summaryrefslogtreecommitdiffstats
path: root/mcop/md5auth.h
diff options
context:
space:
mode:
Diffstat (limited to 'mcop/md5auth.h')
-rw-r--r--mcop/md5auth.h105
1 files changed, 105 insertions, 0 deletions
diff --git a/mcop/md5auth.h b/mcop/md5auth.h
new file mode 100644
index 0000000..c0197ff
--- /dev/null
+++ b/mcop/md5auth.h
@@ -0,0 +1,105 @@
+ /*
+
+ Copyright (C) 2000 Stefan Westerfeld
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public License
+ along with this library; see the file COPYING.LIB. If not, write to
+ the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+
+ */
+
+/*
+ * BC - Status (2002-03-08): arts_md5_*
+ *
+ * No guarantees - do not use.
+ */
+
+#ifndef MD5_AUTH_H
+#define MD5_AUTH_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif /* __cplusplus */
+
+/*
+ * How that MD5 auth stuff is supposed to work:
+ *
+ * Initialization:
+ *
+ * Your service calls arts_md5_auth_set_cookie and passes a "secret cookie".
+ * Lets call the "secret cookie" S. As soon as a client wants to connect,
+ * he needs the same secret cookie S.
+ *
+ * Of course the user can copy the "secret cookie" using a secure connection
+ * to any computer from which he wants to access the service.
+ *
+ * 0. SERVER: if no common secret cookie is available, generate a random
+ * cookie and keep it secret - ensure (through secure connections)
+ * that the client gets the secret cookie
+ *
+ * 1. SERVER: generate a new (random) cookie R
+ * 2. SERVER: send it to the client
+ * 3. CLIENT: (should get/have the "secret cookie" S from somewhere secure)
+ * 4. CLIENT: mangle the cookies R and S to a mangled cookie M
+ * 5. CLIENT: send M to the server
+ * 6. SERVER: verify that mangling R and S gives just the same thing as the
+ * cookie M received from the client. If yes, authentication is successful.
+ *
+ * The advantage of that protocol is, that even somebody who can read all
+ * network traffic can't find out the secret cookie S, as that is never
+ * transferred as plaintext.
+ */
+
+/*
+ * generates a new random cookie R (also be used to generate secret cookies)
+ * => free it when you don't need it any more
+ */
+char *arts_md5_auth_mkcookie();
+
+/*
+ * mangles a "secret cookie" with another "random cookie"
+ * => free result when done
+ */
+char *arts_md5_auth_mangle(const char *random);
+
+/*
+ * using arts_md5_auth_init_seed, the security will be improved by loading a
+ * randomseed from that file, and (if it has no recent date) saving a new
+ * seed to it - this will ensure that the arts_md5_auth_mkcookie() routine will
+ * return a really unpredictable result (as it depends on all processes that
+ * ever have touched the seed)
+ */
+void arts_md5_auth_init_seed(const char *seedname);
+
+/*
+ * use this routine to set the "secret cookie" - you can pass a newly
+ * generated random cookie here, or the secret cookie you got from
+ * elsewhere (to communicate with others)
+ *
+ * returns true if success (good cookie), false if setting the cookie failed
+ */
+bool arts_md5_auth_set_cookie(const char *cookie);
+
+/*
+ * returns "secret cookie"
+ */
+const char *arts_md5_auth_cookie();
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif