From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc1831.txt | 1011 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1011 insertions(+) create mode 100644 doc/rfc/rfc1831.txt (limited to 'doc/rfc/rfc1831.txt') diff --git a/doc/rfc/rfc1831.txt b/doc/rfc/rfc1831.txt new file mode 100644 index 0000000..0556c9e --- /dev/null +++ b/doc/rfc/rfc1831.txt @@ -0,0 +1,1011 @@ + + + + + + +Network Working Group R. Srinivasan +Request for Comments: 1831 Sun Microsystems +Category: Standards Track August 1995 + + + RPC: Remote Procedure Call Protocol Specification Version 2 + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +ABSTRACT + + This document describes the ONC Remote Procedure Call (ONC RPC + Version 2) protocol as it is currently deployed and accepted. "ONC" + stands for "Open Network Computing". + +TABLE OF CONTENTS + + 1. INTRODUCTION 2 + 2. TERMINOLOGY 2 + 3. THE RPC MODEL 2 + 4. TRANSPORTS AND SEMANTICS 4 + 5. BINDING AND RENDEZVOUS INDEPENDENCE 5 + 6. AUTHENTICATION 5 + 7. RPC PROTOCOL REQUIREMENTS 5 + 7.1 RPC Programs and Procedures 6 + 7.2 Authentication 7 + 7.3 Program Number Assignment 8 + 7.4 Other Uses of the RPC Protocol 8 + 7.4.1 Batching 8 + 7.4.2 Broadcast Remote Procedure Calls 8 + 8. THE RPC MESSAGE PROTOCOL 9 + 9. AUTHENTICATION PROTOCOLS 12 + 9.1 Null Authentication 13 + 10. RECORD MARKING STANDARD 13 + 11. THE RPC LANGUAGE 13 + 11.1 An Example Service Described in the RPC Language 13 + 11.2 The RPC Language Specification 14 + 11.3 Syntax Notes 15 + APPENDIX A: SYSTEM AUTHENTICATION 16 + REFERENCES 17 + Security Considerations 18 + Author's Address 18 + + + +Srinivasan Standards Track [Page 1] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +1. INTRODUCTION + + This document specifies version two of the message protocol used in + ONC Remote Procedure Call (RPC). The message protocol is specified + with the eXternal Data Representation (XDR) language [9]. This + document assumes that the reader is familiar with XDR. It does not + attempt to justify remote procedure calls systems or describe their + use. The paper by Birrell and Nelson [1] is recommended as an + excellent background for the remote procedure call concept. + +2. TERMINOLOGY + + This document discusses clients, calls, servers, replies, services, + programs, procedures, and versions. Each remote procedure call has + two sides: an active client side that makes the call to a server, + which sends back a reply. A network service is a collection of one + or more remote programs. A remote program implements one or more + remote procedures; the procedures, their parameters, and results are + documented in the specific program's protocol specification. A + server may support more than one version of a remote program in order + to be compatible with changing protocols. + + For example, a network file service may be composed of two programs. + One program may deal with high-level applications such as file system + access control and locking. The other may deal with low-level file + input and output and have procedures like "read" and "write". A + client of the network file service would call the procedures + associated with the two programs of the service on behalf of the + client. + + The terms client and server only apply to a particular transaction; a + particular hardware entity (host) or software entity (process or + program) could operate in both roles at different times. For + example, a program that supplies remote execution service could also + be a client of a network file service. + +3. THE RPC MODEL + + The ONC RPC protocol is based on the remote procedure call model, + which is similar to the local procedure call model. In the local + case, the caller places arguments to a procedure in some well- + specified location (such as a register window). It then transfers + control to the procedure, and eventually regains control. At that + point, the results of the procedure are extracted from the well- + specified location, and the caller continues execution. + + + + + + +Srinivasan Standards Track [Page 2] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + The remote procedure call model is similar. One thread of control + logically winds through two processes: the caller's process, and a + server's process. The caller process first sends a call message to + the server process and waits (blocks) for a reply message. The call + message includes the procedure's parameters, and the reply message + includes the procedure's results. Once the reply message is + received, the results of the procedure are extracted, and caller's + execution is resumed. + + On the server side, a process is dormant awaiting the arrival of a + call message. When one arrives, the server process extracts the + procedure's parameters, computes the results, sends a reply message, + and then awaits the next call message. + + In this model, only one of the two processes is active at any given + time. However, this model is only given as an example. The ONC RPC + protocol makes no restrictions on the concurrency model implemented, + and others are possible. For example, an implementation may choose + to have RPC calls be asynchronous, so that the client may do useful + work while waiting for the reply from the server. Another + possibility is to have the server create a separate task to process + an incoming call, so that the original server can be free to receive + other requests. + + There are a few important ways in which remote procedure calls differ + from local procedure calls: + + 1. Error handling: failures of the remote server or network must + be handled when using remote procedure calls. + + 2. Global variables and side-effects: since the server does not + have access to the client's address space, hidden arguments cannot + be passed as global variables or returned as side effects. + + 3. Performance: remote procedures usually operate one or more + orders of magnitude slower than local procedure calls. + + 4. Authentication: since remote procedure calls can be transported + over unsecured networks, authentication may be necessary. + Authentication prevents one entity from masquerading as some other + entity. + + The conclusion is that even though there are tools to automatically + generate client and server libraries for a given service, protocols + must still be designed carefully. + + + + + + +Srinivasan Standards Track [Page 3] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +4. TRANSPORTS AND SEMANTICS + + The RPC protocol can be implemented on several different transport + protocols. The RPC protocol does not care how a message is passed + from one process to another, but only with specification and + interpretation of messages. However, the application may wish to + obtain information about (and perhaps control over) the transport + layer through an interface not specified in this document. For + example, the transport protocol may impose a restriction on the + maximum size of RPC messages, or it may be stream-oriented like TCP + with no size limit. The client and server must agree on their + transport protocol choices. + + It is important to point out that RPC does not try to implement any + kind of reliability and that the application may need to be aware of + the type of transport protocol underneath RPC. If it knows it is + running on top of a reliable transport such as TCP [6], then most of + the work is already done for it. On the other hand, if it is running + on top of an unreliable transport such as UDP [7], it must implement + its own time-out, retransmission, and duplicate detection policies as + the RPC protocol does not provide these services. + + Because of transport independence, the RPC protocol does not attach + specific semantics to the remote procedures or their execution + requirements. Semantics can be inferred from (but should be + explicitly specified by) the underlying transport protocol. For + example, consider RPC running on top of an unreliable transport such + as UDP. If an application retransmits RPC call messages after time- + outs, and does not receive a reply, it cannot infer anything about + the number of times the procedure was executed. If it does receive a + reply, then it can infer that the procedure was executed at least + once. + + A server may wish to remember previously granted requests from a + client and not regrant them in order to insure some degree of + execute-at-most-once semantics. A server can do this by taking + advantage of the transaction ID that is packaged with every RPC + message. The main use of this transaction ID is by the client RPC + entity in matching replies to calls. However, a client application + may choose to reuse its previous transaction ID when retransmitting a + call. The server may choose to remember this ID after executing a + call and not execute calls with the same ID in order to achieve some + degree of execute-at-most-once semantics. The server is not allowed + to examine this ID in any other way except as a test for equality. + + On the other hand, if using a "reliable" transport such as TCP, the + application can infer from a reply message that the procedure was + executed exactly once, but if it receives no reply message, it cannot + + + +Srinivasan Standards Track [Page 4] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + assume that the remote procedure was not executed. Note that even if + a connection-oriented protocol like TCP is used, an application still + needs time-outs and reconnection to handle server crashes. + + There are other possibilities for transports besides datagram- or + connection-oriented protocols. For example, a request-reply protocol + such as VMTP [2] is perhaps a natural transport for RPC. ONC RPC + uses both TCP and UDP transport protocols. Section 10 (RECORD + MARKING STANDARD) describes the mechanism employed by ONC RPC to + utilize a connection-oriented, stream-oriented transport such as TCP. + +5. BINDING AND RENDEZVOUS INDEPENDENCE + + The act of binding a particular client to a particular service and + transport parameters is NOT part of this RPC protocol specification. + This important and necessary function is left up to some higher-level + software. + + Implementors could think of the RPC protocol as the jump-subroutine + instruction ("JSR") of a network; the loader (binder) makes JSR + useful, and the loader itself uses JSR to accomplish its task. + Likewise, the binding software makes RPC useful, possibly using RPC + to accomplish this task. + +6. AUTHENTICATION + + The RPC protocol provides the fields necessary for a client to + identify itself to a service, and vice-versa, in each call and reply + message. Security and access control mechanisms can be built on top + of this message authentication. Several different authentication + protocols can be supported. A field in the RPC header indicates + which protocol is being used. More information on specific + authentication protocols is in section 9: "Authentication Protocols". + +7. RPC PROTOCOL REQUIREMENTS + + The RPC protocol must provide for the following: + + (1) Unique specification of a procedure to be called. + (2) Provisions for matching response messages to request messages. + (3) Provisions for authenticating the caller to service and + vice-versa. + + + + + + + + + +Srinivasan Standards Track [Page 5] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + Besides these requirements, features that detect the following are + worth supporting because of protocol roll-over errors, implementation + bugs, user error, and network administration: + + (1) RPC protocol mismatches. + (2) Remote program protocol version mismatches. + (3) Protocol errors (such as misspecification of a procedure's + parameters). + (4) Reasons why remote authentication failed. + (5) Any other reasons why the desired procedure was not called. + +7.1 RPC Programs and Procedures + + The RPC call message has three unsigned integer fields -- remote + program number, remote program version number, and remote procedure + number -- which uniquely identify the procedure to be called. + Program numbers are administered by a central authority + (rpc@sun.com). Once implementors have a program number, they can + implement their remote program; the first implementation would most + likely have the version number 1. Because most new protocols evolve, + a version field of the call message identifies which version of the + protocol the caller is using. Version numbers enable support of both + old and new protocols through the same server process. + + The procedure number identifies the procedure to be called. These + numbers are documented in the specific program's protocol + specification. For example, a file service's protocol specification + may state that its procedure number 5 is "read" and procedure number + 12 is "write". + + Just as remote program protocols may change over several versions, + the actual RPC message protocol could also change. Therefore, the + call message also has in it the RPC version number, which is always + equal to two for the version of RPC described here. + + The reply message to a request message has enough information to + distinguish the following error conditions: + + (1) The remote implementation of RPC does not support protocol + version 2. The lowest and highest supported RPC version numbers + are returned. + + (2) The remote program is not available on the remote system. + + (3) The remote program does not support the requested version + number. The lowest and highest supported remote program version + numbers are returned. + + + + +Srinivasan Standards Track [Page 6] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + (4) The requested procedure number does not exist. (This is + usually a client side protocol or programming error.) + + (5) The parameters to the remote procedure appear to be garbage + from the server's point of view. (Again, this is usually caused + by a disagreement about the protocol between client and service.) + +7.2 Authentication + + Provisions for authentication of caller to service and vice-versa are + provided as a part of the RPC protocol. The call message has two + authentication fields, the credential and verifier. The reply + message has one authentication field, the response verifier. The RPC + protocol specification defines all three fields to be the following + opaque type (in the eXternal Data Representation (XDR) language [9]): + + enum auth_flavor { + AUTH_NONE = 0, + AUTH_SYS = 1, + AUTH_SHORT = 2 + /* and more to be defined */ + }; + + struct opaque_auth { + auth_flavor flavor; + opaque body<400>; + }; + + In other words, any "opaque_auth" structure is an "auth_flavor" + enumeration followed by up to 400 bytes which are opaque to + (uninterpreted by) the RPC protocol implementation. + + The interpretation and semantics of the data contained within the + authentication fields is specified by individual, independent + authentication protocol specifications. (Section 9 defines the + various authentication protocols.) + + If authentication parameters were rejected, the reply message + contains information stating why they were rejected. + + + + + + + + + + + + +Srinivasan Standards Track [Page 7] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +7.3 Program Number Assignment + + Program numbers are given out in groups of hexadecimal 20000000 + (decimal 536870912) according to the following chart: + + 0 - 1fffffff defined by rpc@sun.com + 20000000 - 3fffffff defined by user + 40000000 - 5fffffff transient + 60000000 - 7fffffff reserved + 80000000 - 9fffffff reserved + a0000000 - bfffffff reserved + c0000000 - dfffffff reserved + e0000000 - ffffffff reserved + + The first group is a range of numbers administered by rpc@sun.com and + should be identical for all sites. The second range is for + applications peculiar to a particular site. This range is intended + primarily for debugging new programs. When a site develops an + application that might be of general interest, that application + should be given an assigned number in the first range. Application + developers may apply for blocks of RPC program numbers in the first + range by sending electronic mail to "rpc@sun.com". The third group + is for applications that generate program numbers dynamically. The + final groups are reserved for future use, and should not be used. + +7.4 Other Uses of the RPC Protocol + + The intended use of this protocol is for calling remote procedures. + Normally, each call message is matched with a reply message. + However, the protocol itself is a message-passing protocol with which + other (non-procedure call) protocols can be implemented. + +7.4.1 Batching + + Batching is useful when a client wishes to send an arbitrarily large + sequence of call messages to a server. Batching typically uses + reliable byte stream protocols (like TCP) for its transport. In the + case of batching, the client never waits for a reply from the server, + and the server does not send replies to batch calls. A sequence of + batch calls is usually terminated by a legitimate remote procedure + call operation in order to flush the pipeline and get positive + acknowledgement. + +7.4.2 Broadcast Remote Procedure Calls + + In broadcast protocols, the client sends a broadcast call to the + network and waits for numerous replies. This requires the use of + packet-based protocols (like UDP) as its transport protocol. Servers + + + +Srinivasan Standards Track [Page 8] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + that support broadcast protocols usually respond only when the call + is successfully processed and are silent in the face of errors, but + this varies with the application. + + The principles of broadcast RPC also apply to multicasting - an RPC + request can be sent to a multicast address. + +8. THE RPC MESSAGE PROTOCOL + + This section defines the RPC message protocol in the XDR data + description language [9]. + + enum msg_type { + CALL = 0, + REPLY = 1 + }; + + A reply to a call message can take on two forms: The message was + either accepted or rejected. + + enum reply_stat { + MSG_ACCEPTED = 0, + MSG_DENIED = 1 + }; + + Given that a call message was accepted, the following is the status + of an attempt to call a remote procedure. + + enum accept_stat { + SUCCESS = 0, /* RPC executed successfully */ + PROG_UNAVAIL = 1, /* remote hasn't exported program */ + PROG_MISMATCH = 2, /* remote can't support version # */ + PROC_UNAVAIL = 3, /* program can't support procedure */ + GARBAGE_ARGS = 4, /* procedure can't decode params */ + SYSTEM_ERR = 5 /* errors like memory allocation failure */ + }; + + Reasons why a call message was rejected: + + enum reject_stat { + RPC_MISMATCH = 0, /* RPC version number != 2 */ + AUTH_ERROR = 1 /* remote can't authenticate caller */ + }; + + Why authentication failed: + + enum auth_stat { + AUTH_OK = 0, /* success */ + + + +Srinivasan Standards Track [Page 9] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + /* + * failed at remote end + */ + AUTH_BADCRED = 1, /* bad credential (seal broken) */ + AUTH_REJECTEDCRED = 2, /* client must begin new session */ + AUTH_BADVERF = 3, /* bad verifier (seal broken) */ + AUTH_REJECTEDVERF = 4, /* verifier expired or replayed */ + AUTH_TOOWEAK = 5, /* rejected for security reasons */ + /* + * failed locally + */ + AUTH_INVALIDRESP = 6, /* bogus response verifier */ + AUTH_FAILED = 7 /* reason unknown */ + }; + + The RPC message: + + All messages start with a transaction identifier, xid, followed by a + two-armed discriminated union. The union's discriminant is a + msg_type which switches to one of the two types of the message. The + xid of a REPLY message always matches that of the initiating CALL + message. NB: The xid field is only used for clients matching reply + messages with call messages or for servers detecting retransmissions; + the service side cannot treat this id as any type of sequence number. + + struct rpc_msg { + unsigned int xid; + union switch (msg_type mtype) { + case CALL: + call_body cbody; + case REPLY: + reply_body rbody; + } body; + }; + + Body of an RPC call: + + In version 2 of the RPC protocol specification, rpcvers must be equal + to 2. The fields prog, vers, and proc specify the remote program, + its version number, and the procedure within the remote program to be + called. After these fields are two authentication parameters: cred + (authentication credential) and verf (authentication verifier). The + two authentication parameters are followed by the parameters to the + remote procedure, which are specified by the specific program + protocol. + + The purpose of the authentication verifier is to validate the + authentication credential. Note that these two items are + + + +Srinivasan Standards Track [Page 10] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + historically separate, but are always used together as one logical + entity. + + struct call_body { + unsigned int rpcvers; /* must be equal to two (2) */ + unsigned int prog; + unsigned int vers; + unsigned int proc; + opaque_auth cred; + opaque_auth verf; + /* procedure specific parameters start here */ + }; + + Body of a reply to an RPC call: + + union reply_body switch (reply_stat stat) { + case MSG_ACCEPTED: + accepted_reply areply; + case MSG_DENIED: + rejected_reply rreply; + } reply; + + Reply to an RPC call that was accepted by the server: + + There could be an error even though the call was accepted. The first + field is an authentication verifier that the server generates in + order to validate itself to the client. It is followed by a union + whose discriminant is an enum accept_stat. The SUCCESS arm of the + union is protocol specific. The PROG_UNAVAIL, PROC_UNAVAIL, + GARBAGE_ARGS, and SYSTEM_ERR arms of the union are void. The + PROG_MISMATCH arm specifies the lowest and highest version numbers of + the remote program supported by the server. + + struct accepted_reply { + opaque_auth verf; + union switch (accept_stat stat) { + case SUCCESS: + opaque results[0]; + /* + * procedure-specific results start here + */ + case PROG_MISMATCH: + struct { + unsigned int low; + unsigned int high; + } mismatch_info; + default: + /* + + + +Srinivasan Standards Track [Page 11] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + * Void. Cases include PROG_UNAVAIL, PROC_UNAVAIL, + * GARBAGE_ARGS, and SYSTEM_ERR. + */ + void; + } reply_data; + }; + + Reply to an RPC call that was rejected by the server: + + The call can be rejected for two reasons: either the server is not + running a compatible version of the RPC protocol (RPC_MISMATCH), or + the server rejects the identity of the caller (AUTH_ERROR). In case + of an RPC version mismatch, the server returns the lowest and highest + supported RPC version numbers. In case of invalid authentication, + failure status is returned. + + union rejected_reply switch (reject_stat stat) { + case RPC_MISMATCH: + struct { + unsigned int low; + unsigned int high; + } mismatch_info; + case AUTH_ERROR: + auth_stat stat; + }; + +9. AUTHENTICATION PROTOCOLS + + As previously stated, authentication parameters are opaque, but + open-ended to the rest of the RPC protocol. This section defines two + standard "flavors" of authentication. Implementors are free to + invent new authentication types, with the same rules of flavor number + assignment as there is for program number assignment. The "flavor" + of a credential or verifier refers to the value of the "flavor" field + in the opaque_auth structure. Flavor numbers, like RPC program + numbers, are also administered centrally, and developers may assign + new flavor numbers by applying through electronic mail to + "rpc@sun.com". Credentials and verifiers are represented as variable + length opaque data (the "body" field in the opaque_auth structure). + + In this document, two flavors of authentication are described. Of + these, Null authentication (described in the next subsection) is + mandatory - it must be available in all implementations. System + authentication is described in Appendix A. It is strongly + recommended that implementors include System authentication in their + implementations. Many applications use this style of authentication, + and availability of this flavor in an implementation will enhance + interoperability. + + + +Srinivasan Standards Track [Page 12] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +9.1 Null Authentication + + Often calls must be made where the client does not care about its + identity or the server does not care who the client is. In this + case, the flavor of the RPC message's credential, verifier, and reply + verifier is "AUTH_NONE". Opaque data associated with "AUTH_NONE" is + undefined. It is recommended that the length of the opaque data be + zero. + +10. RECORD MARKING STANDARD + + When RPC messages are passed on top of a byte stream transport + protocol (like TCP), it is necessary to delimit one message from + another in order to detect and possibly recover from protocol errors. + This is called record marking (RM). One RPC message fits into one RM + record. + + A record is composed of one or more record fragments. A record + fragment is a four-byte header followed by 0 to (2**31) - 1 bytes of + fragment data. The bytes encode an unsigned binary number; as with + XDR integers, the byte order is from highest to lowest. The number + encodes two values -- a boolean which indicates whether the fragment + is the last fragment of the record (bit value 1 implies the fragment + is the last fragment) and a 31-bit unsigned binary value which is the + length in bytes of the fragment's data. The boolean value is the + highest-order bit of the header; the length is the 31 low-order bits. + (Note that this record specification is NOT in XDR standard form!) + +11. THE RPC LANGUAGE + + Just as there was a need to describe the XDR data-types in a formal + language, there is also need to describe the procedures that operate + on these XDR data-types in a formal language as well. The RPC + Language is an extension to the XDR language, with the addition of + "program", "procedure", and "version" declarations. The following + example is used to describe the essence of the language. + +11.1 An Example Service Described in the RPC Language + + Here is an example of the specification of a simple ping program. + + program PING_PROG { + /* + * Latest and greatest version + */ + version PING_VERS_PINGBACK { + void + PINGPROC_NULL(void) = 0; + + + +Srinivasan Standards Track [Page 13] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + /* + * Ping the client, return the round-trip time + * (in microseconds). Returns -1 if the operation + * timed out. + */ + int + PINGPROC_PINGBACK(void) = 1; + } = 2; + + /* + * Original version + */ + version PING_VERS_ORIG { + void + PINGPROC_NULL(void) = 0; + } = 1; + } = 1; + + const PING_VERS = 2; /* latest version */ + + The first version described is PING_VERS_PINGBACK with two + procedures, PINGPROC_NULL and PINGPROC_PINGBACK. PINGPROC_NULL takes + no arguments and returns no results, but it is useful for computing + round-trip times from the client to the server and back again. By + convention, procedure 0 of any RPC protocol should have the same + semantics, and never require any kind of authentication. The second + procedure is used for the client to have the server do a reverse ping + operation back to the client, and it returns the amount of time (in + microseconds) that the operation used. The next version, + PING_VERS_ORIG, is the original version of the protocol and it does + not contain PINGPROC_PINGBACK procedure. It is useful for + compatibility with old client programs, and as this program matures + it may be dropped from the protocol entirely. + +11.2 The RPC Language Specification + + The RPC language is identical to the XDR language defined in RFC + 1014, except for the added definition of a "program-def" described + below. + + program-def: + "program" identifier "{" + version-def + version-def * + "}" "=" constant ";" + + version-def: + "version" identifier "{" + + + +Srinivasan Standards Track [Page 14] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + + procedure-def + procedure-def * + "}" "=" constant ";" + + procedure-def: + type-specifier identifier "(" type-specifier + ("," type-specifier )* ")" "=" constant ";" + +11.3 Syntax Notes + + (1) The following keywords are added and cannot be used as + identifiers: "program" and "version"; + + (2) A version name cannot occur more than once within the scope of a + program definition. Nor can a version number occur more than once + within the scope of a program definition. + + (3) A procedure name cannot occur more than once within the scope of + a version definition. Nor can a procedure number occur more than once + within the scope of version definition. + + (4) Program identifiers are in the same name space as constant and + type identifiers. + + (5) Only unsigned constants can be assigned to programs, versions and + procedures. + + + + + + + + + + + + + + + + + + + + + + + + + +Srinivasan Standards Track [Page 15] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +APPENDIX A: SYSTEM AUTHENTICATION + + The client may wish to identify itself, for example, as it is + identified on a UNIX(tm) system. The flavor of the client credential + is "AUTH_SYS". The opaque data constituting the credential encodes + the following structure: + + struct authsys_parms { + unsigned int stamp; + string machinename<255>; + unsigned int uid; + unsigned int gid; + unsigned int gids<16>; + }; + + The "stamp" is an arbitrary ID which the caller machine may generate. + The "machinename" is the name of the caller's machine (like + "krypton"). The "uid" is the caller's effective user ID. The "gid" + is the caller's effective group ID. The "gids" is a counted array of + groups which contain the caller as a member. The verifier + accompanying the credential should have "AUTH_NONE" flavor value + (defined above). Note this credential is only unique within a + particular domain of machine names, uids, and gids. + + The flavor value of the verifier received in the reply message from + the server may be "AUTH_NONE" or "AUTH_SHORT". In the case of + "AUTH_SHORT", the bytes of the reply verifier's string encode an + opaque structure. This new opaque structure may now be passed to the + server instead of the original "AUTH_SYS" flavor credential. The + server may keep a cache which maps shorthand opaque structures + (passed back by way of an "AUTH_SHORT" style reply verifier) to the + original credentials of the caller. The caller can save network + bandwidth and server cpu cycles by using the shorthand credential. + + The server may flush the shorthand opaque structure at any time. If + this happens, the remote procedure call message will be rejected due + to an authentication error. The reason for the failure will be + "AUTH_REJECTEDCRED". At this point, the client may wish to try the + original "AUTH_SYS" style of credential. + + It should be noted that use of this flavor of authentication does not + guarantee any security for the users or providers of a service, in + itself. The authentication provided by this scheme can be considered + legitimate only when applications using this scheme and the network + can be secured externally, and privileged transport addresses are + used for the communicating end-points (an example of this is the use + of privileged TCP/UDP ports in Unix systems - note that not all + systems enforce privileged transport address mechanisms). + + + +Srinivasan Standards Track [Page 16] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +REFERENCES + + [1] Birrell, A. D. & Nelson, B. J., "Implementing Remote Procedure + Calls", XEROX CSL-83-7, October 1983. + + [2] Cheriton, D., "VMTP: Versatile Message Transaction Protocol", + Preliminary Version 0.3, Stanford University, January 1987. + + [3] Diffie & Hellman, "New Directions in Cryptography", IEEE + Transactions on Information Theory IT-22, November 1976. + + [4] Mills, D., "Network Time Protocol", RFC 1305, UDEL, + March 1992. + + [5] National Bureau of Standards, "Data Encryption Standard", + Federal Information Processing Standards Publication 46, January + 1977. + + [6] Postel, J., "Transmission Control Protocol - DARPA Internet + Program Protocol Specification", STD 7, RFC 793, USC/Information + Sciences Institute, September 1981. + + [7] Postel, J., "User Datagram Protocol", STD 6, RFC 768, + USC/Information Sciences Institute, August 1980. + + [8] Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, + RFC 1700, USC/Information Sciences Institute, October 1994. + + [9] Srinivasan, R., "XDR: External Data Representation Standard", + RFC 1832, Sun Microsystems, Inc., August 1995. + + [10] Miller, S., Neuman, C., Schiller, J., and J. Saltzer, "Section + E.2.1: Kerberos Authentication and Authorization System", + M.I.T. Project Athena, Cambridge, Massachusetts, December 21, + 1987. + + [11] Steiner, J., Neuman, C., and J. Schiller, "Kerberos: An + Authentication Service for Open Network Systems", pp. 191-202 in + Usenix Conference Proceedings, Dallas, Texas, February 1988. + + [12] Kohl, J. and C. Neuman, "The Kerberos Network Authentication + Service (V5)", RFC 1510, Digital Equipment Corporation, + USC/Information Sciences Institute, September 1993. + + + + + + + + +Srinivasan Standards Track [Page 17] + +RFC 1831 Remote Procedure Call Protocol Version 2 August 1995 + + +Security Considerations + + Security issues are not discussed in this memo. + +Author's Address + + Raj Srinivasan + Sun Microsystems, Inc. + ONC Technologies + 2550 Garcia Avenue + M/S MTV-5-40 + Mountain View, CA 94043 + USA + + Phone: 415-336-2478 + Fax: 415-336-6015 + EMail: raj@eng.sun.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Srinivasan Standards Track [Page 18] + -- cgit v1.2.3