SunRPCAuth.mesa
Copyright Ó 1991 by Xerox Corporation. All rights reserved.
Demers, September 16, 1987 10:58:16 am PDT
DIRECTORY
Rope USING [ROPE]
;
SunRPCAuth: CEDAR DEFINITIONS
~ {
ROPE: TYPE ~ Rope.ROPE;
Types
Flavor: TYPE ~ RECORD [CARD];
nullFlavor: Flavor ~ [0];
unixFlavor: Flavor ~ [1];
shortFlavor: Flavor ~ [2];
OpaqueValue: TYPE ~ REF TEXT;
maxValueBytes: CARDINAL ~ 500;
AuthenticateResult: TYPE ~ {
ok,
badCredentials, -- can't be parsed
wrongCredentials, -- don't like them
badVerifier, -- can't be parsed
wrongVerifier -- don't like it
};
Conversation: TYPE ~ REF ConversationObject;
ConversationObject: TYPE ~ RECORD [
flavor: Flavor,
procs: Procs,
conversationData: REF
];
Procs: TYPE ~ REF ProcsObject;
ProcsObject: TYPE ~ RECORD [
getCredentialsAndNextVerifier: GetCredentialsAndNextVerifierProc,
checkReplyVerifier: CheckReplyVerifierProc,
noShortcut: NoShortcutProc,
terminate: TerminateProc
];
Clients
Initiate: PROC [flavor: Flavor ¬ nullFlavor, myName, myPassword: ROPE ¬ NIL, hisName: ROPE ¬ NIL]
RETURNS [c: Conversation];
Create a conversation to talk to him.
! Error[$flavorOutOfRange | $flavorNotRegistered | $wrongUserPassword | $wrongService | $timeout | $protocol]
The client of a remote program uses Initiate to create a conversation. This conversation is passed as an argument in each remote call.
NoShortcut: NoShortcutProc ~ INLINE { RETURN[c.procs.noShortcut[c]] };
NoShortcutProc: TYPE ~ PROC [c: Conversation] RETURNS [wasShortcut: BOOL];
Check whether short flavor authentication was being used on this conversation, and if so blow it away. The client of a remote program uses this after a call has been rejected for authentication errors.
Terminate: TerminateProc ~ INLINE { c.procs.terminate[c] };
TerminateProc: TYPE ~ PROC [c: Conversation];
The client of a remote program uses Terminate to release a conversation at the end of a session.
GetCredentialsAndNextVerifier: GetCredentialsAndNextVerifierProc ~ INLINE {
[cFlavor, credentials, vFlavor, verifier] ¬ c.procs.getCredentialsAndNextVerifier[c];
};
GetCredentialsAndNextVerifierProc: TYPE ~ PROC [c: Conversation]
RETURNS [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue];
The SunRPC runtime package uses GetCredentialsAndNextVerifier to extract the flavor, credentials and verifier information that is sent with each call.
CheckReplyVerifier: CheckReplyVerifierProc ~ INLINE {
result ¬ c.procs.checkReplyVerifier[c, flavor, verifier];
};
CheckReplyVerifierProc: TYPE ~ PROC [c: Conversation, flavor: Flavor, verifier: OpaqueValue]
RETURNS [result: AuthenticateResult];
The SunRPC runtime package uses CheckReplyVerifier to check the reply verifier that is returned with each reply.
Servers
Authenticate: PROC [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue]
RETURNS [result: AuthenticateResult, replyFlavor: Flavor, replyVerifier: OpaqueValue, c: Conversation];
! Error[$badCredentials | $wrongCredentials | $badVerifier | $wrongVerifier]
The SunRPCRuntime server stub uses Authenticate, which eventually calls the registered AuthenticateProc.
A client of SunRPCRuntime that implements a remote program server receives a server Conversation as an argument; it can look at the flavor and then make whatever flavor-specific queries are appropriate.
Implementors
Register: PROC [flavor: Flavor, initiate: InitiateProc, authenticate: AuthenticateProc, sweep: SweepProc, registrationData: REF];
Register the given procs as the way to do authentication of the given flavor.
! Error[$FlavorOutOfRange | ]
InitiateProc: TYPE ~ PROC [flavor: Flavor, myName, myPassword: ROPE, hisName: ROPE, registrationData: REF]
RETURNS [c: Conversation];
! Error[...]
AuthenticateProc: TYPE ~ PROC [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue, registrationData: REF]
RETURNS [result: AuthenticateResult, replyFlavor: Flavor, replyVerifier: OpaqueValue, c: Conversation];
Called (eventually) as a result of the SunRPCRuntime server stub calling Authenticate.
SweepProc: TYPE ~ PROC [registrationData: REF, secondsSinceLastSweep: CARD];
Called periodically for housekeeping.
CreateShort: PROC [c: Conversation] RETURNS [replyVerifier: OpaqueValue];
Make up a short key to identify the conversation.
DestroyShort: PROC [key: OpaqueValue];
Invalidate a short key.
Error
Error: ERROR [code: ATOM];
Codes:
$flavorOutOfRange
$flavorNotRegistered
$wrongUserPassword : user unknown or wrong password for user.
$wrongService : specified service (hisName) in Initiate doesn't exist.
$badCredentials : can't parse them.
$wrongCredentials : not acceptable.
$badVerifier : can't parse it.
$wrongVerifier : not acceptable.
$timeout : unable to contact authentication service.
$protocol : confusion in talking to authentication service.
}...