| 1 | /* |
| 2 | * Sun RPC is a product of Sun Microsystems, Inc. and is provided for |
| 3 | * unrestricted use provided that this legend is included on all tape |
| 4 | * media and as a part of the software program in whole or part. Users |
| 5 | * may copy or modify Sun RPC without charge, but are not authorized |
| 6 | * to license or distribute it to anyone else except as part of a product or |
| 7 | * program developed by the user. |
| 8 | * |
| 9 | * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE |
| 10 | * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR |
| 11 | * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. |
| 12 | * |
| 13 | * Sun RPC is provided with no support and without any obligation on the |
| 14 | * part of Sun Microsystems, Inc. to assist in its use, correction, |
| 15 | * modification or enhancement. |
| 16 | * |
| 17 | * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE |
| 18 | * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC |
| 19 | * OR ANY PART THEREOF. |
| 20 | * |
| 21 | * In no event will Sun Microsystems, Inc. be liable for any lost revenue |
| 22 | * or profits or other special, indirect and consequential damages, even if |
| 23 | * Sun has been advised of the possibility of such damages. |
| 24 | * |
| 25 | * Sun Microsystems, Inc. |
| 26 | * 2550 Garcia Avenue |
| 27 | * Mountain View, California 94043 |
| 28 | */ |
| 29 | /* |
| 30 | * Copyright (c) 1986-1991 by Sun Microsystems Inc. |
| 31 | * |
| 32 | * @(#)key_call.c 1.25 94/04/24 SMI |
| 33 | * $FreeBSD: src/lib/libc/rpc/key_call.c,v 1.16 2006/02/27 22:10:59 deischen Exp $ |
| 34 | */ |
| 35 | |
| 36 | /* |
| 37 | * key_call.c, Interface to keyserver |
| 38 | * |
| 39 | * setsecretkey(key) - set your secret key |
| 40 | * encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent |
| 41 | * decryptsessionkey(agent, deskey) - decrypt ditto |
| 42 | * gendeskey(deskey) - generate a secure des key |
| 43 | */ |
| 44 | |
| 45 | #include "namespace.h" |
| 46 | #include "reentrant.h" |
| 47 | #include <stdio.h> |
| 48 | #include <stdlib.h> |
| 49 | #include <unistd.h> |
| 50 | #include <errno.h> |
| 51 | #include <rpc/rpc.h> |
| 52 | #include <rpc/auth.h> |
| 53 | #include <rpc/auth_unix.h> |
| 54 | #include <rpc/key_prot.h> |
| 55 | #include <string.h> |
| 56 | #include <netconfig.h> |
| 57 | #include <sys/utsname.h> |
| 58 | #include <signal.h> |
| 59 | #include <sys/wait.h> |
| 60 | #include <sys/fcntl.h> |
| 61 | #include "un-namespace.h" |
| 62 | #include "mt_misc.h" |
| 63 | |
| 64 | |
| 65 | #define KEY_TIMEOUT 5 /* per-try timeout in seconds */ |
| 66 | #define KEY_NRETRY 12 /* number of retries */ |
| 67 | |
| 68 | #ifdef DEBUG |
| 69 | #define debug(msg) fprintf(stderr, "%s\n", msg); |
| 70 | #else |
| 71 | #define debug(msg) |
| 72 | #endif /* DEBUG */ |
| 73 | |
| 74 | /* |
| 75 | * Hack to allow the keyserver to use AUTH_DES (for authenticated |
| 76 | * NIS+ calls, for example). The only functions that get called |
| 77 | * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes. |
| 78 | * |
| 79 | * The approach is to have the keyserver fill in pointers to local |
| 80 | * implementations of these functions, and to call those in key_call(). |
| 81 | */ |
| 82 | |
| 83 | cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0; |
| 84 | cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0; |
| 85 | des_block *(*__key_gendes_LOCAL)() = 0; |
| 86 | |
| 87 | static int key_call( u_long, xdrproc_t, void *, xdrproc_t, void *); |
| 88 | |
| 89 | int |
| 90 | key_setsecret(const char *secretkey) |
| 91 | { |
| 92 | keystatus status; |
| 93 | |
| 94 | if (!key_call((u_long) KEY_SET, (xdrproc_t)xdr_keybuf, |
| 95 | (void *)secretkey, |
| 96 | (xdrproc_t)xdr_keystatus, &status)) { |
| 97 | return (-1); |
| 98 | } |
| 99 | if (status != KEY_SUCCESS) { |
| 100 | debug("set status is nonzero"); |
| 101 | return (-1); |
| 102 | } |
| 103 | return (0); |
| 104 | } |
| 105 | |
| 106 | |
| 107 | /* key_secretkey_is_set() returns 1 if the keyserver has a secret key |
| 108 | * stored for the caller's effective uid; it returns 0 otherwise |
| 109 | * |
| 110 | * N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't |
| 111 | * be using it, because it allows them to get the user's secret key. |
| 112 | */ |
| 113 | |
| 114 | int |
| 115 | key_secretkey_is_set(void) |
| 116 | { |
| 117 | struct key_netstres kres; |
| 118 | |
| 119 | memset((void*)&kres, 0, sizeof (kres)); |
| 120 | if (key_call((u_long) KEY_NET_GET, (xdrproc_t)xdr_void, NULL, |
| 121 | (xdrproc_t)xdr_key_netstres, &kres) && |
| 122 | (kres.status == KEY_SUCCESS) && |
| 123 | (kres.key_netstres_u.knet.st_priv_key[0] != 0)) { |
| 124 | /* avoid leaving secret key in memory */ |
| 125 | memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES); |
| 126 | return (1); |
| 127 | } |
| 128 | return (0); |
| 129 | } |
| 130 | |
| 131 | int |
| 132 | key_encryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey) |
| 133 | { |
| 134 | cryptkeyarg2 arg; |
| 135 | cryptkeyres res; |
| 136 | |
| 137 | arg.remotename = remotename; |
| 138 | arg.remotekey = *remotekey; |
| 139 | arg.deskey = *deskey; |
| 140 | if (!key_call((u_long)KEY_ENCRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg, |
| 141 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| 142 | return (-1); |
| 143 | } |
| 144 | if (res.status != KEY_SUCCESS) { |
| 145 | debug("encrypt status is nonzero"); |
| 146 | return (-1); |
| 147 | } |
| 148 | *deskey = res.cryptkeyres_u.deskey; |
| 149 | return (0); |
| 150 | } |
| 151 | |
| 152 | int |
| 153 | key_decryptsession_pk(char *remotename, netobj *remotekey, des_block *deskey) |
| 154 | { |
| 155 | cryptkeyarg2 arg; |
| 156 | cryptkeyres res; |
| 157 | |
| 158 | arg.remotename = remotename; |
| 159 | arg.remotekey = *remotekey; |
| 160 | arg.deskey = *deskey; |
| 161 | if (!key_call((u_long)KEY_DECRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg, |
| 162 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| 163 | return (-1); |
| 164 | } |
| 165 | if (res.status != KEY_SUCCESS) { |
| 166 | debug("decrypt status is nonzero"); |
| 167 | return (-1); |
| 168 | } |
| 169 | *deskey = res.cryptkeyres_u.deskey; |
| 170 | return (0); |
| 171 | } |
| 172 | |
| 173 | int |
| 174 | key_encryptsession(const char *remotename, des_block *deskey) |
| 175 | { |
| 176 | cryptkeyarg arg; |
| 177 | cryptkeyres res; |
| 178 | |
| 179 | arg.remotename = (char *) remotename; |
| 180 | arg.deskey = *deskey; |
| 181 | if (!key_call((u_long)KEY_ENCRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg, |
| 182 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| 183 | return (-1); |
| 184 | } |
| 185 | if (res.status != KEY_SUCCESS) { |
| 186 | debug("encrypt status is nonzero"); |
| 187 | return (-1); |
| 188 | } |
| 189 | *deskey = res.cryptkeyres_u.deskey; |
| 190 | return (0); |
| 191 | } |
| 192 | |
| 193 | int |
| 194 | key_decryptsession(const char *remotename, des_block *deskey) |
| 195 | { |
| 196 | cryptkeyarg arg; |
| 197 | cryptkeyres res; |
| 198 | |
| 199 | arg.remotename = (char *) remotename; |
| 200 | arg.deskey = *deskey; |
| 201 | if (!key_call((u_long)KEY_DECRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg, |
| 202 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| 203 | return (-1); |
| 204 | } |
| 205 | if (res.status != KEY_SUCCESS) { |
| 206 | debug("decrypt status is nonzero"); |
| 207 | return (-1); |
| 208 | } |
| 209 | *deskey = res.cryptkeyres_u.deskey; |
| 210 | return (0); |
| 211 | } |
| 212 | |
| 213 | int |
| 214 | key_gendes(des_block *key) |
| 215 | { |
| 216 | if (!key_call((u_long)KEY_GEN, (xdrproc_t)xdr_void, NULL, |
| 217 | (xdrproc_t)xdr_des_block, key)) { |
| 218 | return (-1); |
| 219 | } |
| 220 | return (0); |
| 221 | } |
| 222 | |
| 223 | int |
| 224 | key_setnet(struct key_netstarg *arg) |
| 225 | { |
| 226 | keystatus status; |
| 227 | |
| 228 | |
| 229 | if (!key_call((u_long) KEY_NET_PUT, (xdrproc_t)xdr_key_netstarg, arg, |
| 230 | (xdrproc_t)xdr_keystatus, &status)){ |
| 231 | return (-1); |
| 232 | } |
| 233 | |
| 234 | if (status != KEY_SUCCESS) { |
| 235 | debug("key_setnet status is nonzero"); |
| 236 | return (-1); |
| 237 | } |
| 238 | return (1); |
| 239 | } |
| 240 | |
| 241 | |
| 242 | int |
| 243 | key_get_conv(char *pkey, des_block *deskey) |
| 244 | { |
| 245 | cryptkeyres res; |
| 246 | |
| 247 | if (!key_call((u_long) KEY_GET_CONV, (xdrproc_t)xdr_keybuf, pkey, |
| 248 | (xdrproc_t)xdr_cryptkeyres, &res)) { |
| 249 | return (-1); |
| 250 | } |
| 251 | if (res.status != KEY_SUCCESS) { |
| 252 | debug("get_conv status is nonzero"); |
| 253 | return (-1); |
| 254 | } |
| 255 | *deskey = res.cryptkeyres_u.deskey; |
| 256 | return (0); |
| 257 | } |
| 258 | |
| 259 | struct key_call_private { |
| 260 | CLIENT *client; /* Client handle */ |
| 261 | pid_t pid; /* process-id at moment of creation */ |
| 262 | uid_t uid; /* user-id at last authorization */ |
| 263 | }; |
| 264 | static struct key_call_private *key_call_private_main = NULL; |
| 265 | |
| 266 | static void |
| 267 | key_call_destroy(void *vp) |
| 268 | { |
| 269 | struct key_call_private *kcp = (struct key_call_private *)vp; |
| 270 | |
| 271 | if (kcp) { |
| 272 | if (kcp->client) |
| 273 | clnt_destroy(kcp->client); |
| 274 | free(kcp); |
| 275 | } |
| 276 | } |
| 277 | |
| 278 | /* |
| 279 | * Keep the handle cached. This call may be made quite often. |
| 280 | */ |
| 281 | static CLIENT * |
| 282 | getkeyserv_handle(int vers) |
| 283 | { |
| 284 | void *localhandle; |
| 285 | struct netconfig *nconf; |
| 286 | struct netconfig *tpconf; |
| 287 | struct key_call_private *kcp = key_call_private_main; |
| 288 | struct timeval wait_time; |
| 289 | struct utsname u; |
| 290 | int main_thread; |
| 291 | int fd; |
| 292 | static thread_key_t key_call_key; |
| 293 | |
| 294 | #define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */ |
| 295 | #define TOTAL_TRIES 5 /* Number of tries */ |
| 296 | |
| 297 | if ((main_thread = thr_main())) { |
| 298 | kcp = key_call_private_main; |
| 299 | } else { |
| 300 | if (key_call_key == 0) { |
| 301 | mutex_lock(&tsd_lock); |
| 302 | if (key_call_key == 0) |
| 303 | thr_keycreate(&key_call_key, key_call_destroy); |
| 304 | mutex_unlock(&tsd_lock); |
| 305 | } |
| 306 | kcp = (struct key_call_private *)thr_getspecific(key_call_key); |
| 307 | } |
| 308 | if (kcp == NULL) { |
| 309 | kcp = (struct key_call_private *)malloc(sizeof (*kcp)); |
| 310 | if (kcp == NULL) { |
| 311 | return (NULL); |
| 312 | } |
| 313 | if (main_thread) |
| 314 | key_call_private_main = kcp; |
| 315 | else |
| 316 | thr_setspecific(key_call_key, (void *) kcp); |
| 317 | kcp->client = NULL; |
| 318 | } |
| 319 | |
| 320 | /* if pid has changed, destroy client and rebuild */ |
| 321 | if (kcp->client != NULL && kcp->pid != getpid()) { |
| 322 | clnt_destroy(kcp->client); |
| 323 | kcp->client = NULL; |
| 324 | } |
| 325 | |
| 326 | if (kcp->client != NULL) { |
| 327 | /* if uid has changed, build client handle again */ |
| 328 | if (kcp->uid != geteuid()) { |
| 329 | kcp->uid = geteuid(); |
| 330 | auth_destroy(kcp->client->cl_auth); |
| 331 | kcp->client->cl_auth = |
| 332 | authsys_create("", kcp->uid, 0, 0, NULL); |
| 333 | if (kcp->client->cl_auth == NULL) { |
| 334 | clnt_destroy(kcp->client); |
| 335 | kcp->client = NULL; |
| 336 | return (NULL); |
| 337 | } |
| 338 | } |
| 339 | /* Change the version number to the new one */ |
| 340 | clnt_control(kcp->client, CLSET_VERS, (void *)&vers); |
| 341 | return (kcp->client); |
| 342 | } |
| 343 | if (!(localhandle = setnetconfig())) { |
| 344 | return (NULL); |
| 345 | } |
| 346 | tpconf = NULL; |
| 347 | if (uname(&u) == -1) |
| 348 | { |
| 349 | endnetconfig(localhandle); |
| 350 | return (NULL); |
| 351 | } |
| 352 | while ((nconf = getnetconfig(localhandle)) != NULL) { |
| 353 | if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) { |
| 354 | /* |
| 355 | * We use COTS_ORD here so that the caller can |
| 356 | * find out immediately if the server is dead. |
| 357 | */ |
| 358 | if (nconf->nc_semantics == NC_TPI_COTS_ORD) { |
| 359 | kcp->client = clnt_tp_create(u.nodename, |
| 360 | KEY_PROG, vers, nconf); |
| 361 | if (kcp->client) |
| 362 | break; |
| 363 | } else { |
| 364 | tpconf = nconf; |
| 365 | } |
| 366 | } |
| 367 | } |
| 368 | if ((kcp->client == NULL) && (tpconf)) |
| 369 | /* Now, try the CLTS or COTS loopback transport */ |
| 370 | kcp->client = clnt_tp_create(u.nodename, |
| 371 | KEY_PROG, vers, tpconf); |
| 372 | endnetconfig(localhandle); |
| 373 | |
| 374 | if (kcp->client == NULL) { |
| 375 | return (NULL); |
| 376 | } |
| 377 | kcp->uid = geteuid(); |
| 378 | kcp->pid = getpid(); |
| 379 | kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL); |
| 380 | if (kcp->client->cl_auth == NULL) { |
| 381 | clnt_destroy(kcp->client); |
| 382 | kcp->client = NULL; |
| 383 | return (NULL); |
| 384 | } |
| 385 | |
| 386 | wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES; |
| 387 | wait_time.tv_usec = 0; |
| 388 | clnt_control(kcp->client, CLSET_RETRY_TIMEOUT, |
| 389 | (char *)&wait_time); |
| 390 | if (clnt_control(kcp->client, CLGET_FD, (char *)&fd)) |
| 391 | _fcntl(fd, F_SETFD, 1); /* make it "close on exec" */ |
| 392 | |
| 393 | return (kcp->client); |
| 394 | } |
| 395 | |
| 396 | /* returns 0 on failure, 1 on success */ |
| 397 | |
| 398 | static int |
| 399 | key_call(u_long proc, xdrproc_t xdr_arg, void *arg, xdrproc_t xdr_rslt, |
| 400 | void *rslt) |
| 401 | { |
| 402 | CLIENT *clnt; |
| 403 | struct timeval wait_time; |
| 404 | |
| 405 | if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) { |
| 406 | cryptkeyres *res; |
| 407 | res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg); |
| 408 | *(cryptkeyres*)rslt = *res; |
| 409 | return (1); |
| 410 | } else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) { |
| 411 | cryptkeyres *res; |
| 412 | res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg); |
| 413 | *(cryptkeyres*)rslt = *res; |
| 414 | return (1); |
| 415 | } else if (proc == KEY_GEN && __key_gendes_LOCAL) { |
| 416 | des_block *res; |
| 417 | res = (*__key_gendes_LOCAL)(geteuid(), 0); |
| 418 | *(des_block*)rslt = *res; |
| 419 | return (1); |
| 420 | } |
| 421 | |
| 422 | if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) || |
| 423 | (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) || |
| 424 | (proc == KEY_GET_CONV)) |
| 425 | clnt = getkeyserv_handle(2); /* talk to version 2 */ |
| 426 | else |
| 427 | clnt = getkeyserv_handle(1); /* talk to version 1 */ |
| 428 | |
| 429 | if (clnt == NULL) { |
| 430 | return (0); |
| 431 | } |
| 432 | |
| 433 | wait_time.tv_sec = TOTAL_TIMEOUT; |
| 434 | wait_time.tv_usec = 0; |
| 435 | |
| 436 | if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt, |
| 437 | wait_time) == RPC_SUCCESS) { |
| 438 | return (1); |
| 439 | } else { |
| 440 | return (0); |
| 441 | } |
| 442 | } |