nauthdescreate(char *name, unsigned window, struct sockaddr *addr, desblock *ckey);\n\nAUTH *\nauthdespkcreate(char *name, netobj *publickey, unsigned window, struct sockaddr *addr,\ndesblock *ckey);\n\nint\nauthdesgetucred(struct authdescred *adc, uidt *uid, gidt *gid, int *grouplen,\ngidt *groups);\n\nint\ngetnetname(char *name);\n\nint\nhost2netname(char *name, const char *host, const char *domain);\n\nint\nkeydecryptsession(const char *remotename, desblock *deskey);\n\nint\nkeyencryptsession(const char *remotename, desblock *deskey);\n\nint\nkeygendes(desblock *deskey);\n\nint\nkeysetsecret(const char *key);\n\nint\nnetname2host(char *name, char *host, int hostlen);\n\nint\nnetname2user(char *name, uidt *uidp, gidt *gidp, int *gidlenp, gidt *gidlist);\n\nint\nuser2netname(char *name, const uidt uid, const char *domain);\n" } ] }, "DESCRIPTION": { "content": "These routines are part of the RPC library. They implement DES Authentication. See rpc(3) for\nfurther details about RPC.\n\nThe authdescreate() is the first of two routines which interface to the RPC secure authentica‐\ntion system, known as DES authentication. The second is authdesgetucred(), below.\n\nNote: the keyserver daemon keyserv(8) must be running for the DES authentication system to\nwork.\n\nThe authdescreate() function, used on the client side, returns an authentication handle that\nwill enable the use of the secure authentication system. The first argument name is the net‐\nwork name, or netname, of the owner of the server process. This field usually represents a\nhostname derived from the utility routine host2netname(), but could also represent a user name\nusing user2netname(). The second field is window on the validity of the client credential,\ngiven in seconds. A small window is more secure than a large one, but choosing too small of a\nwindow will increase the frequency of resynchronizations because of clock drift. The third ar‐\ngument addr is optional. If it is NULL, then the authentication system will assume that the\nlocal clock is always in sync with the server's clock, and will not attempt resynchronizations.\nIf an address is supplied, however, then the system will use the address for consulting the re‐\nmote time service whenever resynchronization is required. This argument is usually the address\nof the RPC server itself. The final argument ckey is also optional. If it is NULL, then the\nauthentication system will generate a random DES key to be used for the encryption of creden‐\ntials. If it is supplied, however, then it will be used instead.\n\nThe authdespkcreate() function is identical to authdescreate(), except that the public key\nneeds to be provided at calling time and will not looked up by this function itself.\n\nThe authdesgetucred() function, the second of the two DES authentication routines, is used on\nthe server side for converting a DES credential, which is operating system independent, into a\nUNIX credential. This routine differs from utility routine netname2user() in that\nauthdesgetucred() pulls its information from a cache, and does not have to do a Yellow Pages\nlookup every time it is called to get its information.\n\nThe getnetname() function installs the unique, operating-system independent netname of the\ncaller in the fixed-length array name. Returns TRUE if it succeeds and FALSE if it fails.\n\nThe host2netname() function converts from a domain-specific hostname to an operating-system in‐\ndependent netname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of\nnetname2host().\n\nThe keydecryptsession() function is an interface to the keyserver daemon, which is associated\nwith RPC's secure authentication system (DES authentication). User programs rarely need to\ncall it, or its associated routines keyencryptsession(), keygendes() and keysetsecret().\nSystem commands such as login(1) and the RPC library are the main clients of these four rou‐\ntines.\n\nThe keydecryptsession() function takes a server netname and a DES key, and decrypts the key by\nusing the public key of the server and the secret key associated with the effective uid of the\ncalling process. It is the inverse of keyencryptsession().\n\nThe keyencryptsession() function is a keyserver interface routine. It takes a server netname\nand a des key, and encrypts it using the public key of the server and the secret key associated\nwith the effective uid of the calling process. It is the inverse of keydecryptsession().\n\nThe keygendes() function is a keyserver interface routine. It is used to ask the keyserver\nfor a secure conversation key. Choosing one \"random\" is usually not good enough, because the\ncommon ways of choosing random numbers, such as using the current time, are very easy to guess.\n\nThe keysetsecret() function is a keyserver interface routine. It is used to set the key for\nthe effective uid of the calling process.\n\nThe netname2host() function converts from an operating-system independent netname to a domain-\nspecific hostname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of\nhost2netname().\n\nThe netname2user() function converts from an operating-system independent netname to a domain-\nspecific user ID. Returns TRUE if it succeeds and FALSE if it fails. Inverse of\nuser2netname().\n\nThe user2netname() function converts from a domain-specific username to an operating-system in‐\ndependent netname. Returns TRUE if it succeeds and FALSE if it fails. Inverse of\nnetname2user().\n", "subsections": [] }, "AVAILABILITY": { "content": "These functions are part of libtirpc.\n", "subsections": [] }, "SEE ALSO": { "content": "rpc(3), xdr(3)\n\nThe following manuals:\n\nRemote Procedure Calls: Protocol Specification.\n\nRemote Procedure Call Programming Guide.\n\nRpcgen Programming Guide.\n\nRPC: Remote Procedure Call Protocol Specification, RFC1050, Sun Microsystems Inc., USC-ISI.\n\nBSD February 16, 1988 BSD", "subsections": [] } } } }