xref: /titanic_50/usr/src/cmd/keyserv/keylogout.c (revision 554ff184129088135ad2643c1c9832174a17be88)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 1997 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
28 /*	  All Rights Reserved  	*/
29 
30 /*
31  * University Copyright- Copyright (c) 1982, 1986, 1988
32  * The Regents of the University of California
33  * All Rights Reserved
34  *
35  * University Acknowledgment- Portions of this document are derived from
36  * software developed by the University of California, Berkeley, and its
37  * contributors.
38  */
39 
40 #pragma ident	"%Z%%M%	%I%	%E% SMI"
41 
42 /*
43  * unset the secret key on local machine
44  */
45 #include <stdio.h>
46 #include <rpc/rpc.h>
47 #include <rpc/key_prot.h>
48 #include <nfs/nfs.h>
49 #include <nfs/nfssys.h>
50 
51 extern int key_removesecret_g();
52 
53 /* for revoking kernel NFS credentials */
54 struct nfs_revauth_args nra;
55 
56 main(argc, argv)
57 	int argc;
58 	char *argv[];
59 {
60 	static char secret[HEXKEYBYTES + 1];
61 	int err = 0;
62 
63 	if (geteuid() == 0) {
64 		if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) {
65 			fprintf(stderr,
66 "keylogout by root would break the rpc services that");
67 			fprintf(stderr, " use secure rpc on this host!\n");
68 			fprintf(stderr,
69 "root may use keylogout -f to do this (at your own risk)!\n");
70 			exit(-1);
71 		}
72 	}
73 
74 	if (key_removesecret_g() < 0) {
75 			fprintf(stderr, "Could not unset your secret key.\n");
76 			fprintf(stderr, "Maybe the keyserver is down?\n");
77 			err = 1;
78 	}
79 	if (key_setsecret(secret) < 0) {
80 		if (!err) {
81 			fprintf(stderr, "Could not unset your secret key.\n");
82 			fprintf(stderr, "Maybe the keyserver is down?\n");
83 			err = 1;
84 		}
85 	}
86 
87 	nra.authtype = AUTH_DES;	/* only revoke DES creds */
88 	nra.uid = getuid();		/* use the real uid */
89 	if (_nfssys(NFS_REVAUTH, &nra) < 0) {
90 		perror("Warning: NFS credentials not destroyed");
91 		err = 1;
92 	}
93 
94 	exit(err);
95 	/* NOTREACHED */
96 }
97