1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 1997 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 28 /* All Rights Reserved */ 29 30 /* 31 * University Copyright- Copyright (c) 1982, 1986, 1988 32 * The Regents of the University of California 33 * All Rights Reserved 34 * 35 * University Acknowledgment- Portions of this document are derived from 36 * software developed by the University of California, Berkeley, and its 37 * contributors. 38 */ 39 40 #pragma ident "%Z%%M% %I% %E% SMI" 41 42 /* 43 * unset the secret key on local machine 44 */ 45 #include <stdio.h> 46 #include <rpc/rpc.h> 47 #include <rpc/key_prot.h> 48 #include <nfs/nfs.h> 49 #include <nfs/nfssys.h> 50 51 extern int key_removesecret_g(); 52 53 /* for revoking kernel NFS credentials */ 54 struct nfs_revauth_args nra; 55 56 main(argc, argv) 57 int argc; 58 char *argv[]; 59 { 60 static char secret[HEXKEYBYTES + 1]; 61 int err = 0; 62 63 if (geteuid() == 0) { 64 if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) { 65 fprintf(stderr, 66 "keylogout by root would break the rpc services that"); 67 fprintf(stderr, " use secure rpc on this host!\n"); 68 fprintf(stderr, 69 "root may use keylogout -f to do this (at your own risk)!\n"); 70 exit(-1); 71 } 72 } 73 74 if (key_removesecret_g() < 0) { 75 fprintf(stderr, "Could not unset your secret key.\n"); 76 fprintf(stderr, "Maybe the keyserver is down?\n"); 77 err = 1; 78 } 79 if (key_setsecret(secret) < 0) { 80 if (!err) { 81 fprintf(stderr, "Could not unset your secret key.\n"); 82 fprintf(stderr, "Maybe the keyserver is down?\n"); 83 err = 1; 84 } 85 } 86 87 nra.authtype = AUTH_DES; /* only revoke DES creds */ 88 nra.uid = getuid(); /* use the real uid */ 89 if (_nfssys(NFS_REVAUTH, &nra) < 0) { 90 perror("Warning: NFS credentials not destroyed"); 91 err = 1; 92 } 93 94 exit(err); 95 /* NOTREACHED */ 96 } 97