
DIRECTORY
Rope USING [ROPE]
;

SunRPCAuth: CEDAR DEFINITIONS
~ {

ROPE: TYPE ~ Rope.ROPE;
Flavor: TYPE ~ RECORD [CARD];
nullFlavor: Flavor ~ [0];
unixFlavor: Flavor ~ [1];
shortFlavor: Flavor ~ [2];

OpaqueValue: TYPE ~ REF TEXT;
maxValueBytes: CARDINAL ~ 500;

AuthenticateResult: TYPE ~ {
ok,
badCredentials, -- can't be parsed
wrongCredentials, -- don't like them
badVerifier, -- can't be parsed
wrongVerifier -- don't like it
};

Conversation: TYPE ~ REF ConversationObject;
ConversationObject: TYPE ~ RECORD [
flavor: Flavor,
procs: Procs,
conversationData: REF
];

Procs: TYPE ~ REF ProcsObject;
ProcsObject: TYPE ~ RECORD [
getCredentialsAndNextVerifier: GetCredentialsAndNextVerifierProc,
checkReplyVerifier: CheckReplyVerifierProc,
noShortcut: NoShortcutProc,
terminate: TerminateProc
];
Initiate: PROC [flavor: Flavor ¬ nullFlavor, myName, myPassword: ROPE ¬ NIL, hisName: ROPE ¬ NIL]
RETURNS [c: Conversation];


NoShortcut: NoShortcutProc ~ INLINE { RETURN[c.procs.noShortcut[c]] };

NoShortcutProc: TYPE ~ PROC [c: Conversation] RETURNS [wasShortcut: BOOL];


Terminate: TerminateProc ~ INLINE { c.procs.terminate[c] };

TerminateProc: TYPE ~ PROC [c: Conversation];


GetCredentialsAndNextVerifier: GetCredentialsAndNextVerifierProc ~ INLINE {
[cFlavor, credentials, vFlavor, verifier] ¬ c.procs.getCredentialsAndNextVerifier[c];
};

GetCredentialsAndNextVerifierProc: TYPE ~ PROC [c: Conversation]
RETURNS [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue];


CheckReplyVerifier: CheckReplyVerifierProc ~ INLINE {
result ¬ c.procs.checkReplyVerifier[c, flavor, verifier];
};

CheckReplyVerifierProc: TYPE ~ PROC [c: Conversation, flavor: Flavor, verifier: OpaqueValue]
RETURNS [result: AuthenticateResult];

Authenticate: PROC [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue]
RETURNS [result: AuthenticateResult, replyFlavor: Flavor, replyVerifier: OpaqueValue, c: Conversation];

Register: PROC [flavor: Flavor, initiate: InitiateProc, authenticate: AuthenticateProc, sweep: SweepProc, registrationData: REF];

InitiateProc: TYPE ~ PROC [flavor: Flavor, myName, myPassword: ROPE, hisName: ROPE, registrationData: REF]
RETURNS [c: Conversation];
AuthenticateProc: TYPE ~ PROC [cFlavor: Flavor, credentials: OpaqueValue, vFlavor: Flavor, verifier: OpaqueValue, registrationData: REF]
RETURNS [result: AuthenticateResult, replyFlavor: Flavor, replyVerifier: OpaqueValue, c: Conversation];

SweepProc: TYPE ~ PROC [registrationData: REF, secondsSinceLastSweep: CARD];

CreateShort: PROC [c: Conversation] RETURNS [replyVerifier: OpaqueValue];

DestroyShort: PROC [key: OpaqueValue];
Error: ERROR [code: ATOM];

}...
  h  
SunRPCAuth.mesa
Copyright س 1991 by Xerox Corporation.  All rights reserved.
Demers, September 16, 1987 10:58:16 am PDT
Types
Clients
Create a conversation to talk to him.
! Error[$flavorOutOfRange | $flavorNotRegistered | $wrongUserPassword | $wrongService | $timeout | $protocol]

The client of a remote program uses Initiate to create a conversation.  This conversation is passed as an argument in each remote call.
Check whether short flavor authentication was being used on this conversation, and if so blow it away.  The client of a remote program uses this after a call has been rejected for authentication errors.
The client of a remote program uses Terminate to release a conversation at the end of a session.
The SunRPC runtime package uses GetCredentialsAndNextVerifier to extract the flavor, credentials and verifier information that is sent with each call.
The SunRPC runtime package uses CheckReplyVerifier to check the reply verifier that is returned with each reply.
Servers
! Error[$badCredentials | $wrongCredentials | $badVerifier | $wrongVerifier]
The SunRPCRuntime server stub uses Authenticate, which eventually calls the registered AuthenticateProc.
A client of SunRPCRuntime that implements a remote program server receives a server Conversation as an argument; it can look at the flavor and then make whatever flavor-specific queries are appropriate.
Implementors
Register the given procs as the way to do authentication of the given flavor.
! Error[$FlavorOutOfRange | ]
! Error[...]

Called (eventually) as a result of the SunRPCRuntime server stub calling Authenticate.
Called periodically for housekeeping.
Make up a short key to identify the conversation.
Invalidate a short key.
Error
Codes:
$flavorOutOfRange
$flavorNotRegistered
$wrongUserPassword : user unknown or wrong password for user.
$wrongService : specified service (hisName) in Initiate doesn't exist.
$badCredentials : can't parse them.
$wrongCredentials : not acceptable.
$badVerifier : can't parse it.
$wrongVerifier : not acceptable.
$timeout : unable to contact authentication service.
$protocol : confusion in talking to authentication service.
 ‌تً  –(cedarcode) style•NewlineDelimiter
™ code™Kڑœ
دeœ1™<K™*Kک —ڑدk	ک	Kڑœ‍œ‍œکKکKک —ڑدn
œ‍œ‍کKکKک Kڑ‍œ‍œ‍œکhead™ڑœ‍œ‍œ‍œکKکKکKکKک —Kڑœ‍œ‍œ‍œکKڑœ‍œکKک ڑœ‍œکKکKڑœدcک"Kڑœ ک$Kڑœ کKڑœ کKکKک —Kڑœ‍œ‍œک,ڑœ‍œ‍œک#KکKڑœکKڑœ‍کKکKک —Kڑœ‍œ‍œکڑœ‍œ‍œکKڑœAکAKڑœ+ک+KکKڑœکKک——™ڑںœ‍œ3‍œ‍œ‍œ‍œکaKڑ‍œکK™%Kڑœm™mK™ K™‡—Kک Kک ڑں
œ‍œ‍œکFKک Kڑ	œ‍œ‍œ‍œ‍œکJKک K™تKک Kک —ڑں	œ‍œک;Kک Kڑœ‍œ‍œک-Kک K™`Kک Kک —ڑںœ&‍œکKKڑœUکUKکKک ڑœ#‍œ‍œک@Kڑ‍œUک\Kک —™–Kک ——Kک ڑںœ‍œک5Kڑœ9ک9KکKک ڑœ‍œ‍œ9ک\Kڑ‍œک%Kک —Kڑœp™p——™ڑںœ‍œTکfKڑ‍œ`کgK™LKک Kڑœh™hKڑœت™ت——™ڑںœ‍œn‍œکپK™MK™Kک —ڑœ‍œ‍œ&‍œ‍œ‍œکjKڑ‍œکK™K™ —ڑœ‍œ‍œg‍œکˆKڑ‍œ`کgKڑœV™VKک —ڑ	œ‍œ‍œ‍œ‍œکLK™%Kک —ڑںœ‍œ‍œکIK™1Kک —ڑںœ‍œک&K™——™ڑںœ‍œ‍œک™Kڑœ™Kڑœ™K™=K™FK™#K™#K™K™ K™4K™;——Kک —Kک—— …—    
Œ  ن  