1*7c478bd9Sstevel@tonic-gate /* 2*7c478bd9Sstevel@tonic-gate * CDDL HEADER START 3*7c478bd9Sstevel@tonic-gate * 4*7c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*7c478bd9Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*7c478bd9Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*7c478bd9Sstevel@tonic-gate * with the License. 8*7c478bd9Sstevel@tonic-gate * 9*7c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*7c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*7c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 12*7c478bd9Sstevel@tonic-gate * and limitations under the License. 13*7c478bd9Sstevel@tonic-gate * 14*7c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*7c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*7c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*7c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*7c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*7c478bd9Sstevel@tonic-gate * 20*7c478bd9Sstevel@tonic-gate * CDDL HEADER END 21*7c478bd9Sstevel@tonic-gate */ 22*7c478bd9Sstevel@tonic-gate /* 23*7c478bd9Sstevel@tonic-gate * Copyright 1997 Sun Microsystems, Inc. All rights reserved. 24*7c478bd9Sstevel@tonic-gate * Use is subject to license terms. 25*7c478bd9Sstevel@tonic-gate */ 26*7c478bd9Sstevel@tonic-gate 27*7c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28*7c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 29*7c478bd9Sstevel@tonic-gate 30*7c478bd9Sstevel@tonic-gate /* 31*7c478bd9Sstevel@tonic-gate * University Copyright- Copyright (c) 1982, 1986, 1988 32*7c478bd9Sstevel@tonic-gate * The Regents of the University of California 33*7c478bd9Sstevel@tonic-gate * All Rights Reserved 34*7c478bd9Sstevel@tonic-gate * 35*7c478bd9Sstevel@tonic-gate * University Acknowledgment- Portions of this document are derived from 36*7c478bd9Sstevel@tonic-gate * software developed by the University of California, Berkeley, and its 37*7c478bd9Sstevel@tonic-gate * contributors. 38*7c478bd9Sstevel@tonic-gate */ 39*7c478bd9Sstevel@tonic-gate 40*7c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 41*7c478bd9Sstevel@tonic-gate 42*7c478bd9Sstevel@tonic-gate /* 43*7c478bd9Sstevel@tonic-gate * unset the secret key on local machine 44*7c478bd9Sstevel@tonic-gate */ 45*7c478bd9Sstevel@tonic-gate #include <stdio.h> 46*7c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 47*7c478bd9Sstevel@tonic-gate #include <rpc/key_prot.h> 48*7c478bd9Sstevel@tonic-gate #include <nfs/nfs.h> 49*7c478bd9Sstevel@tonic-gate #include <nfs/nfssys.h> 50*7c478bd9Sstevel@tonic-gate 51*7c478bd9Sstevel@tonic-gate extern int key_removesecret_g(); 52*7c478bd9Sstevel@tonic-gate 53*7c478bd9Sstevel@tonic-gate /* for revoking kernel NFS credentials */ 54*7c478bd9Sstevel@tonic-gate struct nfs_revauth_args nra; 55*7c478bd9Sstevel@tonic-gate 56*7c478bd9Sstevel@tonic-gate main(argc, argv) 57*7c478bd9Sstevel@tonic-gate int argc; 58*7c478bd9Sstevel@tonic-gate char *argv[]; 59*7c478bd9Sstevel@tonic-gate { 60*7c478bd9Sstevel@tonic-gate static char secret[HEXKEYBYTES + 1]; 61*7c478bd9Sstevel@tonic-gate int err = 0; 62*7c478bd9Sstevel@tonic-gate 63*7c478bd9Sstevel@tonic-gate if (geteuid() == 0) { 64*7c478bd9Sstevel@tonic-gate if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) { 65*7c478bd9Sstevel@tonic-gate fprintf(stderr, 66*7c478bd9Sstevel@tonic-gate "keylogout by root would break the rpc services that"); 67*7c478bd9Sstevel@tonic-gate fprintf(stderr, " use secure rpc on this host!\n"); 68*7c478bd9Sstevel@tonic-gate fprintf(stderr, 69*7c478bd9Sstevel@tonic-gate "root may use keylogout -f to do this (at your own risk)!\n"); 70*7c478bd9Sstevel@tonic-gate exit(-1); 71*7c478bd9Sstevel@tonic-gate } 72*7c478bd9Sstevel@tonic-gate } 73*7c478bd9Sstevel@tonic-gate 74*7c478bd9Sstevel@tonic-gate if (key_removesecret_g() < 0) { 75*7c478bd9Sstevel@tonic-gate fprintf(stderr, "Could not unset your secret key.\n"); 76*7c478bd9Sstevel@tonic-gate fprintf(stderr, "Maybe the keyserver is down?\n"); 77*7c478bd9Sstevel@tonic-gate err = 1; 78*7c478bd9Sstevel@tonic-gate } 79*7c478bd9Sstevel@tonic-gate if (key_setsecret(secret) < 0) { 80*7c478bd9Sstevel@tonic-gate if (!err) { 81*7c478bd9Sstevel@tonic-gate fprintf(stderr, "Could not unset your secret key.\n"); 82*7c478bd9Sstevel@tonic-gate fprintf(stderr, "Maybe the keyserver is down?\n"); 83*7c478bd9Sstevel@tonic-gate err = 1; 84*7c478bd9Sstevel@tonic-gate } 85*7c478bd9Sstevel@tonic-gate } 86*7c478bd9Sstevel@tonic-gate 87*7c478bd9Sstevel@tonic-gate nra.authtype = AUTH_DES; /* only revoke DES creds */ 88*7c478bd9Sstevel@tonic-gate nra.uid = getuid(); /* use the real uid */ 89*7c478bd9Sstevel@tonic-gate if (_nfssys(NFS_REVAUTH, &nra) < 0) { 90*7c478bd9Sstevel@tonic-gate perror("Warning: NFS credentials not destroyed"); 91*7c478bd9Sstevel@tonic-gate err = 1; 92*7c478bd9Sstevel@tonic-gate } 93*7c478bd9Sstevel@tonic-gate 94*7c478bd9Sstevel@tonic-gate exit(err); 95*7c478bd9Sstevel@tonic-gate /* NOTREACHED */ 96*7c478bd9Sstevel@tonic-gate } 97