17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5a0368f78Speteh * Common Development and Distribution License (the "License"). 6a0368f78Speteh * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 21*06e1a714Sraf 227c478bd9Sstevel@tonic-gate /* 23a0368f78Speteh * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 287c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate /* 317c478bd9Sstevel@tonic-gate * University Copyright- Copyright (c) 1982, 1986, 1988 327c478bd9Sstevel@tonic-gate * The Regents of the University of California 337c478bd9Sstevel@tonic-gate * All Rights Reserved 347c478bd9Sstevel@tonic-gate * 357c478bd9Sstevel@tonic-gate * University Acknowledgment- Portions of this document are derived from 367c478bd9Sstevel@tonic-gate * software developed by the University of California, Berkeley, and its 377c478bd9Sstevel@tonic-gate * contributors. 387c478bd9Sstevel@tonic-gate */ 397c478bd9Sstevel@tonic-gate 407c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* 437c478bd9Sstevel@tonic-gate * keyserv - server for storing private encryption keys 447c478bd9Sstevel@tonic-gate * keyserv(1M) performs multiple functions: it stores secret keys per uid; it 457c478bd9Sstevel@tonic-gate * performs public key encryption and decryption operations; and it generates 467c478bd9Sstevel@tonic-gate * "random" keys. keyserv(1M) will talk to no one but a local root process on 477c478bd9Sstevel@tonic-gate * the local transport only. 487c478bd9Sstevel@tonic-gate */ 497c478bd9Sstevel@tonic-gate 507c478bd9Sstevel@tonic-gate #include <stdio.h> 51004388ebScasper #include <stdio_ext.h> 527c478bd9Sstevel@tonic-gate #include <stdlib.h> 537c478bd9Sstevel@tonic-gate #include <sys/types.h> 547c478bd9Sstevel@tonic-gate #include <sys/stat.h> 557c478bd9Sstevel@tonic-gate #include <sys/uio.h> 567c478bd9Sstevel@tonic-gate #include <unistd.h> 577c478bd9Sstevel@tonic-gate #include <string.h> 587c478bd9Sstevel@tonic-gate #include <deflt.h> 597c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 607c478bd9Sstevel@tonic-gate #include <sys/param.h> 617c478bd9Sstevel@tonic-gate #include <sys/file.h> 627c478bd9Sstevel@tonic-gate #include <sys/resource.h> 637c478bd9Sstevel@tonic-gate #include <pwd.h> 647c478bd9Sstevel@tonic-gate #include <rpc/des_crypt.h> 657c478bd9Sstevel@tonic-gate #include <rpc/key_prot.h> 667c478bd9Sstevel@tonic-gate #include <thread.h> 677c478bd9Sstevel@tonic-gate #include "rpc/svc_mt.h" 687c478bd9Sstevel@tonic-gate #include <rpcsvc/nis_dhext.h> 697c478bd9Sstevel@tonic-gate #include <syslog.h> 707c478bd9Sstevel@tonic-gate #include <libscf.h> 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate #include "debug.h" 737c478bd9Sstevel@tonic-gate #include "keyserv_cache.h" 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM 767c478bd9Sstevel@tonic-gate extern long random(); 777c478bd9Sstevel@tonic-gate #endif 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate extern keystatus pk_setkey(); 807c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt(); 817c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt(); 827c478bd9Sstevel@tonic-gate extern keystatus pk_netput(); 837c478bd9Sstevel@tonic-gate extern keystatus pk_netget(); 847c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key(); 857c478bd9Sstevel@tonic-gate extern bool_t svc_get_local_cred(); 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate extern keystatus pk_setkey3(); 887c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt3(); 897c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt3(); 907c478bd9Sstevel@tonic-gate extern keystatus pk_netput3(); 917c478bd9Sstevel@tonic-gate extern keystatus pk_netget3(); 927c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key3(); 937c478bd9Sstevel@tonic-gate extern keystatus pk_clear3(); 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate extern int init_mechs(); 967c478bd9Sstevel@tonic-gate extern int addmasterkey(); 977c478bd9Sstevel@tonic-gate extern int storeotherrootkeys(); 987c478bd9Sstevel@tonic-gate extern int setdeskeyarray(); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate extern int getdomainname(); 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate static void randomize(); 1037c478bd9Sstevel@tonic-gate static void usage(); 1047c478bd9Sstevel@tonic-gate static void defaults(); 1057c478bd9Sstevel@tonic-gate static int getrootkey(); 1067c478bd9Sstevel@tonic-gate static int get_cache_size(char *); 1077c478bd9Sstevel@tonic-gate static bool_t get_auth(); 1087c478bd9Sstevel@tonic-gate 1097c478bd9Sstevel@tonic-gate #ifdef DEBUG 1107c478bd9Sstevel@tonic-gate extern int test_debug(); 1117c478bd9Sstevel@tonic-gate extern int real_debug(); 1127c478bd9Sstevel@tonic-gate int debugging = 1; 1137c478bd9Sstevel@tonic-gate #else 1147c478bd9Sstevel@tonic-gate int debugging = 0; 1157c478bd9Sstevel@tonic-gate #endif 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate static void keyprogram(); 1187c478bd9Sstevel@tonic-gate static des_block masterkey; 1197c478bd9Sstevel@tonic-gate char *getenv(); 1207c478bd9Sstevel@tonic-gate static char ROOTKEY[] = "/etc/.rootkey"; 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate static char *defaults_file = "/etc/default/keyserv"; 1237c478bd9Sstevel@tonic-gate static int use_nobody_keys = TRUE; 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate /* 1267c478bd9Sstevel@tonic-gate * Hack to allow the keyserver to use AUTH_DES (for authenticated 1277c478bd9Sstevel@tonic-gate * NIS+ calls, for example). The only functions that get called 1287c478bd9Sstevel@tonic-gate * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes. 1297c478bd9Sstevel@tonic-gate * 1307c478bd9Sstevel@tonic-gate * The approach is to have the keyserver fill in pointers to local 1317c478bd9Sstevel@tonic-gate * implementations of these functions, and to call those in key_call(). 1327c478bd9Sstevel@tonic-gate */ 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate bool_t __key_encrypt_pk_2_svc(); 1357c478bd9Sstevel@tonic-gate bool_t __key_decrypt_pk_2_svc(); 1367c478bd9Sstevel@tonic-gate bool_t __key_gen_1_svc(); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate extern bool_t (*__key_encryptsession_pk_LOCAL)(); 1397c478bd9Sstevel@tonic-gate extern bool_t (*__key_decryptsession_pk_LOCAL)(); 1407c478bd9Sstevel@tonic-gate extern bool_t (*__key_gendes_LOCAL)(); 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate static int nthreads = 32; 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate /* Disk caching of common keys on by default */ 1457c478bd9Sstevel@tonic-gate int disk_caching = 1; 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate mechanism_t **mechs; 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate /* 1507c478bd9Sstevel@tonic-gate * The default size for all types of mech. 1517c478bd9Sstevel@tonic-gate * positive integers denote multiples of 1MB 1527c478bd9Sstevel@tonic-gate * negative integers denote number of entries 1537c478bd9Sstevel@tonic-gate * same goes for non-null entries in cache_size 1547c478bd9Sstevel@tonic-gate */ 1557c478bd9Sstevel@tonic-gate static int default_cache = 1; 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate int *cache_size; 1587c478bd9Sstevel@tonic-gate char **cache_options; 1597c478bd9Sstevel@tonic-gate 16049e7ca49Speteh int 16149e7ca49Speteh main(int argc, char *argv[]) 1627c478bd9Sstevel@tonic-gate { 1637c478bd9Sstevel@tonic-gate int sflag = 0, s1flag = 0, s2flag = 0, nflag = 0, dflag = 0, eflag = 0; 1647c478bd9Sstevel@tonic-gate char *options, *value; 1657c478bd9Sstevel@tonic-gate extern char *optarg; 1667c478bd9Sstevel@tonic-gate extern int optind; 1677c478bd9Sstevel@tonic-gate int c, d; 1687c478bd9Sstevel@tonic-gate struct rlimit rl; 1697c478bd9Sstevel@tonic-gate int mode = RPC_SVC_MT_AUTO; 1707c478bd9Sstevel@tonic-gate int maxrecsz = RPC_MAXDATASIZE; 1717c478bd9Sstevel@tonic-gate 17249e7ca49Speteh void detachfromtty(void); 1737c478bd9Sstevel@tonic-gate int setmodulus(); 1747c478bd9Sstevel@tonic-gate int pk_nodefaultkeys(); 1757c478bd9Sstevel@tonic-gate int svc_create_local_service(); 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate char domainname[MAXNETNAMELEN + 1]; 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate /* 1807c478bd9Sstevel@tonic-gate * Set our allowed number of file descriptors to the max 1817c478bd9Sstevel@tonic-gate * of what the system will allow, limited by FD_SETSIZE. 1827c478bd9Sstevel@tonic-gate */ 1837c478bd9Sstevel@tonic-gate if (getrlimit(RLIMIT_NOFILE, &rl) == 0) { 1847c478bd9Sstevel@tonic-gate rlim_t limit; 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate if ((limit = rl.rlim_max) > FD_SETSIZE) 1877c478bd9Sstevel@tonic-gate limit = FD_SETSIZE; 1887c478bd9Sstevel@tonic-gate rl.rlim_cur = limit; 1897c478bd9Sstevel@tonic-gate (void) setrlimit(RLIMIT_NOFILE, &rl); 190004388ebScasper (void) enable_extended_FILE_stdio(-1, -1); 1917c478bd9Sstevel@tonic-gate } 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate __key_encryptsession_pk_LOCAL = &__key_encrypt_pk_2_svc; 1947c478bd9Sstevel@tonic-gate __key_decryptsession_pk_LOCAL = &__key_decrypt_pk_2_svc; 1957c478bd9Sstevel@tonic-gate __key_gendes_LOCAL = &__key_gen_1_svc; 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate /* 1987c478bd9Sstevel@tonic-gate * Pre-option initialisation 1997c478bd9Sstevel@tonic-gate */ 2007c478bd9Sstevel@tonic-gate (void) umask(066); /* paranoia */ 2017c478bd9Sstevel@tonic-gate if (geteuid() != 0) { 2027c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s must be run as root\n", argv[0]); 2037c478bd9Sstevel@tonic-gate exit(1); 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate setmodulus(HEXMODULUS); 2067c478bd9Sstevel@tonic-gate openlog("keyserv", LOG_PID, LOG_DAEMON); 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate /* 2097c478bd9Sstevel@tonic-gate * keyserv will not work with a null domainname. 2107c478bd9Sstevel@tonic-gate */ 2117c478bd9Sstevel@tonic-gate if (getdomainname(domainname, MAXNETNAMELEN+1) || 2127c478bd9Sstevel@tonic-gate (domainname[0] == '\0')) { 2137c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "could not get a valid domainname.\n"); 2147c478bd9Sstevel@tonic-gate exit(SMF_EXIT_ERR_CONFIG); 2157c478bd9Sstevel@tonic-gate } 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate /* 2187c478bd9Sstevel@tonic-gate * Initialise security mechanisms 2197c478bd9Sstevel@tonic-gate */ 2207c478bd9Sstevel@tonic-gate cache_size = NULL; 2217c478bd9Sstevel@tonic-gate cache_options = NULL; 2227c478bd9Sstevel@tonic-gate if (init_mechs() == -1) { 2237c478bd9Sstevel@tonic-gate disk_caching = 0; 2247c478bd9Sstevel@tonic-gate } 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate defaults(); 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate while ((c = getopt(argc, argv, "ndDet:cs:")) != -1) 2297c478bd9Sstevel@tonic-gate switch (c) { 2307c478bd9Sstevel@tonic-gate case 'n': 2317c478bd9Sstevel@tonic-gate nflag++; 2327c478bd9Sstevel@tonic-gate break; 2337c478bd9Sstevel@tonic-gate case 'd': 2347c478bd9Sstevel@tonic-gate dflag++; 2357c478bd9Sstevel@tonic-gate use_nobody_keys = FALSE; 2367c478bd9Sstevel@tonic-gate break; 2377c478bd9Sstevel@tonic-gate case 'e': 2387c478bd9Sstevel@tonic-gate eflag++; 2397c478bd9Sstevel@tonic-gate use_nobody_keys = TRUE; 2407c478bd9Sstevel@tonic-gate break; 2417c478bd9Sstevel@tonic-gate case 'D': 2427c478bd9Sstevel@tonic-gate debugging = 1; 2437c478bd9Sstevel@tonic-gate break; 2447c478bd9Sstevel@tonic-gate case 't': 2457c478bd9Sstevel@tonic-gate nthreads = atoi(optarg); 2467c478bd9Sstevel@tonic-gate break; 2477c478bd9Sstevel@tonic-gate case 'c': 2487c478bd9Sstevel@tonic-gate disk_caching = 0; 2497c478bd9Sstevel@tonic-gate break; 2507c478bd9Sstevel@tonic-gate case 's': 2517c478bd9Sstevel@tonic-gate if (!disk_caching) { 2527c478bd9Sstevel@tonic-gate fprintf(stderr, "missing configuration file"); 2537c478bd9Sstevel@tonic-gate fprintf(stderr, " or -c option specified\n"); 2547c478bd9Sstevel@tonic-gate usage(); 2557c478bd9Sstevel@tonic-gate } 2567c478bd9Sstevel@tonic-gate sflag++; 2577c478bd9Sstevel@tonic-gate /* 2587c478bd9Sstevel@tonic-gate * Which version of [-s] do we have...? 2597c478bd9Sstevel@tonic-gate */ 2607c478bd9Sstevel@tonic-gate if (strchr((const char *) optarg, '=') == NULL) { 2617c478bd9Sstevel@tonic-gate /* 2627c478bd9Sstevel@tonic-gate * -s <size> 2637c478bd9Sstevel@tonic-gate */ 2647c478bd9Sstevel@tonic-gate if (s1flag) { 2657c478bd9Sstevel@tonic-gate fprintf(stderr, "duplicate [-s <size>]\n"); 2667c478bd9Sstevel@tonic-gate usage(); 2677c478bd9Sstevel@tonic-gate } 2687c478bd9Sstevel@tonic-gate s1flag++; 2697c478bd9Sstevel@tonic-gate default_cache = get_cache_size(optarg); 2707c478bd9Sstevel@tonic-gate break; 2717c478bd9Sstevel@tonic-gate } 2727c478bd9Sstevel@tonic-gate /* 2737c478bd9Sstevel@tonic-gate * -s <mechtype>=<size>[,...] 2747c478bd9Sstevel@tonic-gate */ 2757c478bd9Sstevel@tonic-gate s2flag++; 2767c478bd9Sstevel@tonic-gate options = optarg; 2777c478bd9Sstevel@tonic-gate while (*options != '\0') { 2787c478bd9Sstevel@tonic-gate d = getsubopt(&options, cache_options, &value); 2797c478bd9Sstevel@tonic-gate if (d == -1) { 2807c478bd9Sstevel@tonic-gate /* Ignore unknown mechtype */ 2817c478bd9Sstevel@tonic-gate continue; 2827c478bd9Sstevel@tonic-gate } 2837c478bd9Sstevel@tonic-gate if (value == NULL) { 2847c478bd9Sstevel@tonic-gate fprintf(stderr, 2857c478bd9Sstevel@tonic-gate "missing cache size for mechtype %s\n", 2867c478bd9Sstevel@tonic-gate cache_options[d]); 2877c478bd9Sstevel@tonic-gate usage(); 2887c478bd9Sstevel@tonic-gate } 2897c478bd9Sstevel@tonic-gate cache_size[d] = get_cache_size(value); 2907c478bd9Sstevel@tonic-gate } 2917c478bd9Sstevel@tonic-gate break; 2927c478bd9Sstevel@tonic-gate default: 2937c478bd9Sstevel@tonic-gate usage(); 2947c478bd9Sstevel@tonic-gate break; 2957c478bd9Sstevel@tonic-gate } 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate if (dflag && eflag) { 2997c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "specify only one of -d and -e\n"); 3007c478bd9Sstevel@tonic-gate usage(); 3017c478bd9Sstevel@tonic-gate } 3027c478bd9Sstevel@tonic-gate 3037c478bd9Sstevel@tonic-gate if (use_nobody_keys == FALSE) { 3047c478bd9Sstevel@tonic-gate pk_nodefaultkeys(); 3057c478bd9Sstevel@tonic-gate } 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate if (optind != argc) { 3087c478bd9Sstevel@tonic-gate usage(); 3097c478bd9Sstevel@tonic-gate } 3107c478bd9Sstevel@tonic-gate 3117c478bd9Sstevel@tonic-gate if (!disk_caching && sflag) { 3127c478bd9Sstevel@tonic-gate fprintf(stderr, "missing configuration file"); 3137c478bd9Sstevel@tonic-gate fprintf(stderr, " or -c option specified\n"); 3147c478bd9Sstevel@tonic-gate usage(); 3157c478bd9Sstevel@tonic-gate } 3167c478bd9Sstevel@tonic-gate 3177c478bd9Sstevel@tonic-gate if (debugging) { 3187c478bd9Sstevel@tonic-gate if (disk_caching) { 3197c478bd9Sstevel@tonic-gate char **cpp = cache_options; 3207c478bd9Sstevel@tonic-gate int *ip = cache_size; 3217c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "default disk cache size: "); 3227c478bd9Sstevel@tonic-gate if (default_cache < 0) { 3237c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%d entries\n", 3247c478bd9Sstevel@tonic-gate abs(default_cache)); 3257c478bd9Sstevel@tonic-gate } else { 3267c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%dMB\n", default_cache); 3277c478bd9Sstevel@tonic-gate } 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "supported mechanisms:\n"); 3307c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\talias\t\tdisk cache size\n"); 3317c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\t=====\t\t===============\n"); 3327c478bd9Sstevel@tonic-gate while (*cpp != NULL) { 3337c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\t%s\t\t", *cpp++); 3347c478bd9Sstevel@tonic-gate if (*ip < 0) { 3357c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%d entries\n", 3367c478bd9Sstevel@tonic-gate abs(*ip)); 3377c478bd9Sstevel@tonic-gate } else { 3387c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%dMB\n", *ip); 3397c478bd9Sstevel@tonic-gate } 3407c478bd9Sstevel@tonic-gate ip++; 3417c478bd9Sstevel@tonic-gate } 3427c478bd9Sstevel@tonic-gate } else { 3437c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 3447c478bd9Sstevel@tonic-gate "common key disk caching disabled\n"); 3457c478bd9Sstevel@tonic-gate } 3467c478bd9Sstevel@tonic-gate } 3477c478bd9Sstevel@tonic-gate /* 3487c478bd9Sstevel@tonic-gate * Post-option initialisation 3497c478bd9Sstevel@tonic-gate */ 3507c478bd9Sstevel@tonic-gate if (disk_caching) { 3517c478bd9Sstevel@tonic-gate int i; 3527c478bd9Sstevel@tonic-gate for (i = 0; mechs[i]; i++) { 3537c478bd9Sstevel@tonic-gate if ((AUTH_DES_COMPAT_CHK(mechs[i])) || 3547c478bd9Sstevel@tonic-gate (mechs[i]->keylen < 0) || (mechs[i]->algtype < 0)) 3557c478bd9Sstevel@tonic-gate continue; 3567c478bd9Sstevel@tonic-gate create_cache_file(mechs[i]->keylen, mechs[i]->algtype, 3577c478bd9Sstevel@tonic-gate cache_size[i] ? cache_size[i] : default_cache); 3587c478bd9Sstevel@tonic-gate } 3597c478bd9Sstevel@tonic-gate } 3607c478bd9Sstevel@tonic-gate getrootkey(&masterkey, nflag); 3617c478bd9Sstevel@tonic-gate 3627c478bd9Sstevel@tonic-gate /* 3637c478bd9Sstevel@tonic-gate * Set MT mode 3647c478bd9Sstevel@tonic-gate */ 3657c478bd9Sstevel@tonic-gate if (nthreads > 0) { 3667c478bd9Sstevel@tonic-gate (void) rpc_control(RPC_SVC_MTMODE_SET, &mode); 3677c478bd9Sstevel@tonic-gate (void) rpc_control(RPC_SVC_THRMAX_SET, &nthreads); 3687c478bd9Sstevel@tonic-gate } 3697c478bd9Sstevel@tonic-gate 3707c478bd9Sstevel@tonic-gate /* 3717c478bd9Sstevel@tonic-gate * Enable non-blocking mode and maximum record size checks for 3727c478bd9Sstevel@tonic-gate * connection oriented transports. 3737c478bd9Sstevel@tonic-gate */ 3747c478bd9Sstevel@tonic-gate if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrecsz)) { 3757c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "unable to set max RPC record size"); 3767c478bd9Sstevel@tonic-gate } 3777c478bd9Sstevel@tonic-gate 3787c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS, 3797c478bd9Sstevel@tonic-gate "netpath", "keyserv") == 0) { 3807c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 3817c478bd9Sstevel@tonic-gate "%s: unable to create service for version %d\n", 3827c478bd9Sstevel@tonic-gate argv[0], KEY_VERS); 3837c478bd9Sstevel@tonic-gate exit(1); 3847c478bd9Sstevel@tonic-gate } 3857c478bd9Sstevel@tonic-gate 3867c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS2, 3877c478bd9Sstevel@tonic-gate "netpath", "keyserv") == 0) { 3887c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 3897c478bd9Sstevel@tonic-gate "%s: unable to create service for version %d\n", 3907c478bd9Sstevel@tonic-gate argv[0], KEY_VERS2); 3917c478bd9Sstevel@tonic-gate exit(1); 3927c478bd9Sstevel@tonic-gate } 3937c478bd9Sstevel@tonic-gate 3947c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS3, 3957c478bd9Sstevel@tonic-gate "netpath", "keyserv") == 0) { 3967c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 3977c478bd9Sstevel@tonic-gate "%s: unable to create service for version %d\n", 3987c478bd9Sstevel@tonic-gate argv[0], KEY_VERS3); 3997c478bd9Sstevel@tonic-gate exit(1); 4007c478bd9Sstevel@tonic-gate } 4017c478bd9Sstevel@tonic-gate 4027c478bd9Sstevel@tonic-gate if (!debugging) { 4037c478bd9Sstevel@tonic-gate detachfromtty(); 4047c478bd9Sstevel@tonic-gate } 4057c478bd9Sstevel@tonic-gate 4067c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS, "door") == 0) { 4077c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 4087c478bd9Sstevel@tonic-gate "%s: unable to create service over doors for version %d\n", 4097c478bd9Sstevel@tonic-gate argv[0], KEY_VERS); 4107c478bd9Sstevel@tonic-gate exit(1); 4117c478bd9Sstevel@tonic-gate } 4127c478bd9Sstevel@tonic-gate 4137c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, "door") == 0) { 4147c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 4157c478bd9Sstevel@tonic-gate "%s: unable to create service over doors for version %d\n", 4167c478bd9Sstevel@tonic-gate argv[0], KEY_VERS2); 4177c478bd9Sstevel@tonic-gate exit(1); 4187c478bd9Sstevel@tonic-gate } 4197c478bd9Sstevel@tonic-gate 4207c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS3, "door") == 0) { 4217c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 4227c478bd9Sstevel@tonic-gate "%s: unable to create service over doors for version %d\n", 4237c478bd9Sstevel@tonic-gate argv[0], KEY_VERS3); 4247c478bd9Sstevel@tonic-gate exit(1); 4257c478bd9Sstevel@tonic-gate } 4267c478bd9Sstevel@tonic-gate 4277c478bd9Sstevel@tonic-gate svc_run(); 4287c478bd9Sstevel@tonic-gate abort(); 4297c478bd9Sstevel@tonic-gate /* NOTREACHED */ 4307c478bd9Sstevel@tonic-gate return (0); 4317c478bd9Sstevel@tonic-gate } 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate /* 4357c478bd9Sstevel@tonic-gate * In the event that we don't get a root password, we try to 4367c478bd9Sstevel@tonic-gate * randomize the master key the best we can 4377c478bd9Sstevel@tonic-gate */ 4387c478bd9Sstevel@tonic-gate static void 4397c478bd9Sstevel@tonic-gate randomize(master) 4407c478bd9Sstevel@tonic-gate des_block *master; 4417c478bd9Sstevel@tonic-gate { 4427c478bd9Sstevel@tonic-gate int i; 4437c478bd9Sstevel@tonic-gate int seed; 4447c478bd9Sstevel@tonic-gate struct timeval tv; 4457c478bd9Sstevel@tonic-gate int shift; 4467c478bd9Sstevel@tonic-gate 4477c478bd9Sstevel@tonic-gate seed = 0; 4487c478bd9Sstevel@tonic-gate for (i = 0; i < 1024; i++) { 4497c478bd9Sstevel@tonic-gate (void) gettimeofday(&tv, (struct timezone *)NULL); 4507c478bd9Sstevel@tonic-gate shift = i % 8 * sizeof (int); 4517c478bd9Sstevel@tonic-gate seed ^= (tv.tv_usec << shift) | (tv.tv_usec >> (32 - shift)); 4527c478bd9Sstevel@tonic-gate } 4537c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM 4547c478bd9Sstevel@tonic-gate srandom(seed); 4557c478bd9Sstevel@tonic-gate master->key.low = random(); 4567c478bd9Sstevel@tonic-gate master->key.high = random(); 4577c478bd9Sstevel@tonic-gate srandom(seed); 4587c478bd9Sstevel@tonic-gate #else 4597c478bd9Sstevel@tonic-gate /* use stupid dangerous bad rand() */ 4607c478bd9Sstevel@tonic-gate srand(seed); 4617c478bd9Sstevel@tonic-gate master->key.low = rand(); 4627c478bd9Sstevel@tonic-gate master->key.high = rand(); 4637c478bd9Sstevel@tonic-gate srand(seed); 4647c478bd9Sstevel@tonic-gate #endif 4657c478bd9Sstevel@tonic-gate } 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate static char * 4687c478bd9Sstevel@tonic-gate fgets_ignorenul(char *s, int n, FILE *stream) 4697c478bd9Sstevel@tonic-gate { 4707c478bd9Sstevel@tonic-gate int fildes = fileno(stream); 4717c478bd9Sstevel@tonic-gate int i = 0; 4727c478bd9Sstevel@tonic-gate int rs = 0; 4737c478bd9Sstevel@tonic-gate char c; 4747c478bd9Sstevel@tonic-gate 4757c478bd9Sstevel@tonic-gate if (fildes < 0) 4767c478bd9Sstevel@tonic-gate return (NULL); 4777c478bd9Sstevel@tonic-gate 4787c478bd9Sstevel@tonic-gate while (i < n - 1) { 4797c478bd9Sstevel@tonic-gate rs = read(fildes, &c, 1); 4807c478bd9Sstevel@tonic-gate switch (rs) { 4817c478bd9Sstevel@tonic-gate case 1: 4827c478bd9Sstevel@tonic-gate break; 4837c478bd9Sstevel@tonic-gate case 0: 4847c478bd9Sstevel@tonic-gate /* EOF */ 4857c478bd9Sstevel@tonic-gate if (i > 0) 4867c478bd9Sstevel@tonic-gate s[i] = '\0'; 4877c478bd9Sstevel@tonic-gate return (NULL); 4887c478bd9Sstevel@tonic-gate break; 4897c478bd9Sstevel@tonic-gate default: 4907c478bd9Sstevel@tonic-gate return (NULL); 4917c478bd9Sstevel@tonic-gate } 4927c478bd9Sstevel@tonic-gate switch (c) { 4937c478bd9Sstevel@tonic-gate case '\0': 4947c478bd9Sstevel@tonic-gate break; 4957c478bd9Sstevel@tonic-gate case '\n': 4967c478bd9Sstevel@tonic-gate s[i] = c; 4977c478bd9Sstevel@tonic-gate s[++i] = '\0'; 4987c478bd9Sstevel@tonic-gate return (s); 4997c478bd9Sstevel@tonic-gate default: 5007c478bd9Sstevel@tonic-gate if (c != '\0') 5017c478bd9Sstevel@tonic-gate s[i++] = c; 5027c478bd9Sstevel@tonic-gate } 5037c478bd9Sstevel@tonic-gate } 5047c478bd9Sstevel@tonic-gate s[i] = '\0'; 5057c478bd9Sstevel@tonic-gate return (s); 5067c478bd9Sstevel@tonic-gate } 5077c478bd9Sstevel@tonic-gate 5087c478bd9Sstevel@tonic-gate /* Should last until 16384-bit DH keys */ 5097c478bd9Sstevel@tonic-gate #define MAXROOTKEY_LINE_LEN 4224 5107c478bd9Sstevel@tonic-gate #define MAXROOTKEY_LEN 4096 5117c478bd9Sstevel@tonic-gate #define ROOTKEY_FILE "/etc/.rootkey" 5127c478bd9Sstevel@tonic-gate 5137c478bd9Sstevel@tonic-gate static int 5147c478bd9Sstevel@tonic-gate getotherrootkeys(char *name) 5157c478bd9Sstevel@tonic-gate { 5167c478bd9Sstevel@tonic-gate FILE *rootkey; 5177c478bd9Sstevel@tonic-gate char line[MAXROOTKEY_LINE_LEN]; 5187c478bd9Sstevel@tonic-gate char key[MAXROOTKEY_LEN]; 5197c478bd9Sstevel@tonic-gate algtype_t algtype; 5207c478bd9Sstevel@tonic-gate int count = 0; 5217c478bd9Sstevel@tonic-gate 5227c478bd9Sstevel@tonic-gate if (!(rootkey = fopen(ROOTKEY, "r"))) 5237c478bd9Sstevel@tonic-gate return (0); 5247c478bd9Sstevel@tonic-gate 5257c478bd9Sstevel@tonic-gate while (fgets_ignorenul(line, MAXROOTKEY_LINE_LEN, rootkey)) { 5267c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("ROOTKEY %d: %s\n", count, line)); 5277c478bd9Sstevel@tonic-gate count++; 528a0368f78Speteh if (sscanf(line, "%s %d", key, &algtype) < 2) { 529a0368f78Speteh /* 530a0368f78Speteh * No encryption algorithm found in the file 531a0368f78Speteh * (algtype) so default to DES. 532a0368f78Speteh */ 533a0368f78Speteh algtype = AUTH_DES_ALGTYPE; 534a0368f78Speteh } 5357c478bd9Sstevel@tonic-gate if (!strlen(key)) 5367c478bd9Sstevel@tonic-gate continue; 5377c478bd9Sstevel@tonic-gate addmasterkey(key, name, algtype); 5387c478bd9Sstevel@tonic-gate } 5397c478bd9Sstevel@tonic-gate fclose(rootkey); 5407c478bd9Sstevel@tonic-gate return (1); 5417c478bd9Sstevel@tonic-gate } 5427c478bd9Sstevel@tonic-gate 5437c478bd9Sstevel@tonic-gate /* 5447c478bd9Sstevel@tonic-gate * Try to get root's secret key, by prompting if terminal is a tty, else trying 5457c478bd9Sstevel@tonic-gate * from standard input. 5467c478bd9Sstevel@tonic-gate * Returns 1 on success. 5477c478bd9Sstevel@tonic-gate */ 54849e7ca49Speteh static int 5497c478bd9Sstevel@tonic-gate getrootkey(master, prompt) 5507c478bd9Sstevel@tonic-gate des_block *master; 5517c478bd9Sstevel@tonic-gate int prompt; 5527c478bd9Sstevel@tonic-gate { 5537c478bd9Sstevel@tonic-gate char *passwd; 5547c478bd9Sstevel@tonic-gate char name[MAXNETNAMELEN + 1]; 5557c478bd9Sstevel@tonic-gate char secret[HEXKEYBYTES + 1]; 5567c478bd9Sstevel@tonic-gate FILE *fp; 5577c478bd9Sstevel@tonic-gate int passwd2des(); 5587c478bd9Sstevel@tonic-gate int retval; 5597c478bd9Sstevel@tonic-gate 5607c478bd9Sstevel@tonic-gate randomize(master); 5617c478bd9Sstevel@tonic-gate if (!getnetname(name)) { 5627c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "keyserv: \ 5637c478bd9Sstevel@tonic-gate failed to generate host's netname when establishing root's key.\n"); 5647c478bd9Sstevel@tonic-gate return (0); 5657c478bd9Sstevel@tonic-gate } 5667c478bd9Sstevel@tonic-gate if (!prompt) { 5677c478bd9Sstevel@tonic-gate return (getotherrootkeys(name)); 5687c478bd9Sstevel@tonic-gate } 5697c478bd9Sstevel@tonic-gate /* 5707c478bd9Sstevel@tonic-gate * Decrypt yellow pages publickey entry to get secret key 5717c478bd9Sstevel@tonic-gate */ 5727c478bd9Sstevel@tonic-gate passwd = getpass("root password:"); 5737c478bd9Sstevel@tonic-gate passwd2des(passwd, master); 5747c478bd9Sstevel@tonic-gate if (!getsecretkey(name, secret, passwd)) { 5757c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5767c478bd9Sstevel@tonic-gate "Can't find %s's secret key\n", name); 5777c478bd9Sstevel@tonic-gate return (0); 5787c478bd9Sstevel@tonic-gate } 5797c478bd9Sstevel@tonic-gate if (secret[0] == 0) { 5807c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5817c478bd9Sstevel@tonic-gate "Password does not decrypt secret key for %s\n", name); 5827c478bd9Sstevel@tonic-gate return (0); 5837c478bd9Sstevel@tonic-gate } 5847c478bd9Sstevel@tonic-gate if ((fp = fopen(ROOTKEY, "w")) == NULL) { 5857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5867c478bd9Sstevel@tonic-gate "Cannot open %s for write\n", ROOTKEY); 5877c478bd9Sstevel@tonic-gate return (0); 5887c478bd9Sstevel@tonic-gate } 5897c478bd9Sstevel@tonic-gate retval = storeotherrootkeys(fp, name, passwd, secret); 5907c478bd9Sstevel@tonic-gate fclose(fp); 5917c478bd9Sstevel@tonic-gate return (retval); 5927c478bd9Sstevel@tonic-gate } 5937c478bd9Sstevel@tonic-gate 5947c478bd9Sstevel@tonic-gate /* 5957c478bd9Sstevel@tonic-gate * Procedures to implement RPC service. These procedures are named 5967c478bd9Sstevel@tonic-gate * differently from the definitions in key_prot.h (generated by rpcgen) 5977c478bd9Sstevel@tonic-gate * because they take different arguments. 5987c478bd9Sstevel@tonic-gate */ 5997c478bd9Sstevel@tonic-gate char * 6007c478bd9Sstevel@tonic-gate strstatus(status) 6017c478bd9Sstevel@tonic-gate keystatus status; 6027c478bd9Sstevel@tonic-gate { 6037c478bd9Sstevel@tonic-gate switch (status) { 6047c478bd9Sstevel@tonic-gate case KEY_SUCCESS: 6057c478bd9Sstevel@tonic-gate return ("KEY_SUCCESS"); 6067c478bd9Sstevel@tonic-gate case KEY_NOSECRET: 6077c478bd9Sstevel@tonic-gate return ("KEY_NOSECRET"); 6087c478bd9Sstevel@tonic-gate case KEY_UNKNOWN: 6097c478bd9Sstevel@tonic-gate return ("KEY_UNKNOWN"); 6107c478bd9Sstevel@tonic-gate case KEY_SYSTEMERR: 6117c478bd9Sstevel@tonic-gate return ("KEY_SYSTEMERR"); 6127c478bd9Sstevel@tonic-gate case KEY_BADALG: 6137c478bd9Sstevel@tonic-gate return ("KEY_BADALG"); 6147c478bd9Sstevel@tonic-gate case KEY_BADLEN: 6157c478bd9Sstevel@tonic-gate return ("KEY_BADLEN"); 6167c478bd9Sstevel@tonic-gate default: 6177c478bd9Sstevel@tonic-gate return ("(bad result code)"); 6187c478bd9Sstevel@tonic-gate } 6197c478bd9Sstevel@tonic-gate } 6207c478bd9Sstevel@tonic-gate 6217c478bd9Sstevel@tonic-gate bool_t 6227c478bd9Sstevel@tonic-gate __key_set_1_svc(uid, key, status) 6237c478bd9Sstevel@tonic-gate uid_t uid; 6247c478bd9Sstevel@tonic-gate keybuf key; 6257c478bd9Sstevel@tonic-gate keystatus *status; 6267c478bd9Sstevel@tonic-gate { 6277c478bd9Sstevel@tonic-gate if (debugging) { 6287c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "set(%d, %.*s) = ", uid, 6297c478bd9Sstevel@tonic-gate sizeof (keybuf), key); 6307c478bd9Sstevel@tonic-gate } 6317c478bd9Sstevel@tonic-gate *status = pk_setkey(uid, key); 6327c478bd9Sstevel@tonic-gate if (debugging) { 6337c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(*status)); 6347c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6357c478bd9Sstevel@tonic-gate } 6367c478bd9Sstevel@tonic-gate return (TRUE); 6377c478bd9Sstevel@tonic-gate } 6387c478bd9Sstevel@tonic-gate 6397c478bd9Sstevel@tonic-gate bool_t 6407c478bd9Sstevel@tonic-gate __key_encrypt_pk_2_svc(uid, arg, res) 6417c478bd9Sstevel@tonic-gate uid_t uid; 6427c478bd9Sstevel@tonic-gate cryptkeyarg2 *arg; 6437c478bd9Sstevel@tonic-gate cryptkeyres *res; 6447c478bd9Sstevel@tonic-gate { 6457c478bd9Sstevel@tonic-gate 6467c478bd9Sstevel@tonic-gate if (debugging) { 6477c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid, 6487c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 6497c478bd9Sstevel@tonic-gate arg->deskey.key.low); 6507c478bd9Sstevel@tonic-gate } 6517c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 6527c478bd9Sstevel@tonic-gate res->status = pk_encrypt(uid, arg->remotename, &(arg->remotekey), 6537c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 6547c478bd9Sstevel@tonic-gate if (debugging) { 6557c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 6567c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 6577c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 6587c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 6597c478bd9Sstevel@tonic-gate } else { 6607c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 6617c478bd9Sstevel@tonic-gate } 6627c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6637c478bd9Sstevel@tonic-gate } 6647c478bd9Sstevel@tonic-gate return (TRUE); 6657c478bd9Sstevel@tonic-gate } 6667c478bd9Sstevel@tonic-gate 6677c478bd9Sstevel@tonic-gate bool_t 6687c478bd9Sstevel@tonic-gate __key_decrypt_pk_2_svc(uid, arg, res) 6697c478bd9Sstevel@tonic-gate uid_t uid; 6707c478bd9Sstevel@tonic-gate cryptkeyarg2 *arg; 6717c478bd9Sstevel@tonic-gate cryptkeyres *res; 6727c478bd9Sstevel@tonic-gate { 6737c478bd9Sstevel@tonic-gate 6747c478bd9Sstevel@tonic-gate if (debugging) { 6757c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid, 6767c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 6777c478bd9Sstevel@tonic-gate arg->deskey.key.low); 6787c478bd9Sstevel@tonic-gate } 6797c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 6807c478bd9Sstevel@tonic-gate res->status = pk_decrypt(uid, arg->remotename, &(arg->remotekey), 6817c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 6827c478bd9Sstevel@tonic-gate if (debugging) { 6837c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 6847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 6857c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 6867c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 6877c478bd9Sstevel@tonic-gate } else { 6887c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 6897c478bd9Sstevel@tonic-gate } 6907c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6917c478bd9Sstevel@tonic-gate } 6927c478bd9Sstevel@tonic-gate return (TRUE); 6937c478bd9Sstevel@tonic-gate } 6947c478bd9Sstevel@tonic-gate 6957c478bd9Sstevel@tonic-gate bool_t 6967c478bd9Sstevel@tonic-gate __key_net_put_2_svc(uid, arg, status) 6977c478bd9Sstevel@tonic-gate uid_t uid; 6987c478bd9Sstevel@tonic-gate key_netstarg *arg; 6997c478bd9Sstevel@tonic-gate keystatus *status; 7007c478bd9Sstevel@tonic-gate { 7017c478bd9Sstevel@tonic-gate 7027c478bd9Sstevel@tonic-gate if (debugging) { 7037c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ", 7047c478bd9Sstevel@tonic-gate arg->st_netname, sizeof (arg->st_pub_key), 7057c478bd9Sstevel@tonic-gate arg->st_pub_key, sizeof (arg->st_priv_key), 7067c478bd9Sstevel@tonic-gate arg->st_priv_key); 7077c478bd9Sstevel@tonic-gate }; 7087c478bd9Sstevel@tonic-gate 7097c478bd9Sstevel@tonic-gate *status = pk_netput(uid, arg); 7107c478bd9Sstevel@tonic-gate 7117c478bd9Sstevel@tonic-gate if (debugging) { 7127c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(*status)); 7137c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7147c478bd9Sstevel@tonic-gate } 7157c478bd9Sstevel@tonic-gate 7167c478bd9Sstevel@tonic-gate return (TRUE); 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate /* ARGSUSED */ 7207c478bd9Sstevel@tonic-gate bool_t 7217c478bd9Sstevel@tonic-gate __key_net_get_2_svc(uid, arg, keynetname) 7227c478bd9Sstevel@tonic-gate uid_t uid; 7237c478bd9Sstevel@tonic-gate void *arg; 7247c478bd9Sstevel@tonic-gate key_netstres *keynetname; 7257c478bd9Sstevel@tonic-gate { 7267c478bd9Sstevel@tonic-gate 7277c478bd9Sstevel@tonic-gate if (debugging) 7287c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "net_get(%d) = ", uid); 7297c478bd9Sstevel@tonic-gate 7307c478bd9Sstevel@tonic-gate keynetname->status = pk_netget(uid, &keynetname->key_netstres_u.knet); 7317c478bd9Sstevel@tonic-gate if (debugging) { 7327c478bd9Sstevel@tonic-gate if (keynetname->status == KEY_SUCCESS) { 7337c478bd9Sstevel@tonic-gate fprintf(stderr, "<%s, %.*s, %.*s>\n", 7347c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_netname, 7357c478bd9Sstevel@tonic-gate sizeof (keynetname->key_netstres_u.knet.st_pub_key), 7367c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_pub_key, 7377c478bd9Sstevel@tonic-gate sizeof (keynetname->key_netstres_u.knet.st_priv_key), 7387c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_priv_key); 7397c478bd9Sstevel@tonic-gate } else { 7407c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "NOT FOUND\n"); 7417c478bd9Sstevel@tonic-gate } 7427c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7437c478bd9Sstevel@tonic-gate } 7447c478bd9Sstevel@tonic-gate 7457c478bd9Sstevel@tonic-gate return (TRUE); 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate } 7487c478bd9Sstevel@tonic-gate 7497c478bd9Sstevel@tonic-gate bool_t 7507c478bd9Sstevel@tonic-gate __key_get_conv_2_svc(uid, arg, res) 7517c478bd9Sstevel@tonic-gate uid_t uid; 7527c478bd9Sstevel@tonic-gate keybuf arg; 7537c478bd9Sstevel@tonic-gate cryptkeyres *res; 7547c478bd9Sstevel@tonic-gate { 7557c478bd9Sstevel@tonic-gate 7567c478bd9Sstevel@tonic-gate if (debugging) 7577c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "get_conv(%d, %.*s) = ", uid, 7587c478bd9Sstevel@tonic-gate sizeof (arg), arg); 7597c478bd9Sstevel@tonic-gate 7607c478bd9Sstevel@tonic-gate 7617c478bd9Sstevel@tonic-gate res->status = pk_get_conv_key(uid, arg, res); 7627c478bd9Sstevel@tonic-gate 7637c478bd9Sstevel@tonic-gate if (debugging) { 7647c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 7657c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 7667c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 7677c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 7687c478bd9Sstevel@tonic-gate } else { 7697c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 7707c478bd9Sstevel@tonic-gate } 7717c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7727c478bd9Sstevel@tonic-gate } 7737c478bd9Sstevel@tonic-gate return (TRUE); 7747c478bd9Sstevel@tonic-gate } 7757c478bd9Sstevel@tonic-gate 7767c478bd9Sstevel@tonic-gate 7777c478bd9Sstevel@tonic-gate bool_t 7787c478bd9Sstevel@tonic-gate __key_encrypt_1_svc(uid, arg, res) 7797c478bd9Sstevel@tonic-gate uid_t uid; 7807c478bd9Sstevel@tonic-gate cryptkeyarg *arg; 7817c478bd9Sstevel@tonic-gate cryptkeyres *res; 7827c478bd9Sstevel@tonic-gate { 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate if (debugging) { 7857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid, 7867c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 7877c478bd9Sstevel@tonic-gate arg->deskey.key.low); 7887c478bd9Sstevel@tonic-gate } 7897c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 7907c478bd9Sstevel@tonic-gate res->status = pk_encrypt(uid, arg->remotename, NULL, 7917c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 7927c478bd9Sstevel@tonic-gate if (debugging) { 7937c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 7947c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 7957c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 7967c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 7977c478bd9Sstevel@tonic-gate } else { 7987c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8017c478bd9Sstevel@tonic-gate } 8027c478bd9Sstevel@tonic-gate return (TRUE); 8037c478bd9Sstevel@tonic-gate } 8047c478bd9Sstevel@tonic-gate 8057c478bd9Sstevel@tonic-gate bool_t 8067c478bd9Sstevel@tonic-gate __key_decrypt_1_svc(uid, arg, res) 8077c478bd9Sstevel@tonic-gate uid_t uid; 8087c478bd9Sstevel@tonic-gate cryptkeyarg *arg; 8097c478bd9Sstevel@tonic-gate cryptkeyres *res; 8107c478bd9Sstevel@tonic-gate { 8117c478bd9Sstevel@tonic-gate if (debugging) { 8127c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid, 8137c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 8147c478bd9Sstevel@tonic-gate arg->deskey.key.low); 8157c478bd9Sstevel@tonic-gate } 8167c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 8177c478bd9Sstevel@tonic-gate res->status = pk_decrypt(uid, arg->remotename, NULL, 8187c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 8197c478bd9Sstevel@tonic-gate if (debugging) { 8207c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 8217c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 8227c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 8237c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 8247c478bd9Sstevel@tonic-gate } else { 8257c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 8267c478bd9Sstevel@tonic-gate } 8277c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8287c478bd9Sstevel@tonic-gate } 8297c478bd9Sstevel@tonic-gate return (TRUE); 8307c478bd9Sstevel@tonic-gate } 8317c478bd9Sstevel@tonic-gate 8327c478bd9Sstevel@tonic-gate /* ARGSUSED */ 8337c478bd9Sstevel@tonic-gate bool_t 8347c478bd9Sstevel@tonic-gate __key_gen_1_svc(v, s, key) 8357c478bd9Sstevel@tonic-gate void *v; 8367c478bd9Sstevel@tonic-gate struct svc_req *s; 8377c478bd9Sstevel@tonic-gate des_block *key; 8387c478bd9Sstevel@tonic-gate { 8397c478bd9Sstevel@tonic-gate struct timeval time; 8407c478bd9Sstevel@tonic-gate static des_block keygen; 8417c478bd9Sstevel@tonic-gate static mutex_t keygen_mutex = DEFAULTMUTEX; 8427c478bd9Sstevel@tonic-gate int r; 8437c478bd9Sstevel@tonic-gate 8447c478bd9Sstevel@tonic-gate (void) gettimeofday(&time, (struct timezone *)NULL); 8457c478bd9Sstevel@tonic-gate (void) mutex_lock(&keygen_mutex); 8467c478bd9Sstevel@tonic-gate keygen.key.high += (time.tv_sec ^ time.tv_usec); 8477c478bd9Sstevel@tonic-gate keygen.key.low += (time.tv_sec ^ time.tv_usec); 8487c478bd9Sstevel@tonic-gate r = ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen), 8497c478bd9Sstevel@tonic-gate DES_ENCRYPT | DES_HW); 8507c478bd9Sstevel@tonic-gate if (r != DESERR_NONE && r != DESERR_NOHWDEVICE) { 8517c478bd9Sstevel@tonic-gate mutex_unlock(&keygen_mutex); 8527c478bd9Sstevel@tonic-gate return (FALSE); 8537c478bd9Sstevel@tonic-gate } 8547c478bd9Sstevel@tonic-gate *key = keygen; 8557c478bd9Sstevel@tonic-gate mutex_unlock(&keygen_mutex); 8567c478bd9Sstevel@tonic-gate 8577c478bd9Sstevel@tonic-gate des_setparity_g(key); 8587c478bd9Sstevel@tonic-gate if (debugging) { 8597c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "gen() = %08x%08x\n", key->key.high, 8607c478bd9Sstevel@tonic-gate key->key.low); 8617c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8627c478bd9Sstevel@tonic-gate } 8637c478bd9Sstevel@tonic-gate return (TRUE); 8647c478bd9Sstevel@tonic-gate } 8657c478bd9Sstevel@tonic-gate 8667c478bd9Sstevel@tonic-gate /* ARGSUSED */ 8677c478bd9Sstevel@tonic-gate bool_t 8687c478bd9Sstevel@tonic-gate __key_getcred_1_svc(uid, name, res) 8697c478bd9Sstevel@tonic-gate uid_t uid; 8707c478bd9Sstevel@tonic-gate netnamestr *name; 8717c478bd9Sstevel@tonic-gate getcredres *res; 8727c478bd9Sstevel@tonic-gate { 8737c478bd9Sstevel@tonic-gate struct unixcred *cred; 8747c478bd9Sstevel@tonic-gate 8757c478bd9Sstevel@tonic-gate cred = &res->getcredres_u.cred; 8767c478bd9Sstevel@tonic-gate if (!netname2user(*name, (uid_t *)&cred->uid, (gid_t *)&cred->gid, 8777c478bd9Sstevel@tonic-gate (int *)&cred->gids.gids_len, 8787c478bd9Sstevel@tonic-gate (gid_t *)cred->gids.gids_val)) { 8797c478bd9Sstevel@tonic-gate res->status = KEY_UNKNOWN; 8807c478bd9Sstevel@tonic-gate } else { 8817c478bd9Sstevel@tonic-gate res->status = KEY_SUCCESS; 8827c478bd9Sstevel@tonic-gate } 8837c478bd9Sstevel@tonic-gate if (debugging) { 8847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "getcred(%s) = ", *name); 8857c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 8867c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n", 8877c478bd9Sstevel@tonic-gate cred->uid, cred->gid, cred->gids.gids_len); 8887c478bd9Sstevel@tonic-gate } else { 8897c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 8907c478bd9Sstevel@tonic-gate } 8917c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8927c478bd9Sstevel@tonic-gate } 8937c478bd9Sstevel@tonic-gate return (TRUE); 8947c478bd9Sstevel@tonic-gate } 8957c478bd9Sstevel@tonic-gate 8967c478bd9Sstevel@tonic-gate /* 8977c478bd9Sstevel@tonic-gate * Version 3 procedures follow... 8987c478bd9Sstevel@tonic-gate */ 8997c478bd9Sstevel@tonic-gate 9007c478bd9Sstevel@tonic-gate static bool_t 9017c478bd9Sstevel@tonic-gate __key_set_3_svc(uid_t uid, setkeyarg3 *arg, keystatus *status) 9027c478bd9Sstevel@tonic-gate { 9037c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("__key_set_3_svc(%d, %d, %d)", 9047c478bd9Sstevel@tonic-gate uid, arg->algtype, arg->keylen)); 9057c478bd9Sstevel@tonic-gate *status = pk_setkey3(uid, arg); 9067c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("__key_set_3_svc %s", strstatus(*status))); 9077c478bd9Sstevel@tonic-gate return (TRUE); 9087c478bd9Sstevel@tonic-gate } 9097c478bd9Sstevel@tonic-gate 9107c478bd9Sstevel@tonic-gate static bool_t 9117c478bd9Sstevel@tonic-gate __key_encrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9127c478bd9Sstevel@tonic-gate { 9137c478bd9Sstevel@tonic-gate int len, i; 9147c478bd9Sstevel@tonic-gate des_block *dp; 9157c478bd9Sstevel@tonic-gate 9167c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_3(%d %d %s)", uid, 9177c478bd9Sstevel@tonic-gate arg->deskey.deskeyarray_len, arg->remotename)); 9187c478bd9Sstevel@tonic-gate res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9197c478bd9Sstevel@tonic-gate len = res->cryptkeyres3_u.deskey.deskeyarray_len; 9207c478bd9Sstevel@tonic-gate dp = res->cryptkeyres3_u.deskey.deskeyarray_val; 9217c478bd9Sstevel@tonic-gate for (i = 0; i < len; i++) { 9227c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("encrypt_3 retval[%d] == (%x,%x)", 9237c478bd9Sstevel@tonic-gate i, dp->key.high, dp->key.low)); 9247c478bd9Sstevel@tonic-gate dp++; 9257c478bd9Sstevel@tonic-gate } 9267c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_3 returned %s", strstatus(res->status))); 9277c478bd9Sstevel@tonic-gate return (TRUE); 9287c478bd9Sstevel@tonic-gate } 9297c478bd9Sstevel@tonic-gate 9307c478bd9Sstevel@tonic-gate static bool_t 9317c478bd9Sstevel@tonic-gate __key_decrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9327c478bd9Sstevel@tonic-gate { 9337c478bd9Sstevel@tonic-gate int len, i; 9347c478bd9Sstevel@tonic-gate des_block *dp; 9357c478bd9Sstevel@tonic-gate 9367c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_3(%d, %d, %s)", uid, 9377c478bd9Sstevel@tonic-gate arg->deskey.deskeyarray_len, arg->remotename)); 9387c478bd9Sstevel@tonic-gate res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9397c478bd9Sstevel@tonic-gate len = res->cryptkeyres3_u.deskey.deskeyarray_len; 9407c478bd9Sstevel@tonic-gate dp = res->cryptkeyres3_u.deskey.deskeyarray_val; 9417c478bd9Sstevel@tonic-gate for (i = 0; i < len; i++) { 9427c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("decrypt_3 retval[%d] == (%x,%x)", 9437c478bd9Sstevel@tonic-gate i, dp->key.high, dp->key.low)); 9447c478bd9Sstevel@tonic-gate dp++; 9457c478bd9Sstevel@tonic-gate } 9467c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_3 returned %s", strstatus(res->status))); 9477c478bd9Sstevel@tonic-gate return (TRUE); 9487c478bd9Sstevel@tonic-gate } 9497c478bd9Sstevel@tonic-gate 9507c478bd9Sstevel@tonic-gate /* ARGSUSED */ 9517c478bd9Sstevel@tonic-gate static bool_t 9527c478bd9Sstevel@tonic-gate __key_gen_3_svc(void *v, keynum_t *kp, deskeyarray *res) 9537c478bd9Sstevel@tonic-gate { 9547c478bd9Sstevel@tonic-gate int i; 9557c478bd9Sstevel@tonic-gate keynum_t keynum = *kp; 9567c478bd9Sstevel@tonic-gate 9577c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3(%d %x)", keynum, res)); 9587c478bd9Sstevel@tonic-gate res->deskeyarray_val = 0; 9597c478bd9Sstevel@tonic-gate if (!setdeskeyarray(res, keynum)) { 9607c478bd9Sstevel@tonic-gate return (FALSE); 9617c478bd9Sstevel@tonic-gate } 9627c478bd9Sstevel@tonic-gate for (i = 0; i < keynum; i++) { 9637c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3 calling gen_1 %x", 9647c478bd9Sstevel@tonic-gate res->deskeyarray_val+i)); 9657c478bd9Sstevel@tonic-gate __key_gen_1_svc((void *) NULL, (struct svc_req *)NULL, 9667c478bd9Sstevel@tonic-gate res->deskeyarray_val+i); 9677c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3 val %d %x", 9687c478bd9Sstevel@tonic-gate i, *(int *)(res->deskeyarray_val+i))); 9697c478bd9Sstevel@tonic-gate } 9707c478bd9Sstevel@tonic-gate return (TRUE); 9717c478bd9Sstevel@tonic-gate } 9727c478bd9Sstevel@tonic-gate 9737c478bd9Sstevel@tonic-gate static void 9747c478bd9Sstevel@tonic-gate __key_gen_3_svc_free(deskeyarray *dp) 9757c478bd9Sstevel@tonic-gate { 9767c478bd9Sstevel@tonic-gate free(dp->deskeyarray_val); 9777c478bd9Sstevel@tonic-gate } 9787c478bd9Sstevel@tonic-gate 9797c478bd9Sstevel@tonic-gate static bool_t 9807c478bd9Sstevel@tonic-gate __key_getcred_3_svc(uid_t uid, netnamestr *name, getcredres3 *res) 9817c478bd9Sstevel@tonic-gate { 9827c478bd9Sstevel@tonic-gate return (__key_getcred_1_svc(uid, name, (getcredres *)res)); 9837c478bd9Sstevel@tonic-gate } 9847c478bd9Sstevel@tonic-gate 9857c478bd9Sstevel@tonic-gate static bool_t 9867c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9877c478bd9Sstevel@tonic-gate { 9887c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_pk_3(%d, %s)", uid, arg->remotename)); 9897c478bd9Sstevel@tonic-gate res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9907c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status))); 9917c478bd9Sstevel@tonic-gate return (TRUE); 9927c478bd9Sstevel@tonic-gate } 9937c478bd9Sstevel@tonic-gate 9947c478bd9Sstevel@tonic-gate static void 9957c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc_free(cryptkeyres3 *res) 9967c478bd9Sstevel@tonic-gate { 9977c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 9987c478bd9Sstevel@tonic-gate free(res->cryptkeyres3_u.deskey.deskeyarray_val); 9997c478bd9Sstevel@tonic-gate } 10007c478bd9Sstevel@tonic-gate } 10017c478bd9Sstevel@tonic-gate 10027c478bd9Sstevel@tonic-gate static bool_t 10037c478bd9Sstevel@tonic-gate __key_decrypt_pk_3(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 10047c478bd9Sstevel@tonic-gate { 10057c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_pk_3(%d, %s)", uid, arg->remotename)); 10067c478bd9Sstevel@tonic-gate res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 10077c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status))); 10087c478bd9Sstevel@tonic-gate return (TRUE); 10097c478bd9Sstevel@tonic-gate } 10107c478bd9Sstevel@tonic-gate 10117c478bd9Sstevel@tonic-gate static void 10127c478bd9Sstevel@tonic-gate __key_decrypt_pk_3_free(cryptkeyres3 *res) 10137c478bd9Sstevel@tonic-gate { 10147c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 10157c478bd9Sstevel@tonic-gate free(res->cryptkeyres3_u.deskey.deskeyarray_val); 10167c478bd9Sstevel@tonic-gate } 10177c478bd9Sstevel@tonic-gate } 10187c478bd9Sstevel@tonic-gate 10197c478bd9Sstevel@tonic-gate static bool_t 10207c478bd9Sstevel@tonic-gate __key_net_put_3_svc(uid_t uid, key_netstarg3 *arg, keystatus *status) 10217c478bd9Sstevel@tonic-gate { 10227c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_put_3 (%d, %x)", uid, arg)); 10237c478bd9Sstevel@tonic-gate *status = pk_netput3(uid, arg); 10247c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_put_3 ret %s", strstatus(*status))); 10257c478bd9Sstevel@tonic-gate return (TRUE); 10267c478bd9Sstevel@tonic-gate } 10277c478bd9Sstevel@tonic-gate 10287c478bd9Sstevel@tonic-gate static bool_t 10297c478bd9Sstevel@tonic-gate __key_net_get_3_svc(uid_t uid, mechtype *arg, key_netstres3 *keynetname) 10307c478bd9Sstevel@tonic-gate { 10317c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_get_3 (%d, %x)", uid, arg)); 10327c478bd9Sstevel@tonic-gate keynetname->status = pk_netget3(uid, 10337c478bd9Sstevel@tonic-gate arg, &keynetname->key_netstres3_u.knet); 10347c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, 10357c478bd9Sstevel@tonic-gate ("net_get_3 ret %s", strstatus(keynetname->status))); 10367c478bd9Sstevel@tonic-gate return (TRUE); 10377c478bd9Sstevel@tonic-gate } 10387c478bd9Sstevel@tonic-gate 10397c478bd9Sstevel@tonic-gate static void 10407c478bd9Sstevel@tonic-gate __key_net_get_3_svc_free(key_netstres3 *keynetname) 10417c478bd9Sstevel@tonic-gate { 10427c478bd9Sstevel@tonic-gate if (keynetname->status == KEY_SUCCESS) { 10437c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_priv_key.keybuf3_val); 10447c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_pub_key.keybuf3_val); 10457c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_netname); 10467c478bd9Sstevel@tonic-gate } 10477c478bd9Sstevel@tonic-gate } 10487c478bd9Sstevel@tonic-gate 10497c478bd9Sstevel@tonic-gate static bool_t 10507c478bd9Sstevel@tonic-gate __key_get_conv_3_svc(uid_t uid, deskeyarg3 *arg, cryptkeyres3 *res) 10517c478bd9Sstevel@tonic-gate { 10527c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("get_conv_3(%d %x %x)", uid, arg, res)); 10537c478bd9Sstevel@tonic-gate res->status = pk_get_conv_key3(uid, arg, res); 10547c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, 10557c478bd9Sstevel@tonic-gate ("get_conv_3 ret %s", strstatus(res->status))); 10567c478bd9Sstevel@tonic-gate return (TRUE); 10577c478bd9Sstevel@tonic-gate } 10587c478bd9Sstevel@tonic-gate 10597c478bd9Sstevel@tonic-gate /* ARGSUSED */ 10607c478bd9Sstevel@tonic-gate static bool_t 10617c478bd9Sstevel@tonic-gate __key_clear_3_svc(uid_t uid, void *arg, keystatus *status) 10627c478bd9Sstevel@tonic-gate { 10637c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("clear_3(%d)", uid)); 10647c478bd9Sstevel@tonic-gate *status = pk_clear3(uid); 10657c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("clear_3 ret %s", strstatus(*status))); 10667c478bd9Sstevel@tonic-gate return (TRUE); 10677c478bd9Sstevel@tonic-gate } 10687c478bd9Sstevel@tonic-gate 10697c478bd9Sstevel@tonic-gate /* 10707c478bd9Sstevel@tonic-gate * RPC boilerplate 10717c478bd9Sstevel@tonic-gate */ 10727c478bd9Sstevel@tonic-gate static void 10737c478bd9Sstevel@tonic-gate keyprogram(rqstp, transp) 10747c478bd9Sstevel@tonic-gate struct svc_req *rqstp; 10757c478bd9Sstevel@tonic-gate SVCXPRT *transp; 10767c478bd9Sstevel@tonic-gate { 10777c478bd9Sstevel@tonic-gate union { 10787c478bd9Sstevel@tonic-gate keybuf key_set_1_arg; 10797c478bd9Sstevel@tonic-gate cryptkeyarg key_encrypt_1_arg; 10807c478bd9Sstevel@tonic-gate cryptkeyarg key_decrypt_1_arg; 10817c478bd9Sstevel@tonic-gate netnamestr key_getcred_1_arg; 10827c478bd9Sstevel@tonic-gate cryptkeyarg key_encrypt_2_arg; 10837c478bd9Sstevel@tonic-gate cryptkeyarg key_decrypt_2_arg; 10847c478bd9Sstevel@tonic-gate netnamestr key_getcred_2_arg; 10857c478bd9Sstevel@tonic-gate cryptkeyarg2 key_encrypt_pk_2_arg; 10867c478bd9Sstevel@tonic-gate cryptkeyarg2 key_decrypt_pk_2_arg; 10877c478bd9Sstevel@tonic-gate key_netstarg key_net_put_2_arg; 10887c478bd9Sstevel@tonic-gate netobj key_get_conv_2_arg; 10897c478bd9Sstevel@tonic-gate keybuf3 key_set_3_arg; 10907c478bd9Sstevel@tonic-gate cryptkeyarg3 key_encrypt_3_arg; 10917c478bd9Sstevel@tonic-gate cryptkeyarg3 key_decrypt_3_arg; 10927c478bd9Sstevel@tonic-gate cryptkeyarg3 key_encrypt_pk_3_arg; 10937c478bd9Sstevel@tonic-gate cryptkeyarg3 key_decrypt_pk_3_arg; 10947c478bd9Sstevel@tonic-gate keynum_t key_gen_3_arg; 10957c478bd9Sstevel@tonic-gate netnamestr key_getcred_3_arg; 10967c478bd9Sstevel@tonic-gate key_netstarg3 key_net_put_3_arg; 10977c478bd9Sstevel@tonic-gate key_netstarg3 key_net_get_3_arg; 10987c478bd9Sstevel@tonic-gate deskeyarg3 key_get_conv_3_arg; 10997c478bd9Sstevel@tonic-gate } argument; 11007c478bd9Sstevel@tonic-gate union { 11017c478bd9Sstevel@tonic-gate keystatus status; 11027c478bd9Sstevel@tonic-gate cryptkeyres cres; 11037c478bd9Sstevel@tonic-gate des_block key; 11047c478bd9Sstevel@tonic-gate getcredres gres; 11057c478bd9Sstevel@tonic-gate key_netstres keynetname; 11067c478bd9Sstevel@tonic-gate cryptkeyres3 cres3; 11077c478bd9Sstevel@tonic-gate deskeyarray keyarray; 11087c478bd9Sstevel@tonic-gate getcredres3 gres3; 11097c478bd9Sstevel@tonic-gate key_netstres3 keynetname3; 11107c478bd9Sstevel@tonic-gate } result; 11117c478bd9Sstevel@tonic-gate uint_t gids[MAXGIDS]; 11127c478bd9Sstevel@tonic-gate char netname_str[MAXNETNAMELEN + 1]; 11137c478bd9Sstevel@tonic-gate bool_t (*xdr_argument)(), (*xdr_result)(); 11147c478bd9Sstevel@tonic-gate bool_t (*local)(); 11157c478bd9Sstevel@tonic-gate void (*local_free)() = NULL; 11167c478bd9Sstevel@tonic-gate bool_t retval; 11177c478bd9Sstevel@tonic-gate uid_t uid; 11187c478bd9Sstevel@tonic-gate int check_auth; 11197c478bd9Sstevel@tonic-gate 11207c478bd9Sstevel@tonic-gate switch (rqstp->rq_proc) { 11217c478bd9Sstevel@tonic-gate case NULLPROC: 11227c478bd9Sstevel@tonic-gate svc_sendreply(transp, xdr_void, (char *)NULL); 11237c478bd9Sstevel@tonic-gate return; 11247c478bd9Sstevel@tonic-gate 11257c478bd9Sstevel@tonic-gate case KEY_SET: 11267c478bd9Sstevel@tonic-gate xdr_argument = xdr_keybuf; 11277c478bd9Sstevel@tonic-gate xdr_result = xdr_int; 11287c478bd9Sstevel@tonic-gate local = __key_set_1_svc; 11297c478bd9Sstevel@tonic-gate check_auth = 1; 11307c478bd9Sstevel@tonic-gate break; 11317c478bd9Sstevel@tonic-gate 11327c478bd9Sstevel@tonic-gate case KEY_ENCRYPT: 11337c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg; 11347c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11357c478bd9Sstevel@tonic-gate local = __key_encrypt_1_svc; 11367c478bd9Sstevel@tonic-gate check_auth = 1; 11377c478bd9Sstevel@tonic-gate break; 11387c478bd9Sstevel@tonic-gate 11397c478bd9Sstevel@tonic-gate case KEY_DECRYPT: 11407c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg; 11417c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11427c478bd9Sstevel@tonic-gate local = __key_decrypt_1_svc; 11437c478bd9Sstevel@tonic-gate check_auth = 1; 11447c478bd9Sstevel@tonic-gate break; 11457c478bd9Sstevel@tonic-gate 11467c478bd9Sstevel@tonic-gate case KEY_GEN: 11477c478bd9Sstevel@tonic-gate xdr_argument = xdr_void; 11487c478bd9Sstevel@tonic-gate xdr_result = xdr_des_block; 11497c478bd9Sstevel@tonic-gate local = __key_gen_1_svc; 11507c478bd9Sstevel@tonic-gate check_auth = 0; 11517c478bd9Sstevel@tonic-gate break; 11527c478bd9Sstevel@tonic-gate 11537c478bd9Sstevel@tonic-gate case KEY_GETCRED: 11547c478bd9Sstevel@tonic-gate xdr_argument = xdr_netnamestr; 11557c478bd9Sstevel@tonic-gate xdr_result = xdr_getcredres; 11567c478bd9Sstevel@tonic-gate local = __key_getcred_1_svc; 11577c478bd9Sstevel@tonic-gate result.gres.getcredres_u.cred.gids.gids_val = gids; 11587c478bd9Sstevel@tonic-gate check_auth = 0; 11597c478bd9Sstevel@tonic-gate break; 11607c478bd9Sstevel@tonic-gate 11617c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_PK: 11627c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg2; 11637c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11647c478bd9Sstevel@tonic-gate local = __key_encrypt_pk_2_svc; 11657c478bd9Sstevel@tonic-gate check_auth = 1; 11667c478bd9Sstevel@tonic-gate break; 11677c478bd9Sstevel@tonic-gate 11687c478bd9Sstevel@tonic-gate case KEY_DECRYPT_PK: 11697c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg2; 11707c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11717c478bd9Sstevel@tonic-gate local = __key_decrypt_pk_2_svc; 11727c478bd9Sstevel@tonic-gate check_auth = 1; 11737c478bd9Sstevel@tonic-gate break; 11747c478bd9Sstevel@tonic-gate 11757c478bd9Sstevel@tonic-gate 11767c478bd9Sstevel@tonic-gate case KEY_NET_PUT: 11777c478bd9Sstevel@tonic-gate xdr_argument = xdr_key_netstarg; 11787c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 11797c478bd9Sstevel@tonic-gate local = __key_net_put_2_svc; 11807c478bd9Sstevel@tonic-gate check_auth = 1; 11817c478bd9Sstevel@tonic-gate break; 11827c478bd9Sstevel@tonic-gate 11837c478bd9Sstevel@tonic-gate case KEY_NET_GET: 11847c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_void; 11857c478bd9Sstevel@tonic-gate xdr_result = xdr_key_netstres; 11867c478bd9Sstevel@tonic-gate local = __key_net_get_2_svc; 11877c478bd9Sstevel@tonic-gate result.keynetname.key_netstres_u.knet.st_netname = netname_str; 11887c478bd9Sstevel@tonic-gate check_auth = 1; 11897c478bd9Sstevel@tonic-gate break; 11907c478bd9Sstevel@tonic-gate 11917c478bd9Sstevel@tonic-gate case KEY_GET_CONV: 11927c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_keybuf; 11937c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11947c478bd9Sstevel@tonic-gate local = __key_get_conv_2_svc; 11957c478bd9Sstevel@tonic-gate check_auth = 1; 11967c478bd9Sstevel@tonic-gate break; 11977c478bd9Sstevel@tonic-gate 11987c478bd9Sstevel@tonic-gate /* 11997c478bd9Sstevel@tonic-gate * Version 3 procedures follow... 12007c478bd9Sstevel@tonic-gate */ 12017c478bd9Sstevel@tonic-gate 12027c478bd9Sstevel@tonic-gate case KEY_SET_3: 12037c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_setkeyarg3; 12047c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12057c478bd9Sstevel@tonic-gate local = __key_set_3_svc; 12067c478bd9Sstevel@tonic-gate check_auth = 1; 12077c478bd9Sstevel@tonic-gate break; 12087c478bd9Sstevel@tonic-gate 12097c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_3: 12107c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12117c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12127c478bd9Sstevel@tonic-gate local = __key_encrypt_3_svc; 12137c478bd9Sstevel@tonic-gate check_auth = 1; 12147c478bd9Sstevel@tonic-gate break; 12157c478bd9Sstevel@tonic-gate 12167c478bd9Sstevel@tonic-gate case KEY_DECRYPT_3: 12177c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12187c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12197c478bd9Sstevel@tonic-gate local = __key_decrypt_3_svc; 12207c478bd9Sstevel@tonic-gate check_auth = 1; 12217c478bd9Sstevel@tonic-gate break; 12227c478bd9Sstevel@tonic-gate 12237c478bd9Sstevel@tonic-gate case KEY_GEN_3: 12247c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_keynum_t; 12257c478bd9Sstevel@tonic-gate xdr_result = xdr_deskeyarray; 12267c478bd9Sstevel@tonic-gate local = __key_gen_3_svc; 12277c478bd9Sstevel@tonic-gate local_free = __key_gen_3_svc_free; 12287c478bd9Sstevel@tonic-gate check_auth = 0; 12297c478bd9Sstevel@tonic-gate break; 12307c478bd9Sstevel@tonic-gate 12317c478bd9Sstevel@tonic-gate case KEY_GETCRED_3: 12327c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_netnamestr; 12337c478bd9Sstevel@tonic-gate xdr_result = xdr_getcredres3; 12347c478bd9Sstevel@tonic-gate local = __key_getcred_3_svc; 12357c478bd9Sstevel@tonic-gate check_auth = 0; 12367c478bd9Sstevel@tonic-gate break; 12377c478bd9Sstevel@tonic-gate 12387c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_PK_3: 12397c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12407c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12417c478bd9Sstevel@tonic-gate local = __key_encrypt_pk_3_svc; 12427c478bd9Sstevel@tonic-gate local_free = __key_encrypt_pk_3_svc_free; 12437c478bd9Sstevel@tonic-gate check_auth = 1; 12447c478bd9Sstevel@tonic-gate break; 12457c478bd9Sstevel@tonic-gate 12467c478bd9Sstevel@tonic-gate case KEY_DECRYPT_PK_3: 12477c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12487c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12497c478bd9Sstevel@tonic-gate local = __key_decrypt_pk_3; 12507c478bd9Sstevel@tonic-gate local_free = __key_decrypt_pk_3_free; 12517c478bd9Sstevel@tonic-gate check_auth = 1; 12527c478bd9Sstevel@tonic-gate break; 12537c478bd9Sstevel@tonic-gate 12547c478bd9Sstevel@tonic-gate case KEY_NET_PUT_3: 12557c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_key_netstarg3; 12567c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12577c478bd9Sstevel@tonic-gate local = __key_net_put_3_svc; 12587c478bd9Sstevel@tonic-gate check_auth = 1; 12597c478bd9Sstevel@tonic-gate break; 12607c478bd9Sstevel@tonic-gate 12617c478bd9Sstevel@tonic-gate case KEY_NET_GET_3: 12627c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_mechtype; 12637c478bd9Sstevel@tonic-gate xdr_result = xdr_key_netstres3; 12647c478bd9Sstevel@tonic-gate local = __key_net_get_3_svc; 12657c478bd9Sstevel@tonic-gate local_free = __key_net_get_3_svc_free; 12667c478bd9Sstevel@tonic-gate check_auth = 1; 12677c478bd9Sstevel@tonic-gate break; 12687c478bd9Sstevel@tonic-gate 12697c478bd9Sstevel@tonic-gate case KEY_GET_CONV_3: 12707c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_deskeyarg3; 12717c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12727c478bd9Sstevel@tonic-gate local = __key_get_conv_3_svc; 12737c478bd9Sstevel@tonic-gate check_auth = 1; 12747c478bd9Sstevel@tonic-gate break; 12757c478bd9Sstevel@tonic-gate 12767c478bd9Sstevel@tonic-gate case KEY_CLEAR_3: 12777c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_void; 12787c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12797c478bd9Sstevel@tonic-gate local = __key_clear_3_svc; 12807c478bd9Sstevel@tonic-gate check_auth = 1; 12817c478bd9Sstevel@tonic-gate break; 12827c478bd9Sstevel@tonic-gate 12837c478bd9Sstevel@tonic-gate default: 12847c478bd9Sstevel@tonic-gate svcerr_noproc(transp); 12857c478bd9Sstevel@tonic-gate return; 12867c478bd9Sstevel@tonic-gate } 12877c478bd9Sstevel@tonic-gate if (check_auth) { 12887c478bd9Sstevel@tonic-gate if (!get_auth(transp, rqstp, &uid)) { 12897c478bd9Sstevel@tonic-gate if (debugging) { 12907c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 12917c478bd9Sstevel@tonic-gate "not local privileged process\n"); 12927c478bd9Sstevel@tonic-gate } 12937c478bd9Sstevel@tonic-gate svcerr_weakauth(transp); 12947c478bd9Sstevel@tonic-gate return; 12957c478bd9Sstevel@tonic-gate } 12967c478bd9Sstevel@tonic-gate } 12977c478bd9Sstevel@tonic-gate 12987c478bd9Sstevel@tonic-gate memset((char *)&argument, 0, sizeof (argument)); 12997c478bd9Sstevel@tonic-gate if (!svc_getargs(transp, xdr_argument, (caddr_t)&argument)) { 13007c478bd9Sstevel@tonic-gate svcerr_decode(transp); 13017c478bd9Sstevel@tonic-gate return; 13027c478bd9Sstevel@tonic-gate } 13037c478bd9Sstevel@tonic-gate retval = (*local)(uid, &argument, &result); 13047c478bd9Sstevel@tonic-gate if (retval && !svc_sendreply(transp, xdr_result, (char *)&result)) { 13057c478bd9Sstevel@tonic-gate if (debugging) 13067c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "unable to reply\n"); 13077c478bd9Sstevel@tonic-gate svcerr_systemerr(transp); 13087c478bd9Sstevel@tonic-gate } 13097c478bd9Sstevel@tonic-gate if (!svc_freeargs(transp, xdr_argument, (caddr_t)&argument)) { 13107c478bd9Sstevel@tonic-gate if (debugging) 13117c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 13127c478bd9Sstevel@tonic-gate "unable to free arguments\n"); 13137c478bd9Sstevel@tonic-gate exit(1); 13147c478bd9Sstevel@tonic-gate } 13157c478bd9Sstevel@tonic-gate if (local_free) { 13167c478bd9Sstevel@tonic-gate (*local_free)(&result); 13177c478bd9Sstevel@tonic-gate } 13187c478bd9Sstevel@tonic-gate } 13197c478bd9Sstevel@tonic-gate 13207c478bd9Sstevel@tonic-gate static bool_t 13217c478bd9Sstevel@tonic-gate get_auth(trans, rqstp, uid) 13227c478bd9Sstevel@tonic-gate SVCXPRT *trans; 13237c478bd9Sstevel@tonic-gate struct svc_req *rqstp; 13247c478bd9Sstevel@tonic-gate uid_t *uid; 13257c478bd9Sstevel@tonic-gate { 13267c478bd9Sstevel@tonic-gate svc_local_cred_t cred; 13277c478bd9Sstevel@tonic-gate 13287c478bd9Sstevel@tonic-gate if (!svc_get_local_cred(trans, &cred)) { 13297c478bd9Sstevel@tonic-gate if (debugging) 13307c478bd9Sstevel@tonic-gate fprintf(stderr, "svc_get_local_cred failed %s %s\n", 13317c478bd9Sstevel@tonic-gate trans->xp_netid, trans->xp_tp); 13327c478bd9Sstevel@tonic-gate return (FALSE); 13337c478bd9Sstevel@tonic-gate } 13347c478bd9Sstevel@tonic-gate if (debugging) 13357c478bd9Sstevel@tonic-gate fprintf(stderr, "local_uid %d\n", cred.euid); 13367c478bd9Sstevel@tonic-gate if (rqstp->rq_cred.oa_flavor == AUTH_SYS || 13377c478bd9Sstevel@tonic-gate rqstp->rq_cred.oa_flavor == AUTH_LOOPBACK) { 13387c478bd9Sstevel@tonic-gate /* LINTED pointer alignment */ 13397c478bd9Sstevel@tonic-gate *uid = ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid; 13407c478bd9Sstevel@tonic-gate return (*uid == cred.euid || cred.euid == 0); 13417c478bd9Sstevel@tonic-gate } else { 13427c478bd9Sstevel@tonic-gate *uid = cred.euid; 13437c478bd9Sstevel@tonic-gate return (TRUE); 13447c478bd9Sstevel@tonic-gate } 13457c478bd9Sstevel@tonic-gate } 13467c478bd9Sstevel@tonic-gate 13477c478bd9Sstevel@tonic-gate static int 13487c478bd9Sstevel@tonic-gate get_cache_size(size) 13497c478bd9Sstevel@tonic-gate char *size; 13507c478bd9Sstevel@tonic-gate { 13517c478bd9Sstevel@tonic-gate int csize, len; 13527c478bd9Sstevel@tonic-gate 13537c478bd9Sstevel@tonic-gate len = (int)strlen(size); 13547c478bd9Sstevel@tonic-gate if (len == 0) { 13557c478bd9Sstevel@tonic-gate usage(); 13567c478bd9Sstevel@tonic-gate } 13577c478bd9Sstevel@tonic-gate 13587c478bd9Sstevel@tonic-gate if (size[len-1] == 'M' || size[len-1] == 'm') { 13597c478bd9Sstevel@tonic-gate /* 13607c478bd9Sstevel@tonic-gate * cache size in MB 13617c478bd9Sstevel@tonic-gate */ 13627c478bd9Sstevel@tonic-gate size[len-1] = '\0'; 13637c478bd9Sstevel@tonic-gate csize = atoi(size); 13647c478bd9Sstevel@tonic-gate } else { 13657c478bd9Sstevel@tonic-gate csize = atoi(size); 13667c478bd9Sstevel@tonic-gate /* 13677c478bd9Sstevel@tonic-gate * negative size indicates number of entries in cache 13687c478bd9Sstevel@tonic-gate */ 13697c478bd9Sstevel@tonic-gate csize = 0 - csize; 13707c478bd9Sstevel@tonic-gate } 13717c478bd9Sstevel@tonic-gate 13727c478bd9Sstevel@tonic-gate if (csize == 0) { 13737c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "invalid cache size: %s\n", size); 13747c478bd9Sstevel@tonic-gate usage(); 13757c478bd9Sstevel@tonic-gate } 13767c478bd9Sstevel@tonic-gate 13777c478bd9Sstevel@tonic-gate return (csize); 13787c478bd9Sstevel@tonic-gate } 13797c478bd9Sstevel@tonic-gate 13807c478bd9Sstevel@tonic-gate static void 13817c478bd9Sstevel@tonic-gate usage() 13827c478bd9Sstevel@tonic-gate { 13837c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "usage: \n"); 13847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "keyserv [-c]|[-s "); 13857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "<size>|<mechtype>=<size>[,...]] [-n] [-D] "); 13867c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "[-d | -e] "); 13877c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "[-t threads]\n"); 13887c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "-d disables the use of default keys\n"); 13897c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "-e enables the use of default keys\n"); 13907c478bd9Sstevel@tonic-gate exit(1); 13917c478bd9Sstevel@tonic-gate } 13927c478bd9Sstevel@tonic-gate 13937c478bd9Sstevel@tonic-gate static void 13947c478bd9Sstevel@tonic-gate defaults(void) 13957c478bd9Sstevel@tonic-gate { 13967c478bd9Sstevel@tonic-gate register int flags; 13977c478bd9Sstevel@tonic-gate register char *ptr; 13987c478bd9Sstevel@tonic-gate 13997c478bd9Sstevel@tonic-gate if (defopen(defaults_file) == 0) { 14007c478bd9Sstevel@tonic-gate /* 14017c478bd9Sstevel@tonic-gate * ignore case 14027c478bd9Sstevel@tonic-gate */ 14037c478bd9Sstevel@tonic-gate flags = defcntl(DC_GETFLAGS, 0); 14047c478bd9Sstevel@tonic-gate TURNOFF(flags, DC_CASE); 1405*06e1a714Sraf (void) defcntl(DC_SETFLAGS, flags); 14067c478bd9Sstevel@tonic-gate 14077c478bd9Sstevel@tonic-gate if ((ptr = defread("ENABLE_NOBODY_KEYS=")) != NULL) { 14087c478bd9Sstevel@tonic-gate if (strcasecmp(ptr, "NO") == 0) { 14097c478bd9Sstevel@tonic-gate use_nobody_keys = FALSE; 14107c478bd9Sstevel@tonic-gate } 14117c478bd9Sstevel@tonic-gate } 14127c478bd9Sstevel@tonic-gate 14137c478bd9Sstevel@tonic-gate (void) defopen((char *)NULL); 14147c478bd9Sstevel@tonic-gate } 14157c478bd9Sstevel@tonic-gate } 1416