xref: /illumos-gate/usr/src/cmd/keyserv/keyserv.c (revision bbf21555)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5a0368f78Speteh  * Common Development and Distribution License (the "License").
6a0368f78Speteh  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
2106e1a714Sraf 
227c478bd9Sstevel@tonic-gate /*
23b1cdc720SAlex Wilson  * Copyright 2017 Joyent Inc
2436e852a1SRaja Andra  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
257c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
267c478bd9Sstevel@tonic-gate  */
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
297c478bd9Sstevel@tonic-gate /*	All Rights Reserved   */
307c478bd9Sstevel@tonic-gate 
317c478bd9Sstevel@tonic-gate /*
327c478bd9Sstevel@tonic-gate  * University Copyright- Copyright (c) 1982, 1986, 1988
337c478bd9Sstevel@tonic-gate  * The Regents of the University of California
347c478bd9Sstevel@tonic-gate  * All Rights Reserved
357c478bd9Sstevel@tonic-gate  *
367c478bd9Sstevel@tonic-gate  * University Acknowledgment- Portions of this document are derived from
377c478bd9Sstevel@tonic-gate  * software developed by the University of California, Berkeley, and its
387c478bd9Sstevel@tonic-gate  * contributors.
397c478bd9Sstevel@tonic-gate  */
407c478bd9Sstevel@tonic-gate 
417c478bd9Sstevel@tonic-gate /*
427c478bd9Sstevel@tonic-gate  * keyserv - server for storing private encryption keys
43*bbf21555SRichard Lowe  *   keyserv(8) performs multiple functions:  it stores secret keys per uid; it
447c478bd9Sstevel@tonic-gate  *   performs public key encryption and decryption operations; and it generates
45*bbf21555SRichard Lowe  *   "random" keys.  keyserv(8) will talk to no one but a local root process on
467c478bd9Sstevel@tonic-gate  *   the local transport only.
477c478bd9Sstevel@tonic-gate  */
487c478bd9Sstevel@tonic-gate 
497c478bd9Sstevel@tonic-gate #include <stdio.h>
50004388ebScasper #include <stdio_ext.h>
517c478bd9Sstevel@tonic-gate #include <stdlib.h>
527c478bd9Sstevel@tonic-gate #include <sys/types.h>
537c478bd9Sstevel@tonic-gate #include <sys/stat.h>
547c478bd9Sstevel@tonic-gate #include <sys/uio.h>
557c478bd9Sstevel@tonic-gate #include <unistd.h>
567c478bd9Sstevel@tonic-gate #include <string.h>
577c478bd9Sstevel@tonic-gate #include <deflt.h>
587c478bd9Sstevel@tonic-gate #include <rpc/rpc.h>
597c478bd9Sstevel@tonic-gate #include <sys/param.h>
607c478bd9Sstevel@tonic-gate #include <sys/file.h>
617c478bd9Sstevel@tonic-gate #include <sys/resource.h>
627c478bd9Sstevel@tonic-gate #include <pwd.h>
637c478bd9Sstevel@tonic-gate #include <rpc/des_crypt.h>
647c478bd9Sstevel@tonic-gate #include <rpc/key_prot.h>
657c478bd9Sstevel@tonic-gate #include <thread.h>
667c478bd9Sstevel@tonic-gate #include "rpc/svc_mt.h"
677c478bd9Sstevel@tonic-gate #include <rpcsvc/nis_dhext.h>
687c478bd9Sstevel@tonic-gate #include <syslog.h>
697c478bd9Sstevel@tonic-gate #include <libscf.h>
70b1cdc720SAlex Wilson #include <sys/debug.h>
717c478bd9Sstevel@tonic-gate 
727c478bd9Sstevel@tonic-gate #include "debug.h"
737c478bd9Sstevel@tonic-gate #include "keyserv_cache.h"
747c478bd9Sstevel@tonic-gate 
757c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM
767c478bd9Sstevel@tonic-gate extern long random();
777c478bd9Sstevel@tonic-gate #endif
787c478bd9Sstevel@tonic-gate 
797c478bd9Sstevel@tonic-gate extern keystatus pk_setkey();
807c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt();
817c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt();
827c478bd9Sstevel@tonic-gate extern keystatus pk_netput();
837c478bd9Sstevel@tonic-gate extern keystatus pk_netget();
847c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key();
857c478bd9Sstevel@tonic-gate extern bool_t svc_get_local_cred();
867c478bd9Sstevel@tonic-gate 
877c478bd9Sstevel@tonic-gate extern keystatus pk_setkey3();
887c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt3();
897c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt3();
907c478bd9Sstevel@tonic-gate extern keystatus pk_netput3();
917c478bd9Sstevel@tonic-gate extern keystatus pk_netget3();
927c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key3();
937c478bd9Sstevel@tonic-gate extern keystatus pk_clear3();
947c478bd9Sstevel@tonic-gate 
957c478bd9Sstevel@tonic-gate extern int init_mechs();
967c478bd9Sstevel@tonic-gate extern int addmasterkey();
977c478bd9Sstevel@tonic-gate extern int storeotherrootkeys();
987c478bd9Sstevel@tonic-gate extern int setdeskeyarray();
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate extern int getdomainname();
1017c478bd9Sstevel@tonic-gate 
1027c478bd9Sstevel@tonic-gate static void randomize();
1037c478bd9Sstevel@tonic-gate static void usage();
1047c478bd9Sstevel@tonic-gate static void defaults();
1057c478bd9Sstevel@tonic-gate static int getrootkey();
1067c478bd9Sstevel@tonic-gate static int get_cache_size(char *);
1077c478bd9Sstevel@tonic-gate static bool_t get_auth();
1087c478bd9Sstevel@tonic-gate 
1097c478bd9Sstevel@tonic-gate #ifdef DEBUG
1107c478bd9Sstevel@tonic-gate extern int test_debug();
1117c478bd9Sstevel@tonic-gate extern int real_debug();
1127c478bd9Sstevel@tonic-gate int debugging = 1;
1137c478bd9Sstevel@tonic-gate #else
1147c478bd9Sstevel@tonic-gate int debugging = 0;
1157c478bd9Sstevel@tonic-gate #endif
1167c478bd9Sstevel@tonic-gate 
1177c478bd9Sstevel@tonic-gate static void keyprogram();
1187c478bd9Sstevel@tonic-gate static des_block masterkey;
1197c478bd9Sstevel@tonic-gate char *getenv();
1207c478bd9Sstevel@tonic-gate static char ROOTKEY[] = "/etc/.rootkey";
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate static char *defaults_file = "/etc/default/keyserv";
1237c478bd9Sstevel@tonic-gate static int use_nobody_keys = TRUE;
1247c478bd9Sstevel@tonic-gate 
1257c478bd9Sstevel@tonic-gate /*
12636e852a1SRaja Andra  * Hack to allow the keyserver to use AUTH_DES. The only functions
12736e852a1SRaja Andra  * that get called are key_encryptsession_pk, key_decryptsession_pk,
12836e852a1SRaja Andra  * and key_gendes.
1297c478bd9Sstevel@tonic-gate  *
1307c478bd9Sstevel@tonic-gate  * The approach is to have the keyserver fill in pointers to local
1317c478bd9Sstevel@tonic-gate  * implementations of these functions, and to call those in key_call().
1327c478bd9Sstevel@tonic-gate  */
1337c478bd9Sstevel@tonic-gate 
1347c478bd9Sstevel@tonic-gate bool_t __key_encrypt_pk_2_svc();
1357c478bd9Sstevel@tonic-gate bool_t __key_decrypt_pk_2_svc();
1367c478bd9Sstevel@tonic-gate bool_t __key_gen_1_svc();
1377c478bd9Sstevel@tonic-gate 
1387c478bd9Sstevel@tonic-gate extern bool_t (*__key_encryptsession_pk_LOCAL)();
1397c478bd9Sstevel@tonic-gate extern bool_t (*__key_decryptsession_pk_LOCAL)();
1407c478bd9Sstevel@tonic-gate extern bool_t (*__key_gendes_LOCAL)();
1417c478bd9Sstevel@tonic-gate 
1427c478bd9Sstevel@tonic-gate static int nthreads = 32;
1437c478bd9Sstevel@tonic-gate 
1447c478bd9Sstevel@tonic-gate /* Disk caching of common keys on by default */
1457c478bd9Sstevel@tonic-gate int disk_caching = 1;
1467c478bd9Sstevel@tonic-gate 
1477c478bd9Sstevel@tonic-gate mechanism_t **mechs;
1487c478bd9Sstevel@tonic-gate 
1497c478bd9Sstevel@tonic-gate /*
1507c478bd9Sstevel@tonic-gate  * The default size for all types of mech.
1517c478bd9Sstevel@tonic-gate  * positive integers denote multiples of 1MB
1527c478bd9Sstevel@tonic-gate  * negative integers denote number of entries
1537c478bd9Sstevel@tonic-gate  * same goes for non-null entries in cache_size
1547c478bd9Sstevel@tonic-gate  */
1557c478bd9Sstevel@tonic-gate static int default_cache = 1;
1567c478bd9Sstevel@tonic-gate 
1577c478bd9Sstevel@tonic-gate int *cache_size;
1587c478bd9Sstevel@tonic-gate char **cache_options;
1597c478bd9Sstevel@tonic-gate 
16049e7ca49Speteh int
main(int argc,char * argv[])16149e7ca49Speteh main(int argc, char *argv[])
1627c478bd9Sstevel@tonic-gate {
1637c478bd9Sstevel@tonic-gate 	int sflag = 0, s1flag = 0, s2flag = 0, nflag = 0, dflag = 0, eflag = 0;
1647c478bd9Sstevel@tonic-gate 	char *options, *value;
1657c478bd9Sstevel@tonic-gate 	extern char *optarg;
1667c478bd9Sstevel@tonic-gate 	extern int optind;
1677c478bd9Sstevel@tonic-gate 	int c, d;
1687c478bd9Sstevel@tonic-gate 	struct rlimit rl;
1697c478bd9Sstevel@tonic-gate 	int mode = RPC_SVC_MT_AUTO;
1707c478bd9Sstevel@tonic-gate 	int maxrecsz = RPC_MAXDATASIZE;
1717c478bd9Sstevel@tonic-gate 
17249e7ca49Speteh 	void detachfromtty(void);
1737c478bd9Sstevel@tonic-gate 	int setmodulus();
1747c478bd9Sstevel@tonic-gate 	int pk_nodefaultkeys();
1757c478bd9Sstevel@tonic-gate 	int svc_create_local_service();
1767c478bd9Sstevel@tonic-gate 
1777c478bd9Sstevel@tonic-gate 	char domainname[MAXNETNAMELEN + 1];
1787c478bd9Sstevel@tonic-gate 
1797c478bd9Sstevel@tonic-gate 	/*
1807c478bd9Sstevel@tonic-gate 	 * Set our allowed number of file descriptors to the max
1817c478bd9Sstevel@tonic-gate 	 * of what the system will allow, limited by FD_SETSIZE.
1827c478bd9Sstevel@tonic-gate 	 */
1837c478bd9Sstevel@tonic-gate 	if (getrlimit(RLIMIT_NOFILE, &rl) == 0) {
1847c478bd9Sstevel@tonic-gate 		rlim_t limit;
1857c478bd9Sstevel@tonic-gate 
1867c478bd9Sstevel@tonic-gate 		if ((limit = rl.rlim_max) > FD_SETSIZE)
1877c478bd9Sstevel@tonic-gate 			limit = FD_SETSIZE;
1887c478bd9Sstevel@tonic-gate 		rl.rlim_cur = limit;
1897c478bd9Sstevel@tonic-gate 		(void) setrlimit(RLIMIT_NOFILE, &rl);
190004388ebScasper 		(void) enable_extended_FILE_stdio(-1, -1);
1917c478bd9Sstevel@tonic-gate 	}
1927c478bd9Sstevel@tonic-gate 
1937c478bd9Sstevel@tonic-gate 	__key_encryptsession_pk_LOCAL = &__key_encrypt_pk_2_svc;
1947c478bd9Sstevel@tonic-gate 	__key_decryptsession_pk_LOCAL = &__key_decrypt_pk_2_svc;
1957c478bd9Sstevel@tonic-gate 	__key_gendes_LOCAL = &__key_gen_1_svc;
1967c478bd9Sstevel@tonic-gate 
1977c478bd9Sstevel@tonic-gate 	/*
1987c478bd9Sstevel@tonic-gate 	 * Pre-option initialisation
1997c478bd9Sstevel@tonic-gate 	 */
2007c478bd9Sstevel@tonic-gate 	(void) umask(066);	/* paranoia */
2017c478bd9Sstevel@tonic-gate 	if (geteuid() != 0) {
2027c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "%s must be run as root\n", argv[0]);
2037c478bd9Sstevel@tonic-gate 		exit(1);
2047c478bd9Sstevel@tonic-gate 	}
2057c478bd9Sstevel@tonic-gate 	setmodulus(HEXMODULUS);
2067c478bd9Sstevel@tonic-gate 	openlog("keyserv", LOG_PID, LOG_DAEMON);
2077c478bd9Sstevel@tonic-gate 
2087c478bd9Sstevel@tonic-gate 	/*
2097c478bd9Sstevel@tonic-gate 	 * keyserv will not work with a null domainname.
2107c478bd9Sstevel@tonic-gate 	 */
2117c478bd9Sstevel@tonic-gate 	if (getdomainname(domainname, MAXNETNAMELEN+1) ||
2127c478bd9Sstevel@tonic-gate 	    (domainname[0] == '\0')) {
21336e852a1SRaja Andra 		syslog(LOG_ERR, "could not get a valid domainname.\n");
21436e852a1SRaja Andra 		exit(SMF_EXIT_ERR_CONFIG);
2157c478bd9Sstevel@tonic-gate 	}
2167c478bd9Sstevel@tonic-gate 
2177c478bd9Sstevel@tonic-gate 	/*
2187c478bd9Sstevel@tonic-gate 	 * Initialise security mechanisms
2197c478bd9Sstevel@tonic-gate 	 */
2207c478bd9Sstevel@tonic-gate 	cache_size = NULL;
2217c478bd9Sstevel@tonic-gate 	cache_options = NULL;
2227c478bd9Sstevel@tonic-gate 	if (init_mechs() == -1) {
2237c478bd9Sstevel@tonic-gate 		disk_caching = 0;
2247c478bd9Sstevel@tonic-gate 	}
2257c478bd9Sstevel@tonic-gate 
2267c478bd9Sstevel@tonic-gate 	defaults();
2277c478bd9Sstevel@tonic-gate 
2287c478bd9Sstevel@tonic-gate 	while ((c = getopt(argc, argv, "ndDet:cs:")) != -1)
2297c478bd9Sstevel@tonic-gate 		switch (c) {
2307c478bd9Sstevel@tonic-gate 		case 'n':
2317c478bd9Sstevel@tonic-gate 			nflag++;
2327c478bd9Sstevel@tonic-gate 			break;
2337c478bd9Sstevel@tonic-gate 		case 'd':
2347c478bd9Sstevel@tonic-gate 			dflag++;
2357c478bd9Sstevel@tonic-gate 			use_nobody_keys = FALSE;
2367c478bd9Sstevel@tonic-gate 			break;
2377c478bd9Sstevel@tonic-gate 		case 'e':
2387c478bd9Sstevel@tonic-gate 			eflag++;
2397c478bd9Sstevel@tonic-gate 			use_nobody_keys = TRUE;
2407c478bd9Sstevel@tonic-gate 			break;
2417c478bd9Sstevel@tonic-gate 		case 'D':
2427c478bd9Sstevel@tonic-gate 			debugging = 1;
2437c478bd9Sstevel@tonic-gate 			break;
2447c478bd9Sstevel@tonic-gate 		case 't':
2457c478bd9Sstevel@tonic-gate 			nthreads = atoi(optarg);
2467c478bd9Sstevel@tonic-gate 			break;
2477c478bd9Sstevel@tonic-gate 		case 'c':
2487c478bd9Sstevel@tonic-gate 			disk_caching = 0;
2497c478bd9Sstevel@tonic-gate 			break;
2507c478bd9Sstevel@tonic-gate 		case 's':
2517c478bd9Sstevel@tonic-gate 			if (!disk_caching) {
2527c478bd9Sstevel@tonic-gate 				fprintf(stderr, "missing configuration file");
2537c478bd9Sstevel@tonic-gate 				fprintf(stderr, " or -c option specified\n");
2547c478bd9Sstevel@tonic-gate 				usage();
2557c478bd9Sstevel@tonic-gate 			}
2567c478bd9Sstevel@tonic-gate 			sflag++;
2577c478bd9Sstevel@tonic-gate 			/*
2587c478bd9Sstevel@tonic-gate 			 * Which version of [-s] do we have...?
2597c478bd9Sstevel@tonic-gate 			 */
2607c478bd9Sstevel@tonic-gate 			if (strchr((const char *) optarg, '=') == NULL) {
2617c478bd9Sstevel@tonic-gate 				/*
2627c478bd9Sstevel@tonic-gate 				 * -s <size>
2637c478bd9Sstevel@tonic-gate 				 */
2647c478bd9Sstevel@tonic-gate 				if (s1flag) {
26536e852a1SRaja Andra 					fprintf(stderr, "duplicate"
26636e852a1SRaja Andra 					    " [-s <size>]\n");
2677c478bd9Sstevel@tonic-gate 					usage();
2687c478bd9Sstevel@tonic-gate 				}
2697c478bd9Sstevel@tonic-gate 				s1flag++;
2707c478bd9Sstevel@tonic-gate 				default_cache = get_cache_size(optarg);
2717c478bd9Sstevel@tonic-gate 				break;
2727c478bd9Sstevel@tonic-gate 			}
2737c478bd9Sstevel@tonic-gate 			/*
2747c478bd9Sstevel@tonic-gate 			 * -s <mechtype>=<size>[,...]
2757c478bd9Sstevel@tonic-gate 			 */
2767c478bd9Sstevel@tonic-gate 			s2flag++;
2777c478bd9Sstevel@tonic-gate 			options = optarg;
2787c478bd9Sstevel@tonic-gate 			while (*options != '\0') {
2797c478bd9Sstevel@tonic-gate 				d = getsubopt(&options, cache_options, &value);
2807c478bd9Sstevel@tonic-gate 				if (d == -1) {
2817c478bd9Sstevel@tonic-gate 					/* Ignore unknown mechtype */
2827c478bd9Sstevel@tonic-gate 					continue;
2837c478bd9Sstevel@tonic-gate 				}
2847c478bd9Sstevel@tonic-gate 				if (value == NULL) {
2857c478bd9Sstevel@tonic-gate 					fprintf(stderr,
28636e852a1SRaja Andra 					    "missing cache size for "
28736e852a1SRaja Andra 					    "mechtype %s\n", cache_options[d]);
2887c478bd9Sstevel@tonic-gate 					usage();
2897c478bd9Sstevel@tonic-gate 				}
2907c478bd9Sstevel@tonic-gate 				cache_size[d] = get_cache_size(value);
2917c478bd9Sstevel@tonic-gate 			}
2927c478bd9Sstevel@tonic-gate 			break;
2937c478bd9Sstevel@tonic-gate 		default:
2947c478bd9Sstevel@tonic-gate 			usage();
2957c478bd9Sstevel@tonic-gate 			break;
2967c478bd9Sstevel@tonic-gate 		}
2977c478bd9Sstevel@tonic-gate 
2987c478bd9Sstevel@tonic-gate 
2997c478bd9Sstevel@tonic-gate 	if (dflag && eflag) {
3007c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "specify only one of -d and -e\n");
3017c478bd9Sstevel@tonic-gate 		usage();
3027c478bd9Sstevel@tonic-gate 	}
3037c478bd9Sstevel@tonic-gate 
3047c478bd9Sstevel@tonic-gate 	if (use_nobody_keys == FALSE) {
3057c478bd9Sstevel@tonic-gate 		pk_nodefaultkeys();
3067c478bd9Sstevel@tonic-gate 	}
3077c478bd9Sstevel@tonic-gate 
3087c478bd9Sstevel@tonic-gate 	if (optind != argc) {
3097c478bd9Sstevel@tonic-gate 		usage();
3107c478bd9Sstevel@tonic-gate 	}
3117c478bd9Sstevel@tonic-gate 
3127c478bd9Sstevel@tonic-gate 	if (!disk_caching && sflag) {
3137c478bd9Sstevel@tonic-gate 		fprintf(stderr, "missing configuration file");
3147c478bd9Sstevel@tonic-gate 		fprintf(stderr, " or -c option specified\n");
3157c478bd9Sstevel@tonic-gate 		usage();
3167c478bd9Sstevel@tonic-gate 	}
3177c478bd9Sstevel@tonic-gate 
3187c478bd9Sstevel@tonic-gate 	if (debugging) {
3197c478bd9Sstevel@tonic-gate 		if (disk_caching) {
3207c478bd9Sstevel@tonic-gate 			char **cpp = cache_options;
3217c478bd9Sstevel@tonic-gate 			int *ip = cache_size;
3227c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "default disk cache size: ");
3237c478bd9Sstevel@tonic-gate 			if (default_cache < 0) {
3247c478bd9Sstevel@tonic-gate 				(void) fprintf(stderr, "%d entries\n",
32536e852a1SRaja Andra 				    abs(default_cache));
3267c478bd9Sstevel@tonic-gate 			} else {
3277c478bd9Sstevel@tonic-gate 				(void) fprintf(stderr, "%dMB\n", default_cache);
3287c478bd9Sstevel@tonic-gate 			}
3297c478bd9Sstevel@tonic-gate 
3307c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "supported mechanisms:\n");
3317c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "\talias\t\tdisk cache size\n");
3327c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "\t=====\t\t===============\n");
3337c478bd9Sstevel@tonic-gate 			while (*cpp != NULL) {
3347c478bd9Sstevel@tonic-gate 				(void) fprintf(stderr, "\t%s\t\t", *cpp++);
3357c478bd9Sstevel@tonic-gate 				if (*ip < 0) {
3367c478bd9Sstevel@tonic-gate 					(void) fprintf(stderr, "%d entries\n",
33736e852a1SRaja Andra 					    abs(*ip));
3387c478bd9Sstevel@tonic-gate 				} else {
3397c478bd9Sstevel@tonic-gate 					(void) fprintf(stderr, "%dMB\n", *ip);
3407c478bd9Sstevel@tonic-gate 				}
3417c478bd9Sstevel@tonic-gate 				ip++;
3427c478bd9Sstevel@tonic-gate 			}
3437c478bd9Sstevel@tonic-gate 		} else {
3447c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr,
34536e852a1SRaja Andra 			    "common key disk caching disabled\n");
3467c478bd9Sstevel@tonic-gate 		}
3477c478bd9Sstevel@tonic-gate 	}
3487c478bd9Sstevel@tonic-gate 	/*
3497c478bd9Sstevel@tonic-gate 	 * Post-option initialisation
3507c478bd9Sstevel@tonic-gate 	 */
3517c478bd9Sstevel@tonic-gate 	if (disk_caching) {
3527c478bd9Sstevel@tonic-gate 		int i;
3537c478bd9Sstevel@tonic-gate 		for (i = 0; mechs[i]; i++) {
3547c478bd9Sstevel@tonic-gate 			if ((AUTH_DES_COMPAT_CHK(mechs[i])) ||
3557c478bd9Sstevel@tonic-gate 			    (mechs[i]->keylen < 0) || (mechs[i]->algtype < 0))
3567c478bd9Sstevel@tonic-gate 				continue;
3577c478bd9Sstevel@tonic-gate 			create_cache_file(mechs[i]->keylen, mechs[i]->algtype,
35836e852a1SRaja Andra 			    cache_size[i] ? cache_size[i] : default_cache);
3597c478bd9Sstevel@tonic-gate 		}
3607c478bd9Sstevel@tonic-gate 	}
3617c478bd9Sstevel@tonic-gate 	getrootkey(&masterkey, nflag);
3627c478bd9Sstevel@tonic-gate 
3637c478bd9Sstevel@tonic-gate 	/*
3647c478bd9Sstevel@tonic-gate 	 * Set MT mode
3657c478bd9Sstevel@tonic-gate 	 */
3667c478bd9Sstevel@tonic-gate 	if (nthreads > 0) {
3677c478bd9Sstevel@tonic-gate 		(void) rpc_control(RPC_SVC_MTMODE_SET, &mode);
3687c478bd9Sstevel@tonic-gate 		(void) rpc_control(RPC_SVC_THRMAX_SET, &nthreads);
3697c478bd9Sstevel@tonic-gate 	}
3707c478bd9Sstevel@tonic-gate 
3717c478bd9Sstevel@tonic-gate 	/*
3727c478bd9Sstevel@tonic-gate 	 * Enable non-blocking mode and maximum record size checks for
3737c478bd9Sstevel@tonic-gate 	 * connection oriented transports.
3747c478bd9Sstevel@tonic-gate 	 */
3757c478bd9Sstevel@tonic-gate 	if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrecsz)) {
3767c478bd9Sstevel@tonic-gate 		syslog(LOG_INFO, "unable to set max RPC record size");
3777c478bd9Sstevel@tonic-gate 	}
3787c478bd9Sstevel@tonic-gate 
3797c478bd9Sstevel@tonic-gate 	if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS,
38036e852a1SRaja Andra 	    "netpath", "keyserv") == 0) {
3817c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
38236e852a1SRaja Andra 		    "%s: unable to create service for version %d\n",
38336e852a1SRaja Andra 		    argv[0], KEY_VERS);
3847c478bd9Sstevel@tonic-gate 		exit(1);
3857c478bd9Sstevel@tonic-gate 	}
3867c478bd9Sstevel@tonic-gate 
3877c478bd9Sstevel@tonic-gate 	if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS2,
38836e852a1SRaja Andra 	    "netpath", "keyserv") == 0) {
3897c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
39036e852a1SRaja Andra 		    "%s: unable to create service for version %d\n",
39136e852a1SRaja Andra 		    argv[0], KEY_VERS2);
3927c478bd9Sstevel@tonic-gate 		exit(1);
3937c478bd9Sstevel@tonic-gate 	}
3947c478bd9Sstevel@tonic-gate 
3957c478bd9Sstevel@tonic-gate 	if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS3,
39636e852a1SRaja Andra 	    "netpath", "keyserv") == 0) {
3977c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
39836e852a1SRaja Andra 		    "%s: unable to create service for version %d\n",
39936e852a1SRaja Andra 		    argv[0], KEY_VERS3);
4007c478bd9Sstevel@tonic-gate 		exit(1);
4017c478bd9Sstevel@tonic-gate 	}
4027c478bd9Sstevel@tonic-gate 
4037c478bd9Sstevel@tonic-gate 	if (!debugging) {
4047c478bd9Sstevel@tonic-gate 		detachfromtty();
4057c478bd9Sstevel@tonic-gate 	}
4067c478bd9Sstevel@tonic-gate 
4077c478bd9Sstevel@tonic-gate 	if (svc_create(keyprogram, KEY_PROG, KEY_VERS, "door") == 0) {
4087c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
40936e852a1SRaja Andra 		    "%s: unable to create service over doors for version %d\n",
41036e852a1SRaja Andra 		    argv[0], KEY_VERS);
4117c478bd9Sstevel@tonic-gate 		exit(1);
4127c478bd9Sstevel@tonic-gate 	}
4137c478bd9Sstevel@tonic-gate 
4147c478bd9Sstevel@tonic-gate 	if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, "door") == 0) {
4157c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
41636e852a1SRaja Andra 		    "%s: unable to create service over doors for version %d\n",
41736e852a1SRaja Andra 		    argv[0], KEY_VERS2);
4187c478bd9Sstevel@tonic-gate 		exit(1);
4197c478bd9Sstevel@tonic-gate 	}
4207c478bd9Sstevel@tonic-gate 
4217c478bd9Sstevel@tonic-gate 	if (svc_create(keyprogram, KEY_PROG, KEY_VERS3, "door") == 0) {
4227c478bd9Sstevel@tonic-gate 		syslog(LOG_ERR,
42336e852a1SRaja Andra 		    "%s: unable to create service over doors for version %d\n",
42436e852a1SRaja Andra 		    argv[0], KEY_VERS3);
4257c478bd9Sstevel@tonic-gate 		exit(1);
4267c478bd9Sstevel@tonic-gate 	}
4277c478bd9Sstevel@tonic-gate 
4287c478bd9Sstevel@tonic-gate 	svc_run();
4297c478bd9Sstevel@tonic-gate 	abort();
4307c478bd9Sstevel@tonic-gate 	/* NOTREACHED */
4317c478bd9Sstevel@tonic-gate 	return (0);
4327c478bd9Sstevel@tonic-gate }
4337c478bd9Sstevel@tonic-gate 
4347c478bd9Sstevel@tonic-gate 
4357c478bd9Sstevel@tonic-gate /*
4367c478bd9Sstevel@tonic-gate  * In the event that we don't get a root password, we try to
4377c478bd9Sstevel@tonic-gate  * randomize the master key the best we can
4387c478bd9Sstevel@tonic-gate  */
4397c478bd9Sstevel@tonic-gate static void
randomize(master)4407c478bd9Sstevel@tonic-gate randomize(master)
4417c478bd9Sstevel@tonic-gate 	des_block *master;
4427c478bd9Sstevel@tonic-gate {
4437c478bd9Sstevel@tonic-gate 	int i;
4447c478bd9Sstevel@tonic-gate 	int seed;
4457c478bd9Sstevel@tonic-gate 	struct timeval tv;
4467c478bd9Sstevel@tonic-gate 	int shift;
4477c478bd9Sstevel@tonic-gate 
4487c478bd9Sstevel@tonic-gate 	seed = 0;
4497c478bd9Sstevel@tonic-gate 	for (i = 0; i < 1024; i++) {
4507c478bd9Sstevel@tonic-gate 		(void) gettimeofday(&tv, (struct timezone *)NULL);
4517c478bd9Sstevel@tonic-gate 		shift = i % 8 * sizeof (int);
4527c478bd9Sstevel@tonic-gate 		seed ^= (tv.tv_usec << shift) | (tv.tv_usec >> (32 - shift));
4537c478bd9Sstevel@tonic-gate 	}
4547c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM
4557c478bd9Sstevel@tonic-gate 	srandom(seed);
4567c478bd9Sstevel@tonic-gate 	master->key.low = random();
4577c478bd9Sstevel@tonic-gate 	master->key.high = random();
4587c478bd9Sstevel@tonic-gate 	srandom(seed);
4597c478bd9Sstevel@tonic-gate #else
4607c478bd9Sstevel@tonic-gate 	/* use stupid dangerous bad rand() */
4617c478bd9Sstevel@tonic-gate 	srand(seed);
4627c478bd9Sstevel@tonic-gate 	master->key.low = rand();
4637c478bd9Sstevel@tonic-gate 	master->key.high = rand();
4647c478bd9Sstevel@tonic-gate 	srand(seed);
4657c478bd9Sstevel@tonic-gate #endif
4667c478bd9Sstevel@tonic-gate }
4677c478bd9Sstevel@tonic-gate 
4687c478bd9Sstevel@tonic-gate static char *
fgets_ignorenul(char * s,int n,FILE * stream)4697c478bd9Sstevel@tonic-gate fgets_ignorenul(char *s, int n, FILE *stream)
4707c478bd9Sstevel@tonic-gate {
4717c478bd9Sstevel@tonic-gate 	int fildes = fileno(stream);
4727c478bd9Sstevel@tonic-gate 	int i = 0;
4737c478bd9Sstevel@tonic-gate 	int rs = 0;
4747c478bd9Sstevel@tonic-gate 	char c;
4757c478bd9Sstevel@tonic-gate 
4767c478bd9Sstevel@tonic-gate 	if (fildes < 0)
4777c478bd9Sstevel@tonic-gate 		return (NULL);
4787c478bd9Sstevel@tonic-gate 
4797c478bd9Sstevel@tonic-gate 	while (i < n - 1) {
4807c478bd9Sstevel@tonic-gate 		rs = read(fildes, &c, 1);
4817c478bd9Sstevel@tonic-gate 		switch (rs) {
4827c478bd9Sstevel@tonic-gate 		case 1:
4837c478bd9Sstevel@tonic-gate 			break;
4847c478bd9Sstevel@tonic-gate 		case 0:
4857c478bd9Sstevel@tonic-gate 			/* EOF */
4867c478bd9Sstevel@tonic-gate 			if (i > 0)
4877c478bd9Sstevel@tonic-gate 				s[i] = '\0';
4887c478bd9Sstevel@tonic-gate 			return (NULL);
4897c478bd9Sstevel@tonic-gate 			break;
4907c478bd9Sstevel@tonic-gate 		default:
4917c478bd9Sstevel@tonic-gate 			return (NULL);
4927c478bd9Sstevel@tonic-gate 		}
4937c478bd9Sstevel@tonic-gate 		switch (c) {
4947c478bd9Sstevel@tonic-gate 		case '\0':
4957c478bd9Sstevel@tonic-gate 			break;
4967c478bd9Sstevel@tonic-gate 		case '\n':
4977c478bd9Sstevel@tonic-gate 			s[i] = c;
4987c478bd9Sstevel@tonic-gate 			s[++i] = '\0';
4997c478bd9Sstevel@tonic-gate 			return (s);
5007c478bd9Sstevel@tonic-gate 		default:
5017c478bd9Sstevel@tonic-gate 		if (c != '\0')
5027c478bd9Sstevel@tonic-gate 			s[i++] = c;
5037c478bd9Sstevel@tonic-gate 		}
5047c478bd9Sstevel@tonic-gate 	}
5057c478bd9Sstevel@tonic-gate 	s[i] = '\0';
5067c478bd9Sstevel@tonic-gate 	return (s);
5077c478bd9Sstevel@tonic-gate }
5087c478bd9Sstevel@tonic-gate 
5097c478bd9Sstevel@tonic-gate /* Should last until 16384-bit DH keys */
5107c478bd9Sstevel@tonic-gate #define	MAXROOTKEY_LINE_LEN	4224
5117c478bd9Sstevel@tonic-gate #define	MAXROOTKEY_LEN		4096
5127c478bd9Sstevel@tonic-gate #define	ROOTKEY_FILE		"/etc/.rootkey"
5137c478bd9Sstevel@tonic-gate 
5147c478bd9Sstevel@tonic-gate static int
getotherrootkeys(char * name)5157c478bd9Sstevel@tonic-gate getotherrootkeys(char *name)
5167c478bd9Sstevel@tonic-gate {
5177c478bd9Sstevel@tonic-gate 	FILE		*rootkey;
5187c478bd9Sstevel@tonic-gate 	char		line[MAXROOTKEY_LINE_LEN];
5197c478bd9Sstevel@tonic-gate 	char		key[MAXROOTKEY_LEN];
5207c478bd9Sstevel@tonic-gate 	algtype_t	algtype;
5217c478bd9Sstevel@tonic-gate 	int		count = 0;
5227c478bd9Sstevel@tonic-gate 
5237c478bd9Sstevel@tonic-gate 	if (!(rootkey = fopen(ROOTKEY, "r")))
5247c478bd9Sstevel@tonic-gate 		return (0);
5257c478bd9Sstevel@tonic-gate 
5267c478bd9Sstevel@tonic-gate 	while (fgets_ignorenul(line, MAXROOTKEY_LINE_LEN, rootkey)) {
5277c478bd9Sstevel@tonic-gate 		debug(KEYSERV_DEBUG0, ("ROOTKEY %d: %s\n", count, line));
5287c478bd9Sstevel@tonic-gate 		count++;
529a0368f78Speteh 		if (sscanf(line, "%s %d", key, &algtype) < 2) {
530a0368f78Speteh 			/*
531a0368f78Speteh 			 * No encryption algorithm found in the file
532a0368f78Speteh 			 * (algtype) so default to DES.
533a0368f78Speteh 			 */
534a0368f78Speteh 			algtype = AUTH_DES_ALGTYPE;
535a0368f78Speteh 		}
5367c478bd9Sstevel@tonic-gate 		if (!strlen(key))
5377c478bd9Sstevel@tonic-gate 			continue;
5387c478bd9Sstevel@tonic-gate 		addmasterkey(key, name, algtype);
5397c478bd9Sstevel@tonic-gate 	}
5407c478bd9Sstevel@tonic-gate 	fclose(rootkey);
5417c478bd9Sstevel@tonic-gate 	return (1);
5427c478bd9Sstevel@tonic-gate }
5437c478bd9Sstevel@tonic-gate 
5447c478bd9Sstevel@tonic-gate /*
5457c478bd9Sstevel@tonic-gate  * Try to get root's secret key, by prompting if terminal is a tty, else trying
5467c478bd9Sstevel@tonic-gate  * from standard input.
5477c478bd9Sstevel@tonic-gate  * Returns 1 on success.
5487c478bd9Sstevel@tonic-gate  */
54949e7ca49Speteh static int
getrootkey(master,prompt)5507c478bd9Sstevel@tonic-gate getrootkey(master, prompt)
5517c478bd9Sstevel@tonic-gate 	des_block *master;
5527c478bd9Sstevel@tonic-gate 	int prompt;
5537c478bd9Sstevel@tonic-gate {
5547c478bd9Sstevel@tonic-gate 	char *passwd;
5557c478bd9Sstevel@tonic-gate 	char name[MAXNETNAMELEN + 1];
5567c478bd9Sstevel@tonic-gate 	char secret[HEXKEYBYTES + 1];
5577c478bd9Sstevel@tonic-gate 	FILE *fp;
5587c478bd9Sstevel@tonic-gate 	int passwd2des();
5597c478bd9Sstevel@tonic-gate 	int retval;
5607c478bd9Sstevel@tonic-gate 
5617c478bd9Sstevel@tonic-gate 	randomize(master);
5627c478bd9Sstevel@tonic-gate 	if (!getnetname(name)) {
5637c478bd9Sstevel@tonic-gate 	    (void) fprintf(stderr, "keyserv: \
5647c478bd9Sstevel@tonic-gate failed to generate host's netname when establishing root's key.\n");
5657c478bd9Sstevel@tonic-gate 	    return (0);
5667c478bd9Sstevel@tonic-gate 	}
5677c478bd9Sstevel@tonic-gate 	if (!prompt) {
5687c478bd9Sstevel@tonic-gate 		return (getotherrootkeys(name));
5697c478bd9Sstevel@tonic-gate 	}
5707c478bd9Sstevel@tonic-gate 	/*
5717c478bd9Sstevel@tonic-gate 	 * Decrypt yellow pages publickey entry to get secret key
5727c478bd9Sstevel@tonic-gate 	 */
5737c478bd9Sstevel@tonic-gate 	passwd = getpass("root password:");
5747c478bd9Sstevel@tonic-gate 	passwd2des(passwd, master);
5757c478bd9Sstevel@tonic-gate 	if (!getsecretkey(name, secret, passwd)) {
5767c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
5777c478bd9Sstevel@tonic-gate 		"Can't find %s's secret key\n", name);
5787c478bd9Sstevel@tonic-gate 		return (0);
5797c478bd9Sstevel@tonic-gate 	}
5807c478bd9Sstevel@tonic-gate 	if (secret[0] == 0) {
5817c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
5827c478bd9Sstevel@tonic-gate 	"Password does not decrypt secret key for %s\n", name);
5837c478bd9Sstevel@tonic-gate 		return (0);
5847c478bd9Sstevel@tonic-gate 	}
5857c478bd9Sstevel@tonic-gate 	if ((fp = fopen(ROOTKEY, "w")) == NULL) {
5867c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr,
5877c478bd9Sstevel@tonic-gate 			"Cannot open %s for write\n", ROOTKEY);
5887c478bd9Sstevel@tonic-gate 		return (0);
5897c478bd9Sstevel@tonic-gate 	}
5907c478bd9Sstevel@tonic-gate 	retval = storeotherrootkeys(fp, name, passwd, secret);
5917c478bd9Sstevel@tonic-gate 	fclose(fp);
5927c478bd9Sstevel@tonic-gate 	return (retval);
5937c478bd9Sstevel@tonic-gate }
5947c478bd9Sstevel@tonic-gate 
5957c478bd9Sstevel@tonic-gate /*
5967c478bd9Sstevel@tonic-gate  * Procedures to implement RPC service.  These procedures are named
5977c478bd9Sstevel@tonic-gate  * differently from the definitions in key_prot.h (generated by rpcgen)
5987c478bd9Sstevel@tonic-gate  * because they take different arguments.
5997c478bd9Sstevel@tonic-gate  */
6007c478bd9Sstevel@tonic-gate char *
strstatus(status)6017c478bd9Sstevel@tonic-gate strstatus(status)
6027c478bd9Sstevel@tonic-gate 	keystatus status;
6037c478bd9Sstevel@tonic-gate {
6047c478bd9Sstevel@tonic-gate 	switch (status) {
6057c478bd9Sstevel@tonic-gate 	case KEY_SUCCESS:
6067c478bd9Sstevel@tonic-gate 		return ("KEY_SUCCESS");
6077c478bd9Sstevel@tonic-gate 	case KEY_NOSECRET:
6087c478bd9Sstevel@tonic-gate 		return ("KEY_NOSECRET");
6097c478bd9Sstevel@tonic-gate 	case KEY_UNKNOWN:
6107c478bd9Sstevel@tonic-gate 		return ("KEY_UNKNOWN");
6117c478bd9Sstevel@tonic-gate 	case KEY_SYSTEMERR:
6127c478bd9Sstevel@tonic-gate 		return ("KEY_SYSTEMERR");
6137c478bd9Sstevel@tonic-gate 	case KEY_BADALG:
6147c478bd9Sstevel@tonic-gate 		return ("KEY_BADALG");
6157c478bd9Sstevel@tonic-gate 	case KEY_BADLEN:
6167c478bd9Sstevel@tonic-gate 		return ("KEY_BADLEN");
6177c478bd9Sstevel@tonic-gate 	default:
6187c478bd9Sstevel@tonic-gate 		return ("(bad result code)");
6197c478bd9Sstevel@tonic-gate 	}
6207c478bd9Sstevel@tonic-gate }
6217c478bd9Sstevel@tonic-gate 
6227c478bd9Sstevel@tonic-gate bool_t
__key_set_1_svc(uid,key,status)6237c478bd9Sstevel@tonic-gate __key_set_1_svc(uid, key, status)
6247c478bd9Sstevel@tonic-gate 	uid_t uid;
6257c478bd9Sstevel@tonic-gate 	keybuf key;
6267c478bd9Sstevel@tonic-gate 	keystatus *status;
6277c478bd9Sstevel@tonic-gate {
6287c478bd9Sstevel@tonic-gate 	if (debugging) {
6297c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "set(%d, %.*s) = ", uid,
6307c478bd9Sstevel@tonic-gate 				sizeof (keybuf), key);
6317c478bd9Sstevel@tonic-gate 	}
6327c478bd9Sstevel@tonic-gate 	*status = pk_setkey(uid, key);
6337c478bd9Sstevel@tonic-gate 	if (debugging) {
6347c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "%s\n", strstatus(*status));
6357c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
6367c478bd9Sstevel@tonic-gate 	}
6377c478bd9Sstevel@tonic-gate 	return (TRUE);
6387c478bd9Sstevel@tonic-gate }
6397c478bd9Sstevel@tonic-gate 
6407c478bd9Sstevel@tonic-gate bool_t
__key_encrypt_pk_2_svc(uid,arg,res)6417c478bd9Sstevel@tonic-gate __key_encrypt_pk_2_svc(uid, arg, res)
6427c478bd9Sstevel@tonic-gate 	uid_t uid;
6437c478bd9Sstevel@tonic-gate 	cryptkeyarg2 *arg;
6447c478bd9Sstevel@tonic-gate 	cryptkeyres *res;
6457c478bd9Sstevel@tonic-gate {
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 	if (debugging) {
6487c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid,
6497c478bd9Sstevel@tonic-gate 				arg->remotename, arg->deskey.key.high,
6507c478bd9Sstevel@tonic-gate 				arg->deskey.key.low);
6517c478bd9Sstevel@tonic-gate 	}
6527c478bd9Sstevel@tonic-gate 	res->cryptkeyres_u.deskey = arg->deskey;
6537c478bd9Sstevel@tonic-gate 	res->status = pk_encrypt(uid, arg->remotename, &(arg->remotekey),
6547c478bd9Sstevel@tonic-gate 				&res->cryptkeyres_u.deskey);
6557c478bd9Sstevel@tonic-gate 	if (debugging) {
6567c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
6577c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%08x%08x\n",
6587c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.high,
6597c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.low);
6607c478bd9Sstevel@tonic-gate 		} else {
6617c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
6627c478bd9Sstevel@tonic-gate 		}
6637c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
6647c478bd9Sstevel@tonic-gate 	}
6657c478bd9Sstevel@tonic-gate 	return (TRUE);
6667c478bd9Sstevel@tonic-gate }
6677c478bd9Sstevel@tonic-gate 
6687c478bd9Sstevel@tonic-gate bool_t
__key_decrypt_pk_2_svc(uid,arg,res)6697c478bd9Sstevel@tonic-gate __key_decrypt_pk_2_svc(uid, arg, res)
6707c478bd9Sstevel@tonic-gate 	uid_t uid;
6717c478bd9Sstevel@tonic-gate 	cryptkeyarg2 *arg;
6727c478bd9Sstevel@tonic-gate 	cryptkeyres *res;
6737c478bd9Sstevel@tonic-gate {
6747c478bd9Sstevel@tonic-gate 
6757c478bd9Sstevel@tonic-gate 	if (debugging) {
6767c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid,
6777c478bd9Sstevel@tonic-gate 				arg->remotename, arg->deskey.key.high,
6787c478bd9Sstevel@tonic-gate 				arg->deskey.key.low);
6797c478bd9Sstevel@tonic-gate 	}
6807c478bd9Sstevel@tonic-gate 	res->cryptkeyres_u.deskey = arg->deskey;
6817c478bd9Sstevel@tonic-gate 	res->status = pk_decrypt(uid, arg->remotename, &(arg->remotekey),
6827c478bd9Sstevel@tonic-gate 				&res->cryptkeyres_u.deskey);
6837c478bd9Sstevel@tonic-gate 	if (debugging) {
6847c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
6857c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%08x%08x\n",
6867c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.high,
6877c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.low);
6887c478bd9Sstevel@tonic-gate 		} else {
6897c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
6907c478bd9Sstevel@tonic-gate 		}
6917c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
6927c478bd9Sstevel@tonic-gate 	}
6937c478bd9Sstevel@tonic-gate 	return (TRUE);
6947c478bd9Sstevel@tonic-gate }
6957c478bd9Sstevel@tonic-gate 
6967c478bd9Sstevel@tonic-gate bool_t
__key_net_put_2_svc(uid,arg,status)6977c478bd9Sstevel@tonic-gate __key_net_put_2_svc(uid, arg, status)
6987c478bd9Sstevel@tonic-gate 	uid_t uid;
6997c478bd9Sstevel@tonic-gate 	key_netstarg *arg;
7007c478bd9Sstevel@tonic-gate 	keystatus *status;
7017c478bd9Sstevel@tonic-gate {
7027c478bd9Sstevel@tonic-gate 
7037c478bd9Sstevel@tonic-gate 	if (debugging) {
7047c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ",
7057c478bd9Sstevel@tonic-gate 			arg->st_netname, sizeof (arg->st_pub_key),
7067c478bd9Sstevel@tonic-gate 			arg->st_pub_key, sizeof (arg->st_priv_key),
7077c478bd9Sstevel@tonic-gate 			arg->st_priv_key);
7087c478bd9Sstevel@tonic-gate 	};
7097c478bd9Sstevel@tonic-gate 
7107c478bd9Sstevel@tonic-gate 	*status = pk_netput(uid, arg);
7117c478bd9Sstevel@tonic-gate 
7127c478bd9Sstevel@tonic-gate 	if (debugging) {
7137c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "%s\n", strstatus(*status));
7147c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
7157c478bd9Sstevel@tonic-gate 	}
7167c478bd9Sstevel@tonic-gate 
7177c478bd9Sstevel@tonic-gate 	return (TRUE);
7187c478bd9Sstevel@tonic-gate }
7197c478bd9Sstevel@tonic-gate 
7207c478bd9Sstevel@tonic-gate /* ARGSUSED */
7217c478bd9Sstevel@tonic-gate bool_t
__key_net_get_2_svc(uid,arg,keynetname)7227c478bd9Sstevel@tonic-gate __key_net_get_2_svc(uid, arg, keynetname)
7237c478bd9Sstevel@tonic-gate 	uid_t uid;
7247c478bd9Sstevel@tonic-gate 	void *arg;
7257c478bd9Sstevel@tonic-gate 	key_netstres *keynetname;
7267c478bd9Sstevel@tonic-gate {
7277c478bd9Sstevel@tonic-gate 
7287c478bd9Sstevel@tonic-gate 	if (debugging)
7297c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "net_get(%d) = ", uid);
7307c478bd9Sstevel@tonic-gate 
7317c478bd9Sstevel@tonic-gate 	keynetname->status = pk_netget(uid, &keynetname->key_netstres_u.knet);
7327c478bd9Sstevel@tonic-gate 	if (debugging) {
7337c478bd9Sstevel@tonic-gate 		if (keynetname->status == KEY_SUCCESS) {
7347c478bd9Sstevel@tonic-gate 			fprintf(stderr, "<%s, %.*s, %.*s>\n",
7357c478bd9Sstevel@tonic-gate 			keynetname->key_netstres_u.knet.st_netname,
7367c478bd9Sstevel@tonic-gate 			sizeof (keynetname->key_netstres_u.knet.st_pub_key),
7377c478bd9Sstevel@tonic-gate 			keynetname->key_netstres_u.knet.st_pub_key,
7387c478bd9Sstevel@tonic-gate 			sizeof (keynetname->key_netstres_u.knet.st_priv_key),
7397c478bd9Sstevel@tonic-gate 			keynetname->key_netstres_u.knet.st_priv_key);
7407c478bd9Sstevel@tonic-gate 		} else {
7417c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "NOT FOUND\n");
7427c478bd9Sstevel@tonic-gate 		}
7437c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
7447c478bd9Sstevel@tonic-gate 	}
7457c478bd9Sstevel@tonic-gate 
7467c478bd9Sstevel@tonic-gate 	return (TRUE);
7477c478bd9Sstevel@tonic-gate 
7487c478bd9Sstevel@tonic-gate }
7497c478bd9Sstevel@tonic-gate 
7507c478bd9Sstevel@tonic-gate bool_t
__key_get_conv_2_svc(uid_t uid,keybuf arg,cryptkeyres * res)751dd627aceSToomas Soome __key_get_conv_2_svc(uid_t uid, keybuf arg, cryptkeyres *res)
7527c478bd9Sstevel@tonic-gate {
7537c478bd9Sstevel@tonic-gate 
7547c478bd9Sstevel@tonic-gate 	if (debugging)
7557c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "get_conv(%d, %.*s) = ", uid,
756dd627aceSToomas Soome 		    sizeof (keybuf), arg);
7577c478bd9Sstevel@tonic-gate 
7587c478bd9Sstevel@tonic-gate 
7597c478bd9Sstevel@tonic-gate 	res->status = pk_get_conv_key(uid, arg, res);
7607c478bd9Sstevel@tonic-gate 
7617c478bd9Sstevel@tonic-gate 	if (debugging) {
7627c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
7637c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%08x%08x\n",
7647c478bd9Sstevel@tonic-gate 				res->cryptkeyres_u.deskey.key.high,
7657c478bd9Sstevel@tonic-gate 				res->cryptkeyres_u.deskey.key.low);
7667c478bd9Sstevel@tonic-gate 		} else {
7677c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
7687c478bd9Sstevel@tonic-gate 		}
7697c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
7707c478bd9Sstevel@tonic-gate 	}
7717c478bd9Sstevel@tonic-gate 	return (TRUE);
7727c478bd9Sstevel@tonic-gate }
7737c478bd9Sstevel@tonic-gate 
7747c478bd9Sstevel@tonic-gate 
7757c478bd9Sstevel@tonic-gate bool_t
__key_encrypt_1_svc(uid,arg,res)7767c478bd9Sstevel@tonic-gate __key_encrypt_1_svc(uid, arg, res)
7777c478bd9Sstevel@tonic-gate 	uid_t uid;
7787c478bd9Sstevel@tonic-gate 	cryptkeyarg *arg;
7797c478bd9Sstevel@tonic-gate 	cryptkeyres *res;
7807c478bd9Sstevel@tonic-gate {
7817c478bd9Sstevel@tonic-gate 
7827c478bd9Sstevel@tonic-gate 	if (debugging) {
7837c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid,
7847c478bd9Sstevel@tonic-gate 				arg->remotename, arg->deskey.key.high,
7857c478bd9Sstevel@tonic-gate 				arg->deskey.key.low);
7867c478bd9Sstevel@tonic-gate 	}
7877c478bd9Sstevel@tonic-gate 	res->cryptkeyres_u.deskey = arg->deskey;
7887c478bd9Sstevel@tonic-gate 	res->status = pk_encrypt(uid, arg->remotename, NULL,
7897c478bd9Sstevel@tonic-gate 				&res->cryptkeyres_u.deskey);
7907c478bd9Sstevel@tonic-gate 	if (debugging) {
7917c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
7927c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%08x%08x\n",
7937c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.high,
7947c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.low);
7957c478bd9Sstevel@tonic-gate 		} else {
7967c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
7977c478bd9Sstevel@tonic-gate 		}
7987c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
7997c478bd9Sstevel@tonic-gate 	}
8007c478bd9Sstevel@tonic-gate 	return (TRUE);
8017c478bd9Sstevel@tonic-gate }
8027c478bd9Sstevel@tonic-gate 
8037c478bd9Sstevel@tonic-gate bool_t
__key_decrypt_1_svc(uid,arg,res)8047c478bd9Sstevel@tonic-gate __key_decrypt_1_svc(uid, arg, res)
8057c478bd9Sstevel@tonic-gate 	uid_t uid;
8067c478bd9Sstevel@tonic-gate 	cryptkeyarg *arg;
8077c478bd9Sstevel@tonic-gate 	cryptkeyres *res;
8087c478bd9Sstevel@tonic-gate {
8097c478bd9Sstevel@tonic-gate 	if (debugging) {
8107c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid,
8117c478bd9Sstevel@tonic-gate 				arg->remotename, arg->deskey.key.high,
8127c478bd9Sstevel@tonic-gate 				arg->deskey.key.low);
8137c478bd9Sstevel@tonic-gate 	}
8147c478bd9Sstevel@tonic-gate 	res->cryptkeyres_u.deskey = arg->deskey;
8157c478bd9Sstevel@tonic-gate 	res->status = pk_decrypt(uid, arg->remotename, NULL,
8167c478bd9Sstevel@tonic-gate 				&res->cryptkeyres_u.deskey);
8177c478bd9Sstevel@tonic-gate 	if (debugging) {
8187c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
8197c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%08x%08x\n",
8207c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.high,
8217c478bd9Sstevel@tonic-gate 					res->cryptkeyres_u.deskey.key.low);
8227c478bd9Sstevel@tonic-gate 		} else {
8237c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
8247c478bd9Sstevel@tonic-gate 		}
8257c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
8267c478bd9Sstevel@tonic-gate 	}
8277c478bd9Sstevel@tonic-gate 	return (TRUE);
8287c478bd9Sstevel@tonic-gate }
8297c478bd9Sstevel@tonic-gate 
8307c478bd9Sstevel@tonic-gate /* ARGSUSED */
8317c478bd9Sstevel@tonic-gate bool_t
__key_gen_1_svc(v,s,key)8327c478bd9Sstevel@tonic-gate __key_gen_1_svc(v, s, key)
8337c478bd9Sstevel@tonic-gate 	void *v;
8347c478bd9Sstevel@tonic-gate 	struct svc_req *s;
8357c478bd9Sstevel@tonic-gate 	des_block *key;
8367c478bd9Sstevel@tonic-gate {
8377c478bd9Sstevel@tonic-gate 	struct timeval time;
8387c478bd9Sstevel@tonic-gate 	static des_block keygen;
8397c478bd9Sstevel@tonic-gate 	static mutex_t keygen_mutex = DEFAULTMUTEX;
8407c478bd9Sstevel@tonic-gate 	int r;
8417c478bd9Sstevel@tonic-gate 
8427c478bd9Sstevel@tonic-gate 	(void) gettimeofday(&time, (struct timezone *)NULL);
8437c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&keygen_mutex);
8447c478bd9Sstevel@tonic-gate 	keygen.key.high += (time.tv_sec ^ time.tv_usec);
8457c478bd9Sstevel@tonic-gate 	keygen.key.low += (time.tv_sec ^ time.tv_usec);
8467c478bd9Sstevel@tonic-gate 	r = ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen),
8477c478bd9Sstevel@tonic-gate 		DES_ENCRYPT | DES_HW);
8487c478bd9Sstevel@tonic-gate 	if (r != DESERR_NONE && r != DESERR_NOHWDEVICE) {
8497c478bd9Sstevel@tonic-gate 		mutex_unlock(&keygen_mutex);
8507c478bd9Sstevel@tonic-gate 		return (FALSE);
8517c478bd9Sstevel@tonic-gate 	}
8527c478bd9Sstevel@tonic-gate 	*key = keygen;
8537c478bd9Sstevel@tonic-gate 	mutex_unlock(&keygen_mutex);
8547c478bd9Sstevel@tonic-gate 
8557c478bd9Sstevel@tonic-gate 	des_setparity_g(key);
8567c478bd9Sstevel@tonic-gate 	if (debugging) {
8577c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "gen() = %08x%08x\n", key->key.high,
8587c478bd9Sstevel@tonic-gate 					key->key.low);
8597c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
8607c478bd9Sstevel@tonic-gate 	}
8617c478bd9Sstevel@tonic-gate 	return (TRUE);
8627c478bd9Sstevel@tonic-gate }
8637c478bd9Sstevel@tonic-gate 
8647c478bd9Sstevel@tonic-gate /* ARGSUSED */
8657c478bd9Sstevel@tonic-gate bool_t
__key_getcred_1_svc(uid,name,res)8667c478bd9Sstevel@tonic-gate __key_getcred_1_svc(uid, name, res)
8677c478bd9Sstevel@tonic-gate 	uid_t uid;
8687c478bd9Sstevel@tonic-gate 	netnamestr *name;
8697c478bd9Sstevel@tonic-gate 	getcredres *res;
8707c478bd9Sstevel@tonic-gate {
8717c478bd9Sstevel@tonic-gate 	struct unixcred *cred;
8727c478bd9Sstevel@tonic-gate 
8737c478bd9Sstevel@tonic-gate 	cred = &res->getcredres_u.cred;
8747c478bd9Sstevel@tonic-gate 	if (!netname2user(*name, (uid_t *)&cred->uid, (gid_t *)&cred->gid,
8757c478bd9Sstevel@tonic-gate 			(int *)&cred->gids.gids_len,
8767c478bd9Sstevel@tonic-gate 					(gid_t *)cred->gids.gids_val)) {
8777c478bd9Sstevel@tonic-gate 		res->status = KEY_UNKNOWN;
8787c478bd9Sstevel@tonic-gate 	} else {
8797c478bd9Sstevel@tonic-gate 		res->status = KEY_SUCCESS;
8807c478bd9Sstevel@tonic-gate 	}
8817c478bd9Sstevel@tonic-gate 	if (debugging) {
8827c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "getcred(%s) = ", *name);
8837c478bd9Sstevel@tonic-gate 		if (res->status == KEY_SUCCESS) {
8847c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n",
8857c478bd9Sstevel@tonic-gate 				cred->uid, cred->gid, cred->gids.gids_len);
8867c478bd9Sstevel@tonic-gate 		} else {
8877c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "%s\n", strstatus(res->status));
8887c478bd9Sstevel@tonic-gate 		}
8897c478bd9Sstevel@tonic-gate 		(void) fflush(stderr);
8907c478bd9Sstevel@tonic-gate 	}
8917c478bd9Sstevel@tonic-gate 	return (TRUE);
8927c478bd9Sstevel@tonic-gate }
8937c478bd9Sstevel@tonic-gate 
8947c478bd9Sstevel@tonic-gate /*
8957c478bd9Sstevel@tonic-gate  * Version 3 procedures follow...
8967c478bd9Sstevel@tonic-gate  */
8977c478bd9Sstevel@tonic-gate 
8987c478bd9Sstevel@tonic-gate static bool_t
__key_set_3_svc(uid_t uid,setkeyarg3 * arg,keystatus * status)8997c478bd9Sstevel@tonic-gate __key_set_3_svc(uid_t uid, setkeyarg3 *arg, keystatus *status)
9007c478bd9Sstevel@tonic-gate {
9017c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("__key_set_3_svc(%d, %d, %d)",
90236e852a1SRaja Andra 	    uid, arg->algtype, arg->keylen));
9037c478bd9Sstevel@tonic-gate 	*status = pk_setkey3(uid, arg);
9047c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("__key_set_3_svc %s", strstatus(*status)));
9057c478bd9Sstevel@tonic-gate 	return (TRUE);
9067c478bd9Sstevel@tonic-gate }
9077c478bd9Sstevel@tonic-gate 
9087c478bd9Sstevel@tonic-gate static bool_t
__key_encrypt_3_svc(uid_t uid,cryptkeyarg3 * arg,cryptkeyres3 * res)9097c478bd9Sstevel@tonic-gate __key_encrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res)
9107c478bd9Sstevel@tonic-gate {
9117c478bd9Sstevel@tonic-gate 	int len, i;
9127c478bd9Sstevel@tonic-gate 	des_block *dp;
9137c478bd9Sstevel@tonic-gate 
9147c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("encrypt_3(%d %d %s)", uid,
91536e852a1SRaja Andra 	    arg->deskey.deskeyarray_len, arg->remotename));
9167c478bd9Sstevel@tonic-gate 	res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey);
9177c478bd9Sstevel@tonic-gate 	len = res->cryptkeyres3_u.deskey.deskeyarray_len;
9187c478bd9Sstevel@tonic-gate 	dp = res->cryptkeyres3_u.deskey.deskeyarray_val;
9197c478bd9Sstevel@tonic-gate 	for (i = 0; i < len; i++) {
9207c478bd9Sstevel@tonic-gate 		debug(KEYSERV_DEBUG0, ("encrypt_3 retval[%d] == (%x,%x)",
92136e852a1SRaja Andra 		    i, dp->key.high, dp->key.low));
9227c478bd9Sstevel@tonic-gate 		dp++;
9237c478bd9Sstevel@tonic-gate 	}
9247c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("encrypt_3 returned %s", strstatus(res->status)));
9257c478bd9Sstevel@tonic-gate 	return (TRUE);
9267c478bd9Sstevel@tonic-gate }
9277c478bd9Sstevel@tonic-gate 
9287c478bd9Sstevel@tonic-gate static bool_t
__key_decrypt_3_svc(uid_t uid,cryptkeyarg3 * arg,cryptkeyres3 * res)9297c478bd9Sstevel@tonic-gate __key_decrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res)
9307c478bd9Sstevel@tonic-gate {
9317c478bd9Sstevel@tonic-gate 	int len, i;
9327c478bd9Sstevel@tonic-gate 	des_block *dp;
9337c478bd9Sstevel@tonic-gate 
9347c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("decrypt_3(%d, %d, %s)", uid,
93536e852a1SRaja Andra 	    arg->deskey.deskeyarray_len, arg->remotename));
9367c478bd9Sstevel@tonic-gate 	res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey);
9377c478bd9Sstevel@tonic-gate 	len = res->cryptkeyres3_u.deskey.deskeyarray_len;
9387c478bd9Sstevel@tonic-gate 	dp = res->cryptkeyres3_u.deskey.deskeyarray_val;
9397c478bd9Sstevel@tonic-gate 	for (i = 0; i < len; i++) {
9407c478bd9Sstevel@tonic-gate 		debug(KEYSERV_DEBUG0, ("decrypt_3 retval[%d] == (%x,%x)",
94136e852a1SRaja Andra 		    i, dp->key.high, dp->key.low));
9427c478bd9Sstevel@tonic-gate 		dp++;
9437c478bd9Sstevel@tonic-gate 	}
9447c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("decrypt_3 returned %s", strstatus(res->status)));
9457c478bd9Sstevel@tonic-gate 	return (TRUE);
9467c478bd9Sstevel@tonic-gate }
9477c478bd9Sstevel@tonic-gate 
9487c478bd9Sstevel@tonic-gate /* ARGSUSED */
9497c478bd9Sstevel@tonic-gate static bool_t
__key_gen_3_svc(void * v,keynum_t * kp,deskeyarray * res)9507c478bd9Sstevel@tonic-gate __key_gen_3_svc(void *v, keynum_t *kp, deskeyarray *res)
9517c478bd9Sstevel@tonic-gate {
9527c478bd9Sstevel@tonic-gate 	int i;
9537c478bd9Sstevel@tonic-gate 	keynum_t keynum = *kp;
9547c478bd9Sstevel@tonic-gate 
9557c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("gen_3(%d %x)", keynum, res));
9567c478bd9Sstevel@tonic-gate 	res->deskeyarray_val = 0;
9577c478bd9Sstevel@tonic-gate 	if (!setdeskeyarray(res, keynum)) {
9587c478bd9Sstevel@tonic-gate 		return (FALSE);
9597c478bd9Sstevel@tonic-gate 	}
9607c478bd9Sstevel@tonic-gate 	for (i = 0; i < keynum; i++) {
9617c478bd9Sstevel@tonic-gate 		debug(KEYSERV_DEBUG, ("gen_3 calling gen_1 %x",
96236e852a1SRaja Andra 		    res->deskeyarray_val+i));
9637c478bd9Sstevel@tonic-gate 		__key_gen_1_svc((void *) NULL, (struct svc_req *)NULL,
96436e852a1SRaja Andra 		    res->deskeyarray_val+i);
9657c478bd9Sstevel@tonic-gate 		debug(KEYSERV_DEBUG, ("gen_3 val %d %x",
96636e852a1SRaja Andra 		    i, *(int *)(res->deskeyarray_val+i)));
9677c478bd9Sstevel@tonic-gate 	}
9687c478bd9Sstevel@tonic-gate 	return (TRUE);
9697c478bd9Sstevel@tonic-gate }
9707c478bd9Sstevel@tonic-gate 
9717c478bd9Sstevel@tonic-gate static void
__key_gen_3_svc_free(deskeyarray * dp)9727c478bd9Sstevel@tonic-gate __key_gen_3_svc_free(deskeyarray *dp)
9737c478bd9Sstevel@tonic-gate {
9747c478bd9Sstevel@tonic-gate 	free(dp->deskeyarray_val);
9757c478bd9Sstevel@tonic-gate }
9767c478bd9Sstevel@tonic-gate 
9777c478bd9Sstevel@tonic-gate static bool_t
__key_getcred_3_svc(uid_t uid,netnamestr * name,getcredres3 * res)9787c478bd9Sstevel@tonic-gate __key_getcred_3_svc(uid_t uid, netnamestr *name, getcredres3 *res)
9797c478bd9Sstevel@tonic-gate {
9807c478bd9Sstevel@tonic-gate 	return (__key_getcred_1_svc(uid, name, (getcredres *)res));
9817c478bd9Sstevel@tonic-gate }
9827c478bd9Sstevel@tonic-gate 
9837c478bd9Sstevel@tonic-gate static bool_t
__key_encrypt_pk_3_svc(uid_t uid,cryptkeyarg3 * arg,cryptkeyres3 * res)9847c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res)
9857c478bd9Sstevel@tonic-gate {
9867c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("encrypt_pk_3(%d, %s)", uid, arg->remotename));
9877c478bd9Sstevel@tonic-gate 	res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey);
9887c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status)));
9897c478bd9Sstevel@tonic-gate 	return (TRUE);
9907c478bd9Sstevel@tonic-gate }
9917c478bd9Sstevel@tonic-gate 
9927c478bd9Sstevel@tonic-gate static void
__key_encrypt_pk_3_svc_free(cryptkeyres3 * res)9937c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc_free(cryptkeyres3 *res)
9947c478bd9Sstevel@tonic-gate {
9957c478bd9Sstevel@tonic-gate 	if (res->status == KEY_SUCCESS) {
9967c478bd9Sstevel@tonic-gate 		free(res->cryptkeyres3_u.deskey.deskeyarray_val);
9977c478bd9Sstevel@tonic-gate 	}
9987c478bd9Sstevel@tonic-gate }
9997c478bd9Sstevel@tonic-gate 
10007c478bd9Sstevel@tonic-gate static bool_t
__key_decrypt_pk_3(uid_t uid,cryptkeyarg3 * arg,cryptkeyres3 * res)10017c478bd9Sstevel@tonic-gate __key_decrypt_pk_3(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res)
10027c478bd9Sstevel@tonic-gate {
10037c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("decrypt_pk_3(%d, %s)", uid, arg->remotename));
10047c478bd9Sstevel@tonic-gate 	res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey);
10057c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status)));
10067c478bd9Sstevel@tonic-gate 	return (TRUE);
10077c478bd9Sstevel@tonic-gate }
10087c478bd9Sstevel@tonic-gate 
10097c478bd9Sstevel@tonic-gate static void
__key_decrypt_pk_3_free(cryptkeyres3 * res)10107c478bd9Sstevel@tonic-gate __key_decrypt_pk_3_free(cryptkeyres3 *res)
10117c478bd9Sstevel@tonic-gate {
10127c478bd9Sstevel@tonic-gate 	if (res->status == KEY_SUCCESS) {
10137c478bd9Sstevel@tonic-gate 		free(res->cryptkeyres3_u.deskey.deskeyarray_val);
10147c478bd9Sstevel@tonic-gate 	}
10157c478bd9Sstevel@tonic-gate }
10167c478bd9Sstevel@tonic-gate 
10177c478bd9Sstevel@tonic-gate static bool_t
__key_net_put_3_svc(uid_t uid,key_netstarg3 * arg,keystatus * status)10187c478bd9Sstevel@tonic-gate __key_net_put_3_svc(uid_t uid, key_netstarg3 *arg, keystatus *status)
10197c478bd9Sstevel@tonic-gate {
10207c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("net_put_3 (%d, %x)", uid, arg));
10217c478bd9Sstevel@tonic-gate 	*status = pk_netput3(uid, arg);
10227c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("net_put_3 ret %s", strstatus(*status)));
10237c478bd9Sstevel@tonic-gate 	return (TRUE);
10247c478bd9Sstevel@tonic-gate }
10257c478bd9Sstevel@tonic-gate 
10267c478bd9Sstevel@tonic-gate static bool_t
__key_net_get_3_svc(uid_t uid,mechtype * arg,key_netstres3 * keynetname)10277c478bd9Sstevel@tonic-gate __key_net_get_3_svc(uid_t uid, mechtype *arg, key_netstres3 *keynetname)
10287c478bd9Sstevel@tonic-gate {
10297c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("net_get_3 (%d, %x)", uid, arg));
10307c478bd9Sstevel@tonic-gate 	keynetname->status = pk_netget3(uid,
103136e852a1SRaja Andra 	    arg, &keynetname->key_netstres3_u.knet);
10327c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG,
103336e852a1SRaja Andra 	    ("net_get_3 ret %s", strstatus(keynetname->status)));
10347c478bd9Sstevel@tonic-gate 	return (TRUE);
10357c478bd9Sstevel@tonic-gate }
10367c478bd9Sstevel@tonic-gate 
10377c478bd9Sstevel@tonic-gate static void
__key_net_get_3_svc_free(key_netstres3 * keynetname)10387c478bd9Sstevel@tonic-gate __key_net_get_3_svc_free(key_netstres3 *keynetname)
10397c478bd9Sstevel@tonic-gate {
10407c478bd9Sstevel@tonic-gate 	if (keynetname->status == KEY_SUCCESS) {
10417c478bd9Sstevel@tonic-gate 		free(keynetname->key_netstres3_u.knet.st_priv_key.keybuf3_val);
10427c478bd9Sstevel@tonic-gate 		free(keynetname->key_netstres3_u.knet.st_pub_key.keybuf3_val);
10437c478bd9Sstevel@tonic-gate 		free(keynetname->key_netstres3_u.knet.st_netname);
10447c478bd9Sstevel@tonic-gate 	}
10457c478bd9Sstevel@tonic-gate }
10467c478bd9Sstevel@tonic-gate 
10477c478bd9Sstevel@tonic-gate static bool_t
__key_get_conv_3_svc(uid_t uid,deskeyarg3 * arg,cryptkeyres3 * res)10487c478bd9Sstevel@tonic-gate __key_get_conv_3_svc(uid_t uid, deskeyarg3 *arg, cryptkeyres3 *res)
10497c478bd9Sstevel@tonic-gate {
10507c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("get_conv_3(%d %x %x)", uid, arg, res));
10517c478bd9Sstevel@tonic-gate 	res->status = pk_get_conv_key3(uid, arg, res);
10527c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG,
105336e852a1SRaja Andra 	    ("get_conv_3 ret %s", strstatus(res->status)));
10547c478bd9Sstevel@tonic-gate 	return (TRUE);
10557c478bd9Sstevel@tonic-gate }
10567c478bd9Sstevel@tonic-gate 
10577c478bd9Sstevel@tonic-gate /* ARGSUSED */
10587c478bd9Sstevel@tonic-gate static bool_t
__key_clear_3_svc(uid_t uid,void * arg,keystatus * status)10597c478bd9Sstevel@tonic-gate __key_clear_3_svc(uid_t uid, void *arg, keystatus *status)
10607c478bd9Sstevel@tonic-gate {
10617c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("clear_3(%d)", uid));
10627c478bd9Sstevel@tonic-gate 	*status = pk_clear3(uid);
10637c478bd9Sstevel@tonic-gate 	debug(KEYSERV_DEBUG, ("clear_3 ret %s", strstatus(*status)));
10647c478bd9Sstevel@tonic-gate 	return (TRUE);
10657c478bd9Sstevel@tonic-gate }
10667c478bd9Sstevel@tonic-gate 
10677c478bd9Sstevel@tonic-gate /*
10687c478bd9Sstevel@tonic-gate  * RPC boilerplate
10697c478bd9Sstevel@tonic-gate  */
10707c478bd9Sstevel@tonic-gate static void
keyprogram(rqstp,transp)10717c478bd9Sstevel@tonic-gate keyprogram(rqstp, transp)
10727c478bd9Sstevel@tonic-gate 	struct svc_req *rqstp;
10737c478bd9Sstevel@tonic-gate 	SVCXPRT *transp;
10747c478bd9Sstevel@tonic-gate {
10757c478bd9Sstevel@tonic-gate 	union {
10767c478bd9Sstevel@tonic-gate 		keybuf key_set_1_arg;
10777c478bd9Sstevel@tonic-gate 		cryptkeyarg key_encrypt_1_arg;
10787c478bd9Sstevel@tonic-gate 		cryptkeyarg key_decrypt_1_arg;
10797c478bd9Sstevel@tonic-gate 		netnamestr key_getcred_1_arg;
10807c478bd9Sstevel@tonic-gate 		cryptkeyarg key_encrypt_2_arg;
10817c478bd9Sstevel@tonic-gate 		cryptkeyarg key_decrypt_2_arg;
10827c478bd9Sstevel@tonic-gate 		netnamestr key_getcred_2_arg;
10837c478bd9Sstevel@tonic-gate 		cryptkeyarg2 key_encrypt_pk_2_arg;
10847c478bd9Sstevel@tonic-gate 		cryptkeyarg2 key_decrypt_pk_2_arg;
10857c478bd9Sstevel@tonic-gate 		key_netstarg key_net_put_2_arg;
10867c478bd9Sstevel@tonic-gate 		netobj  key_get_conv_2_arg;
10877c478bd9Sstevel@tonic-gate 		keybuf3 key_set_3_arg;
10887c478bd9Sstevel@tonic-gate 		cryptkeyarg3 key_encrypt_3_arg;
10897c478bd9Sstevel@tonic-gate 		cryptkeyarg3 key_decrypt_3_arg;
10907c478bd9Sstevel@tonic-gate 		cryptkeyarg3 key_encrypt_pk_3_arg;
10917c478bd9Sstevel@tonic-gate 		cryptkeyarg3 key_decrypt_pk_3_arg;
10927c478bd9Sstevel@tonic-gate 		keynum_t key_gen_3_arg;
10937c478bd9Sstevel@tonic-gate 		netnamestr key_getcred_3_arg;
10947c478bd9Sstevel@tonic-gate 		key_netstarg3 key_net_put_3_arg;
10957c478bd9Sstevel@tonic-gate 		key_netstarg3 key_net_get_3_arg;
10967c478bd9Sstevel@tonic-gate 		deskeyarg3 key_get_conv_3_arg;
10977c478bd9Sstevel@tonic-gate 	} argument;
10987c478bd9Sstevel@tonic-gate 	union {
10997c478bd9Sstevel@tonic-gate 		keystatus status;
11007c478bd9Sstevel@tonic-gate 		cryptkeyres cres;
11017c478bd9Sstevel@tonic-gate 		des_block key;
11027c478bd9Sstevel@tonic-gate 		getcredres gres;
11037c478bd9Sstevel@tonic-gate 		key_netstres keynetname;
11047c478bd9Sstevel@tonic-gate 		cryptkeyres3 cres3;
11057c478bd9Sstevel@tonic-gate 		deskeyarray keyarray;
11067c478bd9Sstevel@tonic-gate 		getcredres3 gres3;
11077c478bd9Sstevel@tonic-gate 		key_netstres3 keynetname3;
11087c478bd9Sstevel@tonic-gate 	} result;
11097c478bd9Sstevel@tonic-gate 	uint_t gids[MAXGIDS];
11107c478bd9Sstevel@tonic-gate 	char netname_str[MAXNETNAMELEN + 1];
11117c478bd9Sstevel@tonic-gate 	bool_t (*xdr_argument)(), (*xdr_result)();
11127c478bd9Sstevel@tonic-gate 	bool_t (*local)();
11137c478bd9Sstevel@tonic-gate 	void (*local_free)() = NULL;
11147c478bd9Sstevel@tonic-gate 	bool_t retval;
11157c478bd9Sstevel@tonic-gate 	uid_t uid;
11167c478bd9Sstevel@tonic-gate 	int check_auth;
11177c478bd9Sstevel@tonic-gate 
11187c478bd9Sstevel@tonic-gate 	switch (rqstp->rq_proc) {
11197c478bd9Sstevel@tonic-gate 	case NULLPROC:
11207c478bd9Sstevel@tonic-gate 		svc_sendreply(transp, xdr_void, (char *)NULL);
11217c478bd9Sstevel@tonic-gate 		return;
11227c478bd9Sstevel@tonic-gate 
11237c478bd9Sstevel@tonic-gate 	case KEY_SET:
11247c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_keybuf;
11257c478bd9Sstevel@tonic-gate 		xdr_result = xdr_int;
11267c478bd9Sstevel@tonic-gate 		local = __key_set_1_svc;
11277c478bd9Sstevel@tonic-gate 		check_auth = 1;
11287c478bd9Sstevel@tonic-gate 		break;
11297c478bd9Sstevel@tonic-gate 
11307c478bd9Sstevel@tonic-gate 	case KEY_ENCRYPT:
11317c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_cryptkeyarg;
11327c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres;
11337c478bd9Sstevel@tonic-gate 		local = __key_encrypt_1_svc;
11347c478bd9Sstevel@tonic-gate 		check_auth = 1;
11357c478bd9Sstevel@tonic-gate 		break;
11367c478bd9Sstevel@tonic-gate 
11377c478bd9Sstevel@tonic-gate 	case KEY_DECRYPT:
11387c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_cryptkeyarg;
11397c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres;
11407c478bd9Sstevel@tonic-gate 		local = __key_decrypt_1_svc;
11417c478bd9Sstevel@tonic-gate 		check_auth = 1;
11427c478bd9Sstevel@tonic-gate 		break;
11437c478bd9Sstevel@tonic-gate 
11447c478bd9Sstevel@tonic-gate 	case KEY_GEN:
11457c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_void;
11467c478bd9Sstevel@tonic-gate 		xdr_result = xdr_des_block;
11477c478bd9Sstevel@tonic-gate 		local = __key_gen_1_svc;
11487c478bd9Sstevel@tonic-gate 		check_auth = 0;
11497c478bd9Sstevel@tonic-gate 		break;
11507c478bd9Sstevel@tonic-gate 
11517c478bd9Sstevel@tonic-gate 	case KEY_GETCRED:
11527c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_netnamestr;
11537c478bd9Sstevel@tonic-gate 		xdr_result = xdr_getcredres;
11547c478bd9Sstevel@tonic-gate 		local = __key_getcred_1_svc;
11557c478bd9Sstevel@tonic-gate 		result.gres.getcredres_u.cred.gids.gids_val = gids;
11567c478bd9Sstevel@tonic-gate 		check_auth = 0;
11577c478bd9Sstevel@tonic-gate 		break;
11587c478bd9Sstevel@tonic-gate 
11597c478bd9Sstevel@tonic-gate 	case KEY_ENCRYPT_PK:
11607c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_cryptkeyarg2;
11617c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres;
11627c478bd9Sstevel@tonic-gate 		local = __key_encrypt_pk_2_svc;
11637c478bd9Sstevel@tonic-gate 		check_auth = 1;
11647c478bd9Sstevel@tonic-gate 		break;
11657c478bd9Sstevel@tonic-gate 
11667c478bd9Sstevel@tonic-gate 	case KEY_DECRYPT_PK:
11677c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_cryptkeyarg2;
11687c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres;
11697c478bd9Sstevel@tonic-gate 		local = __key_decrypt_pk_2_svc;
11707c478bd9Sstevel@tonic-gate 		check_auth = 1;
11717c478bd9Sstevel@tonic-gate 		break;
11727c478bd9Sstevel@tonic-gate 
11737c478bd9Sstevel@tonic-gate 
11747c478bd9Sstevel@tonic-gate 	case KEY_NET_PUT:
11757c478bd9Sstevel@tonic-gate 		xdr_argument = xdr_key_netstarg;
11767c478bd9Sstevel@tonic-gate 		xdr_result = xdr_keystatus;
11777c478bd9Sstevel@tonic-gate 		local = __key_net_put_2_svc;
11787c478bd9Sstevel@tonic-gate 		check_auth = 1;
11797c478bd9Sstevel@tonic-gate 		break;
11807c478bd9Sstevel@tonic-gate 
11817c478bd9Sstevel@tonic-gate 	case KEY_NET_GET:
11827c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_void;
11837c478bd9Sstevel@tonic-gate 		xdr_result = xdr_key_netstres;
11847c478bd9Sstevel@tonic-gate 		local = __key_net_get_2_svc;
11857c478bd9Sstevel@tonic-gate 		result.keynetname.key_netstres_u.knet.st_netname = netname_str;
11867c478bd9Sstevel@tonic-gate 		check_auth = 1;
11877c478bd9Sstevel@tonic-gate 		break;
11887c478bd9Sstevel@tonic-gate 
11897c478bd9Sstevel@tonic-gate 	case KEY_GET_CONV:
11907c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_keybuf;
11917c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres;
11927c478bd9Sstevel@tonic-gate 		local = __key_get_conv_2_svc;
11937c478bd9Sstevel@tonic-gate 		check_auth = 1;
11947c478bd9Sstevel@tonic-gate 		break;
11957c478bd9Sstevel@tonic-gate 
11967c478bd9Sstevel@tonic-gate 	/*
11977c478bd9Sstevel@tonic-gate 	 * Version 3 procedures follow...
11987c478bd9Sstevel@tonic-gate 	 */
11997c478bd9Sstevel@tonic-gate 
12007c478bd9Sstevel@tonic-gate 	case KEY_SET_3:
12017c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_setkeyarg3;
12027c478bd9Sstevel@tonic-gate 		xdr_result = xdr_keystatus;
12037c478bd9Sstevel@tonic-gate 		local = __key_set_3_svc;
12047c478bd9Sstevel@tonic-gate 		check_auth = 1;
12057c478bd9Sstevel@tonic-gate 		break;
12067c478bd9Sstevel@tonic-gate 
12077c478bd9Sstevel@tonic-gate 	case KEY_ENCRYPT_3:
12087c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_cryptkeyarg3;
12097c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres3;
12107c478bd9Sstevel@tonic-gate 		local = __key_encrypt_3_svc;
12117c478bd9Sstevel@tonic-gate 		check_auth = 1;
12127c478bd9Sstevel@tonic-gate 		break;
12137c478bd9Sstevel@tonic-gate 
12147c478bd9Sstevel@tonic-gate 	case KEY_DECRYPT_3:
12157c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_cryptkeyarg3;
12167c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres3;
12177c478bd9Sstevel@tonic-gate 		local = __key_decrypt_3_svc;
12187c478bd9Sstevel@tonic-gate 		check_auth = 1;
12197c478bd9Sstevel@tonic-gate 		break;
12207c478bd9Sstevel@tonic-gate 
12217c478bd9Sstevel@tonic-gate 	case KEY_GEN_3:
12227c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_keynum_t;
12237c478bd9Sstevel@tonic-gate 		xdr_result = xdr_deskeyarray;
12247c478bd9Sstevel@tonic-gate 		local = __key_gen_3_svc;
12257c478bd9Sstevel@tonic-gate 		local_free = __key_gen_3_svc_free;
12267c478bd9Sstevel@tonic-gate 		check_auth = 0;
12277c478bd9Sstevel@tonic-gate 		break;
12287c478bd9Sstevel@tonic-gate 
12297c478bd9Sstevel@tonic-gate 	case KEY_GETCRED_3:
12307c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_netnamestr;
12317c478bd9Sstevel@tonic-gate 		xdr_result = xdr_getcredres3;
12327c478bd9Sstevel@tonic-gate 		local = __key_getcred_3_svc;
12337c478bd9Sstevel@tonic-gate 		check_auth = 0;
12347c478bd9Sstevel@tonic-gate 		break;
12357c478bd9Sstevel@tonic-gate 
12367c478bd9Sstevel@tonic-gate 	case KEY_ENCRYPT_PK_3:
12377c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_cryptkeyarg3;
12387c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres3;
12397c478bd9Sstevel@tonic-gate 		local = __key_encrypt_pk_3_svc;
12407c478bd9Sstevel@tonic-gate 		local_free = __key_encrypt_pk_3_svc_free;
12417c478bd9Sstevel@tonic-gate 		check_auth = 1;
12427c478bd9Sstevel@tonic-gate 		break;
12437c478bd9Sstevel@tonic-gate 
12447c478bd9Sstevel@tonic-gate 	case KEY_DECRYPT_PK_3:
12457c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_cryptkeyarg3;
12467c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres3;
12477c478bd9Sstevel@tonic-gate 		local = __key_decrypt_pk_3;
12487c478bd9Sstevel@tonic-gate 		local_free = __key_decrypt_pk_3_free;
12497c478bd9Sstevel@tonic-gate 		check_auth = 1;
12507c478bd9Sstevel@tonic-gate 		break;
12517c478bd9Sstevel@tonic-gate 
12527c478bd9Sstevel@tonic-gate 	case KEY_NET_PUT_3:
12537c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_key_netstarg3;
12547c478bd9Sstevel@tonic-gate 		xdr_result = xdr_keystatus;
12557c478bd9Sstevel@tonic-gate 		local = __key_net_put_3_svc;
12567c478bd9Sstevel@tonic-gate 		check_auth = 1;
12577c478bd9Sstevel@tonic-gate 		break;
12587c478bd9Sstevel@tonic-gate 
12597c478bd9Sstevel@tonic-gate 	case KEY_NET_GET_3:
12607c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_mechtype;
12617c478bd9Sstevel@tonic-gate 		xdr_result = xdr_key_netstres3;
12627c478bd9Sstevel@tonic-gate 		local = __key_net_get_3_svc;
12637c478bd9Sstevel@tonic-gate 		local_free = __key_net_get_3_svc_free;
12647c478bd9Sstevel@tonic-gate 		check_auth = 1;
12657c478bd9Sstevel@tonic-gate 		break;
12667c478bd9Sstevel@tonic-gate 
12677c478bd9Sstevel@tonic-gate 	case KEY_GET_CONV_3:
12687c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_deskeyarg3;
12697c478bd9Sstevel@tonic-gate 		xdr_result = xdr_cryptkeyres3;
12707c478bd9Sstevel@tonic-gate 		local = __key_get_conv_3_svc;
12717c478bd9Sstevel@tonic-gate 		check_auth = 1;
12727c478bd9Sstevel@tonic-gate 		break;
12737c478bd9Sstevel@tonic-gate 
12747c478bd9Sstevel@tonic-gate 	case KEY_CLEAR_3:
12757c478bd9Sstevel@tonic-gate 		xdr_argument = (xdrproc_t)xdr_void;
12767c478bd9Sstevel@tonic-gate 		xdr_result = xdr_keystatus;
12777c478bd9Sstevel@tonic-gate 		local = __key_clear_3_svc;
12787c478bd9Sstevel@tonic-gate 		check_auth = 1;
12797c478bd9Sstevel@tonic-gate 		break;
12807c478bd9Sstevel@tonic-gate 
12817c478bd9Sstevel@tonic-gate 	default:
12827c478bd9Sstevel@tonic-gate 		svcerr_noproc(transp);
12837c478bd9Sstevel@tonic-gate 		return;
12847c478bd9Sstevel@tonic-gate 	}
12857c478bd9Sstevel@tonic-gate 	if (check_auth) {
12867c478bd9Sstevel@tonic-gate 		if (!get_auth(transp, rqstp, &uid)) {
12877c478bd9Sstevel@tonic-gate 			if (debugging) {
12887c478bd9Sstevel@tonic-gate 				(void) fprintf(stderr,
12897c478bd9Sstevel@tonic-gate 					"not local privileged process\n");
12907c478bd9Sstevel@tonic-gate 			}
12917c478bd9Sstevel@tonic-gate 			svcerr_weakauth(transp);
12927c478bd9Sstevel@tonic-gate 			return;
12937c478bd9Sstevel@tonic-gate 		}
12947c478bd9Sstevel@tonic-gate 	}
12957c478bd9Sstevel@tonic-gate 
12967c478bd9Sstevel@tonic-gate 	memset((char *)&argument, 0, sizeof (argument));
12977c478bd9Sstevel@tonic-gate 	if (!svc_getargs(transp, xdr_argument, (caddr_t)&argument)) {
12987c478bd9Sstevel@tonic-gate 		svcerr_decode(transp);
12997c478bd9Sstevel@tonic-gate 		return;
13007c478bd9Sstevel@tonic-gate 	}
13017c478bd9Sstevel@tonic-gate 	retval = (*local)(uid, &argument, &result);
13027c478bd9Sstevel@tonic-gate 	if (retval && !svc_sendreply(transp, xdr_result, (char *)&result)) {
13037c478bd9Sstevel@tonic-gate 		if (debugging)
13047c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr, "unable to reply\n");
13057c478bd9Sstevel@tonic-gate 		svcerr_systemerr(transp);
13067c478bd9Sstevel@tonic-gate 	}
13077c478bd9Sstevel@tonic-gate 	if (!svc_freeargs(transp, xdr_argument, (caddr_t)&argument)) {
13087c478bd9Sstevel@tonic-gate 		if (debugging)
13097c478bd9Sstevel@tonic-gate 			(void) fprintf(stderr,
13107c478bd9Sstevel@tonic-gate 			"unable to free arguments\n");
13117c478bd9Sstevel@tonic-gate 		exit(1);
13127c478bd9Sstevel@tonic-gate 	}
13137c478bd9Sstevel@tonic-gate 	if (local_free) {
13147c478bd9Sstevel@tonic-gate 		(*local_free)(&result);
13157c478bd9Sstevel@tonic-gate 	}
13167c478bd9Sstevel@tonic-gate }
13177c478bd9Sstevel@tonic-gate 
13187c478bd9Sstevel@tonic-gate static bool_t
get_auth(trans,rqstp,uid)13197c478bd9Sstevel@tonic-gate get_auth(trans, rqstp, uid)
13207c478bd9Sstevel@tonic-gate 	SVCXPRT *trans;
13217c478bd9Sstevel@tonic-gate 	struct svc_req *rqstp;
13227c478bd9Sstevel@tonic-gate 	uid_t *uid;
13237c478bd9Sstevel@tonic-gate {
13247c478bd9Sstevel@tonic-gate 	svc_local_cred_t cred;
13257c478bd9Sstevel@tonic-gate 
13267c478bd9Sstevel@tonic-gate 	if (!svc_get_local_cred(trans, &cred)) {
13277c478bd9Sstevel@tonic-gate 		if (debugging)
13287c478bd9Sstevel@tonic-gate 			fprintf(stderr, "svc_get_local_cred failed %s %s\n",
13297c478bd9Sstevel@tonic-gate 				trans->xp_netid, trans->xp_tp);
13307c478bd9Sstevel@tonic-gate 		return (FALSE);
13317c478bd9Sstevel@tonic-gate 	}
13327c478bd9Sstevel@tonic-gate 	if (debugging)
13337c478bd9Sstevel@tonic-gate 		fprintf(stderr, "local_uid  %d\n", cred.euid);
13347c478bd9Sstevel@tonic-gate 	if (rqstp->rq_cred.oa_flavor == AUTH_SYS ||
13357c478bd9Sstevel@tonic-gate 	    rqstp->rq_cred.oa_flavor == AUTH_LOOPBACK) {
1336b1cdc720SAlex Wilson 		CTASSERT(sizeof (struct authunix_parms) <= RQCRED_SIZE);
13377c478bd9Sstevel@tonic-gate /* LINTED pointer alignment */
13387c478bd9Sstevel@tonic-gate 		*uid = ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid;
13397c478bd9Sstevel@tonic-gate 		return (*uid == cred.euid || cred.euid == 0);
13407c478bd9Sstevel@tonic-gate 	} else {
13417c478bd9Sstevel@tonic-gate 		*uid = cred.euid;
13427c478bd9Sstevel@tonic-gate 		return (TRUE);
13437c478bd9Sstevel@tonic-gate 	}
13447c478bd9Sstevel@tonic-gate }
13457c478bd9Sstevel@tonic-gate 
13467c478bd9Sstevel@tonic-gate static int
get_cache_size(size)13477c478bd9Sstevel@tonic-gate get_cache_size(size)
13487c478bd9Sstevel@tonic-gate char *size;
13497c478bd9Sstevel@tonic-gate {
13507c478bd9Sstevel@tonic-gate 	int csize, len;
13517c478bd9Sstevel@tonic-gate 
13527c478bd9Sstevel@tonic-gate 	len = (int)strlen(size);
13537c478bd9Sstevel@tonic-gate 	if (len == 0) {
13547c478bd9Sstevel@tonic-gate 		usage();
13557c478bd9Sstevel@tonic-gate 	}
13567c478bd9Sstevel@tonic-gate 
13577c478bd9Sstevel@tonic-gate 	if (size[len-1] == 'M' || size[len-1] == 'm') {
13587c478bd9Sstevel@tonic-gate 		/*
13597c478bd9Sstevel@tonic-gate 		 * cache size in MB
13607c478bd9Sstevel@tonic-gate 		 */
13617c478bd9Sstevel@tonic-gate 		size[len-1] = '\0';
13627c478bd9Sstevel@tonic-gate 		csize = atoi(size);
13637c478bd9Sstevel@tonic-gate 	} else {
13647c478bd9Sstevel@tonic-gate 		csize = atoi(size);
13657c478bd9Sstevel@tonic-gate 		/*
13667c478bd9Sstevel@tonic-gate 		 * negative size indicates number of entries in cache
13677c478bd9Sstevel@tonic-gate 		 */
13687c478bd9Sstevel@tonic-gate 		csize = 0 - csize;
13697c478bd9Sstevel@tonic-gate 	}
13707c478bd9Sstevel@tonic-gate 
13717c478bd9Sstevel@tonic-gate 	if (csize == 0) {
13727c478bd9Sstevel@tonic-gate 		(void) fprintf(stderr, "invalid cache size: %s\n", size);
13737c478bd9Sstevel@tonic-gate 		usage();
13747c478bd9Sstevel@tonic-gate 	}
13757c478bd9Sstevel@tonic-gate 
13767c478bd9Sstevel@tonic-gate 	return (csize);
13777c478bd9Sstevel@tonic-gate }
13787c478bd9Sstevel@tonic-gate 
13797c478bd9Sstevel@tonic-gate static void
usage()13807c478bd9Sstevel@tonic-gate usage()
13817c478bd9Sstevel@tonic-gate {
13827c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "usage: \n");
13837c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "keyserv [-c]|[-s ");
13847c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "<size>|<mechtype>=<size>[,...]] [-n] [-D] ");
13857c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "[-d | -e] ");
13867c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "[-t threads]\n");
13877c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "-d disables the use of default keys\n");
13887c478bd9Sstevel@tonic-gate 	(void) fprintf(stderr, "-e enables the use of default keys\n");
13897c478bd9Sstevel@tonic-gate 	exit(1);
13907c478bd9Sstevel@tonic-gate }
13917c478bd9Sstevel@tonic-gate 
13927c478bd9Sstevel@tonic-gate static void
defaults(void)13937c478bd9Sstevel@tonic-gate defaults(void)
13947c478bd9Sstevel@tonic-gate {
13957c478bd9Sstevel@tonic-gate 	register int  flags;
13967c478bd9Sstevel@tonic-gate 	register char *ptr;
13977c478bd9Sstevel@tonic-gate 
13987c478bd9Sstevel@tonic-gate 	if (defopen(defaults_file) == 0) {
13997c478bd9Sstevel@tonic-gate 		/*
14007c478bd9Sstevel@tonic-gate 		 * ignore case
14017c478bd9Sstevel@tonic-gate 		 */
14027c478bd9Sstevel@tonic-gate 		flags = defcntl(DC_GETFLAGS, 0);
14037c478bd9Sstevel@tonic-gate 		TURNOFF(flags, DC_CASE);
140406e1a714Sraf 		(void) defcntl(DC_SETFLAGS, flags);
14057c478bd9Sstevel@tonic-gate 
14067c478bd9Sstevel@tonic-gate 		if ((ptr = defread("ENABLE_NOBODY_KEYS=")) != NULL) {
14077c478bd9Sstevel@tonic-gate 			if (strcasecmp(ptr, "NO") == 0) {
14087c478bd9Sstevel@tonic-gate 				use_nobody_keys = FALSE;
14097c478bd9Sstevel@tonic-gate 			}
14107c478bd9Sstevel@tonic-gate 		}
14117c478bd9Sstevel@tonic-gate 
14127c478bd9Sstevel@tonic-gate 		(void) defopen((char *)NULL);
14137c478bd9Sstevel@tonic-gate 	}
14147c478bd9Sstevel@tonic-gate }
1415