| | 1 | /* |
| | 2 | * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
| | 3 | * unrestricted use provided that this legend is included on all tape |
| | 4 | * media and as a part of the software program in whole or part. Users |
| | 5 | * may copy or modify Sun RPC without charge, but are not authorized |
| | 6 | * to license or distribute it to anyone else except as part of a product or |
| | 7 | * program developed by the user. |
| | 8 | * |
| | 9 | * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
| | 10 | * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
| | 11 | * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
| | 12 | * |
| | 13 | * Sun RPC is provided with no support and without any obligation on the |
| | 14 | * part of Sun Microsystems, Inc. to assist in its use, correction, |
| | 15 | * modification or enhancement. |
| | 16 | * |
| | 17 | * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
| | 18 | * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
| | 19 | * OR ANY PART THEREOF. |
| | 20 | * |
| | 21 | * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
| | 22 | * or profits or other special, indirect and consequential damages, even if |
| | 23 | * Sun has been advised of the possibility of such damages. |
| | 24 | * |
| | 25 | * Sun Microsystems, Inc. |
| | 26 | * 2550 Garcia Avenue |
| | 27 | * Mountain View, California 94043 |
| | 28 | */ |
| | 29 | /* |
| | 30 | * Copyright (c) 1986-1991 by Sun Microsystems Inc. |
| | 31 | * |
| | 32 | * @(#)key_call.c 1.25 94/04/24 SMI |
| | 33 | * $FreeBSD: src/lib/libc/rpc/key_call.c,v 1.16 2006/02/27 22:10:59 deischen Exp $ |
| | 34 | */ |
| | 35 | |
| | 36 | /* |
| | 37 | * key_call.c, Interface to keyserver |
| | 38 | * |
| | 39 | * setsecretkey(key) - set your secret key |
| | 40 | * encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent |
| | 41 | * decryptsessionkey(agent, deskey) - decrypt ditto |
| | 42 | * gendeskey(deskey) - generate a secure des key |
| | 43 | */ |
| | 44 | |
| | 45 | #include "namespace.h" |
| | 46 | #include "reentrant.h" |
| | 47 | #include <stdio.h> |
| | 48 | #include <stdlib.h> |
| | 49 | #include <unistd.h> |
| | 50 | #include <errno.h> |
| | 51 | #include <rpc/rpc.h> |
| | 52 | #include <rpc/auth.h> |
| | 53 | #include <rpc/auth_unix.h> |
| | 54 | #include <rpc/key_prot.h> |
| | 55 | #include <string.h> |
| | 56 | #include <netconfig.h> |
| | 57 | #include <sys/utsname.h> |
| | 58 | #include <signal.h> |
| | 59 | #include <sys/wait.h> |
| | 60 | #include <sys/fcntl.h> |
| | 61 | #include "un-namespace.h" |
| | 62 | #include "mt_misc.h" |
| | 63 | |
| | 64 | |
| | 65 | #define KEY_TIMEOUT 5 /* per-try timeout in seconds */ |
| | 66 | #define KEY_NRETRY 12 /* number of retries */ |
| | 67 | |
| | 68 | #ifdef DEBUG |
| | 69 | #define debug(msg) fprintf(stderr, "%s\n", msg); |
| | 70 | #else |
| | 71 | #define debug(msg) |
| | 72 | #endif /* DEBUG */ |
| | 73 | |
| | 74 | /* |
| | 75 | * Hack to allow the keyserver to use AUTH_DES (for authenticated |
| | 76 | * NIS+ calls, for example). The only functions that get called |
| | 77 | * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes. |
| | 78 | * |
| | 79 | * The approach is to have the keyserver fill in pointers to local |
| | 80 | * implementations of these functions, and to call those in key_call(). |
| | 81 | */ |
| | 82 | |
| | 83 | cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0; |
| | 84 | cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0; |
| | 85 | des_block *(*__key_gendes_LOCAL)() = 0; |
| | 86 | |
| | 87 | static int key_call( u_long, xdrproc_t, void *, xdrproc_t, void *); |
| | 88 | |
| | 89 | int |
| | 90 | key_setsecret(const char *secretkey) |
| | 91 | { |
| | 92 | keystatus status; |
| | 93 | |
| | 94 | if (!key_call((u_long) KEY_SET, (xdrproc_t)xdr_keybuf, |
| | 95 | (void *)secretkey, |
| | 96 | (xdrproc_t)xdr_keystatus, &status)) { |
| | 97 | return (-1); |
| | 98 | } |
| | 99 | if (status != KEY_SUCCESS) { |
| | 100 | debug("set status is nonzero"); |
| | 101 | return (-1); |
| | 102 | } |
| | 103 | return (0); |
| | 104 | } |
| | 105 | |
| | 106 | |
| | 107 | /* key_secretkey_is_set() returns 1 if the keyserver has a secret key |
| | 108 | * stored for the caller's effective uid; it returns 0 otherwise |
| | 109 | * |
| | 110 | * N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't |
| | 111 | * be using it, because it allows them to get the user's secret key. |
| | 112 | */ |
| | 113 | |
| | 114 | int |
| | 115 | key_secretkey_is_set(void) |
| | 116 | { |
| | 117 | struct key_netstres kres; |
| | 118 | |
| | 119 | memset((void*)&kres, 0, sizeof (kres)); |
| | 120 | if (key_call((u_long) KEY_NET_GET, (xdrproc_t)xdr_void, NULL, |
| | 121 | (xdrproc_t)xdr_key_netstres, &kres) && |
| | 122 | (kres.status == KEY_SUCCESS) && |
| | 123 | (kres.key_netstres_u.knet.st_priv_key[0] != 0)) { |
| | 124 | /* avoid leaving secret key in memory */ |
| | 125 | memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES); |
| | 126 | return (1); |
| | 127 | } |
| | 128 | return (0); |
| | 129 | } |
| | 130 | |
| | 131 | int |
| | 132 | key_encryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey) |
| | 133 | { |
| | 134 | cryptkeyarg2 arg; |
| | 135 | cryptkeyres res; |
| | 136 | |
| | 137 | arg.remotename = remotename; |
| | 138 | arg.remotekey = *remotekey; |
| | 139 | arg.deskey = *deskey; |
| | 140 | if (!key_call((u_long)KEY_ENCRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg, |
| | 141 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| | 142 | return (-1); |
| | 143 | } |
| | 144 | if (res.status != KEY_SUCCESS) { |
| | 145 | debug("encrypt status is nonzero"); |
| | 146 | return (-1); |
| | 147 | } |
| | 148 | *deskey = res.cryptkeyres_u.deskey; |
| | 149 | return (0); |
| | 150 | } |
| | 151 | |
| | 152 | int |
| | 153 | key_decryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey) |
| | 154 | { |
| | 155 | cryptkeyarg2 arg; |
| | 156 | cryptkeyres res; |
| | 157 | |
| | 158 | arg.remotename = remotename; |
| | 159 | arg.remotekey = *remotekey; |
| | 160 | arg.deskey = *deskey; |
| | 161 | if (!key_call((u_long)KEY_DECRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg, |
| | 162 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| | 163 | return (-1); |
| | 164 | } |
| | 165 | if (res.status != KEY_SUCCESS) { |
| | 166 | debug("decrypt status is nonzero"); |
| | 167 | return (-1); |
| | 168 | } |
| | 169 | *deskey = res.cryptkeyres_u.deskey; |
| | 170 | return (0); |
| | 171 | } |
| | 172 | |
| | 173 | int |
| | 174 | key_encryptsession(const char *remotename, des_block *deskey) |
| | 175 | { |
| | 176 | cryptkeyarg arg; |
| | 177 | cryptkeyres res; |
| | 178 | |
| | 179 | arg.remotename = (char *) remotename; |
| | 180 | arg.deskey = *deskey; |
| | 181 | if (!key_call((u_long)KEY_ENCRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg, |
| | 182 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| | 183 | return (-1); |
| | 184 | } |
| | 185 | if (res.status != KEY_SUCCESS) { |
| | 186 | debug("encrypt status is nonzero"); |
| | 187 | return (-1); |
| | 188 | } |
| | 189 | *deskey = res.cryptkeyres_u.deskey; |
| | 190 | return (0); |
| | 191 | } |
| | 192 | |
| | 193 | int |
| | 194 | key_decryptsession(const char *remotename, des_block *deskey) |
| | 195 | { |
| | 196 | cryptkeyarg arg; |
| | 197 | cryptkeyres res; |
| | 198 | |
| | 199 | arg.remotename = (char *) remotename; |
| | 200 | arg.deskey = *deskey; |
| | 201 | if (!key_call((u_long)KEY_DECRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg, |
| | 202 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| | 203 | return (-1); |
| | 204 | } |
| | 205 | if (res.status != KEY_SUCCESS) { |
| | 206 | debug("decrypt status is nonzero"); |
| | 207 | return (-1); |
| | 208 | } |
| | 209 | *deskey = res.cryptkeyres_u.deskey; |
| | 210 | return (0); |
| | 211 | } |
| | 212 | |
| | 213 | int |
| | 214 | key_gendes(des_block *key) |
| | 215 | { |
| | 216 | if (!key_call((u_long)KEY_GEN, (xdrproc_t)xdr_void, NULL, |
| | 217 | (xdrproc_t)xdr_des_block, key)) { |
| | 218 | return (-1); |
| | 219 | } |
| | 220 | return (0); |
| | 221 | } |
| | 222 | |
| | 223 | int |
| | 224 | key_setnet(struct key_netstarg *arg) |
| | 225 | { |
| | 226 | keystatus status; |
| | 227 | |
| | 228 | |
| | 229 | if (!key_call((u_long) KEY_NET_PUT, (xdrproc_t)xdr_key_netstarg, arg, |
| | 230 | (xdrproc_t)xdr_keystatus, &status)){ |
| | 231 | return (-1); |
| | 232 | } |
| | 233 | |
| | 234 | if (status != KEY_SUCCESS) { |
| | 235 | debug("key_setnet status is nonzero"); |
| | 236 | return (-1); |
| | 237 | } |
| | 238 | return (1); |
| | 239 | } |
| | 240 | |
| | 241 | |
| | 242 | int |
| | 243 | key_get_conv(char *pkey, des_block *deskey) |
| | 244 | { |
| | 245 | cryptkeyres res; |
| | 246 | |
| | 247 | if (!key_call((u_long) KEY_GET_CONV, (xdrproc_t)xdr_keybuf, pkey, |
| | 248 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| | 249 | return (-1); |
| | 250 | } |
| | 251 | if (res.status != KEY_SUCCESS) { |
| | 252 | debug("get_conv status is nonzero"); |
| | 253 | return (-1); |
| | 254 | } |
| | 255 | *deskey = res.cryptkeyres_u.deskey; |
| | 256 | return (0); |
| | 257 | } |
| | 258 | |
| | 259 | struct key_call_private { |
| | 260 | CLIENT *client; /* Client handle */ |
| | 261 | pid_t pid; /* process-id at moment of creation */ |
| | 262 | uid_t uid; /* user-id at last authorization */ |
| | 263 | }; |
| | 264 | static struct key_call_private *key_call_private_main = NULL; |
| | 265 | |
| | 266 | static void |
| | 267 | key_call_destroy(void *vp) |
| | 268 | { |
| | 269 | struct key_call_private *kcp = (struct key_call_private *)vp; |
| | 270 | |
| | 271 | if (kcp) { |
| | 272 | if (kcp->client) |
| | 273 | clnt_destroy(kcp->client); |
| | 274 | free(kcp); |
| | 275 | } |
| | 276 | } |
| | 277 | |
| | 278 | /* |
| | 279 | * Keep the handle cached. This call may be made quite often. |
| | 280 | */ |
| | 281 | static CLIENT * |
| | 282 | getkeyserv_handle(int vers) |
| | 283 | { |
| | 284 | void *localhandle; |
| | 285 | struct netconfig *nconf; |
| | 286 | struct netconfig *tpconf; |
| | 287 | struct key_call_private *kcp = key_call_private_main; |
| | 288 | struct timeval wait_time; |
| | 289 | struct utsname u; |
| | 290 | int main_thread; |
| | 291 | int fd; |
| | 292 | static thread_key_t key_call_key; |
| | 293 | |
| | 294 | #define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */ |
| | 295 | #define TOTAL_TRIES 5 /* Number of tries */ |
| | 296 | |
| | 297 | if ((main_thread = thr_main())) { |
| | 298 | kcp = key_call_private_main; |
| | 299 | } else { |
| | 300 | if (key_call_key == 0) { |
| | 301 | mutex_lock(&tsd_lock); |
| | 302 | if (key_call_key == 0) |
| | 303 | thr_keycreate(&key_call_key, key_call_destroy); |
| | 304 | mutex_unlock(&tsd_lock); |
| | 305 | } |
| | 306 | kcp = (struct key_call_private *)thr_getspecific(key_call_key); |
| | 307 | } |
| | 308 | if (kcp == NULL) { |
| | 309 | kcp = (struct key_call_private *)malloc(sizeof (*kcp)); |
| | 310 | if (kcp == NULL) { |
| | 311 | return (NULL); |
| | 312 | } |
| | 313 | if (main_thread) |
| | 314 | key_call_private_main = kcp; |
| | 315 | else |
| | 316 | thr_setspecific(key_call_key, (void *) kcp); |
| | 317 | kcp->client = NULL; |
| | 318 | } |
| | 319 | |
| | 320 | /* if pid has changed, destroy client and rebuild */ |
| | 321 | if (kcp->client != NULL && kcp->pid != getpid()) { |
| | 322 | clnt_destroy(kcp->client); |
| | 323 | kcp->client = NULL; |
| | 324 | } |
| | 325 | |
| | 326 | if (kcp->client != NULL) { |
| | 327 | /* if uid has changed, build client handle again */ |
| | 328 | if (kcp->uid != geteuid()) { |
| | 329 | kcp->uid = geteuid(); |
| | 330 | auth_destroy(kcp->client->cl_auth); |
| | 331 | kcp->client->cl_auth = |
| | 332 | authsys_create("", kcp->uid, 0, 0, NULL); |
| | 333 | if (kcp->client->cl_auth == NULL) { |
| | 334 | clnt_destroy(kcp->client); |
| | 335 | kcp->client = NULL; |
| | 336 | return (NULL); |
| | 337 | } |
| | 338 | } |
| | 339 | /* Change the version number to the new one */ |
| | 340 | clnt_control(kcp->client, CLSET_VERS, (void *)&vers); |
| | 341 | return (kcp->client); |
| | 342 | } |
| | 343 | if (!(localhandle = setnetconfig())) { |
| | 344 | return (NULL); |
| | 345 | } |
| | 346 | tpconf = NULL; |
| | 347 | if (uname(&u) == -1) |
| | 348 | { |
| | 349 | endnetconfig(localhandle); |
| | 350 | return (NULL); |
| | 351 | } |
| | 352 | while ((nconf = getnetconfig(localhandle)) != NULL) { |
| | 353 | if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) { |
| | 354 | /* |
| | 355 | * We use COTS_ORD here so that the caller can |
| | 356 | * find out immediately if the server is dead. |
| | 357 | */ |
| | 358 | if (nconf->nc_semantics == NC_TPI_COTS_ORD) { |
| | 359 | kcp->client = clnt_tp_create(u.nodename, |
| | 360 | KEY_PROG, vers, nconf); |
| | 361 | if (kcp->client) |
| | 362 | break; |
| | 363 | } else { |
| | 364 | tpconf = nconf; |
| | 365 | } |
| | 366 | } |
| | 367 | } |
| | 368 | if ((kcp->client == NULL) && (tpconf)) |
| | 369 | /* Now, try the CLTS or COTS loopback transport */ |
| | 370 | kcp->client = clnt_tp_create(u.nodename, |
| | 371 | KEY_PROG, vers, tpconf); |
| | 372 | endnetconfig(localhandle); |
| | 373 | |
| | 374 | if (kcp->client == NULL) { |
| | 375 | return (NULL); |
| | 376 | } |
| | 377 | kcp->uid = geteuid(); |
| | 378 | kcp->pid = getpid(); |
| | 379 | kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL); |
| | 380 | if (kcp->client->cl_auth == NULL) { |
| | 381 | clnt_destroy(kcp->client); |
| | 382 | kcp->client = NULL; |
| | 383 | return (NULL); |
| | 384 | } |
| | 385 | |
| | 386 | wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES; |
| | 387 | wait_time.tv_usec = 0; |
| | 388 | clnt_control(kcp->client, CLSET_RETRY_TIMEOUT, |
| | 389 | (char *)&wait_time); |
| | 390 | if (clnt_control(kcp->client, CLGET_FD, (char *)&fd)) |
| | 391 | _fcntl(fd, F_SETFD, 1); /* make it "close on exec" */ |
| | 392 | |
| | 393 | return (kcp->client); |
| | 394 | } |
| | 395 | |
| | 396 | /* returns 0 on failure, 1 on success */ |
| | 397 | |
| | 398 | static int |
| | 399 | key_call(u_long proc, xdrproc_t xdr_arg, void *arg, xdrproc_t xdr_rslt, |
| | 400 | void *rslt) |
| | 401 | { |
| | 402 | CLIENT *clnt; |
| | 403 | struct timeval wait_time; |
| | 404 | |
| | 405 | if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) { |
| | 406 | cryptkeyres *res; |
| | 407 | res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg); |
| | 408 | *(cryptkeyres*)rslt = *res; |
| | 409 | return (1); |
| | 410 | } else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) { |
| | 411 | cryptkeyres *res; |
| | 412 | res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg); |
| | 413 | *(cryptkeyres*)rslt = *res; |
| | 414 | return (1); |
| | 415 | } else if (proc == KEY_GEN && __key_gendes_LOCAL) { |
| | 416 | des_block *res; |
| | 417 | res = (*__key_gendes_LOCAL)(geteuid(), 0); |
| | 418 | *(des_block*)rslt = *res; |
| | 419 | return (1); |
| | 420 | } |
| | 421 | |
| | 422 | if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) || |
| | 423 | (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) || |
| | 424 | (proc == KEY_GET_CONV)) |
| | 425 | clnt = getkeyserv_handle(2); /* talk to version 2 */ |
| | 426 | else |
| | 427 | clnt = getkeyserv_handle(1); /* talk to version 1 */ |
| | 428 | |
| | 429 | if (clnt == NULL) { |
| | 430 | return (0); |
| | 431 | } |
| | 432 | |
| | 433 | wait_time.tv_sec = TOTAL_TIMEOUT; |
| | 434 | wait_time.tv_usec = 0; |
| | 435 | |
| | 436 | if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt, |
| | 437 | wait_time) == RPC_SUCCESS) { |
| | 438 | return (1); |
| | 439 | } else { |
| | 440 | return (0); |
| | 441 | } |
| | 442 | } |
uqs's projects / games.git / blame_incremental