glibc/sunrpc/key_call.c
Ulrich Drepper 800d775e42 Update.
1997-08-29 21:45  Ulrich Drepper  <drepper@cygnus.com>

	* sunrpc/auth_des.c: New file.  Copied from former secure_rpc add-on.
	* sunrpc/authdes_prot.c: New file.  Likewise.
	* sunrpc/des.h: New file.  Likewise.
	* sunrpc/des_crypt.c: New file.  Likewise.
	* sunrpc/des_soft.c: New file.  Likewise.
	* sunrpc/key_call.c: New file.  Likewise.
	* sunrpc/key_prot.c: New file.  Likewise.
	* sunrpc/netname.c: New file.  Likewise.
	* sunrpc/openchild.c: New file.  Likewise.
	* sunrpc/rtime.c: New file.  Likewise.
	* sunrpc/svc_auth.c: New file.  Likewise.
	* sunrpc/svcauth_des.c: New file.  Likewise.
	* sunrpc/xcrypt.c: New file.  Likewise.
	* sunrpc/rpc/auth.h: New file.  Likewise.
	* sunrpc/rpc/auth_des.h: New file.  Likewise.
	* sunrpc/rpc/des_crypt.h: New file.  Likewise.
	* sunrpc/rpc/key_prot.h: New file.  Likewise.
	* sunrpc/rpcsvc/key_prot.x: New file.  Likewise.
	* sysdeps/generic/svc_auth.h: Removed.
	* sysdeps/generic/rpc/auth.h: Removed.
	* sysdeps/generic/rpc/auth_des.h: Removed.
	* sysdeps/stub/des_impl.c: New file.  Stub version for DES.
	* sunrpc/Makefile (rpcsvc): Add keyprot.x.
	(headers): Add des_crypt.h and key_prot.h.
	(routines): Add auth_des, authdes_prot, des_crypt, des_impl, des_soft,
	key_call, key_prot, netname, openchild, rtime, svcauth_des, xcrypt.
	(distribute): Add des.h.

	* db2/Makefile: Add all headers and other files to distribute.
	(others): Add db_printlog.

	* sysdeps/mach/hurd/Dist: Add net/* headers.
	* sysdeps/mach/hurd/mips/Dist: New file.
	* sysdeps/powerpc/Dist: Add fe_nomask.c and t_sqrt.c.
	* sysdeps/sparc/Dist: Add sys/trap.h.
	* sysdeps/sparc/sparc32/Dist: Remove sys/trap.h.
	* sysdeps/sparc/sparc32/sparcv8/Dist: New file.
	* sysdeps/unix/sysv/linux/mips/Dist: Add sgidefs.h.
	* sysdeps/unix/sysv/linux/sparc/Dist: Add sys/trap.h.
	* sysdeps/unix/sysv/linux/sparc/sparc32/Dist: Remove sys/trap.h.

	Add previously missing assembler files for PPC.
	* sysdeps/powerpc/add_n.s: New file.
	* sysdeps/powerpc/addmul_1.s: New file.
	* sysdeps/powerpc/lshift.s: New file.
	* sysdeps/powerpc/memset.s: New file.
	* sysdeps/powerpc/mul_1.s: New file.
	* sysdeps/powerpc/rshift.s: New file.
	* sysdeps/powerpc/strchr.s: New file.
	* sysdeps/powerpc/strcmp.s: New file.
	* sysdeps/powerpc/sub_n.s: New file.
	* sysdeps/powerpc/submul_1.s: New file.

1997-08-28 18:42  Thorsten Kukuk  <kukuk@uni-paderborn.de>

	* nis/nis_server.c: Rewritten to fix a lot of bugs.

1997-08-28  Andreas Schwab  <schwab@issan.informatik.uni-dortmund.de>

	* md5-crypt/Makefile (LDFLAGS-md5crypt.so, libmd5crypt-map): New
	variables.

	in NLSPATH environment variable.  Patch by HJ Lu <hjl@gnu.ai.mit.edu>.
1997-08-29 21:01:47 +00:00

364 lines
9.3 KiB
C

/*
* Copyright (c) 1988 by Sun Microsystems, Inc.
*/
/*
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
* unrestricted use provided that this legend is included on all tape
* media and as a part of the software program in whole or part. Users
* may copy or modify Sun RPC without charge, but are not authorized
* to license or distribute it to anyone else except as part of a product or
* program developed by the user.
*
* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
*
* Sun RPC is provided with no support and without any obligation on the
* part of Sun Microsystems, Inc. to assist in its use, correction,
* modification or enhancement.
*
* SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
* INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
* OR ANY PART THEREOF.
*
* In no event will Sun Microsystems, Inc. be liable for any lost revenue
* or profits or other special, indirect and consequential damages, even if
* Sun has been advised of the possibility of such damages.
*
* Sun Microsystems, Inc.
* 2550 Garcia Avenue
* Mountain View, California 94043
*/
/*
* The original source is from the RPCSRC 4.0 package from Sun Microsystems.
* The Interface to keyserver protocoll 2 was added by
* Thorsten Kukuk <kukuk@vt.uni-paderborn.de>
*/
#include <stdio.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/auth.h>
#include <sys/wait.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <rpc/key_prot.h>
#define KEY_TIMEOUT 5 /* per-try timeout in seconds */
#define KEY_NRETRY 12 /* number of retries */
#define debug(msg) /* turn off debugging */
extern int _openchild (char *command, FILE ** fto, FILE ** ffrom);
static int key_call (u_long, xdrproc_t xdr_arg, char *,
xdrproc_t xdr_rslt, char *);
static struct timeval trytimeout = {KEY_TIMEOUT, 0};
static struct timeval tottimeout = {KEY_TIMEOUT * KEY_NRETRY, 0};
int
key_setsecret (char *secretkey)
{
keystatus status;
if (!key_call ((u_long) KEY_SET, (xdrproc_t) xdr_keybuf, secretkey,
(xdrproc_t) xdr_keystatus, (char *) &status))
return -1;
if (status != KEY_SUCCESS)
{
debug ("set status is nonzero");
return -1;
}
return 0;
}
/* key_secretkey_is_set() returns 1 if the keyserver has a secret key
* stored for the caller's effective uid; it returns 0 otherwise
*
* N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't
* be using it, because it allows them to get the user's secret key.
*/
int
key_secretkey_is_set (void)
{
struct key_netstres kres;
memset (&kres, 0, sizeof (kres));
if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) xdr_void, (char *) NULL,
(xdrproc_t) xdr_key_netstres, (char *) &kres) &&
(kres.status == KEY_SUCCESS) &&
(kres.key_netstres_u.knet.st_priv_key[0] != 0))
{
/* avoid leaving secret key in memory */
memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
return 1;
}
return 0;
}
int
key_encryptsession (char *remotename, des_block * deskey)
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = remotename;
arg.deskey = *deskey;
if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) xdr_cryptkeyarg,
(char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
return -1;
if (res.status != KEY_SUCCESS)
{
debug ("encrypt status is nonzero");
return -1;
}
*deskey = res.cryptkeyres_u.deskey;
return 0;
}
int
key_decryptsession (char *remotename, des_block * deskey)
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = remotename;
arg.deskey = *deskey;
if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) xdr_cryptkeyarg,
(char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
return -1;
if (res.status != KEY_SUCCESS)
{
debug ("decrypt status is nonzero");
return -1;
}
*deskey = res.cryptkeyres_u.deskey;
return 0;
}
int
key_encryptsession_pk (char *remotename, netobj * remotekey,
des_block * deskey)
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
(char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
return -1;
if (res.status != KEY_SUCCESS)
{
debug ("encrypt status is nonzero");
return -1;
}
*deskey = res.cryptkeyres_u.deskey;
return 0;
}
int
key_decryptsession_pk (char *remotename, netobj * remotekey,
des_block * deskey)
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
(char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
return -1;
if (res.status != KEY_SUCCESS)
{
debug ("decrypt status is nonzero");
return -1;
}
*deskey = res.cryptkeyres_u.deskey;
return 0;
}
int
key_gendes (des_block * key)
{
struct sockaddr_in sin;
CLIENT *client;
int socket;
enum clnt_stat stat;
sin.sin_family = AF_INET;
sin.sin_port = 0;
sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
bzero (sin.sin_zero, sizeof (sin.sin_zero));
socket = RPC_ANYSOCK;
client = clntudp_bufcreate (&sin, (u_long) KEY_PROG, (u_long) KEY_VERS,
trytimeout, &socket, RPCSMALLMSGSIZE,
RPCSMALLMSGSIZE);
if (client == NULL)
return -1;
stat = clnt_call (client, KEY_GEN, (xdrproc_t) xdr_void, NULL,
(xdrproc_t) xdr_des_block, (caddr_t) key, tottimeout);
clnt_destroy (client);
close (socket);
if (stat != RPC_SUCCESS)
return -1;
return 0;
}
int
key_setnet (struct key_netstarg *arg)
{
keystatus status;
if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) xdr_key_netstarg,
(char *) arg,(xdrproc_t) xdr_keystatus, (char *) &status))
return -1;
if (status != KEY_SUCCESS)
{
debug ("key_setnet status is nonzero");
return -1;
}
return 1;
}
int
key_get_conv (char *pkey, des_block * deskey)
{
cryptkeyres res;
if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) xdr_keybuf, pkey,
(xdrproc_t) xdr_cryptkeyres, (char *) &res))
return -1;
if (res.status != KEY_SUCCESS)
{
debug ("get_conv status is nonzero");
return -1;
}
*deskey = res.cryptkeyres_u.deskey;
return 0;
}
/*
* Hack to allow the keyserver to use AUTH_DES (for authenticated
* NIS+ calls, for example). The only functions that get called
* are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
*
* The approach is to have the keyserver fill in pointers to local
* implementations of these functions, and to call those in key_call().
*/
cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *) = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *) = 0;
des_block *(*__key_gendes_LOCAL) (uid_t, char *) = 0;
static int
key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
xdrproc_t xdr_rslt, char *rslt)
{
XDR xdrargs;
XDR xdrrslt;
FILE *fargs;
FILE *frslt;
void (*osigchild) (int);
union wait status;
int pid;
int success;
uid_t ruid;
uid_t euid;
static char MESSENGER[] = "/usr/etc/keyenvoy";
success = 1;
osigchild = signal (SIGCHLD, SIG_IGN);
if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
{
cryptkeyres *res;
res = (*__key_encryptsession_pk_LOCAL) (geteuid (), arg);
*(cryptkeyres *) rslt = *res;
return 1;
}
else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
{
cryptkeyres *res;
res = (*__key_decryptsession_pk_LOCAL) (geteuid (), arg);
*(cryptkeyres *) rslt = *res;
return 1;
}
else if (proc == KEY_GEN && __key_gendes_LOCAL)
{
des_block *res;
res = (*__key_gendes_LOCAL) (geteuid (), 0);
*(des_block *) rslt = *res;
return 1;
}
/*
* We are going to exec a set-uid program which makes our effective uid
* zero, and authenticates us with our real uid. We need to make the
* effective uid be the real uid for the setuid program, and
* the real uid be the effective uid so that we can change things back.
*/
euid = geteuid ();
ruid = getuid ();
setreuid (euid, ruid);
pid = _openchild (MESSENGER, &fargs, &frslt);
setreuid (ruid, euid);
if (pid < 0)
{
debug ("open_streams");
return (0);
}
xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
if (!xdr_u_long (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
{
debug ("xdr args");
success = 0;
}
fclose (fargs);
if (success && !(*xdr_rslt) (&xdrrslt, rslt))
{
debug ("xdr rslt");
success = 0;
}
#ifdef NOTDEF
/*
* WARNING! XXX
* The original code appears first. wait4 returns only after the process
* with the requested pid terminates. The effect of using wait() instead
* has not been determined.
*/
fclose (frslt);
if (wait4 (pid, &status, 0, NULL) < 0 || status.w_retcode != 0)
{
debug ("wait4");
success = 0;
}
#endif /* def NOTDEF */
if (wait (&status) < 0 || status.w_retcode != 0)
{
debug ("wait");
success = 0;
}
signal (SIGCHLD, osigchild);
return (success);
}