From wesommer@athena.MIT.EDU Sat Aug 9 15:24:54 1986 To: hackers@athena.MIT.EDU, kerberos@athena.MIT.EDU Subject: SUN RPC & XDR Date: Sat, 09 Aug 86 15:22:07 -0500 From: Bill Sommerfeld < wesommer@athena.MIT.EDU> I just found the posting of the SUN Remote Procedure Call library on mod.sources. Sources (which have been slighly hacked to get them to work) are in /@/priam/mit/w/e/wesommer/rpc. I've already psroff'ed the documents; if you want a copy, I'll lend you the one I printed for copying... The system is set up to allow RPC over both TCP and UDP, and provides a dynamic port-mapper daemon to map "program numbers" to UDP ports. RCP calls are uniquely identified by a (program number, version number, procedure number) tuple. SUN will "register" program numbers from 0x00000000 to 0x1fffffff; they allocate 0x20000000 to 0x3fffffff to "customer specific applications", and 0x40000000 to 0x5fffffff for dynamically allocated program numbers. SUN RPC attempts to solve the data representation and transport problem; it does not attempt to solve the rendezvous problem (clients have to know which machine their server is on, and which program number, version number, and procedure numbers it is listening for). Data representation is done through what they call XDR ("eXternal Data Representation"); each type provides an "xdr" operation, which walks the data structure, calling the xdr operations of its components. Depending on the state of the XDR "stream" passed in, this either builds a data structure from a stream of bytes, sends it over RPC, flattens it into a stream of bytes, or destroys the data structure. There are hooks for arbitrary authentication; I think I have implemented the proper ones for Kerberos, (look at the routines in rpc/rpclib/*krb*) although since kerberos.mit.edu is down right now, I can't test this. Since the authenticator is decyphered by the server-side library before the service is identifed, a catch-all "rpc" or "sunrpc" principal for each host involved will be needed to get this to work. There may be a way around this if we're not afraid to do some sort of "modularity violation" in the Kerberos-specific code. - Bill