summaryrefslogtreecommitdiffstats
path: root/usr.sbin/keyserv/keyserv.c
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/keyserv/keyserv.c')
-rw-r--r--usr.sbin/keyserv/keyserv.c821
1 files changed, 0 insertions, 821 deletions
diff --git a/usr.sbin/keyserv/keyserv.c b/usr.sbin/keyserv/keyserv.c
deleted file mode 100644
index 04e4972..0000000
--- a/usr.sbin/keyserv/keyserv.c
+++ /dev/null
@@ -1,821 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)keyserv.c 1.15 94/04/25 SMI";
-#endif
-static const char rcsid[] =
- "$FreeBSD$";
-#endif /* not lint */
-
-/*
- * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
- */
-
-/*
- * Keyserver
- * Store secret keys per uid. Do public key encryption and decryption
- * operations. Generate "random" keys.
- * Do not talk to anything but a local root
- * process on the local transport only
- */
-
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <rpc/rpc.h>
-#include <sys/param.h>
-#include <sys/file.h>
-#include <rpc/des_crypt.h>
-#include <rpc/des.h>
-#include <rpc/key_prot.h>
-#include <rpcsvc/crypt.h>
-#include "keyserv.h"
-
-#ifndef NGROUPS
-#define NGROUPS 16
-#endif
-
-#ifndef KEYSERVSOCK
-#define KEYSERVSOCK "/var/run/keyservsock"
-#endif
-
-static void randomize( des_block * );
-static void usage( void );
-static int getrootkey( des_block *, int );
-static int root_auth( SVCXPRT *, struct svc_req * );
-
-#ifdef DEBUG
-static int debugging = 1;
-#else
-static int debugging = 0;
-#endif
-
-static void keyprogram();
-static des_block masterkey;
-char *getenv();
-static char ROOTKEY[] = "/etc/.rootkey";
-
-/*
- * Hack to allow the keyserver to use AUTH_DES (for authenticated
- * NIS+ calls, for example). The only functions that get called
- * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
- *
- * The approach is to have the keyserver fill in pointers to local
- * implementations of these functions, and to call those in key_call().
- */
-
-extern cryptkeyres *(*__key_encryptsession_pk_LOCAL)();
-extern cryptkeyres *(*__key_decryptsession_pk_LOCAL)();
-extern des_block *(*__key_gendes_LOCAL)();
-extern int (*__des_crypt_LOCAL)();
-
-cryptkeyres *key_encrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
-cryptkeyres *key_decrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
-des_block *key_gen_1_svc_prog( void *, struct svc_req * );
-
-int
-main(argc, argv)
- int argc;
- char *argv[];
-{
- int nflag = 0;
- int c;
- int warn = 0;
- char *path = NULL;
- void *localhandle;
- register SVCXPRT *transp;
- struct netconfig *nconf = NULL;
-
- __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog;
- __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog;
- __key_gendes_LOCAL = &key_gen_1_svc_prog;
-
- while ((c = getopt(argc, argv, "ndDvp:")) != -1)
- switch (c) {
- case 'n':
- nflag++;
- break;
- case 'd':
- pk_nodefaultkeys();
- break;
- case 'D':
- debugging = 1;
- break;
- case 'v':
- warn = 1;
- break;
- case 'p':
- path = optarg;
- break;
- default:
- usage();
- }
-
- load_des(warn, path);
- __des_crypt_LOCAL = _my_crypt;
- if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1)
- errx(1, "failed to register AUTH_DES authenticator");
-
- if (optind != argc) {
- usage();
- }
-
- /*
- * Initialize
- */
- (void) umask(S_IXUSR|S_IXGRP|S_IXOTH);
- if (geteuid() != 0)
- errx(1, "keyserv must be run as root");
- setmodulus(HEXMODULUS);
- getrootkey(&masterkey, nflag);
-
- rpcb_unset(KEY_PROG, KEY_VERS, NULL);
- rpcb_unset(KEY_PROG, KEY_VERS2, NULL);
-
- if (svc_create(keyprogram, KEY_PROG, KEY_VERS,
- "netpath") == 0) {
- (void) fprintf(stderr,
- "%s: unable to create service\n", argv[0]);
- exit(1);
- }
-
- if (svc_create(keyprogram, KEY_PROG, KEY_VERS2,
- "netpath") == 0) {
- (void) fprintf(stderr,
- "%s: unable to create service\n", argv[0]);
- exit(1);
- }
-
- localhandle = setnetconfig();
- while ((nconf = getnetconfig(localhandle)) != NULL) {
- if (nconf->nc_protofmly != NULL &&
- strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
- break;
- }
-
- if (nconf == NULL)
- errx(1, "getnetconfig: %s", nc_sperror());
-
- unlink(KEYSERVSOCK);
- rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf);
- transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK);
- if (transp == NULL)
- errx(1, "cannot create AF_LOCAL service");
- if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf))
- errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)");
- if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf))
- errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)");
- if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf))
- errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)");
-
- endnetconfig(localhandle);
-
- (void) umask(066); /* paranoia */
-
- if (!debugging) {
- daemon(0,0);
- }
-
- signal(SIGPIPE, SIG_IGN);
-
- svc_run();
- abort();
- /* NOTREACHED */
-}
-
-/*
- * In the event that we don't get a root password, we try to
- * randomize the master key the best we can
- */
-static void
-randomize(master)
- des_block *master;
-{
-#ifndef __FreeBSD__
- int i;
- int seed;
- struct timeval tv;
- int shift;
-
- seed = 0;
- for (i = 0; i < 1024; i++) {
- (void) gettimeofday(&tv, (struct timezone *) NULL);
- shift = i % 8 * sizeof (int);
- seed ^= (tv.tv_usec << shift) | (tv.tv_usec >> (32 - shift));
- }
-#endif
-#ifdef KEYSERV_RANDOM
-#ifdef __FreeBSD__
- master->key.low = arc4random();
- master->key.high = arc4random();
-#else
- srandom(seed);
- master->key.low = random();
- master->key.high = random();
-#endif
-#else
- /* use stupid dangerous bad rand() */
-#ifdef __FreeBSD__
- sranddev();
-#else
- srand(seed);
-#endif
- master->key.low = rand();
- master->key.high = rand();
-#endif
-}
-
-/*
- * Try to get root's secret key, by prompting if terminal is a tty, else trying
- * from standard input.
- * Returns 1 on success.
- */
-static int
-getrootkey(master, prompt)
- des_block *master;
- int prompt;
-{
- char *passwd;
- char name[MAXNETNAMELEN + 1];
- char secret[HEXKEYBYTES];
- key_netstarg netstore;
- int fd;
-
- if (!prompt) {
- /*
- * Read secret key out of ROOTKEY
- */
- fd = open(ROOTKEY, O_RDONLY, 0);
- if (fd < 0) {
- randomize(master);
- return (0);
- }
- if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) {
- warnx("the key read from %s was too short", ROOTKEY);
- (void) close(fd);
- return (0);
- }
- (void) close(fd);
- if (!getnetname(name)) {
- warnx(
- "failed to generate host's netname when establishing root's key");
- return (0);
- }
- memcpy(netstore.st_priv_key, secret, HEXKEYBYTES);
- memset(netstore.st_pub_key, 0, HEXKEYBYTES);
- netstore.st_netname = name;
- if (pk_netput(0, &netstore) != KEY_SUCCESS) {
- warnx("could not set root's key and netname");
- return (0);
- }
- return (1);
- }
- /*
- * Decrypt yellow pages publickey entry to get secret key
- */
- passwd = getpass("root password:");
- passwd2des(passwd, (char *)master);
- getnetname(name);
- if (!getsecretkey(name, secret, passwd)) {
- warnx("can't find %s's secret key", name);
- return (0);
- }
- if (secret[0] == 0) {
- warnx("password does not decrypt secret key for %s", name);
- return (0);
- }
- (void) pk_setkey(0, secret);
- /*
- * Store it for future use in $ROOTKEY, if possible
- */
- fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
- if (fd > 0) {
- char newline = '\n';
-
- write(fd, secret, strlen(secret));
- write(fd, &newline, sizeof (newline));
- close(fd);
- }
- return (1);
-}
-
-/*
- * Procedures to implement RPC service
- */
-char *
-strstatus(status)
- keystatus status;
-{
- switch (status) {
- case KEY_SUCCESS:
- return ("KEY_SUCCESS");
- case KEY_NOSECRET:
- return ("KEY_NOSECRET");
- case KEY_UNKNOWN:
- return ("KEY_UNKNOWN");
- case KEY_SYSTEMERR:
- return ("KEY_SYSTEMERR");
- default:
- return ("(bad result code)");
- }
-}
-
-keystatus *
-key_set_1_svc_prog(uid, key)
- uid_t uid;
- keybuf key;
-{
- static keystatus status;
-
- if (debugging) {
- (void) fprintf(stderr, "set(%ld, %.*s) = ", uid,
- (int) sizeof (keybuf), key);
- }
- status = pk_setkey(uid, key);
- if (debugging) {
- (void) fprintf(stderr, "%s\n", strstatus(status));
- (void) fflush(stderr);
- }
- return (&status);
-}
-
-cryptkeyres *
-key_encrypt_pk_2_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg2 *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "encrypt(%ld, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_encrypt(uid, arg->remotename, &(arg->remotekey),
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-cryptkeyres *
-key_decrypt_pk_2_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg2 *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "decrypt(%ld, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_decrypt(uid, arg->remotename, &(arg->remotekey),
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-keystatus *
-key_net_put_2_svc_prog(uid, arg)
- uid_t uid;
- key_netstarg *arg;
-{
- static keystatus status;
-
- if (debugging) {
- (void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ",
- arg->st_netname, (int)sizeof (arg->st_pub_key),
- arg->st_pub_key, (int)sizeof (arg->st_priv_key),
- arg->st_priv_key);
- };
-
- status = pk_netput(uid, arg);
-
- if (debugging) {
- (void) fprintf(stderr, "%s\n", strstatus(status));
- (void) fflush(stderr);
- }
-
- return (&status);
-}
-
-key_netstres *
-key_net_get_2_svc_prog(uid, arg)
- uid_t uid;
- void *arg;
-{
- static key_netstres keynetname;
-
- if (debugging)
- (void) fprintf(stderr, "net_get(%ld) = ", uid);
-
- keynetname.status = pk_netget(uid, &keynetname.key_netstres_u.knet);
- if (debugging) {
- if (keynetname.status == KEY_SUCCESS) {
- fprintf(stderr, "<%s, %.*s, %.*s>\n",
- keynetname.key_netstres_u.knet.st_netname,
- (int)sizeof (keynetname.key_netstres_u.knet.st_pub_key),
- keynetname.key_netstres_u.knet.st_pub_key,
- (int)sizeof (keynetname.key_netstres_u.knet.st_priv_key),
- keynetname.key_netstres_u.knet.st_priv_key);
- } else {
- (void) fprintf(stderr, "NOT FOUND\n");
- }
- (void) fflush(stderr);
- }
-
- return (&keynetname);
-
-}
-
-cryptkeyres *
-key_get_conv_2_svc_prog(uid, arg)
- uid_t uid;
- keybuf arg;
-{
- static cryptkeyres res;
-
- if (debugging)
- (void) fprintf(stderr, "get_conv(%ld, %.*s) = ", uid,
- (int)sizeof (arg), arg);
-
-
- res.status = pk_get_conv_key(uid, arg, &res);
-
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-
-cryptkeyres *
-key_encrypt_1_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "encrypt(%ld, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_encrypt(uid, arg->remotename, NULL,
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-cryptkeyres *
-key_decrypt_1_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "decrypt(%ld, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_decrypt(uid, arg->remotename, NULL,
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-/* ARGSUSED */
-des_block *
-key_gen_1_svc_prog(v, s)
- void *v;
- struct svc_req *s;
-{
- struct timeval time;
- static des_block keygen;
- static des_block key;
-
- (void) gettimeofday(&time, (struct timezone *) NULL);
- keygen.key.high += (time.tv_sec ^ time.tv_usec);
- keygen.key.low += (time.tv_sec ^ time.tv_usec);
- ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen),
- DES_ENCRYPT | DES_HW);
- key = keygen;
- des_setparity((char *)&key);
- if (debugging) {
- (void) fprintf(stderr, "gen() = %08x%08x\n", key.key.high,
- key.key.low);
- (void) fflush(stderr);
- }
- return (&key);
-}
-
-getcredres *
-key_getcred_1_svc_prog(uid, name)
- uid_t uid;
- netnamestr *name;
-{
- static getcredres res;
- static u_int gids[NGROUPS];
- struct unixcred *cred;
-
- cred = &res.getcredres_u.cred;
- cred->gids.gids_val = gids;
- if (!netname2user(*name, (uid_t *) &cred->uid, (gid_t *) &cred->gid,
- (int *)&cred->gids.gids_len, (gid_t *)gids)) {
- res.status = KEY_UNKNOWN;
- } else {
- res.status = KEY_SUCCESS;
- }
- if (debugging) {
- (void) fprintf(stderr, "getcred(%s) = ", *name);
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n",
- cred->uid, cred->gid, cred->gids.gids_len);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-/*
- * RPC boilerplate
- */
-static void
-keyprogram(rqstp, transp)
- struct svc_req *rqstp;
- SVCXPRT *transp;
-{
- union {
- keybuf key_set_1_arg;
- cryptkeyarg key_encrypt_1_arg;
- cryptkeyarg key_decrypt_1_arg;
- netnamestr key_getcred_1_arg;
- cryptkeyarg key_encrypt_2_arg;
- cryptkeyarg key_decrypt_2_arg;
- netnamestr key_getcred_2_arg;
- cryptkeyarg2 key_encrypt_pk_2_arg;
- cryptkeyarg2 key_decrypt_pk_2_arg;
- key_netstarg key_net_put_2_arg;
- netobj key_get_conv_2_arg;
- } argument;
- char *result;
- xdrproc_t xdr_argument, xdr_result;
- char *(*local) ();
- uid_t uid = -1;
- int check_auth;
-
- switch (rqstp->rq_proc) {
- case NULLPROC:
- svc_sendreply(transp, (xdrproc_t)xdr_void, NULL);
- return;
-
- case KEY_SET:
- xdr_argument = (xdrproc_t)xdr_keybuf;
- xdr_result = (xdrproc_t)xdr_int;
- local = (char *(*)()) key_set_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_ENCRYPT:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_encrypt_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_DECRYPT:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_decrypt_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_GEN:
- xdr_argument = (xdrproc_t)xdr_void;
- xdr_result = (xdrproc_t)xdr_des_block;
- local = (char *(*)()) key_gen_1_svc_prog;
- check_auth = 0;
- break;
-
- case KEY_GETCRED:
- xdr_argument = (xdrproc_t)xdr_netnamestr;
- xdr_result = (xdrproc_t)xdr_getcredres;
- local = (char *(*)()) key_getcred_1_svc_prog;
- check_auth = 0;
- break;
-
- case KEY_ENCRYPT_PK:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_encrypt_pk_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_DECRYPT_PK:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_decrypt_pk_2_svc_prog;
- check_auth = 1;
- break;
-
-
- case KEY_NET_PUT:
- xdr_argument = (xdrproc_t)xdr_key_netstarg;
- xdr_result = (xdrproc_t)xdr_keystatus;
- local = (char *(*)()) key_net_put_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_NET_GET:
- xdr_argument = (xdrproc_t) xdr_void;
- xdr_result = (xdrproc_t)xdr_key_netstres;
- local = (char *(*)()) key_net_get_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_GET_CONV:
- xdr_argument = (xdrproc_t) xdr_keybuf;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_get_conv_2_svc_prog;
- check_auth = 1;
- break;
-
- default:
- svcerr_noproc(transp);
- return;
- }
- if (check_auth) {
- if (root_auth(transp, rqstp) == 0) {
- if (debugging) {
- (void) fprintf(stderr,
- "not local privileged process\n");
- }
- svcerr_weakauth(transp);
- return;
- }
- if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
- if (debugging) {
- (void) fprintf(stderr,
- "not unix authentication\n");
- }
- svcerr_weakauth(transp);
- return;
- }
- uid = ((struct authsys_parms *)rqstp->rq_clntcred)->aup_uid;
- }
-
- memset(&argument, 0, sizeof (argument));
- if (!svc_getargs(transp, xdr_argument, &argument)) {
- svcerr_decode(transp);
- return;
- }
- result = (*local) (uid, &argument);
- if (!svc_sendreply(transp, xdr_result, result)) {
- if (debugging)
- (void) fprintf(stderr, "unable to reply\n");
- svcerr_systemerr(transp);
- }
- if (!svc_freeargs(transp, xdr_argument, &argument)) {
- if (debugging)
- (void) fprintf(stderr,
- "unable to free arguments\n");
- exit(1);
- }
- return;
-}
-
-static int
-root_auth(trans, rqstp)
- SVCXPRT *trans;
- struct svc_req *rqstp;
-{
- uid_t uid;
- struct sockaddr *remote;
-
- remote = svc_getrpccaller(trans)->buf;
- if (remote->sa_family != AF_UNIX) {
- if (debugging)
- fprintf(stderr, "client didn't use AF_UNIX\n");
- return (0);
- }
-
- if (__rpc_get_local_uid(trans, &uid) < 0) {
- if (debugging)
- fprintf(stderr, "__rpc_get_local_uid failed\n");
- return (0);
- }
-
- if (debugging)
- fprintf(stderr, "local_uid %ld\n", uid);
- if (uid == 0)
- return (1);
- if (rqstp->rq_cred.oa_flavor == AUTH_SYS) {
- if (((uid_t) ((struct authunix_parms *)
- rqstp->rq_clntcred)->aup_uid)
- == uid) {
- return (1);
- } else {
- if (debugging)
- fprintf(stderr,
- "local_uid %ld mismatches auth %ld\n", uid,
-((uid_t) ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid));
- return (0);
- }
- } else {
- if (debugging)
- fprintf(stderr, "Not auth sys\n");
- return (0);
- }
-}
-
-static void
-usage()
-{
- (void) fprintf(stderr,
- "usage: keyserv [-n] [-D] [-d] [-v] [-p path]\n");
- (void) fprintf(stderr, "-d disables the use of default keys\n");
- exit(1);
-}
OpenPOWER on IntegriCloud