1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
/*
Copyright (C) 2000 Stefan Westerfeld
stefan@space.twc.de
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Library General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Library General Public License
along with this library; see the file COPYING.LIB. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
/*
* BC - Status (2002-03-08): arts_md5_*
*
* No guarantees - do not use.
*/
#ifndef MD5_AUTH_H
#define MD5_AUTH_H
#ifdef __cplusplus
extern "C"
{
#endif /* __cplusplus */
/*
* How that MD5 auth stuff is supposed to work:
*
* Initialization:
*
* Your service calls arts_md5_auth_set_cookie and passes a "secret cookie".
* Lets call the "secret cookie" S. As soon as a client wants to connect,
* he needs the same secret cookie S.
*
* Of course the user can copy the "secret cookie" using a secure connection
* to any computer from which he wants to access the service.
*
* 0. SERVER: if no common secret cookie is available, generate a random
* cookie and keep it secret - ensure (through secure connections)
* that the client gets the secret cookie
*
* 1. SERVER: generate a new (random) cookie R
* 2. SERVER: send it to the client
* 3. CLIENT: (should get/have the "secret cookie" S from somewhere secure)
* 4. CLIENT: mangle the cookies R and S to a mangled cookie M
* 5. CLIENT: send M to the server
* 6. SERVER: verify that mangling R and S gives just the same thing as the
* cookie M received from the client. If yes, authentication is successful.
*
* The advantage of that protocol is, that even somebody who can read all
* network traffic can't find out the secret cookie S, as that is never
* transferred as plaintext.
*/
/*
* generates a new random cookie R (also be used to generate secret cookies)
* => free it when you don't need it any more
*/
char *arts_md5_auth_mkcookie();
/*
* mangles a "secret cookie" with another "random cookie"
* => free result when done
*/
char *arts_md5_auth_mangle(const char *random);
/*
* using arts_md5_auth_init_seed, the security will be improved by loading a
* randomseed from that file, and (if it has no recent date) saving a new
* seed to it - this will ensure that the arts_md5_auth_mkcookie() routine will
* return a really unpredictable result (as it depends on all processes that
* ever have touched the seed)
*/
void arts_md5_auth_init_seed(const char *seedname);
/*
* use this routine to set the "secret cookie" - you can pass a newly
* generated random cookie here, or the secret cookie you got from
* elsewhere (to communicate with others)
*
* returns true if success (good cookie), false if setting the cookie failed
*/
bool arts_md5_auth_set_cookie(const char *cookie);
/*
* returns "secret cookie"
*/
const char *arts_md5_auth_cookie();
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif
|