1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
8 *
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
13 *
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
19 *
20 * CDDL HEADER END
21 */
22 /*
23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29
30 /*
31 * University Copyright- Copyright (c) 1982, 1986, 1988
32 * The Regents of the University of California
33 * All Rights Reserved
34 *
35 * University Acknowledgment- Portions of this document are derived from
36 * software developed by the University of California, Berkeley, and its
37 * contributors.
38 */
39
40 #pragma ident "%Z%%M% %I% %E% SMI"
41
42 /*
43 * unset the secret key on local machine
44 */
45 #include <stdio.h>
46 #include <rpc/rpc.h>
47 #include <rpc/key_prot.h>
48 #include <nfs/nfs.h>
49 #include <nfs/nfssys.h>
50
51 extern int key_removesecret_g();
52
53 /* for revoking kernel NFS credentials */
54 struct nfs_revauth_args nra;
55
56 int
main(int argc,char * argv[])57 main(int argc, char *argv[])
58 {
59 static char secret[HEXKEYBYTES + 1];
60 int err = 0;
61
62 if (geteuid() == 0) {
63 if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) {
64 fprintf(stderr,
65 "keylogout by root would break the rpc services that");
66 fprintf(stderr, " use secure rpc on this host!\n");
67 fprintf(stderr,
68 "root may use keylogout -f to do this (at your own risk)!\n");
69 exit(-1);
70 }
71 }
72
73 if (key_removesecret_g() < 0) {
74 fprintf(stderr, "Could not unset your secret key.\n");
75 fprintf(stderr, "Maybe the keyserver is down?\n");
76 err = 1;
77 }
78 if (key_setsecret(secret) < 0) {
79 if (!err) {
80 fprintf(stderr, "Could not unset your secret key.\n");
81 fprintf(stderr, "Maybe the keyserver is down?\n");
82 err = 1;
83 }
84 }
85
86 nra.authtype = AUTH_DES; /* only revoke DES creds */
87 nra.uid = getuid(); /* use the real uid */
88 if (_nfssys(NFS_REVAUTH, &nra) < 0) {
89 perror("Warning: NFS credentials not destroyed");
90 err = 1;
91 }
92
93 return (err);
94 }
95