xref: /freebsd/lib/libc/rpc/key_call.c (revision 2e322d379631c3bd6107e295f3e5d814c7845fc7) 
1*2e322d37SHiroki Sato /*-
2*2e322d37SHiroki Sato  * Copyright (c) 2009, Sun Microsystems, Inc.
3*2e322d37SHiroki Sato  * All rights reserved.
4e8636dfdSBill Paul  *
5*2e322d37SHiroki Sato  * Redistribution and use in source and binary forms, with or without
6*2e322d37SHiroki Sato  * modification, are permitted provided that the following conditions are met:
7*2e322d37SHiroki Sato  * - Redistributions of source code must retain the above copyright notice,
8*2e322d37SHiroki Sato  *   this list of conditions and the following disclaimer.
9*2e322d37SHiroki Sato  * - Redistributions in binary form must reproduce the above copyright notice,
10*2e322d37SHiroki Sato  *   this list of conditions and the following disclaimer in the documentation
11*2e322d37SHiroki Sato  *   and/or other materials provided with the distribution.
12*2e322d37SHiroki Sato  * - Neither the name of Sun Microsystems, Inc. nor the names of its
13*2e322d37SHiroki Sato  *   contributors may be used to endorse or promote products derived
14*2e322d37SHiroki Sato  *   from this software without specific prior written permission.
15e8636dfdSBill Paul  *
16*2e322d37SHiroki Sato  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
17*2e322d37SHiroki Sato  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18*2e322d37SHiroki Sato  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19*2e322d37SHiroki Sato  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
20*2e322d37SHiroki Sato  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21*2e322d37SHiroki Sato  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22*2e322d37SHiroki Sato  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23*2e322d37SHiroki Sato  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24*2e322d37SHiroki Sato  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25*2e322d37SHiroki Sato  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26*2e322d37SHiroki Sato  * POSSIBILITY OF SUCH DAMAGE.
27e8636dfdSBill Paul  */
28e8636dfdSBill Paul /*
29e8636dfdSBill Paul  * Copyright (c) 1986-1991 by Sun Microsystems Inc.
30e8636dfdSBill Paul  */
31e8636dfdSBill Paul 
32e8636dfdSBill Paul #ident	"@(#)key_call.c	1.25	94/04/24 SMI"
33d3d20c82SDavid E. O'Brien #include <sys/cdefs.h>
34d3d20c82SDavid E. O'Brien __FBSDID("$FreeBSD$");
3506fa7267SDavid E. O'Brien 
36e8636dfdSBill Paul /*
37e8636dfdSBill Paul  * key_call.c, Interface to keyserver
38e8636dfdSBill Paul  *
39e8636dfdSBill Paul  * setsecretkey(key) - set your secret key
40e8636dfdSBill Paul  * encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent
41e8636dfdSBill Paul  * decryptsessionkey(agent, deskey) - decrypt ditto
42e8636dfdSBill Paul  * gendeskey(deskey) - generate a secure des key
43e8636dfdSBill Paul  */
44e8636dfdSBill Paul 
45d201fe46SDaniel Eischen #include "namespace.h"
469f5afc13SIan Dowse #include "reentrant.h"
47e8636dfdSBill Paul #include <stdio.h>
48e8636dfdSBill Paul #include <stdlib.h>
49e8636dfdSBill Paul #include <unistd.h>
50e8636dfdSBill Paul #include <errno.h>
51e8636dfdSBill Paul #include <rpc/rpc.h>
52e8636dfdSBill Paul #include <rpc/auth.h>
53e8636dfdSBill Paul #include <rpc/auth_unix.h>
54e8636dfdSBill Paul #include <rpc/key_prot.h>
55e8636dfdSBill Paul #include <string.h>
568360efbdSAlfred Perlstein #include <netconfig.h>
57e8636dfdSBill Paul #include <sys/utsname.h>
58e8636dfdSBill Paul #include <stdlib.h>
59e8636dfdSBill Paul #include <signal.h>
60e8636dfdSBill Paul #include <sys/wait.h>
61e8636dfdSBill Paul #include <sys/fcntl.h>
62d201fe46SDaniel Eischen #include "un-namespace.h"
63235baf26SDaniel Eischen #include "mt_misc.h"
64e8636dfdSBill Paul 
65e8636dfdSBill Paul 
66e8636dfdSBill Paul #define	KEY_TIMEOUT	5	/* per-try timeout in seconds */
67e8636dfdSBill Paul #define	KEY_NRETRY	12	/* number of retries */
68e8636dfdSBill Paul 
69e8636dfdSBill Paul #ifdef DEBUG
70e8636dfdSBill Paul #define	debug(msg)	(void) fprintf(stderr, "%s\n", msg);
71e8636dfdSBill Paul #else
72e8636dfdSBill Paul #define	debug(msg)
73e8636dfdSBill Paul #endif /* DEBUG */
74e8636dfdSBill Paul 
75e8636dfdSBill Paul /*
76e8636dfdSBill Paul  * Hack to allow the keyserver to use AUTH_DES (for authenticated
77e8636dfdSBill Paul  * NIS+ calls, for example).  The only functions that get called
78e8636dfdSBill Paul  * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
79e8636dfdSBill Paul  *
80e8636dfdSBill Paul  * The approach is to have the keyserver fill in pointers to local
81e8636dfdSBill Paul  * implementations of these functions, and to call those in key_call().
82e8636dfdSBill Paul  */
83e8636dfdSBill Paul 
84e8636dfdSBill Paul cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
85e8636dfdSBill Paul cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
86e8636dfdSBill Paul des_block *(*__key_gendes_LOCAL)() = 0;
87e8636dfdSBill Paul 
88f249dbccSDag-Erling Smørgrav static int key_call( u_long, xdrproc_t, void *, xdrproc_t, void *);
89e8636dfdSBill Paul 
90e8636dfdSBill Paul int
91e8636dfdSBill Paul key_setsecret(secretkey)
92e8636dfdSBill Paul 	const char *secretkey;
93e8636dfdSBill Paul {
94e8636dfdSBill Paul 	keystatus status;
95e8636dfdSBill Paul 
96c549fd46SAlfred Perlstein 	if (!key_call((u_long) KEY_SET, (xdrproc_t)xdr_keybuf,
97c549fd46SAlfred Perlstein 			(void *)secretkey,
98f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_keystatus, &status)) {
99e8636dfdSBill Paul 		return (-1);
100e8636dfdSBill Paul 	}
101e8636dfdSBill Paul 	if (status != KEY_SUCCESS) {
102e8636dfdSBill Paul 		debug("set status is nonzero");
103e8636dfdSBill Paul 		return (-1);
104e8636dfdSBill Paul 	}
105e8636dfdSBill Paul 	return (0);
106e8636dfdSBill Paul }
107e8636dfdSBill Paul 
108e8636dfdSBill Paul 
109e8636dfdSBill Paul /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
110e8636dfdSBill Paul  * stored for the caller's effective uid; it returns 0 otherwise
111e8636dfdSBill Paul  *
112e8636dfdSBill Paul  * N.B.:  The KEY_NET_GET key call is undocumented.  Applications shouldn't
113e8636dfdSBill Paul  * be using it, because it allows them to get the user's secret key.
114e8636dfdSBill Paul  */
115e8636dfdSBill Paul 
116e8636dfdSBill Paul int
117e8636dfdSBill Paul key_secretkey_is_set(void)
118e8636dfdSBill Paul {
119e8636dfdSBill Paul 	struct key_netstres 	kres;
120e8636dfdSBill Paul 
121e8636dfdSBill Paul 	memset((void*)&kres, 0, sizeof (kres));
122f249dbccSDag-Erling Smørgrav 	if (key_call((u_long) KEY_NET_GET, (xdrproc_t)xdr_void, NULL,
123f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_key_netstres, &kres) &&
124e8636dfdSBill Paul 	    (kres.status == KEY_SUCCESS) &&
125e8636dfdSBill Paul 	    (kres.key_netstres_u.knet.st_priv_key[0] != 0)) {
126e8636dfdSBill Paul 		/* avoid leaving secret key in memory */
127e8636dfdSBill Paul 		memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
128e8636dfdSBill Paul 		return (1);
129e8636dfdSBill Paul 	}
130e8636dfdSBill Paul 	return (0);
131e8636dfdSBill Paul }
132e8636dfdSBill Paul 
133e8636dfdSBill Paul int
134e8636dfdSBill Paul key_encryptsession_pk(remotename, remotekey, deskey)
135e8636dfdSBill Paul 	char *remotename;
136e8636dfdSBill Paul 	netobj *remotekey;
137e8636dfdSBill Paul 	des_block *deskey;
138e8636dfdSBill Paul {
139e8636dfdSBill Paul 	cryptkeyarg2 arg;
140e8636dfdSBill Paul 	cryptkeyres res;
141e8636dfdSBill Paul 
142e8636dfdSBill Paul 	arg.remotename = remotename;
143e8636dfdSBill Paul 	arg.remotekey = *remotekey;
144e8636dfdSBill Paul 	arg.deskey = *deskey;
145f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long)KEY_ENCRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg,
146f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_cryptkeyres, &res)) {
147e8636dfdSBill Paul 		return (-1);
148e8636dfdSBill Paul 	}
149e8636dfdSBill Paul 	if (res.status != KEY_SUCCESS) {
150e8636dfdSBill Paul 		debug("encrypt status is nonzero");
151e8636dfdSBill Paul 		return (-1);
152e8636dfdSBill Paul 	}
153e8636dfdSBill Paul 	*deskey = res.cryptkeyres_u.deskey;
154e8636dfdSBill Paul 	return (0);
155e8636dfdSBill Paul }
156e8636dfdSBill Paul 
157e8636dfdSBill Paul int
158e8636dfdSBill Paul key_decryptsession_pk(remotename, remotekey, deskey)
159e8636dfdSBill Paul 	char *remotename;
160e8636dfdSBill Paul 	netobj *remotekey;
161e8636dfdSBill Paul 	des_block *deskey;
162e8636dfdSBill Paul {
163e8636dfdSBill Paul 	cryptkeyarg2 arg;
164e8636dfdSBill Paul 	cryptkeyres res;
165e8636dfdSBill Paul 
166e8636dfdSBill Paul 	arg.remotename = remotename;
167e8636dfdSBill Paul 	arg.remotekey = *remotekey;
168e8636dfdSBill Paul 	arg.deskey = *deskey;
169f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long)KEY_DECRYPT_PK, (xdrproc_t)xdr_cryptkeyarg2, &arg,
170f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_cryptkeyres, &res)) {
171e8636dfdSBill Paul 		return (-1);
172e8636dfdSBill Paul 	}
173e8636dfdSBill Paul 	if (res.status != KEY_SUCCESS) {
174e8636dfdSBill Paul 		debug("decrypt status is nonzero");
175e8636dfdSBill Paul 		return (-1);
176e8636dfdSBill Paul 	}
177e8636dfdSBill Paul 	*deskey = res.cryptkeyres_u.deskey;
178e8636dfdSBill Paul 	return (0);
179e8636dfdSBill Paul }
180e8636dfdSBill Paul 
181e8636dfdSBill Paul int
182e8636dfdSBill Paul key_encryptsession(remotename, deskey)
183e8636dfdSBill Paul 	const char *remotename;
184e8636dfdSBill Paul 	des_block *deskey;
185e8636dfdSBill Paul {
186e8636dfdSBill Paul 	cryptkeyarg arg;
187e8636dfdSBill Paul 	cryptkeyres res;
188e8636dfdSBill Paul 
189e8636dfdSBill Paul 	arg.remotename = (char *) remotename;
190e8636dfdSBill Paul 	arg.deskey = *deskey;
191f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long)KEY_ENCRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg,
192f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_cryptkeyres, &res)) {
193e8636dfdSBill Paul 		return (-1);
194e8636dfdSBill Paul 	}
195e8636dfdSBill Paul 	if (res.status != KEY_SUCCESS) {
196e8636dfdSBill Paul 		debug("encrypt status is nonzero");
197e8636dfdSBill Paul 		return (-1);
198e8636dfdSBill Paul 	}
199e8636dfdSBill Paul 	*deskey = res.cryptkeyres_u.deskey;
200e8636dfdSBill Paul 	return (0);
201e8636dfdSBill Paul }
202e8636dfdSBill Paul 
203e8636dfdSBill Paul int
204e8636dfdSBill Paul key_decryptsession(remotename, deskey)
205e8636dfdSBill Paul 	const char *remotename;
206e8636dfdSBill Paul 	des_block *deskey;
207e8636dfdSBill Paul {
208e8636dfdSBill Paul 	cryptkeyarg arg;
209e8636dfdSBill Paul 	cryptkeyres res;
210e8636dfdSBill Paul 
211e8636dfdSBill Paul 	arg.remotename = (char *) remotename;
212e8636dfdSBill Paul 	arg.deskey = *deskey;
213f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long)KEY_DECRYPT, (xdrproc_t)xdr_cryptkeyarg, &arg,
214f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_cryptkeyres, &res)) {
215e8636dfdSBill Paul 		return (-1);
216e8636dfdSBill Paul 	}
217e8636dfdSBill Paul 	if (res.status != KEY_SUCCESS) {
218e8636dfdSBill Paul 		debug("decrypt status is nonzero");
219e8636dfdSBill Paul 		return (-1);
220e8636dfdSBill Paul 	}
221e8636dfdSBill Paul 	*deskey = res.cryptkeyres_u.deskey;
222e8636dfdSBill Paul 	return (0);
223e8636dfdSBill Paul }
224e8636dfdSBill Paul 
225e8636dfdSBill Paul int
226e8636dfdSBill Paul key_gendes(key)
227e8636dfdSBill Paul 	des_block *key;
228e8636dfdSBill Paul {
229f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long)KEY_GEN, (xdrproc_t)xdr_void, NULL,
230f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_des_block, key)) {
231e8636dfdSBill Paul 		return (-1);
232e8636dfdSBill Paul 	}
233e8636dfdSBill Paul 	return (0);
234e8636dfdSBill Paul }
235e8636dfdSBill Paul 
236e8636dfdSBill Paul int
237e8636dfdSBill Paul key_setnet(arg)
2388360efbdSAlfred Perlstein struct key_netstarg *arg;
239e8636dfdSBill Paul {
240e8636dfdSBill Paul 	keystatus status;
241e8636dfdSBill Paul 
242e8636dfdSBill Paul 
243f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long) KEY_NET_PUT, (xdrproc_t)xdr_key_netstarg, arg,
244f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_keystatus, &status)){
245e8636dfdSBill Paul 		return (-1);
246e8636dfdSBill Paul 	}
247e8636dfdSBill Paul 
248e8636dfdSBill Paul 	if (status != KEY_SUCCESS) {
249e8636dfdSBill Paul 		debug("key_setnet status is nonzero");
250e8636dfdSBill Paul 		return (-1);
251e8636dfdSBill Paul 	}
252e8636dfdSBill Paul 	return (1);
253e8636dfdSBill Paul }
254e8636dfdSBill Paul 
255e8636dfdSBill Paul 
256e8636dfdSBill Paul int
257e8636dfdSBill Paul key_get_conv(pkey, deskey)
258e8636dfdSBill Paul 	char *pkey;
259e8636dfdSBill Paul 	des_block *deskey;
260e8636dfdSBill Paul {
261e8636dfdSBill Paul 	cryptkeyres res;
262e8636dfdSBill Paul 
263f249dbccSDag-Erling Smørgrav 	if (!key_call((u_long) KEY_GET_CONV, (xdrproc_t)xdr_keybuf, pkey,
264f249dbccSDag-Erling Smørgrav 			(xdrproc_t)xdr_cryptkeyres, &res)) {
265e8636dfdSBill Paul 		return (-1);
266e8636dfdSBill Paul 	}
267e8636dfdSBill Paul 	if (res.status != KEY_SUCCESS) {
268e8636dfdSBill Paul 		debug("get_conv status is nonzero");
269e8636dfdSBill Paul 		return (-1);
270e8636dfdSBill Paul 	}
271e8636dfdSBill Paul 	*deskey = res.cryptkeyres_u.deskey;
272e8636dfdSBill Paul 	return (0);
273e8636dfdSBill Paul }
274e8636dfdSBill Paul 
275e8636dfdSBill Paul struct  key_call_private {
276e8636dfdSBill Paul 	CLIENT	*client;	/* Client handle */
277e8636dfdSBill Paul 	pid_t	pid;		/* process-id at moment of creation */
278e8636dfdSBill Paul 	uid_t	uid;		/* user-id at last authorization */
279e8636dfdSBill Paul };
280e8636dfdSBill Paul static struct key_call_private *key_call_private_main = NULL;
2816f88d2a8SJohn Baldwin static thread_key_t key_call_key;
2826f88d2a8SJohn Baldwin static once_t key_call_once = ONCE_INITIALIZER;
2836f88d2a8SJohn Baldwin static int key_call_key_error;
284e8636dfdSBill Paul 
285e8636dfdSBill Paul static void
286e8636dfdSBill Paul key_call_destroy(void *vp)
287e8636dfdSBill Paul {
2888fb3f3f6SDavid E. O'Brien 	struct key_call_private *kcp = (struct key_call_private *)vp;
289e8636dfdSBill Paul 
290e8636dfdSBill Paul 	if (kcp) {
291e8636dfdSBill Paul 		if (kcp->client)
292e8636dfdSBill Paul 			clnt_destroy(kcp->client);
293e8636dfdSBill Paul 		free(kcp);
294e8636dfdSBill Paul 	}
295e8636dfdSBill Paul }
296e8636dfdSBill Paul 
2976f88d2a8SJohn Baldwin static void
2986f88d2a8SJohn Baldwin key_call_init(void)
2996f88d2a8SJohn Baldwin {
3006f88d2a8SJohn Baldwin 
3016f88d2a8SJohn Baldwin 	key_call_key_error = thr_keycreate(&key_call_key, key_call_destroy);
3026f88d2a8SJohn Baldwin }
3036f88d2a8SJohn Baldwin 
304e8636dfdSBill Paul /*
305e8636dfdSBill Paul  * Keep the handle cached.  This call may be made quite often.
306e8636dfdSBill Paul  */
307e8636dfdSBill Paul static CLIENT *
308e8636dfdSBill Paul getkeyserv_handle(vers)
309e8636dfdSBill Paul int	vers;
310e8636dfdSBill Paul {
3118360efbdSAlfred Perlstein 	void *localhandle;
3128360efbdSAlfred Perlstein 	struct netconfig *nconf;
3138360efbdSAlfred Perlstein 	struct netconfig *tpconf;
3140c0349bfSGarrett Wollman 	struct key_call_private *kcp;
315e8636dfdSBill Paul 	struct timeval wait_time;
3168360efbdSAlfred Perlstein 	struct utsname u;
3178360efbdSAlfred Perlstein 	int main_thread;
318e8636dfdSBill Paul 	int fd;
319e8636dfdSBill Paul 
320e8636dfdSBill Paul #define	TOTAL_TIMEOUT	30	/* total timeout talking to keyserver */
321e8636dfdSBill Paul #define	TOTAL_TRIES	5	/* Number of tries */
322e8636dfdSBill Paul 
3238360efbdSAlfred Perlstein 	if ((main_thread = thr_main())) {
3248360efbdSAlfred Perlstein 		kcp = key_call_private_main;
3258360efbdSAlfred Perlstein 	} else {
3266f88d2a8SJohn Baldwin 		if (thr_once(&key_call_once, key_call_init) != 0 ||
3276f88d2a8SJohn Baldwin 		    key_call_key_error != 0)
3286f88d2a8SJohn Baldwin 			return ((CLIENT *) NULL);
3298360efbdSAlfred Perlstein 		kcp = (struct key_call_private *)thr_getspecific(key_call_key);
3308360efbdSAlfred Perlstein 	}
331e8636dfdSBill Paul 	if (kcp == (struct key_call_private *)NULL) {
332e8636dfdSBill Paul 		kcp = (struct key_call_private *)malloc(sizeof (*kcp));
333e8636dfdSBill Paul 		if (kcp == (struct key_call_private *)NULL) {
334e8636dfdSBill Paul 			return ((CLIENT *) NULL);
335e8636dfdSBill Paul 		}
3368360efbdSAlfred Perlstein                 if (main_thread)
337e8636dfdSBill Paul                         key_call_private_main = kcp;
3388360efbdSAlfred Perlstein                 else
3398360efbdSAlfred Perlstein                         thr_setspecific(key_call_key, (void *) kcp);
340e8636dfdSBill Paul 		kcp->client = NULL;
341e8636dfdSBill Paul 	}
342e8636dfdSBill Paul 
343e8636dfdSBill Paul 	/* if pid has changed, destroy client and rebuild */
344e8636dfdSBill Paul 	if (kcp->client != NULL && kcp->pid != getpid()) {
345e8636dfdSBill Paul 		clnt_destroy(kcp->client);
346e8636dfdSBill Paul 		kcp->client = NULL;
347e8636dfdSBill Paul 	}
348e8636dfdSBill Paul 
349e8636dfdSBill Paul 	if (kcp->client != NULL) {
350e8636dfdSBill Paul 		/* if uid has changed, build client handle again */
351e8636dfdSBill Paul 		if (kcp->uid != geteuid()) {
352e8636dfdSBill Paul 			kcp->uid = geteuid();
353e8636dfdSBill Paul 			auth_destroy(kcp->client->cl_auth);
354e8636dfdSBill Paul 			kcp->client->cl_auth =
355e8636dfdSBill Paul 				authsys_create("", kcp->uid, 0, 0, NULL);
356e8636dfdSBill Paul 			if (kcp->client->cl_auth == NULL) {
357e8636dfdSBill Paul 				clnt_destroy(kcp->client);
358e8636dfdSBill Paul 				kcp->client = NULL;
359e8636dfdSBill Paul 				return ((CLIENT *) NULL);
360e8636dfdSBill Paul 			}
361e8636dfdSBill Paul 		}
362e8636dfdSBill Paul 		/* Change the version number to the new one */
363e8636dfdSBill Paul 		clnt_control(kcp->client, CLSET_VERS, (void *)&vers);
364e8636dfdSBill Paul 		return (kcp->client);
365e8636dfdSBill Paul 	}
3668360efbdSAlfred Perlstein 	if (!(localhandle = setnetconfig())) {
3678360efbdSAlfred Perlstein 		return ((CLIENT *) NULL);
3688360efbdSAlfred Perlstein 	}
3698360efbdSAlfred Perlstein         tpconf = NULL;
37006fa7267SDavid E. O'Brien #if defined(__FreeBSD__)
3718360efbdSAlfred Perlstein 	if (uname(&u) == -1)
37206fa7267SDavid E. O'Brien #else
37306fa7267SDavid E. O'Brien #if defined(i386)
37406fa7267SDavid E. O'Brien 	if (_nuname(&u) == -1)
37506fa7267SDavid E. O'Brien #elif defined(sparc)
37606fa7267SDavid E. O'Brien 	if (_uname(&u) == -1)
37706fa7267SDavid E. O'Brien #else
37806fa7267SDavid E. O'Brien #error Unknown architecture!
37906fa7267SDavid E. O'Brien #endif
38006fa7267SDavid E. O'Brien #endif
3818360efbdSAlfred Perlstein 	{
3828360efbdSAlfred Perlstein 		endnetconfig(localhandle);
3838360efbdSAlfred Perlstein 		return ((CLIENT *) NULL);
3848360efbdSAlfred Perlstein         }
3858d630135SAlfred Perlstein 	while ((nconf = getnetconfig(localhandle)) != NULL) {
3868360efbdSAlfred Perlstein 		if (strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) {
3878360efbdSAlfred Perlstein 			/*
3888360efbdSAlfred Perlstein 			 * We use COTS_ORD here so that the caller can
3898360efbdSAlfred Perlstein 			 * find out immediately if the server is dead.
3908360efbdSAlfred Perlstein 			 */
3918360efbdSAlfred Perlstein 			if (nconf->nc_semantics == NC_TPI_COTS_ORD) {
3928360efbdSAlfred Perlstein 				kcp->client = clnt_tp_create(u.nodename,
3938360efbdSAlfred Perlstein 					KEY_PROG, vers, nconf);
3948360efbdSAlfred Perlstein 				if (kcp->client)
3958360efbdSAlfred Perlstein 					break;
3968360efbdSAlfred Perlstein 			} else {
3978360efbdSAlfred Perlstein 				tpconf = nconf;
3988360efbdSAlfred Perlstein 			}
3998360efbdSAlfred Perlstein 		}
4008360efbdSAlfred Perlstein 	}
4018360efbdSAlfred Perlstein 	if ((kcp->client == (CLIENT *) NULL) && (tpconf))
4028360efbdSAlfred Perlstein 		/* Now, try the CLTS or COTS loopback transport */
4038360efbdSAlfred Perlstein 		kcp->client = clnt_tp_create(u.nodename,
4048360efbdSAlfred Perlstein 			KEY_PROG, vers, tpconf);
4058360efbdSAlfred Perlstein 	endnetconfig(localhandle);
406e8636dfdSBill Paul 
407e8636dfdSBill Paul 	if (kcp->client == (CLIENT *) NULL) {
408e8636dfdSBill Paul 		return ((CLIENT *) NULL);
409e8636dfdSBill Paul         }
410e8636dfdSBill Paul 	kcp->uid = geteuid();
411e8636dfdSBill Paul 	kcp->pid = getpid();
412e8636dfdSBill Paul 	kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL);
413e8636dfdSBill Paul 	if (kcp->client->cl_auth == NULL) {
414e8636dfdSBill Paul 		clnt_destroy(kcp->client);
415e8636dfdSBill Paul 		kcp->client = NULL;
416e8636dfdSBill Paul 		return ((CLIENT *) NULL);
417e8636dfdSBill Paul 	}
418e8636dfdSBill Paul 
419e8636dfdSBill Paul 	wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
420e8636dfdSBill Paul 	wait_time.tv_usec = 0;
421e8636dfdSBill Paul 	(void) clnt_control(kcp->client, CLSET_RETRY_TIMEOUT,
422e8636dfdSBill Paul 		(char *)&wait_time);
423e8636dfdSBill Paul 	if (clnt_control(kcp->client, CLGET_FD, (char *)&fd))
4249233c4d9SJason Evans 		_fcntl(fd, F_SETFD, 1);	/* make it "close on exec" */
425e8636dfdSBill Paul 
426e8636dfdSBill Paul 	return (kcp->client);
427e8636dfdSBill Paul }
428e8636dfdSBill Paul 
429e8636dfdSBill Paul /* returns  0 on failure, 1 on success */
430e8636dfdSBill Paul 
431e8636dfdSBill Paul static int
432e8636dfdSBill Paul key_call(proc, xdr_arg, arg, xdr_rslt, rslt)
433e8636dfdSBill Paul 	u_long proc;
434e8636dfdSBill Paul 	xdrproc_t xdr_arg;
435f249dbccSDag-Erling Smørgrav 	void *arg;
436e8636dfdSBill Paul 	xdrproc_t xdr_rslt;
437f249dbccSDag-Erling Smørgrav 	void *rslt;
438e8636dfdSBill Paul {
439e8636dfdSBill Paul 	CLIENT *clnt;
440e8636dfdSBill Paul 	struct timeval wait_time;
441e8636dfdSBill Paul 
442e8636dfdSBill Paul 	if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) {
443e8636dfdSBill Paul 		cryptkeyres *res;
444e8636dfdSBill Paul 		res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg);
445e8636dfdSBill Paul 		*(cryptkeyres*)rslt = *res;
446e8636dfdSBill Paul 		return (1);
447e8636dfdSBill Paul 	} else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) {
448e8636dfdSBill Paul 		cryptkeyres *res;
449e8636dfdSBill Paul 		res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg);
450e8636dfdSBill Paul 		*(cryptkeyres*)rslt = *res;
451e8636dfdSBill Paul 		return (1);
452e8636dfdSBill Paul 	} else if (proc == KEY_GEN && __key_gendes_LOCAL) {
453e8636dfdSBill Paul 		des_block *res;
454e8636dfdSBill Paul 		res = (*__key_gendes_LOCAL)(geteuid(), 0);
455e8636dfdSBill Paul 		*(des_block*)rslt = *res;
456e8636dfdSBill Paul 		return (1);
457e8636dfdSBill Paul 	}
458e8636dfdSBill Paul 
459e8636dfdSBill Paul 	if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
460e8636dfdSBill Paul 	    (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
461e8636dfdSBill Paul 	    (proc == KEY_GET_CONV))
462e8636dfdSBill Paul 		clnt = getkeyserv_handle(2); /* talk to version 2 */
463e8636dfdSBill Paul 	else
464e8636dfdSBill Paul 		clnt = getkeyserv_handle(1); /* talk to version 1 */
465e8636dfdSBill Paul 
466e8636dfdSBill Paul 	if (clnt == NULL) {
467e8636dfdSBill Paul 		return (0);
468e8636dfdSBill Paul 	}
469e8636dfdSBill Paul 
470e8636dfdSBill Paul 	wait_time.tv_sec = TOTAL_TIMEOUT;
471e8636dfdSBill Paul 	wait_time.tv_usec = 0;
472e8636dfdSBill Paul 
473e8636dfdSBill Paul 	if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
474e8636dfdSBill Paul 		wait_time) == RPC_SUCCESS) {
475e8636dfdSBill Paul 		return (1);
476e8636dfdSBill Paul 	} else {
477e8636dfdSBill Paul 		return (0);
478e8636dfdSBill Paul 	}
479e8636dfdSBill Paul }
480