The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

krb_net_write (3)
  • >> krb_net_write (3) ( Solaris man: Библиотечные вызовы )
  • 
    NAME
         krb_sendauth, krb_recvauth,  krb_net_write,  krb_net_read  -
         Kerberos  routines  for  sending  authentication via network
         stream sockets
    
    SYNOPSIS
         cc [ flag ... ] file ... -lkrb [ library ... ]
         #include <kerberos/krb.h>
         #include <netinet/in.h>
    
         int krb_sendauth(const long options,  const  int  fd,  KTEXT
         ktext,  const  char  *service,  const char *inst, const char
         *realm, const ulong_t checksum, MSG_DAT  *msg_data,  CREDEN-
         TIALS *cred, Key_schedule schedule, const struct sockaddr_in
         *laddr, const struct sockaddr_in *faddr,  const  char  *ver-
         sion);
    
         int krb_recvauth(const long options,  const  int  fd,  KTEXT
         ktext,   const  char  *service,  char  *inst,  const  struct
         sockaddr_in  *faddr,  const   struct   sockaddr_in   *laddr,
         AUTH_DAT  *auth_data,  const  char  *filename,  Key_schedule
         schedule, char *version);
    
         int krb_net_write(const int fd, const char *buf,  const  int
         len);
    
         int krb_net_read(const int fd, char *buf, const int len);
    
    DESCRIPTION
         These functions, which are built on top of the core Kerberos
         library,  provide  a  convenient means for client and server
         programs to send  authentication  messages  to  one  another
         through network connections.
    
         The krb_sendauth() function sends  an  authenticated  ticket
         from the client program to the server program by writing the
         ticket to a network socket.
    
         The krb_recvauth() function receives  the  ticket  from  the
         client by reading from a network socket.
    
      krb_sendauth()
         This function writes the ticket to the network socket speci-
         fied  by  the file descriptor fd, returning  KSUCCESS if the
         write proceeds successfully, and an error code  if  it  does
         not.
    
         The ktext argument should point  to  an  allocated  KTEXT_ST
         structure.  The  service,  inst, and realm arguments specify
         the server program's Kerberos principal name, instance,  and
         realm. If you are writing a client that uses the local realm
         exclusively, you can set the realm argument to NULL.
         The version argument allows the client program  to  pass  an
         application-specific  version string that the server program
         can then match against its own version string.  The  version
         string  can  be up to  KSEND_VNO_LEN (see  <kerberos/krb.h>)
         characters in length.
    
         The checksum argument can be used to pass checksum  informa-
         tion  to the server program. The client program is responsi-
         ble for specifying this information. This checksum  informa-
         tion  is  difficult to corrupt because krb_sendauth() passes
         it over the network in encrypted form. The checksum argument
         is  passed  as  the  checksum  argument to krb_mk_req() (see
         kerberos(3KRB)).
    
         You can set krb_sendauth()'s other arguments to NULL  unless
         you  want the client and server programs to mutually authen-
         ticate themselves. In the case of mutual authentication, the
         client  authenticates  itself  to  the  server  program, and
         demands that the server in turn authenticate itself  to  the
         client.
    
      krb_sendauth() and Mutual Authentication
         If you want mutual authentication, make sure that  you  read
         all  pending  data  from  the  local  socket  before calling
         krb_sendauth(). Set  krb_sendauth()'s  options  argument  to
         KOPT_DO_MUTUAL  (this macro is defined in <kerberos/krb.h>);
         make sure that the laddr argument points to the  address  of
         the  local  socket,  and  that  faddr  points to the foreign
         socket's network address.
    
         krb_sendauth() fills in  the  other  arguments  -  msg_data,
         cred, and schedule - before sending the ticket to the server
         program. You must, however, allocate space for  these  argu-
         ments before calling the function.
    
         krb_sendauth() supports two other options:  KOPT_DONT_MK_REQ
         and   KOPT_DONT_CANON.   If   called  with  options  set  as
         KOPT_DONT_MK_REQ,   krb_sendauth()   will   not   use    the
         krb_mk_req()  (see  kerberos(3KRB)) function to retrieve the
         ticket from the Kerberos server.  The  ktext  argument  must
         point to an existing ticket and authenticator (such as would
         be created by  krb_mk_req()), and  the  service,  inst,  and
         realm arguments can be set to  NULL.
    
         If   called   with   options   set   as     KOPT_DONT_CANON,
         krb_sendauth()  will  not  convert the service's instance to
         canonical     form     using       krb_get_phost()      (see
         krb_realmofhost(3KRB)).
    
         If you want to call krb_sendauth() with a  multiple  options
         specification,  construct  options  as  a  bitwise-OR of the
         options you want to specify.
    
      krb_recvauth()
         The krb_recvauth()  function  reads  a  ticket/authenticator
         pair  from the socket pointed to by the fd argument. Set the
         options argument as a bitwise-OR  of  the  options  desired.
         Currently only  KOPT_DO_MUTUAL is useful to the receiver.
    
         The ktext argument should point to  an  allocated   KTEXT_ST
         structure.    krb_recvauth()    fills    ktext    with   the
         ticket/authenticator pair read from fd, then  passes  it  to
         krb_rd_req() (see kerberos(3KRB)).
    
         The service and inst arguments specify the expected  service
         and  instance  for  which the ticket was generated. They are
         also passed to krb_rd_req() (see kerberos(3KRB)).  The  inst
         argument may be set to "*" if the caller wishes krb_mk_req()
         (see kerberos(3KRB)) to fill in the instance used (note that
         there  must  be  space  in  the inst argument to hold a full
         instance name, see  krb_mk_req() on kerberos(3KRB)).
    
         The faddr argument should point to the address of  the  peer
         which  is  presenting  the  ticket.  It  is  also  passed to
         krb_rd_req() (see kerberos(3KRB)).
    
         If the client and server plan to mutually  authenticate  one
         another,  the  laddr  argument  should  point  to  the local
         address of the file descriptor. Otherwise you can  set  this
         argument to  NULL.
    
         The  auth_data  argument  should  point  to   an   allocated
         AUTH_DAT area. It is passed to and filled in by krb_rd_req()
         (see kerberos(3KRB)). The checksum passed to the correspond-
         ing krb_sendauth() is available as part of the filled-in
          AUTH_DAT area.
    
         The filename argument specifies the filename which the  ser-
         vice   program   should  use  to  obtain  its  service  key.
         krb_recvauth() passes filename to the krb_rd_req() function,
         see   kerberos(3KRB),  If  you  set  this  argument  to  "",
         krb_rd_req()  looks  for  the  service  key  in   the   file
         /etc/srvtab.
    
         If the client and server are performing  mutual  authentica-
         tion,  the  schedule  argument  should point to an allocated
         Key_schedule. Otherwise it is ignored and may be  NULL.
    
         The version argument should point to a character array of at
         least   KSEND_VNO_LEN  characters.  It is filled in with the
         version string passed by the client to krb_sendauth().
    
      krb_net_write() and krb_net_read()
         The krb_net_write() function emulates  the  write(2)  system
         call,  but  guarantees that all data specified is written to
         fd before returning, unless an error condition occurs.
    
         The krb_net_read()  function  emulates  the  read(2)  system
         call,  but  guarantees  that the requested amount of data is
         read from fd before returning,  unless  an  error  condition
         occurs.
    
    ATTRIBUTES
         See attributes(5) for descriptions of the  following  attri-
         butes:
    
         ____________________________________________________________
        |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
        |_____________________________|_____________________________|
        | MT-Level                    | Unsafe                      |
        |_____________________________|_____________________________|
    
    
    SEE ALSO
         read(2),   write(2),   kerberos(3KRB),   kerberos_rpc(3KRB),
         krb_realmofhost(3KRB), attributes (5)
    
    NOTES
         These interfaces are unsafe in  multithreaded  applications.
         Unsafe  interfaces  should  be  called  only  from  the main
         thread.
    
    BUGS
         krb_sendauth(),   krb_recvauth(),    krb_net_write(),    and
         krb_net_read()  will  not  work  properly  on sockets set to
         non-blocking I/O mode.
    
    AUTHOR
         John T. Kohl, MIT Project Athena
    
    RESTRICTIONS
         Copyright 1988, Massachusetts Institute of  Technology.  For
         copying  and distribution information, please see the header
         <kerberos/mit-copyright.h>.
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру