xref: /titanic_50/usr/src/cmd/keyserv/keylogout.c (revision 7c478bd95313f5f23a4c958a745db2134aa03244)
1*7c478bd9Sstevel@tonic-gate /*
2*7c478bd9Sstevel@tonic-gate  * CDDL HEADER START
3*7c478bd9Sstevel@tonic-gate  *
4*7c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5*7c478bd9Sstevel@tonic-gate  * Common Development and Distribution License, Version 1.0 only
6*7c478bd9Sstevel@tonic-gate  * (the "License").  You may not use this file except in compliance
7*7c478bd9Sstevel@tonic-gate  * with the License.
8*7c478bd9Sstevel@tonic-gate  *
9*7c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10*7c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
11*7c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
12*7c478bd9Sstevel@tonic-gate  * and limitations under the License.
13*7c478bd9Sstevel@tonic-gate  *
14*7c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
15*7c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16*7c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
17*7c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
18*7c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
19*7c478bd9Sstevel@tonic-gate  *
20*7c478bd9Sstevel@tonic-gate  * CDDL HEADER END
21*7c478bd9Sstevel@tonic-gate  */
22*7c478bd9Sstevel@tonic-gate /*
23*7c478bd9Sstevel@tonic-gate  * Copyright 1997 Sun Microsystems, Inc.  All rights reserved.
24*7c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
25*7c478bd9Sstevel@tonic-gate  */
26*7c478bd9Sstevel@tonic-gate 
27*7c478bd9Sstevel@tonic-gate /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
28*7c478bd9Sstevel@tonic-gate /*	  All Rights Reserved  	*/
29*7c478bd9Sstevel@tonic-gate 
30*7c478bd9Sstevel@tonic-gate /*
31*7c478bd9Sstevel@tonic-gate  * University Copyright- Copyright (c) 1982, 1986, 1988
32*7c478bd9Sstevel@tonic-gate  * The Regents of the University of California
33*7c478bd9Sstevel@tonic-gate  * All Rights Reserved
34*7c478bd9Sstevel@tonic-gate  *
35*7c478bd9Sstevel@tonic-gate  * University Acknowledgment- Portions of this document are derived from
36*7c478bd9Sstevel@tonic-gate  * software developed by the University of California, Berkeley, and its
37*7c478bd9Sstevel@tonic-gate  * contributors.
38*7c478bd9Sstevel@tonic-gate  */
39*7c478bd9Sstevel@tonic-gate 
40*7c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
41*7c478bd9Sstevel@tonic-gate 
42*7c478bd9Sstevel@tonic-gate /*
43*7c478bd9Sstevel@tonic-gate  * unset the secret key on local machine
44*7c478bd9Sstevel@tonic-gate  */
45*7c478bd9Sstevel@tonic-gate #include <stdio.h>
46*7c478bd9Sstevel@tonic-gate #include <rpc/rpc.h>
47*7c478bd9Sstevel@tonic-gate #include <rpc/key_prot.h>
48*7c478bd9Sstevel@tonic-gate #include <nfs/nfs.h>
49*7c478bd9Sstevel@tonic-gate #include <nfs/nfssys.h>
50*7c478bd9Sstevel@tonic-gate 
51*7c478bd9Sstevel@tonic-gate extern int key_removesecret_g();
52*7c478bd9Sstevel@tonic-gate 
53*7c478bd9Sstevel@tonic-gate /* for revoking kernel NFS credentials */
54*7c478bd9Sstevel@tonic-gate struct nfs_revauth_args nra;
55*7c478bd9Sstevel@tonic-gate 
56*7c478bd9Sstevel@tonic-gate main(argc, argv)
57*7c478bd9Sstevel@tonic-gate 	int argc;
58*7c478bd9Sstevel@tonic-gate 	char *argv[];
59*7c478bd9Sstevel@tonic-gate {
60*7c478bd9Sstevel@tonic-gate 	static char secret[HEXKEYBYTES + 1];
61*7c478bd9Sstevel@tonic-gate 	int err = 0;
62*7c478bd9Sstevel@tonic-gate 
63*7c478bd9Sstevel@tonic-gate 	if (geteuid() == 0) {
64*7c478bd9Sstevel@tonic-gate 		if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) {
65*7c478bd9Sstevel@tonic-gate 			fprintf(stderr,
66*7c478bd9Sstevel@tonic-gate "keylogout by root would break the rpc services that");
67*7c478bd9Sstevel@tonic-gate 			fprintf(stderr, " use secure rpc on this host!\n");
68*7c478bd9Sstevel@tonic-gate 			fprintf(stderr,
69*7c478bd9Sstevel@tonic-gate "root may use keylogout -f to do this (at your own risk)!\n");
70*7c478bd9Sstevel@tonic-gate 			exit(-1);
71*7c478bd9Sstevel@tonic-gate 		}
72*7c478bd9Sstevel@tonic-gate 	}
73*7c478bd9Sstevel@tonic-gate 
74*7c478bd9Sstevel@tonic-gate 	if (key_removesecret_g() < 0) {
75*7c478bd9Sstevel@tonic-gate 			fprintf(stderr, "Could not unset your secret key.\n");
76*7c478bd9Sstevel@tonic-gate 			fprintf(stderr, "Maybe the keyserver is down?\n");
77*7c478bd9Sstevel@tonic-gate 			err = 1;
78*7c478bd9Sstevel@tonic-gate 	}
79*7c478bd9Sstevel@tonic-gate 	if (key_setsecret(secret) < 0) {
80*7c478bd9Sstevel@tonic-gate 		if (!err) {
81*7c478bd9Sstevel@tonic-gate 			fprintf(stderr, "Could not unset your secret key.\n");
82*7c478bd9Sstevel@tonic-gate 			fprintf(stderr, "Maybe the keyserver is down?\n");
83*7c478bd9Sstevel@tonic-gate 			err = 1;
84*7c478bd9Sstevel@tonic-gate 		}
85*7c478bd9Sstevel@tonic-gate 	}
86*7c478bd9Sstevel@tonic-gate 
87*7c478bd9Sstevel@tonic-gate 	nra.authtype = AUTH_DES;	/* only revoke DES creds */
88*7c478bd9Sstevel@tonic-gate 	nra.uid = getuid();		/* use the real uid */
89*7c478bd9Sstevel@tonic-gate 	if (_nfssys(NFS_REVAUTH, &nra) < 0) {
90*7c478bd9Sstevel@tonic-gate 		perror("Warning: NFS credentials not destroyed");
91*7c478bd9Sstevel@tonic-gate 		err = 1;
92*7c478bd9Sstevel@tonic-gate 	}
93*7c478bd9Sstevel@tonic-gate 
94*7c478bd9Sstevel@tonic-gate 	exit(err);
95*7c478bd9Sstevel@tonic-gate 	/* NOTREACHED */
96*7c478bd9Sstevel@tonic-gate }
97