9 files changed, 705 insertions, 0 deletions
diff --git a/lib/librpc/secure_rpc/man/chkey.1 b/lib/librpc/secure_rpc/man/chkey.1
new file mode 100644
index 0000000..fbf1fcd
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/chkey.1
@@ -0,0 +1,19 @@
+.\"  @(#)chkey.1	2.1 88/08/10 4.0 RPCSRC; from 1.6 88/02/29 SMI;
+.TH CHKEY 1 "9 September 1987"
+.SH NAME
+chkey \- change your encryption key
+.SH SYNOPSIS
+.B chkey
+.SH DESCRIPTION
+.IX  "chkey command"  ""  "\fLchkey\fP command"
+.IX  "encryption key, change, \fLchkey\fR command"
+.B chkey
+prompts the user for their login password, and uses it to encrypt
+a new encryption key for the user to be stored in the
+.BR publickey (5)
+database.
+.SH "SEE ALSO"
+.BR keylogin (1),
+.BR publickey (5),
+.BR keyserv (8C),
+.BR newkey (8)
diff --git a/lib/librpc/secure_rpc/man/des_crypt.3 b/lib/librpc/secure_rpc/man/des_crypt.3
new file mode 100644
index 0000000..ca0a33e
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/des_crypt.3
@@ -0,0 +1,126 @@
+.\" @(#)des_crypt.3	2.1 88/08/11 4.0 RPCSRC; from 1.16 88/03/02 SMI;
+.TH DES_CRYPT 3  "6 October 1987"
+.SH NAME
+des_crypt, ecb_crypt, cbc_crypt, des_setparity \- fast DES encryption
+.SH SYNOPSIS
+.nf
+.B #include <des_crypt.h>
+.LP
+.B int ecb_crypt(key, data, datalen, mode)
+.B char *key;
+.B char *data;
+.B unsigned datalen;
+.B unsigned mode;
+.LP
+.B int cbc_crypt(key, data, datalen, mode, ivec)
+.B char *key;
+.B char *data;
+.B unsigned datalen;
+.B unsigned mode;
+.B char *ivec;
+.LP
+.B void des_setparity(key)
+.B char *key;
+.fi
+.SH DESCRIPTION
+.IX encryption cbc_crypt "" \fLcbc_crypt\fP
+.IX "des encryption" cbc_crypt "DES encryption" \fLcbc_crypt\fP
+.IX encryption des_setparity "" \fLdes_setparity\fP
+.IX "des encryption" des_setparity "DES encryption" \fLdes_setparity\fP
+.B ecb_crypt(\|)
+and
+.B cbc_crypt(\|)
+implement the
+.SM NBS
+.SM DES
+(Data Encryption Standard).
+These routines are faster and more general purpose than
+.BR crypt (3).
+They also are able to utilize
+.SM DES
+hardware if it is available.
+.B ecb_crypt(\|)
+encrypts in
+.SM ECB
+(Electronic Code Book)
+mode, which encrypts blocks of data independently.
+.B cbc_crypt(\|)
+encrypts in
+.SM CBC
+(Cipher Block Chaining)
+mode, which chains together
+successive blocks.
+.SM CBC
+mode protects against insertions, deletions and
+substitutions of blocks. Also, regularities in the clear text will
+not appear in the cipher text.
+.LP
+Here is how to use these routines.  The first parameter,
+.IR key ,
+is the 8-byte encryption key with parity.
+To set the key's parity, which for
+.SM DES
+is in the low bit of each byte, use
+.IR des_setparity .
+The second parameter,
+.IR data ,
+contains the data to be encrypted or decrypted. The
+third parameter,
+.IR datalen ,
+is the length in bytes of
+.IR data ,
+which must be a multiple of 8. The fourth parameter,
+.IR mode ,
+is formed by
+.SM OR\s0'ing
+together some things.  For the encryption direction 'or' in either
+.SM DES_ENCRYPT
+or
+.SM DES_DECRYPT\s0.
+For software versus hardware
+encryption, 'or' in either
+.SM DES_HW
+or
+.SM DES_SW\s0.
+If
+.SM DES_HW
+is specified, and there is no hardware, then the encryption is performed
+in software and the routine returns
+.SM DESERR_NOHWDEVICE\s0.
+For
+.IR cbc_crypt ,
+the parameter
+.I ivec
+is the the 8-byte initialization
+vector for the chaining.  It is updated to the next initialization
+vector upon return.
+.LP
+.SH "SEE ALSO"
+.BR des (1),
+.BR crypt (3)
+.SH DIAGNOSTICS
+.PD 0
+.TP 20
+.SM DESERR_NONE
+No error.
+.TP
+.SM DESERR_NOHWDEVICE
+Encryption succeeded, but done in software instead of the requested hardware.
+.TP
+.SM DESERR_HWERR
+An error occurred in the hardware or driver.
+.TP
+.SM DESERR_BADPARAM
+Bad parameter to routine.
+.PD
+.LP
+Given a result status
+.IR stat ,
+the macro
+.SM DES_FAILED\c
+.BR ( stat )
+is false only for the first two statuses.
+.SH RESTRICTIONS
+These routines are not available in RPCSRC 4.0.
+This information is provided to describe the DES interface expected by
+Secure RPC.
diff --git a/lib/librpc/secure_rpc/man/keyenvoy.8c b/lib/librpc/secure_rpc/man/keyenvoy.8c
new file mode 100644
index 0000000..8cf7bc3
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/keyenvoy.8c
@@ -0,0 +1,22 @@
+.\" @(#)keyenvoy.8c	2.1 88/08/10 4.0 RPCSRC; from 1.5 88/03/01 SMI;
+.TH KEYENVOY 8C "9 September 1987"
+.SH NAME
+keyenvoy \- talk to keyserver
+.SH SYNOPSIS
+.B keyenvoy
+.SH DESCRIPTION
+.IX "keyenvoy command" "" "\fLkeyenvoy\fP command"
+.B keyenvoy
+is used by some
+.SM RPC
+programs to talk to the key server,
+.BR keyserv (8C).
+The key server will not talk to anything but a root process, and
+.B keyenvoy
+is a set-uid root process that acts as an intermediary between a user
+process that wishes to talk to the
+key server and the key server itself.
+.LP
+This program cannot be run interactively.
+.SH "SEE ALSO"
+.BR keyserv (8C)
diff --git a/lib/librpc/secure_rpc/man/keylogin.1 b/lib/librpc/secure_rpc/man/keylogin.1
new file mode 100644
index 0000000..516d9de
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/keylogin.1
@@ -0,0 +1,32 @@
+.\" @(#)keylogin.1	2.1 88/08/10 4.0 RPCSRC; from 1.6 88/02/29 SMI;
+.TH KEYLOGIN 1 "9 September 1987"
+.SH NAME
+keylogin \- decrypt and store secret key
+.SH SYNOPSIS
+.B keylogin
+.SH DESCRIPTION
+.IX "keylogin command" "" "\fLkeylogin\fR command" 
+.LP
+.B keylogin
+prompts the user for their login password, and uses it do decrypt
+the user's secret key stored in the
+.BR publickey (5)
+database. Once decrypted, the user's key is stored by the local
+key server process
+.BR keyserv (8C)
+to be used by any secure network services, such as
+.SM NFS\s0.
+.LP
+Normally,
+.BR login (1)
+does this work when the user logs onto the system, but running
+.B keylogin
+may be necessary if
+the user did not type a password to
+.BR login (1).
+.SH "SEE ALSO"
+.BR chkey (1),
+.BR login (1),
+.BR publickey (5),
+.BR keyserv (8C),
+.BR newkey (8)
diff --git a/lib/librpc/secure_rpc/man/keyserv.8c b/lib/librpc/secure_rpc/man/keyserv.8c
new file mode 100644
index 0000000..aa153ed
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/keyserv.8c
@@ -0,0 +1,52 @@
+.\" @(#)keyserv.8c	2.1 88/08/10 4.0 RPCSRC; from 1.6 88/03/01 SMI;
+.TH KEYSERV 8C "9 September 1987"
+.SH NAME
+keyserv \- server for storing public and private keys
+.SH SYNOPSIS
+.B keyserv
+[
+.B \-n
+]
+.SH DESCRIPTION
+.IX "keyenvoy server" "" "\fLkeyenvoy\fP server"
+.B keyserv
+is a daemon that is used for storing the
+private encryption keys of each
+user logged into the system. These encryption
+keys are using for accessing
+secure network services such as secure
+.SM NFS\s0.
+When a user logs in to the system, the
+.BR login(1)
+program uses the login password to decrypt
+the user's encryption key stored
+in the Yellow Pages, and then gives the decrypted key to the
+.B keyserv
+daemon to store away.
+.LP
+Normally, root's key is read from the file
+.B /etc/.rootkey
+when the daemon starts up. This is useful during power-fail reboots
+when no one is around to type a password, yet you still want the
+secure network services to operate normally.
+.SH OPTIONS
+.TP
+.B \-n
+Do not read root's key from
+.BR /etc/.rootkey .
+Instead, prompt the user for the password to decrypt
+.B root 's
+key stored in the Yellow Pages and then store the decrypted key in
+.B /etc/.rootkey
+for future use.
+This option is useful if the
+.B /etc/.rootkey
+file ever gets out of date or corrupted.
+.SH FILES
+.PD 0
+.TP 20
+.B /etc/.rootkey
+.PD
+.SH "SEE ALSO"
+.BR login (1),
+.BR publickey (5)
diff --git a/lib/librpc/secure_rpc/man/publickey.3r b/lib/librpc/secure_rpc/man/publickey.3r
new file mode 100644
index 0000000..7063e8a
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/publickey.3r
@@ -0,0 +1,44 @@
+.\" @(#)publickey.3r	2.1 88/08/07 4.0 RPCSRC
+.TH PUBLICKEY 3R  "6 October 1987"
+.SH NAME
+publickey, getpublickey, getsecretkey \- get public or secret key
+.SH SYNOPSIS
+.nf
+.B #include <rpc/rpc.h>
+.B #include <rpc/key_prot.h>
+.LP
+.B getpublickey(netname, publickey)
+.B	char netname[\s-1MAXNETNAMELEN\s0+1];
+.B	char publickey[\s-1HEXKEYBYTES\s0+1];
+.LP
+.B getsecretkey(netname, secretkey, passwd)
+.B	char netname[\s-1MAXNETNAMELEN\s0+1];
+.B	char secretkey[\s-1HEXKEYBYTES\s0+1];
+.B	char *passwd;
+.fi
+.SH DESCRIPTION
+.IX "getpublickey function" "" "\fLgetpublickey()\fP function"
+.IX "getsecretkey function" "" "\fLgetsecretkey()\fP function"
+These routines are used to get public and secret keys from the
+.SM YP
+database.
+.B getsecretkey(\|)
+has an extra argument,
+.IR passwd ,
+which is used to decrypt the encrypted secret key stored in the database.
+Both routines return 1 if they are successful in finding the key, 0 otherwise.
+The keys are returned as
+.SM NULL\s0-terminated,
+hexadecimal strings. If the password supplied to
+.B getsecretkey(\|)
+fails to decrypt the secret key, the routine will return 1 but the
+.I secretkey
+argument will be a
+.SM NULL
+string (``'').
+.SH "SEE ALSO"
+.BR publickey (5)
+.LP
+.I \s-1RPC\s0 Programmer's Manual
+in
+.TX NETP
diff --git a/lib/librpc/secure_rpc/man/publickey.5 b/lib/librpc/secure_rpc/man/publickey.5
new file mode 100644
index 0000000..de3c1e9
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/publickey.5
@@ -0,0 +1,37 @@
+.\" @(#)publickey.5	2.1 88/08/07 4.0 RPCSRC; from 1.6 88/02/29 SMI;
+.TH PUBLICKEY 5 "19 October 1987"
+.SH NAME
+publickey \- public key database
+.SH SYNOPSIS
+.B /etc/publickey
+.SH DESCRIPTION
+.LP
+.B /etc/publickey
+is the public key database used for secure
+networking. Each entry in
+the database consists of a network user
+name (which may either refer to
+a user or a hostname), followed by the user's
+public key (in hex
+notation), a colon, and then the user's
+secret key encrypted with
+its login password (also in hex notation).
+.LP
+This file is altered either by the user through the
+.BR chkey (1)
+command or by the system administrator through the
+.BR newkey (8)
+command.
+The file
+.B /etc/publickey
+should only contain data on the Yellow
+Pages master machine, where it
+is converted into the
+.SM YP
+database
+.BR publickey.byname .
+.SH SEE ALSO
+.BR chkey (1),
+.BR publickey (3R),
+.BR newkey (8),
+.BR ypupdated (8C)
diff --git a/lib/librpc/secure_rpc/man/rpc_secure.3n b/lib/librpc/secure_rpc/man/rpc_secure.3n
new file mode 100644
index 0000000..6e9a2ee
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/rpc_secure.3n
@@ -0,0 +1,330 @@
+.\" @(#)rpc_secure.3n	2.1 88/08/08 4.0 RPCSRC; from 1.19 88/06/24 SMI
+.TH RPC 3N "16 February 1988"
+.SH NAME
+rpc_secure \- library routines for secure remote procedure calls
+.SH SYNOPSIS AND DESCRIPTION
+These routines are part of the RPC library.  They implement DES
+Authentication.  See
+.BR rpc (3N)
+for further details about RPC.
+.LP
+.ft B
+.nf
+.sp .5
+#include <rpc/rpc.h>
+.fi
+.ft R
+.br
+.if t .ne 22
+.LP
+.ft B
+.nf
+.sp .5
+\s-1AUTH\s0 *
+authdes_create(name, window, syncaddr, ckey)
+char *name;
+unsigned window;
+struct sockaddr_in *addr;
+des_block *ckey;
+.fi
+.ft R
+.IP
+.B authdes_create(\|)
+is the first of two routines which interface to the
+.SM RPC
+secure authentication system, known as
+.SM DES
+authentication.
+The second is
+.BR authdes_getucred(\|) ,
+below. Note: the keyserver daemon
+.BR keyserv (8C)
+must be running for the
+.SM DES
+authentication system to work.
+.IP
+.BR authdes_create(\|) ,
+used on the client side, returns an authentication handle that
+will enable the use of the secure authentication system.
+The first parameter
+.I name
+is the network name, or
+.IR netname ,
+of the owner of the server process. This field usually
+represents a
+.I hostname
+derived from the utility routine
+.BR host2netname ,
+but could also represent a user name using
+.BR user2netname .
+The second field is window on the validity of
+the client credential, given in seconds.  A small
+window is more secure than a large one, but choosing
+too small of a window will increase the frequency of
+resynchronizations because of clock drift. The third
+parameter
+.I syncaddr
+is optional.  If it is
+.SM NULL\s0,
+then the authentication system will assume
+that the local clock is always in sync with the server's
+clock, and will not attempt resynchronizations. If an address
+is supplied, however, then the system will use the address
+for consulting the remote time service whenever
+resynchronization
+is required. This parameter is usually the
+address of the
+.SM RPC
+server itself. The final parameter
+.I ckey
+is also optional.  If it is
+.SM NULL\s0,
+then the authentication system will
+generate a random
+.SM DES
+key to be used for the encryption of credentials.
+If it is supplied, however, then it will be used instead.
+.br
+.if t .ne 13
+.LP
+.ft B
+.nf
+.sp .5
+authdes_getucred(adc, uid, gid, grouplen, groups)
+struct authdes_cred *adc;
+short *uid;
+short *gid;
+short *grouplen;
+int *groups;
+.fi
+.ft R
+.IP
+.BR authdes_getucred(\|) ,
+the second of the two
+.SM DES
+authentication routines,
+is used on the server side for converting a
+.SM DES
+credential, which is
+operating system independent, into a
+.UX
+credential. This routine differs from utility routine
+.B netname2user
+in that
+.B authdes_getucred(\|)
+pulls its information from a cache, and does not have to do a
+Yellow Pages lookup every time it is called to get its information.
+.br
+.ft .ne 8
+.LP
+.ft B
+.nf
+.sp .5
+host2netname(name, host, domain)
+char *name;
+char *host;
+char *domain;
+.fi
+.ft R
+.IP
+Convert from a domain-specific hostname to an
+operating-system independent netname. Return
+.SM TRUE
+if it succeeds and
+.SM FALSE
+if it fails. Inverse of
+.BR netname2host(\|) .
+.br
+.if t .ne 9
+.LP
+.ft B
+.nf
+.sp .5
+key_decryptsession(remotename, deskey)
+char *remotename;
+des_block *deskey;
+.fi
+.ft R
+.IP
+.B key_decryptsession(\|)
+is an interface to the keyserver daemon, which is associated
+with
+.SM RPC\s0's
+secure authentication system (\s-1DES\s0
+authentication).
+User programs rarely need to call it, or its associated routines
+.BR key_encryptsession(\|) ,
+.B key_gendes(\|)
+and
+.BR key_setsecret(\|) .
+System commands such as
+.B login
+and the
+.SM RPC
+library are the main clients of these four routines.
+.IP
+.B key_decryptsession(\|)
+takes a server netname and a des key, and decrypts the key by
+using the the public key of the the server and the secret key
+associated with the effective uid of the calling process.  It
+is the inverse of
+.BR key_encryptsession(\|) .
+.br
+.if t .ne 8
+.LP
+.ft B
+.nf
+.sp .5
+key_encryptsession(remotename, deskey)
+char *remotename;
+des_block *deskey;
+.fi
+.ft R
+.IP
+.B key_encryptsession(\|)
+is a keyserver interface routine. It
+takes a server netname and a des key, and encrypts
+it using the public key of the the server and the secret key
+associated with the effective uid of the calling process.  It
+is the inverse of
+.BR key_decryptsession(\|) .
+.br
+.if t .ne 7
+.LP
+.ft B
+.nf
+.sp .5
+key_gendes(deskey)
+des_block *deskey;
+.fi
+.ft R
+.IP
+.B key_gendes(\|)
+is a keyserver interface routine. It
+is used to ask the keyserver for a secure conversation key.
+Choosing one at \(lqrandom\(rq is usually not good enough,
+because
+the common ways of choosing random numbers, such as using the
+current time, are very easy to guess.
+.br
+.if t .ne 6
+.LP
+.ft B
+.nf
+.sp .5
+key_setsecret(key)
+char *key;
+.fi
+.ft R
+.IP
+.B key_setsecret(\|)
+is a keyserver interface routine. It is used to set the key for
+the effective
+.I uid
+of the calling process.
+.br
+.if t .ne 7
+.LP
+.ft B
+.nf
+.sp .5
+getnetname(name)
+char name[\s-1MAXNETNAMELEN\s0];
+.fi
+.ft R
+.IP
+.B getnetname(\|)
+installs the unique, operating-system independent netname of
+the
+caller in the fixed-length array
+.IR name .
+Returns
+.SM TRUE
+if it succeeds and
+.SM FALSE
+if it fails.
+.br
+.if t .ne 6
+.LP
+.ft B
+.nf
+.sp .5
+netname2host(name, host, hostlen)
+char *name;
+char *host;
+int hostlen;
+.fi
+.ft R
+.IP
+Convert from an operating-system independent netname to a
+domain-specific hostname. Returns
+.SM TRUE
+if it succeeds and
+.SM FALSE
+if it fails.  Inverse of
+.BR host2netname(\|) .
+.br
+.if t .ne 9
+.LP
+.ft B
+.nf
+.sp .5
+netname2user(name, uidp, gidp, gidlenp, gidlist)
+char *name;
+int *uidp;
+int *gidp;
+int *gidlenp;
+int *gidlist;
+.fi
+.ft R
+.IP
+Convert from an operating-system independent netname to a
+domain-specific user
+.SM ID.
+Returns
+.SM TRUE
+if it succeeds and
+.SM FALSE
+if it fails. Inverse of
+.BR user2netname(\|) .
+.br
+.if t .ne 8
+.LP
+.ft B
+.nf
+.sp .5
+user2netname(name, uid, domain)
+char *name;
+int uid;
+char *domain;
+.fi
+.ft R
+.IP
+Convert from a domain-specific username to an operating-system
+independent netname. Returns
+.SM TRUE
+if it succeeds and
+.SM FALSE
+if it fails. Inverse of
+.BR netname2user(\|) .
+.br
+.SH SEE ALSO
+.BR xdr (3N),
+.BR keyserv (8C),
+.BR rpc (3N)
+.br
+The following manuals:
+.RS
+.ft I
+Remote Procedure Calls: Protocol Specification
+.br
+Remote Procedure Call Programming Guide
+.br
+rpcgen Programming Guide
+.br
+.ft R
+.RE
+.IR "\s-1RPC\s0: Remote Procedure Call Protocol Specification" ,
+.SM RFC1050, Sun Microsystems, Inc.,
+.SM USC-ISI\s0.
+
diff --git a/lib/librpc/secure_rpc/man/rtime.3n b/lib/librpc/secure_rpc/man/rtime.3n
new file mode 100644
index 0000000..af0c1ca
--- /dev/null
+++ b/lib/librpc/secure_rpc/man/rtime.3n
@@ -0,0 +1,43 @@
+.\" @(#)rtime.3n	2.1 88/08/08 4.0 RPCSRC; from 1.5 88/02/08 SMI
+.TH RTIME 3  "22 November 1987"
+.SH NAME
+rtime \- get remote time
+.SH SYNOPSIS
+.nf
+.B #include <sys/types.h>
+.B #include <sys/time.h>
+.B #include <netinet/in.h>
+.LP
+.B int rtime(addrp, timep, timeout)
+.B struct sockaddr_in \(**addrp;
+.B struct timeval \(**timep;
+.B struct timeval \(**timeout;
+.fi
+.SH DESCRIPTION
+.B rtime(\|)
+consults the Internet Time Server at the address pointed to by
+.I addrp
+and returns the remote time in the
+.B timeval
+struct pointed to by
+.IR timep .
+Normally, the
+.SM UDP
+protocol is used when consulting the Time Server. The
+.I timeout
+parameter specifies how long the
+routine should wait before giving
+up when waiting for a reply.  If
+.I timeout
+is specified as
+.SM NULL\s0,
+however, the routine will instead use
+.SM TCP
+and block until a reply is received from the time server.
+.LP
+The routine returns 0 if it is successful. Otherwise,
+it returns \-1 and
+.B errno
+is set to reflect the cause of the error.
+.SH "SEE ALSO"
+.BR timed (8c)