authuser.3

wu-ftpd类unix下的ftp服务器,可用于嵌入式系统

.\"
.\" Copyright (c) 1999,2000 WU-FTPD Development Group. 
.\" All rights reserved.
.\" 
.\" Portions Copyright (c) 1980, 1985, 1988, 1989, 1990, 1991, 1993, 1994 
.\" The Regents of the University of California.  Portions Copyright (c) 
.\" 1993, 1994 Washington University in Saint Louis.  Portions Copyright 
.\" (c) 1996, 1998 Berkeley Software Design, Inc.  Portions Copyright (c) 
.\" 1998 Sendmail, Inc.  Portions Copyright (c) 1983, 1995, 1996, 1997 Eric 
.\" P. Allman.  Portions Copyright (c) 1989 Massachusetts Institute of 
.\" Technology.  Portions Copyright (c) 1997 Stan Barber.  Portions 
.\" Copyright (C) 1991, 1992, 1993, 1994, 1995, 1996, 1997 Free Software 
.\" Foundation, Inc.  Portions Copyright (c) 1997 Kent Landfield. 
.\"
.\" Use and distribution of this software and its source code are governed 
.\" by the terms and conditions of the WU-FTPD Software License ("LICENSE"). 
.\"
.\"     $Id: authuser.3,v 1.3 2000/07/01 18:40:49 wuftpd Exp $
.\"
.TH authuser 3
.SH NAME
authuser \- library to get information from a remote Authentication Server
.SH SYNTAX
.B #include <authuser.h>
.PP
.B unsigned short auth_tcpport;
.PP
.B char *auth_xline(user,fd,&in);
.PP
.B int auth_fd(fd,&in,&local,&remote);
.PP
.B char *auth_tcpuser(in,local,remote);
.PP
.B char *user;
.br
.B int fd;
.br
.B unsigned long in;
.br
.B unsigned short local;
.br
.B unsigned short remote;
.SH DESCRIPTION
The
.I authuser
library provides a simple interface for
finding out the remote identity
of a connection through the
Authentication Server
as specified by RFC 931.
Use the -lauthuser loader option
to compile a program with this library.
.PP
.B auth_xline(user,fd,&in)
returns a line of the form X-Auth-User: user or X-Forgery-By: username,
depending upon what the host on the other side of
.B fd
thinks of the user.
This is particularly appropriate for
mail and news headers.
.PP
If the remote host reports that
.B user
owns the connection on that side,
.B auth_xline
will return X-Auth-User: user.
If the remote host reports that a different
.B username
owns the connection,
.B auth_xline
will return X-Forgery-By: username.
If user is NULL,
it returns X-Auth-User: username
with the username reported by the remote host.
If 
.B fd
is not a TCP connection
or authentication is impossible,
.B auth_xline
returns NULL, setting errno appropriately.
.PP
The line is not cr-lf terminated.
It is stored in a static area
which is overwritten on each call to
.B auth_xline.
.B auth_xline
places the Internet address of the other host into in.
.PP
.B auth_fd(fd,&in,&local,&remote)
retrieves address information from the connection in socket
.B fd.
It places the
Internet address of the host on other side into
.B in
and the local and remote
TCP ports into 
.B local
and 
.B remote.
.B auth_fd
returns -1 upon error, setting errno appropriately.
.PP
.B auth_tcpuser(in,local,remote)
returns the name of the user on the other end of the TCP connection
between
.B remote@in
and
.B local.
If authentication is impossible,
.B auth_tcpuser
returns
NULL, setting errno appropriately.
The user name is stored in a static area
which is overwritten on each call to
.B auth_tcpuser
and
.B auth_xline.
.PP
The authentication routines check with the
remote Authentication Server on port
.B auth_tcpport,
which defaults to 113
as specified by RFC 931.
You can set
.B auth_tcpport
to other values
for nonstandard implementations.
.PP
.SH RESTRICTIONS
.I authuser
does no backslash interpretation
upon the remote user name.
Hopefully the next revision of RFC 931
will make clear exactly what backslash
interpretation should be going on.
.PP
.I authuser
does not use the operating system type
information provided by the Authentication Server.
.SH VERSION
authuser version 3.1, May 6, 1991.
.SH AUTHOR
Placed into the public domain by Daniel J. Bernstein.
.SH REFERENCES
The authentication server is more secure than passwords
in some ways, but less secure than passwords in many ways.
(It's certainly better than no password at all---e.g., for
mail or news.)
It is not the final solution.
For an excellent discussion of security problems within
the TCP/IP protocol suite, see
Steve Bellovin's article
``Security Problems in the TCP/IP Protocol Suite.''
.SH "SEE ALSO"
authtcp(1),
attachport(1),
getpeername(3),
getsockname(3),
tcp(4),
authd(8)