17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5a0368f78Speteh * Common Development and Distribution License (the "License"). 6a0368f78Speteh * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 2106e1a714Sraf 227c478bd9Sstevel@tonic-gate /* 23b1cdc720SAlex Wilson * Copyright 2017 Joyent Inc 2436e852a1SRaja Andra * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 257c478bd9Sstevel@tonic-gate * Use is subject to license terms. 267c478bd9Sstevel@tonic-gate */ 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 297c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate /* 327c478bd9Sstevel@tonic-gate * University Copyright- Copyright (c) 1982, 1986, 1988 337c478bd9Sstevel@tonic-gate * The Regents of the University of California 347c478bd9Sstevel@tonic-gate * All Rights Reserved 357c478bd9Sstevel@tonic-gate * 367c478bd9Sstevel@tonic-gate * University Acknowledgment- Portions of this document are derived from 377c478bd9Sstevel@tonic-gate * software developed by the University of California, Berkeley, and its 387c478bd9Sstevel@tonic-gate * contributors. 397c478bd9Sstevel@tonic-gate */ 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate /* 427c478bd9Sstevel@tonic-gate * keyserv - server for storing private encryption keys 437c478bd9Sstevel@tonic-gate * keyserv(1M) performs multiple functions: it stores secret keys per uid; it 447c478bd9Sstevel@tonic-gate * performs public key encryption and decryption operations; and it generates 457c478bd9Sstevel@tonic-gate * "random" keys. keyserv(1M) will talk to no one but a local root process on 467c478bd9Sstevel@tonic-gate * the local transport only. 477c478bd9Sstevel@tonic-gate */ 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate #include <stdio.h> 50004388ebScasper #include <stdio_ext.h> 517c478bd9Sstevel@tonic-gate #include <stdlib.h> 527c478bd9Sstevel@tonic-gate #include <sys/types.h> 537c478bd9Sstevel@tonic-gate #include <sys/stat.h> 547c478bd9Sstevel@tonic-gate #include <sys/uio.h> 557c478bd9Sstevel@tonic-gate #include <unistd.h> 567c478bd9Sstevel@tonic-gate #include <string.h> 577c478bd9Sstevel@tonic-gate #include <deflt.h> 587c478bd9Sstevel@tonic-gate #include <rpc/rpc.h> 597c478bd9Sstevel@tonic-gate #include <sys/param.h> 607c478bd9Sstevel@tonic-gate #include <sys/file.h> 617c478bd9Sstevel@tonic-gate #include <sys/resource.h> 627c478bd9Sstevel@tonic-gate #include <pwd.h> 637c478bd9Sstevel@tonic-gate #include <rpc/des_crypt.h> 647c478bd9Sstevel@tonic-gate #include <rpc/key_prot.h> 657c478bd9Sstevel@tonic-gate #include <thread.h> 667c478bd9Sstevel@tonic-gate #include "rpc/svc_mt.h" 677c478bd9Sstevel@tonic-gate #include <rpcsvc/nis_dhext.h> 687c478bd9Sstevel@tonic-gate #include <syslog.h> 697c478bd9Sstevel@tonic-gate #include <libscf.h> 70b1cdc720SAlex Wilson #include <sys/debug.h> 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate #include "debug.h" 737c478bd9Sstevel@tonic-gate #include "keyserv_cache.h" 747c478bd9Sstevel@tonic-gate 757c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM 767c478bd9Sstevel@tonic-gate extern long random(); 777c478bd9Sstevel@tonic-gate #endif 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate extern keystatus pk_setkey(); 807c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt(); 817c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt(); 827c478bd9Sstevel@tonic-gate extern keystatus pk_netput(); 837c478bd9Sstevel@tonic-gate extern keystatus pk_netget(); 847c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key(); 857c478bd9Sstevel@tonic-gate extern bool_t svc_get_local_cred(); 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate extern keystatus pk_setkey3(); 887c478bd9Sstevel@tonic-gate extern keystatus pk_encrypt3(); 897c478bd9Sstevel@tonic-gate extern keystatus pk_decrypt3(); 907c478bd9Sstevel@tonic-gate extern keystatus pk_netput3(); 917c478bd9Sstevel@tonic-gate extern keystatus pk_netget3(); 927c478bd9Sstevel@tonic-gate extern keystatus pk_get_conv_key3(); 937c478bd9Sstevel@tonic-gate extern keystatus pk_clear3(); 947c478bd9Sstevel@tonic-gate 957c478bd9Sstevel@tonic-gate extern int init_mechs(); 967c478bd9Sstevel@tonic-gate extern int addmasterkey(); 977c478bd9Sstevel@tonic-gate extern int storeotherrootkeys(); 987c478bd9Sstevel@tonic-gate extern int setdeskeyarray(); 997c478bd9Sstevel@tonic-gate 1007c478bd9Sstevel@tonic-gate extern int getdomainname(); 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate static void randomize(); 1037c478bd9Sstevel@tonic-gate static void usage(); 1047c478bd9Sstevel@tonic-gate static void defaults(); 1057c478bd9Sstevel@tonic-gate static int getrootkey(); 1067c478bd9Sstevel@tonic-gate static int get_cache_size(char *); 1077c478bd9Sstevel@tonic-gate static bool_t get_auth(); 1087c478bd9Sstevel@tonic-gate 1097c478bd9Sstevel@tonic-gate #ifdef DEBUG 1107c478bd9Sstevel@tonic-gate extern int test_debug(); 1117c478bd9Sstevel@tonic-gate extern int real_debug(); 1127c478bd9Sstevel@tonic-gate int debugging = 1; 1137c478bd9Sstevel@tonic-gate #else 1147c478bd9Sstevel@tonic-gate int debugging = 0; 1157c478bd9Sstevel@tonic-gate #endif 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate static void keyprogram(); 1187c478bd9Sstevel@tonic-gate static des_block masterkey; 1197c478bd9Sstevel@tonic-gate char *getenv(); 1207c478bd9Sstevel@tonic-gate static char ROOTKEY[] = "/etc/.rootkey"; 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate static char *defaults_file = "/etc/default/keyserv"; 1237c478bd9Sstevel@tonic-gate static int use_nobody_keys = TRUE; 1247c478bd9Sstevel@tonic-gate 1257c478bd9Sstevel@tonic-gate /* 12636e852a1SRaja Andra * Hack to allow the keyserver to use AUTH_DES. The only functions 12736e852a1SRaja Andra * that get called are key_encryptsession_pk, key_decryptsession_pk, 12836e852a1SRaja Andra * and key_gendes. 1297c478bd9Sstevel@tonic-gate * 1307c478bd9Sstevel@tonic-gate * The approach is to have the keyserver fill in pointers to local 1317c478bd9Sstevel@tonic-gate * implementations of these functions, and to call those in key_call(). 1327c478bd9Sstevel@tonic-gate */ 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate bool_t __key_encrypt_pk_2_svc(); 1357c478bd9Sstevel@tonic-gate bool_t __key_decrypt_pk_2_svc(); 1367c478bd9Sstevel@tonic-gate bool_t __key_gen_1_svc(); 1377c478bd9Sstevel@tonic-gate 1387c478bd9Sstevel@tonic-gate extern bool_t (*__key_encryptsession_pk_LOCAL)(); 1397c478bd9Sstevel@tonic-gate extern bool_t (*__key_decryptsession_pk_LOCAL)(); 1407c478bd9Sstevel@tonic-gate extern bool_t (*__key_gendes_LOCAL)(); 1417c478bd9Sstevel@tonic-gate 1427c478bd9Sstevel@tonic-gate static int nthreads = 32; 1437c478bd9Sstevel@tonic-gate 1447c478bd9Sstevel@tonic-gate /* Disk caching of common keys on by default */ 1457c478bd9Sstevel@tonic-gate int disk_caching = 1; 1467c478bd9Sstevel@tonic-gate 1477c478bd9Sstevel@tonic-gate mechanism_t **mechs; 1487c478bd9Sstevel@tonic-gate 1497c478bd9Sstevel@tonic-gate /* 1507c478bd9Sstevel@tonic-gate * The default size for all types of mech. 1517c478bd9Sstevel@tonic-gate * positive integers denote multiples of 1MB 1527c478bd9Sstevel@tonic-gate * negative integers denote number of entries 1537c478bd9Sstevel@tonic-gate * same goes for non-null entries in cache_size 1547c478bd9Sstevel@tonic-gate */ 1557c478bd9Sstevel@tonic-gate static int default_cache = 1; 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate int *cache_size; 1587c478bd9Sstevel@tonic-gate char **cache_options; 1597c478bd9Sstevel@tonic-gate 16049e7ca49Speteh int 16149e7ca49Speteh main(int argc, char *argv[]) 1627c478bd9Sstevel@tonic-gate { 1637c478bd9Sstevel@tonic-gate int sflag = 0, s1flag = 0, s2flag = 0, nflag = 0, dflag = 0, eflag = 0; 1647c478bd9Sstevel@tonic-gate char *options, *value; 1657c478bd9Sstevel@tonic-gate extern char *optarg; 1667c478bd9Sstevel@tonic-gate extern int optind; 1677c478bd9Sstevel@tonic-gate int c, d; 1687c478bd9Sstevel@tonic-gate struct rlimit rl; 1697c478bd9Sstevel@tonic-gate int mode = RPC_SVC_MT_AUTO; 1707c478bd9Sstevel@tonic-gate int maxrecsz = RPC_MAXDATASIZE; 1717c478bd9Sstevel@tonic-gate 17249e7ca49Speteh void detachfromtty(void); 1737c478bd9Sstevel@tonic-gate int setmodulus(); 1747c478bd9Sstevel@tonic-gate int pk_nodefaultkeys(); 1757c478bd9Sstevel@tonic-gate int svc_create_local_service(); 1767c478bd9Sstevel@tonic-gate 1777c478bd9Sstevel@tonic-gate char domainname[MAXNETNAMELEN + 1]; 1787c478bd9Sstevel@tonic-gate 1797c478bd9Sstevel@tonic-gate /* 1807c478bd9Sstevel@tonic-gate * Set our allowed number of file descriptors to the max 1817c478bd9Sstevel@tonic-gate * of what the system will allow, limited by FD_SETSIZE. 1827c478bd9Sstevel@tonic-gate */ 1837c478bd9Sstevel@tonic-gate if (getrlimit(RLIMIT_NOFILE, &rl) == 0) { 1847c478bd9Sstevel@tonic-gate rlim_t limit; 1857c478bd9Sstevel@tonic-gate 1867c478bd9Sstevel@tonic-gate if ((limit = rl.rlim_max) > FD_SETSIZE) 1877c478bd9Sstevel@tonic-gate limit = FD_SETSIZE; 1887c478bd9Sstevel@tonic-gate rl.rlim_cur = limit; 1897c478bd9Sstevel@tonic-gate (void) setrlimit(RLIMIT_NOFILE, &rl); 190004388ebScasper (void) enable_extended_FILE_stdio(-1, -1); 1917c478bd9Sstevel@tonic-gate } 1927c478bd9Sstevel@tonic-gate 1937c478bd9Sstevel@tonic-gate __key_encryptsession_pk_LOCAL = &__key_encrypt_pk_2_svc; 1947c478bd9Sstevel@tonic-gate __key_decryptsession_pk_LOCAL = &__key_decrypt_pk_2_svc; 1957c478bd9Sstevel@tonic-gate __key_gendes_LOCAL = &__key_gen_1_svc; 1967c478bd9Sstevel@tonic-gate 1977c478bd9Sstevel@tonic-gate /* 1987c478bd9Sstevel@tonic-gate * Pre-option initialisation 1997c478bd9Sstevel@tonic-gate */ 2007c478bd9Sstevel@tonic-gate (void) umask(066); /* paranoia */ 2017c478bd9Sstevel@tonic-gate if (geteuid() != 0) { 2027c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s must be run as root\n", argv[0]); 2037c478bd9Sstevel@tonic-gate exit(1); 2047c478bd9Sstevel@tonic-gate } 2057c478bd9Sstevel@tonic-gate setmodulus(HEXMODULUS); 2067c478bd9Sstevel@tonic-gate openlog("keyserv", LOG_PID, LOG_DAEMON); 2077c478bd9Sstevel@tonic-gate 2087c478bd9Sstevel@tonic-gate /* 2097c478bd9Sstevel@tonic-gate * keyserv will not work with a null domainname. 2107c478bd9Sstevel@tonic-gate */ 2117c478bd9Sstevel@tonic-gate if (getdomainname(domainname, MAXNETNAMELEN+1) || 2127c478bd9Sstevel@tonic-gate (domainname[0] == '\0')) { 21336e852a1SRaja Andra syslog(LOG_ERR, "could not get a valid domainname.\n"); 21436e852a1SRaja Andra exit(SMF_EXIT_ERR_CONFIG); 2157c478bd9Sstevel@tonic-gate } 2167c478bd9Sstevel@tonic-gate 2177c478bd9Sstevel@tonic-gate /* 2187c478bd9Sstevel@tonic-gate * Initialise security mechanisms 2197c478bd9Sstevel@tonic-gate */ 2207c478bd9Sstevel@tonic-gate cache_size = NULL; 2217c478bd9Sstevel@tonic-gate cache_options = NULL; 2227c478bd9Sstevel@tonic-gate if (init_mechs() == -1) { 2237c478bd9Sstevel@tonic-gate disk_caching = 0; 2247c478bd9Sstevel@tonic-gate } 2257c478bd9Sstevel@tonic-gate 2267c478bd9Sstevel@tonic-gate defaults(); 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate while ((c = getopt(argc, argv, "ndDet:cs:")) != -1) 2297c478bd9Sstevel@tonic-gate switch (c) { 2307c478bd9Sstevel@tonic-gate case 'n': 2317c478bd9Sstevel@tonic-gate nflag++; 2327c478bd9Sstevel@tonic-gate break; 2337c478bd9Sstevel@tonic-gate case 'd': 2347c478bd9Sstevel@tonic-gate dflag++; 2357c478bd9Sstevel@tonic-gate use_nobody_keys = FALSE; 2367c478bd9Sstevel@tonic-gate break; 2377c478bd9Sstevel@tonic-gate case 'e': 2387c478bd9Sstevel@tonic-gate eflag++; 2397c478bd9Sstevel@tonic-gate use_nobody_keys = TRUE; 2407c478bd9Sstevel@tonic-gate break; 2417c478bd9Sstevel@tonic-gate case 'D': 2427c478bd9Sstevel@tonic-gate debugging = 1; 2437c478bd9Sstevel@tonic-gate break; 2447c478bd9Sstevel@tonic-gate case 't': 2457c478bd9Sstevel@tonic-gate nthreads = atoi(optarg); 2467c478bd9Sstevel@tonic-gate break; 2477c478bd9Sstevel@tonic-gate case 'c': 2487c478bd9Sstevel@tonic-gate disk_caching = 0; 2497c478bd9Sstevel@tonic-gate break; 2507c478bd9Sstevel@tonic-gate case 's': 2517c478bd9Sstevel@tonic-gate if (!disk_caching) { 2527c478bd9Sstevel@tonic-gate fprintf(stderr, "missing configuration file"); 2537c478bd9Sstevel@tonic-gate fprintf(stderr, " or -c option specified\n"); 2547c478bd9Sstevel@tonic-gate usage(); 2557c478bd9Sstevel@tonic-gate } 2567c478bd9Sstevel@tonic-gate sflag++; 2577c478bd9Sstevel@tonic-gate /* 2587c478bd9Sstevel@tonic-gate * Which version of [-s] do we have...? 2597c478bd9Sstevel@tonic-gate */ 2607c478bd9Sstevel@tonic-gate if (strchr((const char *) optarg, '=') == NULL) { 2617c478bd9Sstevel@tonic-gate /* 2627c478bd9Sstevel@tonic-gate * -s <size> 2637c478bd9Sstevel@tonic-gate */ 2647c478bd9Sstevel@tonic-gate if (s1flag) { 26536e852a1SRaja Andra fprintf(stderr, "duplicate" 26636e852a1SRaja Andra " [-s <size>]\n"); 2677c478bd9Sstevel@tonic-gate usage(); 2687c478bd9Sstevel@tonic-gate } 2697c478bd9Sstevel@tonic-gate s1flag++; 2707c478bd9Sstevel@tonic-gate default_cache = get_cache_size(optarg); 2717c478bd9Sstevel@tonic-gate break; 2727c478bd9Sstevel@tonic-gate } 2737c478bd9Sstevel@tonic-gate /* 2747c478bd9Sstevel@tonic-gate * -s <mechtype>=<size>[,...] 2757c478bd9Sstevel@tonic-gate */ 2767c478bd9Sstevel@tonic-gate s2flag++; 2777c478bd9Sstevel@tonic-gate options = optarg; 2787c478bd9Sstevel@tonic-gate while (*options != '\0') { 2797c478bd9Sstevel@tonic-gate d = getsubopt(&options, cache_options, &value); 2807c478bd9Sstevel@tonic-gate if (d == -1) { 2817c478bd9Sstevel@tonic-gate /* Ignore unknown mechtype */ 2827c478bd9Sstevel@tonic-gate continue; 2837c478bd9Sstevel@tonic-gate } 2847c478bd9Sstevel@tonic-gate if (value == NULL) { 2857c478bd9Sstevel@tonic-gate fprintf(stderr, 28636e852a1SRaja Andra "missing cache size for " 28736e852a1SRaja Andra "mechtype %s\n", cache_options[d]); 2887c478bd9Sstevel@tonic-gate usage(); 2897c478bd9Sstevel@tonic-gate } 2907c478bd9Sstevel@tonic-gate cache_size[d] = get_cache_size(value); 2917c478bd9Sstevel@tonic-gate } 2927c478bd9Sstevel@tonic-gate break; 2937c478bd9Sstevel@tonic-gate default: 2947c478bd9Sstevel@tonic-gate usage(); 2957c478bd9Sstevel@tonic-gate break; 2967c478bd9Sstevel@tonic-gate } 2977c478bd9Sstevel@tonic-gate 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate if (dflag && eflag) { 3007c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "specify only one of -d and -e\n"); 3017c478bd9Sstevel@tonic-gate usage(); 3027c478bd9Sstevel@tonic-gate } 3037c478bd9Sstevel@tonic-gate 3047c478bd9Sstevel@tonic-gate if (use_nobody_keys == FALSE) { 3057c478bd9Sstevel@tonic-gate pk_nodefaultkeys(); 3067c478bd9Sstevel@tonic-gate } 3077c478bd9Sstevel@tonic-gate 3087c478bd9Sstevel@tonic-gate if (optind != argc) { 3097c478bd9Sstevel@tonic-gate usage(); 3107c478bd9Sstevel@tonic-gate } 3117c478bd9Sstevel@tonic-gate 3127c478bd9Sstevel@tonic-gate if (!disk_caching && sflag) { 3137c478bd9Sstevel@tonic-gate fprintf(stderr, "missing configuration file"); 3147c478bd9Sstevel@tonic-gate fprintf(stderr, " or -c option specified\n"); 3157c478bd9Sstevel@tonic-gate usage(); 3167c478bd9Sstevel@tonic-gate } 3177c478bd9Sstevel@tonic-gate 3187c478bd9Sstevel@tonic-gate if (debugging) { 3197c478bd9Sstevel@tonic-gate if (disk_caching) { 3207c478bd9Sstevel@tonic-gate char **cpp = cache_options; 3217c478bd9Sstevel@tonic-gate int *ip = cache_size; 3227c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "default disk cache size: "); 3237c478bd9Sstevel@tonic-gate if (default_cache < 0) { 3247c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%d entries\n", 32536e852a1SRaja Andra abs(default_cache)); 3267c478bd9Sstevel@tonic-gate } else { 3277c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%dMB\n", default_cache); 3287c478bd9Sstevel@tonic-gate } 3297c478bd9Sstevel@tonic-gate 3307c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "supported mechanisms:\n"); 3317c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\talias\t\tdisk cache size\n"); 3327c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\t=====\t\t===============\n"); 3337c478bd9Sstevel@tonic-gate while (*cpp != NULL) { 3347c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "\t%s\t\t", *cpp++); 3357c478bd9Sstevel@tonic-gate if (*ip < 0) { 3367c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%d entries\n", 33736e852a1SRaja Andra abs(*ip)); 3387c478bd9Sstevel@tonic-gate } else { 3397c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%dMB\n", *ip); 3407c478bd9Sstevel@tonic-gate } 3417c478bd9Sstevel@tonic-gate ip++; 3427c478bd9Sstevel@tonic-gate } 3437c478bd9Sstevel@tonic-gate } else { 3447c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 34536e852a1SRaja Andra "common key disk caching disabled\n"); 3467c478bd9Sstevel@tonic-gate } 3477c478bd9Sstevel@tonic-gate } 3487c478bd9Sstevel@tonic-gate /* 3497c478bd9Sstevel@tonic-gate * Post-option initialisation 3507c478bd9Sstevel@tonic-gate */ 3517c478bd9Sstevel@tonic-gate if (disk_caching) { 3527c478bd9Sstevel@tonic-gate int i; 3537c478bd9Sstevel@tonic-gate for (i = 0; mechs[i]; i++) { 3547c478bd9Sstevel@tonic-gate if ((AUTH_DES_COMPAT_CHK(mechs[i])) || 3557c478bd9Sstevel@tonic-gate (mechs[i]->keylen < 0) || (mechs[i]->algtype < 0)) 3567c478bd9Sstevel@tonic-gate continue; 3577c478bd9Sstevel@tonic-gate create_cache_file(mechs[i]->keylen, mechs[i]->algtype, 35836e852a1SRaja Andra cache_size[i] ? cache_size[i] : default_cache); 3597c478bd9Sstevel@tonic-gate } 3607c478bd9Sstevel@tonic-gate } 3617c478bd9Sstevel@tonic-gate getrootkey(&masterkey, nflag); 3627c478bd9Sstevel@tonic-gate 3637c478bd9Sstevel@tonic-gate /* 3647c478bd9Sstevel@tonic-gate * Set MT mode 3657c478bd9Sstevel@tonic-gate */ 3667c478bd9Sstevel@tonic-gate if (nthreads > 0) { 3677c478bd9Sstevel@tonic-gate (void) rpc_control(RPC_SVC_MTMODE_SET, &mode); 3687c478bd9Sstevel@tonic-gate (void) rpc_control(RPC_SVC_THRMAX_SET, &nthreads); 3697c478bd9Sstevel@tonic-gate } 3707c478bd9Sstevel@tonic-gate 3717c478bd9Sstevel@tonic-gate /* 3727c478bd9Sstevel@tonic-gate * Enable non-blocking mode and maximum record size checks for 3737c478bd9Sstevel@tonic-gate * connection oriented transports. 3747c478bd9Sstevel@tonic-gate */ 3757c478bd9Sstevel@tonic-gate if (!rpc_control(RPC_SVC_CONNMAXREC_SET, &maxrecsz)) { 3767c478bd9Sstevel@tonic-gate syslog(LOG_INFO, "unable to set max RPC record size"); 3777c478bd9Sstevel@tonic-gate } 3787c478bd9Sstevel@tonic-gate 3797c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS, 38036e852a1SRaja Andra "netpath", "keyserv") == 0) { 3817c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 38236e852a1SRaja Andra "%s: unable to create service for version %d\n", 38336e852a1SRaja Andra argv[0], KEY_VERS); 3847c478bd9Sstevel@tonic-gate exit(1); 3857c478bd9Sstevel@tonic-gate } 3867c478bd9Sstevel@tonic-gate 3877c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS2, 38836e852a1SRaja Andra "netpath", "keyserv") == 0) { 3897c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 39036e852a1SRaja Andra "%s: unable to create service for version %d\n", 39136e852a1SRaja Andra argv[0], KEY_VERS2); 3927c478bd9Sstevel@tonic-gate exit(1); 3937c478bd9Sstevel@tonic-gate } 3947c478bd9Sstevel@tonic-gate 3957c478bd9Sstevel@tonic-gate if (svc_create_local_service(keyprogram, KEY_PROG, KEY_VERS3, 39636e852a1SRaja Andra "netpath", "keyserv") == 0) { 3977c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 39836e852a1SRaja Andra "%s: unable to create service for version %d\n", 39936e852a1SRaja Andra argv[0], KEY_VERS3); 4007c478bd9Sstevel@tonic-gate exit(1); 4017c478bd9Sstevel@tonic-gate } 4027c478bd9Sstevel@tonic-gate 4037c478bd9Sstevel@tonic-gate if (!debugging) { 4047c478bd9Sstevel@tonic-gate detachfromtty(); 4057c478bd9Sstevel@tonic-gate } 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS, "door") == 0) { 4087c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 40936e852a1SRaja Andra "%s: unable to create service over doors for version %d\n", 41036e852a1SRaja Andra argv[0], KEY_VERS); 4117c478bd9Sstevel@tonic-gate exit(1); 4127c478bd9Sstevel@tonic-gate } 4137c478bd9Sstevel@tonic-gate 4147c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, "door") == 0) { 4157c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 41636e852a1SRaja Andra "%s: unable to create service over doors for version %d\n", 41736e852a1SRaja Andra argv[0], KEY_VERS2); 4187c478bd9Sstevel@tonic-gate exit(1); 4197c478bd9Sstevel@tonic-gate } 4207c478bd9Sstevel@tonic-gate 4217c478bd9Sstevel@tonic-gate if (svc_create(keyprogram, KEY_PROG, KEY_VERS3, "door") == 0) { 4227c478bd9Sstevel@tonic-gate syslog(LOG_ERR, 42336e852a1SRaja Andra "%s: unable to create service over doors for version %d\n", 42436e852a1SRaja Andra argv[0], KEY_VERS3); 4257c478bd9Sstevel@tonic-gate exit(1); 4267c478bd9Sstevel@tonic-gate } 4277c478bd9Sstevel@tonic-gate 4287c478bd9Sstevel@tonic-gate svc_run(); 4297c478bd9Sstevel@tonic-gate abort(); 4307c478bd9Sstevel@tonic-gate /* NOTREACHED */ 4317c478bd9Sstevel@tonic-gate return (0); 4327c478bd9Sstevel@tonic-gate } 4337c478bd9Sstevel@tonic-gate 4347c478bd9Sstevel@tonic-gate 4357c478bd9Sstevel@tonic-gate /* 4367c478bd9Sstevel@tonic-gate * In the event that we don't get a root password, we try to 4377c478bd9Sstevel@tonic-gate * randomize the master key the best we can 4387c478bd9Sstevel@tonic-gate */ 4397c478bd9Sstevel@tonic-gate static void 4407c478bd9Sstevel@tonic-gate randomize(master) 4417c478bd9Sstevel@tonic-gate des_block *master; 4427c478bd9Sstevel@tonic-gate { 4437c478bd9Sstevel@tonic-gate int i; 4447c478bd9Sstevel@tonic-gate int seed; 4457c478bd9Sstevel@tonic-gate struct timeval tv; 4467c478bd9Sstevel@tonic-gate int shift; 4477c478bd9Sstevel@tonic-gate 4487c478bd9Sstevel@tonic-gate seed = 0; 4497c478bd9Sstevel@tonic-gate for (i = 0; i < 1024; i++) { 4507c478bd9Sstevel@tonic-gate (void) gettimeofday(&tv, (struct timezone *)NULL); 4517c478bd9Sstevel@tonic-gate shift = i % 8 * sizeof (int); 4527c478bd9Sstevel@tonic-gate seed ^= (tv.tv_usec << shift) | (tv.tv_usec >> (32 - shift)); 4537c478bd9Sstevel@tonic-gate } 4547c478bd9Sstevel@tonic-gate #ifdef KEYSERV_RANDOM 4557c478bd9Sstevel@tonic-gate srandom(seed); 4567c478bd9Sstevel@tonic-gate master->key.low = random(); 4577c478bd9Sstevel@tonic-gate master->key.high = random(); 4587c478bd9Sstevel@tonic-gate srandom(seed); 4597c478bd9Sstevel@tonic-gate #else 4607c478bd9Sstevel@tonic-gate /* use stupid dangerous bad rand() */ 4617c478bd9Sstevel@tonic-gate srand(seed); 4627c478bd9Sstevel@tonic-gate master->key.low = rand(); 4637c478bd9Sstevel@tonic-gate master->key.high = rand(); 4647c478bd9Sstevel@tonic-gate srand(seed); 4657c478bd9Sstevel@tonic-gate #endif 4667c478bd9Sstevel@tonic-gate } 4677c478bd9Sstevel@tonic-gate 4687c478bd9Sstevel@tonic-gate static char * 4697c478bd9Sstevel@tonic-gate fgets_ignorenul(char *s, int n, FILE *stream) 4707c478bd9Sstevel@tonic-gate { 4717c478bd9Sstevel@tonic-gate int fildes = fileno(stream); 4727c478bd9Sstevel@tonic-gate int i = 0; 4737c478bd9Sstevel@tonic-gate int rs = 0; 4747c478bd9Sstevel@tonic-gate char c; 4757c478bd9Sstevel@tonic-gate 4767c478bd9Sstevel@tonic-gate if (fildes < 0) 4777c478bd9Sstevel@tonic-gate return (NULL); 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate while (i < n - 1) { 4807c478bd9Sstevel@tonic-gate rs = read(fildes, &c, 1); 4817c478bd9Sstevel@tonic-gate switch (rs) { 4827c478bd9Sstevel@tonic-gate case 1: 4837c478bd9Sstevel@tonic-gate break; 4847c478bd9Sstevel@tonic-gate case 0: 4857c478bd9Sstevel@tonic-gate /* EOF */ 4867c478bd9Sstevel@tonic-gate if (i > 0) 4877c478bd9Sstevel@tonic-gate s[i] = '\0'; 4887c478bd9Sstevel@tonic-gate return (NULL); 4897c478bd9Sstevel@tonic-gate break; 4907c478bd9Sstevel@tonic-gate default: 4917c478bd9Sstevel@tonic-gate return (NULL); 4927c478bd9Sstevel@tonic-gate } 4937c478bd9Sstevel@tonic-gate switch (c) { 4947c478bd9Sstevel@tonic-gate case '\0': 4957c478bd9Sstevel@tonic-gate break; 4967c478bd9Sstevel@tonic-gate case '\n': 4977c478bd9Sstevel@tonic-gate s[i] = c; 4987c478bd9Sstevel@tonic-gate s[++i] = '\0'; 4997c478bd9Sstevel@tonic-gate return (s); 5007c478bd9Sstevel@tonic-gate default: 5017c478bd9Sstevel@tonic-gate if (c != '\0') 5027c478bd9Sstevel@tonic-gate s[i++] = c; 5037c478bd9Sstevel@tonic-gate } 5047c478bd9Sstevel@tonic-gate } 5057c478bd9Sstevel@tonic-gate s[i] = '\0'; 5067c478bd9Sstevel@tonic-gate return (s); 5077c478bd9Sstevel@tonic-gate } 5087c478bd9Sstevel@tonic-gate 5097c478bd9Sstevel@tonic-gate /* Should last until 16384-bit DH keys */ 5107c478bd9Sstevel@tonic-gate #define MAXROOTKEY_LINE_LEN 4224 5117c478bd9Sstevel@tonic-gate #define MAXROOTKEY_LEN 4096 5127c478bd9Sstevel@tonic-gate #define ROOTKEY_FILE "/etc/.rootkey" 5137c478bd9Sstevel@tonic-gate 5147c478bd9Sstevel@tonic-gate static int 5157c478bd9Sstevel@tonic-gate getotherrootkeys(char *name) 5167c478bd9Sstevel@tonic-gate { 5177c478bd9Sstevel@tonic-gate FILE *rootkey; 5187c478bd9Sstevel@tonic-gate char line[MAXROOTKEY_LINE_LEN]; 5197c478bd9Sstevel@tonic-gate char key[MAXROOTKEY_LEN]; 5207c478bd9Sstevel@tonic-gate algtype_t algtype; 5217c478bd9Sstevel@tonic-gate int count = 0; 5227c478bd9Sstevel@tonic-gate 5237c478bd9Sstevel@tonic-gate if (!(rootkey = fopen(ROOTKEY, "r"))) 5247c478bd9Sstevel@tonic-gate return (0); 5257c478bd9Sstevel@tonic-gate 5267c478bd9Sstevel@tonic-gate while (fgets_ignorenul(line, MAXROOTKEY_LINE_LEN, rootkey)) { 5277c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("ROOTKEY %d: %s\n", count, line)); 5287c478bd9Sstevel@tonic-gate count++; 529a0368f78Speteh if (sscanf(line, "%s %d", key, &algtype) < 2) { 530a0368f78Speteh /* 531a0368f78Speteh * No encryption algorithm found in the file 532a0368f78Speteh * (algtype) so default to DES. 533a0368f78Speteh */ 534a0368f78Speteh algtype = AUTH_DES_ALGTYPE; 535a0368f78Speteh } 5367c478bd9Sstevel@tonic-gate if (!strlen(key)) 5377c478bd9Sstevel@tonic-gate continue; 5387c478bd9Sstevel@tonic-gate addmasterkey(key, name, algtype); 5397c478bd9Sstevel@tonic-gate } 5407c478bd9Sstevel@tonic-gate fclose(rootkey); 5417c478bd9Sstevel@tonic-gate return (1); 5427c478bd9Sstevel@tonic-gate } 5437c478bd9Sstevel@tonic-gate 5447c478bd9Sstevel@tonic-gate /* 5457c478bd9Sstevel@tonic-gate * Try to get root's secret key, by prompting if terminal is a tty, else trying 5467c478bd9Sstevel@tonic-gate * from standard input. 5477c478bd9Sstevel@tonic-gate * Returns 1 on success. 5487c478bd9Sstevel@tonic-gate */ 54949e7ca49Speteh static int 5507c478bd9Sstevel@tonic-gate getrootkey(master, prompt) 5517c478bd9Sstevel@tonic-gate des_block *master; 5527c478bd9Sstevel@tonic-gate int prompt; 5537c478bd9Sstevel@tonic-gate { 5547c478bd9Sstevel@tonic-gate char *passwd; 5557c478bd9Sstevel@tonic-gate char name[MAXNETNAMELEN + 1]; 5567c478bd9Sstevel@tonic-gate char secret[HEXKEYBYTES + 1]; 5577c478bd9Sstevel@tonic-gate FILE *fp; 5587c478bd9Sstevel@tonic-gate int passwd2des(); 5597c478bd9Sstevel@tonic-gate int retval; 5607c478bd9Sstevel@tonic-gate 5617c478bd9Sstevel@tonic-gate randomize(master); 5627c478bd9Sstevel@tonic-gate if (!getnetname(name)) { 5637c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "keyserv: \ 5647c478bd9Sstevel@tonic-gate failed to generate host's netname when establishing root's key.\n"); 5657c478bd9Sstevel@tonic-gate return (0); 5667c478bd9Sstevel@tonic-gate } 5677c478bd9Sstevel@tonic-gate if (!prompt) { 5687c478bd9Sstevel@tonic-gate return (getotherrootkeys(name)); 5697c478bd9Sstevel@tonic-gate } 5707c478bd9Sstevel@tonic-gate /* 5717c478bd9Sstevel@tonic-gate * Decrypt yellow pages publickey entry to get secret key 5727c478bd9Sstevel@tonic-gate */ 5737c478bd9Sstevel@tonic-gate passwd = getpass("root password:"); 5747c478bd9Sstevel@tonic-gate passwd2des(passwd, master); 5757c478bd9Sstevel@tonic-gate if (!getsecretkey(name, secret, passwd)) { 5767c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5777c478bd9Sstevel@tonic-gate "Can't find %s's secret key\n", name); 5787c478bd9Sstevel@tonic-gate return (0); 5797c478bd9Sstevel@tonic-gate } 5807c478bd9Sstevel@tonic-gate if (secret[0] == 0) { 5817c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5827c478bd9Sstevel@tonic-gate "Password does not decrypt secret key for %s\n", name); 5837c478bd9Sstevel@tonic-gate return (0); 5847c478bd9Sstevel@tonic-gate } 5857c478bd9Sstevel@tonic-gate if ((fp = fopen(ROOTKEY, "w")) == NULL) { 5867c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 5877c478bd9Sstevel@tonic-gate "Cannot open %s for write\n", ROOTKEY); 5887c478bd9Sstevel@tonic-gate return (0); 5897c478bd9Sstevel@tonic-gate } 5907c478bd9Sstevel@tonic-gate retval = storeotherrootkeys(fp, name, passwd, secret); 5917c478bd9Sstevel@tonic-gate fclose(fp); 5927c478bd9Sstevel@tonic-gate return (retval); 5937c478bd9Sstevel@tonic-gate } 5947c478bd9Sstevel@tonic-gate 5957c478bd9Sstevel@tonic-gate /* 5967c478bd9Sstevel@tonic-gate * Procedures to implement RPC service. These procedures are named 5977c478bd9Sstevel@tonic-gate * differently from the definitions in key_prot.h (generated by rpcgen) 5987c478bd9Sstevel@tonic-gate * because they take different arguments. 5997c478bd9Sstevel@tonic-gate */ 6007c478bd9Sstevel@tonic-gate char * 6017c478bd9Sstevel@tonic-gate strstatus(status) 6027c478bd9Sstevel@tonic-gate keystatus status; 6037c478bd9Sstevel@tonic-gate { 6047c478bd9Sstevel@tonic-gate switch (status) { 6057c478bd9Sstevel@tonic-gate case KEY_SUCCESS: 6067c478bd9Sstevel@tonic-gate return ("KEY_SUCCESS"); 6077c478bd9Sstevel@tonic-gate case KEY_NOSECRET: 6087c478bd9Sstevel@tonic-gate return ("KEY_NOSECRET"); 6097c478bd9Sstevel@tonic-gate case KEY_UNKNOWN: 6107c478bd9Sstevel@tonic-gate return ("KEY_UNKNOWN"); 6117c478bd9Sstevel@tonic-gate case KEY_SYSTEMERR: 6127c478bd9Sstevel@tonic-gate return ("KEY_SYSTEMERR"); 6137c478bd9Sstevel@tonic-gate case KEY_BADALG: 6147c478bd9Sstevel@tonic-gate return ("KEY_BADALG"); 6157c478bd9Sstevel@tonic-gate case KEY_BADLEN: 6167c478bd9Sstevel@tonic-gate return ("KEY_BADLEN"); 6177c478bd9Sstevel@tonic-gate default: 6187c478bd9Sstevel@tonic-gate return ("(bad result code)"); 6197c478bd9Sstevel@tonic-gate } 6207c478bd9Sstevel@tonic-gate } 6217c478bd9Sstevel@tonic-gate 6227c478bd9Sstevel@tonic-gate bool_t 6237c478bd9Sstevel@tonic-gate __key_set_1_svc(uid, key, status) 6247c478bd9Sstevel@tonic-gate uid_t uid; 6257c478bd9Sstevel@tonic-gate keybuf key; 6267c478bd9Sstevel@tonic-gate keystatus *status; 6277c478bd9Sstevel@tonic-gate { 6287c478bd9Sstevel@tonic-gate if (debugging) { 6297c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "set(%d, %.*s) = ", uid, 6307c478bd9Sstevel@tonic-gate sizeof (keybuf), key); 6317c478bd9Sstevel@tonic-gate } 6327c478bd9Sstevel@tonic-gate *status = pk_setkey(uid, key); 6337c478bd9Sstevel@tonic-gate if (debugging) { 6347c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(*status)); 6357c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6367c478bd9Sstevel@tonic-gate } 6377c478bd9Sstevel@tonic-gate return (TRUE); 6387c478bd9Sstevel@tonic-gate } 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate bool_t 6417c478bd9Sstevel@tonic-gate __key_encrypt_pk_2_svc(uid, arg, res) 6427c478bd9Sstevel@tonic-gate uid_t uid; 6437c478bd9Sstevel@tonic-gate cryptkeyarg2 *arg; 6447c478bd9Sstevel@tonic-gate cryptkeyres *res; 6457c478bd9Sstevel@tonic-gate { 6467c478bd9Sstevel@tonic-gate 6477c478bd9Sstevel@tonic-gate if (debugging) { 6487c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid, 6497c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 6507c478bd9Sstevel@tonic-gate arg->deskey.key.low); 6517c478bd9Sstevel@tonic-gate } 6527c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 6537c478bd9Sstevel@tonic-gate res->status = pk_encrypt(uid, arg->remotename, &(arg->remotekey), 6547c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 6557c478bd9Sstevel@tonic-gate if (debugging) { 6567c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 6577c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 6587c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 6597c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 6607c478bd9Sstevel@tonic-gate } else { 6617c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 6627c478bd9Sstevel@tonic-gate } 6637c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6647c478bd9Sstevel@tonic-gate } 6657c478bd9Sstevel@tonic-gate return (TRUE); 6667c478bd9Sstevel@tonic-gate } 6677c478bd9Sstevel@tonic-gate 6687c478bd9Sstevel@tonic-gate bool_t 6697c478bd9Sstevel@tonic-gate __key_decrypt_pk_2_svc(uid, arg, res) 6707c478bd9Sstevel@tonic-gate uid_t uid; 6717c478bd9Sstevel@tonic-gate cryptkeyarg2 *arg; 6727c478bd9Sstevel@tonic-gate cryptkeyres *res; 6737c478bd9Sstevel@tonic-gate { 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate if (debugging) { 6767c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid, 6777c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 6787c478bd9Sstevel@tonic-gate arg->deskey.key.low); 6797c478bd9Sstevel@tonic-gate } 6807c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 6817c478bd9Sstevel@tonic-gate res->status = pk_decrypt(uid, arg->remotename, &(arg->remotekey), 6827c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 6837c478bd9Sstevel@tonic-gate if (debugging) { 6847c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 6857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 6867c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 6877c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 6887c478bd9Sstevel@tonic-gate } else { 6897c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 6907c478bd9Sstevel@tonic-gate } 6917c478bd9Sstevel@tonic-gate (void) fflush(stderr); 6927c478bd9Sstevel@tonic-gate } 6937c478bd9Sstevel@tonic-gate return (TRUE); 6947c478bd9Sstevel@tonic-gate } 6957c478bd9Sstevel@tonic-gate 6967c478bd9Sstevel@tonic-gate bool_t 6977c478bd9Sstevel@tonic-gate __key_net_put_2_svc(uid, arg, status) 6987c478bd9Sstevel@tonic-gate uid_t uid; 6997c478bd9Sstevel@tonic-gate key_netstarg *arg; 7007c478bd9Sstevel@tonic-gate keystatus *status; 7017c478bd9Sstevel@tonic-gate { 7027c478bd9Sstevel@tonic-gate 7037c478bd9Sstevel@tonic-gate if (debugging) { 7047c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ", 7057c478bd9Sstevel@tonic-gate arg->st_netname, sizeof (arg->st_pub_key), 7067c478bd9Sstevel@tonic-gate arg->st_pub_key, sizeof (arg->st_priv_key), 7077c478bd9Sstevel@tonic-gate arg->st_priv_key); 7087c478bd9Sstevel@tonic-gate }; 7097c478bd9Sstevel@tonic-gate 7107c478bd9Sstevel@tonic-gate *status = pk_netput(uid, arg); 7117c478bd9Sstevel@tonic-gate 7127c478bd9Sstevel@tonic-gate if (debugging) { 7137c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(*status)); 7147c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7157c478bd9Sstevel@tonic-gate } 7167c478bd9Sstevel@tonic-gate 7177c478bd9Sstevel@tonic-gate return (TRUE); 7187c478bd9Sstevel@tonic-gate } 7197c478bd9Sstevel@tonic-gate 7207c478bd9Sstevel@tonic-gate /* ARGSUSED */ 7217c478bd9Sstevel@tonic-gate bool_t 7227c478bd9Sstevel@tonic-gate __key_net_get_2_svc(uid, arg, keynetname) 7237c478bd9Sstevel@tonic-gate uid_t uid; 7247c478bd9Sstevel@tonic-gate void *arg; 7257c478bd9Sstevel@tonic-gate key_netstres *keynetname; 7267c478bd9Sstevel@tonic-gate { 7277c478bd9Sstevel@tonic-gate 7287c478bd9Sstevel@tonic-gate if (debugging) 7297c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "net_get(%d) = ", uid); 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate keynetname->status = pk_netget(uid, &keynetname->key_netstres_u.knet); 7327c478bd9Sstevel@tonic-gate if (debugging) { 7337c478bd9Sstevel@tonic-gate if (keynetname->status == KEY_SUCCESS) { 7347c478bd9Sstevel@tonic-gate fprintf(stderr, "<%s, %.*s, %.*s>\n", 7357c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_netname, 7367c478bd9Sstevel@tonic-gate sizeof (keynetname->key_netstres_u.knet.st_pub_key), 7377c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_pub_key, 7387c478bd9Sstevel@tonic-gate sizeof (keynetname->key_netstres_u.knet.st_priv_key), 7397c478bd9Sstevel@tonic-gate keynetname->key_netstres_u.knet.st_priv_key); 7407c478bd9Sstevel@tonic-gate } else { 7417c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "NOT FOUND\n"); 7427c478bd9Sstevel@tonic-gate } 7437c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7447c478bd9Sstevel@tonic-gate } 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate return (TRUE); 7477c478bd9Sstevel@tonic-gate 7487c478bd9Sstevel@tonic-gate } 7497c478bd9Sstevel@tonic-gate 7507c478bd9Sstevel@tonic-gate bool_t 751*dd627aceSToomas Soome __key_get_conv_2_svc(uid_t uid, keybuf arg, cryptkeyres *res) 7527c478bd9Sstevel@tonic-gate { 7537c478bd9Sstevel@tonic-gate 7547c478bd9Sstevel@tonic-gate if (debugging) 7557c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "get_conv(%d, %.*s) = ", uid, 756*dd627aceSToomas Soome sizeof (keybuf), arg); 7577c478bd9Sstevel@tonic-gate 7587c478bd9Sstevel@tonic-gate 7597c478bd9Sstevel@tonic-gate res->status = pk_get_conv_key(uid, arg, res); 7607c478bd9Sstevel@tonic-gate 7617c478bd9Sstevel@tonic-gate if (debugging) { 7627c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 7637c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 7647c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 7657c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 7667c478bd9Sstevel@tonic-gate } else { 7677c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 7687c478bd9Sstevel@tonic-gate } 7697c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7707c478bd9Sstevel@tonic-gate } 7717c478bd9Sstevel@tonic-gate return (TRUE); 7727c478bd9Sstevel@tonic-gate } 7737c478bd9Sstevel@tonic-gate 7747c478bd9Sstevel@tonic-gate 7757c478bd9Sstevel@tonic-gate bool_t 7767c478bd9Sstevel@tonic-gate __key_encrypt_1_svc(uid, arg, res) 7777c478bd9Sstevel@tonic-gate uid_t uid; 7787c478bd9Sstevel@tonic-gate cryptkeyarg *arg; 7797c478bd9Sstevel@tonic-gate cryptkeyres *res; 7807c478bd9Sstevel@tonic-gate { 7817c478bd9Sstevel@tonic-gate 7827c478bd9Sstevel@tonic-gate if (debugging) { 7837c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "encrypt(%d, %s, %08x%08x) = ", uid, 7847c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 7857c478bd9Sstevel@tonic-gate arg->deskey.key.low); 7867c478bd9Sstevel@tonic-gate } 7877c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 7887c478bd9Sstevel@tonic-gate res->status = pk_encrypt(uid, arg->remotename, NULL, 7897c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 7907c478bd9Sstevel@tonic-gate if (debugging) { 7917c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 7927c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 7937c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 7947c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 7957c478bd9Sstevel@tonic-gate } else { 7967c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 7977c478bd9Sstevel@tonic-gate } 7987c478bd9Sstevel@tonic-gate (void) fflush(stderr); 7997c478bd9Sstevel@tonic-gate } 8007c478bd9Sstevel@tonic-gate return (TRUE); 8017c478bd9Sstevel@tonic-gate } 8027c478bd9Sstevel@tonic-gate 8037c478bd9Sstevel@tonic-gate bool_t 8047c478bd9Sstevel@tonic-gate __key_decrypt_1_svc(uid, arg, res) 8057c478bd9Sstevel@tonic-gate uid_t uid; 8067c478bd9Sstevel@tonic-gate cryptkeyarg *arg; 8077c478bd9Sstevel@tonic-gate cryptkeyres *res; 8087c478bd9Sstevel@tonic-gate { 8097c478bd9Sstevel@tonic-gate if (debugging) { 8107c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "decrypt(%d, %s, %08x%08x) = ", uid, 8117c478bd9Sstevel@tonic-gate arg->remotename, arg->deskey.key.high, 8127c478bd9Sstevel@tonic-gate arg->deskey.key.low); 8137c478bd9Sstevel@tonic-gate } 8147c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey = arg->deskey; 8157c478bd9Sstevel@tonic-gate res->status = pk_decrypt(uid, arg->remotename, NULL, 8167c478bd9Sstevel@tonic-gate &res->cryptkeyres_u.deskey); 8177c478bd9Sstevel@tonic-gate if (debugging) { 8187c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 8197c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%08x%08x\n", 8207c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.high, 8217c478bd9Sstevel@tonic-gate res->cryptkeyres_u.deskey.key.low); 8227c478bd9Sstevel@tonic-gate } else { 8237c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 8247c478bd9Sstevel@tonic-gate } 8257c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8267c478bd9Sstevel@tonic-gate } 8277c478bd9Sstevel@tonic-gate return (TRUE); 8287c478bd9Sstevel@tonic-gate } 8297c478bd9Sstevel@tonic-gate 8307c478bd9Sstevel@tonic-gate /* ARGSUSED */ 8317c478bd9Sstevel@tonic-gate bool_t 8327c478bd9Sstevel@tonic-gate __key_gen_1_svc(v, s, key) 8337c478bd9Sstevel@tonic-gate void *v; 8347c478bd9Sstevel@tonic-gate struct svc_req *s; 8357c478bd9Sstevel@tonic-gate des_block *key; 8367c478bd9Sstevel@tonic-gate { 8377c478bd9Sstevel@tonic-gate struct timeval time; 8387c478bd9Sstevel@tonic-gate static des_block keygen; 8397c478bd9Sstevel@tonic-gate static mutex_t keygen_mutex = DEFAULTMUTEX; 8407c478bd9Sstevel@tonic-gate int r; 8417c478bd9Sstevel@tonic-gate 8427c478bd9Sstevel@tonic-gate (void) gettimeofday(&time, (struct timezone *)NULL); 8437c478bd9Sstevel@tonic-gate (void) mutex_lock(&keygen_mutex); 8447c478bd9Sstevel@tonic-gate keygen.key.high += (time.tv_sec ^ time.tv_usec); 8457c478bd9Sstevel@tonic-gate keygen.key.low += (time.tv_sec ^ time.tv_usec); 8467c478bd9Sstevel@tonic-gate r = ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen), 8477c478bd9Sstevel@tonic-gate DES_ENCRYPT | DES_HW); 8487c478bd9Sstevel@tonic-gate if (r != DESERR_NONE && r != DESERR_NOHWDEVICE) { 8497c478bd9Sstevel@tonic-gate mutex_unlock(&keygen_mutex); 8507c478bd9Sstevel@tonic-gate return (FALSE); 8517c478bd9Sstevel@tonic-gate } 8527c478bd9Sstevel@tonic-gate *key = keygen; 8537c478bd9Sstevel@tonic-gate mutex_unlock(&keygen_mutex); 8547c478bd9Sstevel@tonic-gate 8557c478bd9Sstevel@tonic-gate des_setparity_g(key); 8567c478bd9Sstevel@tonic-gate if (debugging) { 8577c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "gen() = %08x%08x\n", key->key.high, 8587c478bd9Sstevel@tonic-gate key->key.low); 8597c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8607c478bd9Sstevel@tonic-gate } 8617c478bd9Sstevel@tonic-gate return (TRUE); 8627c478bd9Sstevel@tonic-gate } 8637c478bd9Sstevel@tonic-gate 8647c478bd9Sstevel@tonic-gate /* ARGSUSED */ 8657c478bd9Sstevel@tonic-gate bool_t 8667c478bd9Sstevel@tonic-gate __key_getcred_1_svc(uid, name, res) 8677c478bd9Sstevel@tonic-gate uid_t uid; 8687c478bd9Sstevel@tonic-gate netnamestr *name; 8697c478bd9Sstevel@tonic-gate getcredres *res; 8707c478bd9Sstevel@tonic-gate { 8717c478bd9Sstevel@tonic-gate struct unixcred *cred; 8727c478bd9Sstevel@tonic-gate 8737c478bd9Sstevel@tonic-gate cred = &res->getcredres_u.cred; 8747c478bd9Sstevel@tonic-gate if (!netname2user(*name, (uid_t *)&cred->uid, (gid_t *)&cred->gid, 8757c478bd9Sstevel@tonic-gate (int *)&cred->gids.gids_len, 8767c478bd9Sstevel@tonic-gate (gid_t *)cred->gids.gids_val)) { 8777c478bd9Sstevel@tonic-gate res->status = KEY_UNKNOWN; 8787c478bd9Sstevel@tonic-gate } else { 8797c478bd9Sstevel@tonic-gate res->status = KEY_SUCCESS; 8807c478bd9Sstevel@tonic-gate } 8817c478bd9Sstevel@tonic-gate if (debugging) { 8827c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "getcred(%s) = ", *name); 8837c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 8847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n", 8857c478bd9Sstevel@tonic-gate cred->uid, cred->gid, cred->gids.gids_len); 8867c478bd9Sstevel@tonic-gate } else { 8877c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", strstatus(res->status)); 8887c478bd9Sstevel@tonic-gate } 8897c478bd9Sstevel@tonic-gate (void) fflush(stderr); 8907c478bd9Sstevel@tonic-gate } 8917c478bd9Sstevel@tonic-gate return (TRUE); 8927c478bd9Sstevel@tonic-gate } 8937c478bd9Sstevel@tonic-gate 8947c478bd9Sstevel@tonic-gate /* 8957c478bd9Sstevel@tonic-gate * Version 3 procedures follow... 8967c478bd9Sstevel@tonic-gate */ 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate static bool_t 8997c478bd9Sstevel@tonic-gate __key_set_3_svc(uid_t uid, setkeyarg3 *arg, keystatus *status) 9007c478bd9Sstevel@tonic-gate { 9017c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("__key_set_3_svc(%d, %d, %d)", 90236e852a1SRaja Andra uid, arg->algtype, arg->keylen)); 9037c478bd9Sstevel@tonic-gate *status = pk_setkey3(uid, arg); 9047c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("__key_set_3_svc %s", strstatus(*status))); 9057c478bd9Sstevel@tonic-gate return (TRUE); 9067c478bd9Sstevel@tonic-gate } 9077c478bd9Sstevel@tonic-gate 9087c478bd9Sstevel@tonic-gate static bool_t 9097c478bd9Sstevel@tonic-gate __key_encrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9107c478bd9Sstevel@tonic-gate { 9117c478bd9Sstevel@tonic-gate int len, i; 9127c478bd9Sstevel@tonic-gate des_block *dp; 9137c478bd9Sstevel@tonic-gate 9147c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_3(%d %d %s)", uid, 91536e852a1SRaja Andra arg->deskey.deskeyarray_len, arg->remotename)); 9167c478bd9Sstevel@tonic-gate res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9177c478bd9Sstevel@tonic-gate len = res->cryptkeyres3_u.deskey.deskeyarray_len; 9187c478bd9Sstevel@tonic-gate dp = res->cryptkeyres3_u.deskey.deskeyarray_val; 9197c478bd9Sstevel@tonic-gate for (i = 0; i < len; i++) { 9207c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("encrypt_3 retval[%d] == (%x,%x)", 92136e852a1SRaja Andra i, dp->key.high, dp->key.low)); 9227c478bd9Sstevel@tonic-gate dp++; 9237c478bd9Sstevel@tonic-gate } 9247c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_3 returned %s", strstatus(res->status))); 9257c478bd9Sstevel@tonic-gate return (TRUE); 9267c478bd9Sstevel@tonic-gate } 9277c478bd9Sstevel@tonic-gate 9287c478bd9Sstevel@tonic-gate static bool_t 9297c478bd9Sstevel@tonic-gate __key_decrypt_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9307c478bd9Sstevel@tonic-gate { 9317c478bd9Sstevel@tonic-gate int len, i; 9327c478bd9Sstevel@tonic-gate des_block *dp; 9337c478bd9Sstevel@tonic-gate 9347c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_3(%d, %d, %s)", uid, 93536e852a1SRaja Andra arg->deskey.deskeyarray_len, arg->remotename)); 9367c478bd9Sstevel@tonic-gate res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9377c478bd9Sstevel@tonic-gate len = res->cryptkeyres3_u.deskey.deskeyarray_len; 9387c478bd9Sstevel@tonic-gate dp = res->cryptkeyres3_u.deskey.deskeyarray_val; 9397c478bd9Sstevel@tonic-gate for (i = 0; i < len; i++) { 9407c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG0, ("decrypt_3 retval[%d] == (%x,%x)", 94136e852a1SRaja Andra i, dp->key.high, dp->key.low)); 9427c478bd9Sstevel@tonic-gate dp++; 9437c478bd9Sstevel@tonic-gate } 9447c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_3 returned %s", strstatus(res->status))); 9457c478bd9Sstevel@tonic-gate return (TRUE); 9467c478bd9Sstevel@tonic-gate } 9477c478bd9Sstevel@tonic-gate 9487c478bd9Sstevel@tonic-gate /* ARGSUSED */ 9497c478bd9Sstevel@tonic-gate static bool_t 9507c478bd9Sstevel@tonic-gate __key_gen_3_svc(void *v, keynum_t *kp, deskeyarray *res) 9517c478bd9Sstevel@tonic-gate { 9527c478bd9Sstevel@tonic-gate int i; 9537c478bd9Sstevel@tonic-gate keynum_t keynum = *kp; 9547c478bd9Sstevel@tonic-gate 9557c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3(%d %x)", keynum, res)); 9567c478bd9Sstevel@tonic-gate res->deskeyarray_val = 0; 9577c478bd9Sstevel@tonic-gate if (!setdeskeyarray(res, keynum)) { 9587c478bd9Sstevel@tonic-gate return (FALSE); 9597c478bd9Sstevel@tonic-gate } 9607c478bd9Sstevel@tonic-gate for (i = 0; i < keynum; i++) { 9617c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3 calling gen_1 %x", 96236e852a1SRaja Andra res->deskeyarray_val+i)); 9637c478bd9Sstevel@tonic-gate __key_gen_1_svc((void *) NULL, (struct svc_req *)NULL, 96436e852a1SRaja Andra res->deskeyarray_val+i); 9657c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("gen_3 val %d %x", 96636e852a1SRaja Andra i, *(int *)(res->deskeyarray_val+i))); 9677c478bd9Sstevel@tonic-gate } 9687c478bd9Sstevel@tonic-gate return (TRUE); 9697c478bd9Sstevel@tonic-gate } 9707c478bd9Sstevel@tonic-gate 9717c478bd9Sstevel@tonic-gate static void 9727c478bd9Sstevel@tonic-gate __key_gen_3_svc_free(deskeyarray *dp) 9737c478bd9Sstevel@tonic-gate { 9747c478bd9Sstevel@tonic-gate free(dp->deskeyarray_val); 9757c478bd9Sstevel@tonic-gate } 9767c478bd9Sstevel@tonic-gate 9777c478bd9Sstevel@tonic-gate static bool_t 9787c478bd9Sstevel@tonic-gate __key_getcred_3_svc(uid_t uid, netnamestr *name, getcredres3 *res) 9797c478bd9Sstevel@tonic-gate { 9807c478bd9Sstevel@tonic-gate return (__key_getcred_1_svc(uid, name, (getcredres *)res)); 9817c478bd9Sstevel@tonic-gate } 9827c478bd9Sstevel@tonic-gate 9837c478bd9Sstevel@tonic-gate static bool_t 9847c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 9857c478bd9Sstevel@tonic-gate { 9867c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt_pk_3(%d, %s)", uid, arg->remotename)); 9877c478bd9Sstevel@tonic-gate res->status = pk_encrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 9887c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status))); 9897c478bd9Sstevel@tonic-gate return (TRUE); 9907c478bd9Sstevel@tonic-gate } 9917c478bd9Sstevel@tonic-gate 9927c478bd9Sstevel@tonic-gate static void 9937c478bd9Sstevel@tonic-gate __key_encrypt_pk_3_svc_free(cryptkeyres3 *res) 9947c478bd9Sstevel@tonic-gate { 9957c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 9967c478bd9Sstevel@tonic-gate free(res->cryptkeyres3_u.deskey.deskeyarray_val); 9977c478bd9Sstevel@tonic-gate } 9987c478bd9Sstevel@tonic-gate } 9997c478bd9Sstevel@tonic-gate 10007c478bd9Sstevel@tonic-gate static bool_t 10017c478bd9Sstevel@tonic-gate __key_decrypt_pk_3(uid_t uid, cryptkeyarg3 *arg, cryptkeyres3 *res) 10027c478bd9Sstevel@tonic-gate { 10037c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("decrypt_pk_3(%d, %s)", uid, arg->remotename)); 10047c478bd9Sstevel@tonic-gate res->status = pk_decrypt3(uid, arg, &res->cryptkeyres3_u.deskey); 10057c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("encrypt returned %s", strstatus(res->status))); 10067c478bd9Sstevel@tonic-gate return (TRUE); 10077c478bd9Sstevel@tonic-gate } 10087c478bd9Sstevel@tonic-gate 10097c478bd9Sstevel@tonic-gate static void 10107c478bd9Sstevel@tonic-gate __key_decrypt_pk_3_free(cryptkeyres3 *res) 10117c478bd9Sstevel@tonic-gate { 10127c478bd9Sstevel@tonic-gate if (res->status == KEY_SUCCESS) { 10137c478bd9Sstevel@tonic-gate free(res->cryptkeyres3_u.deskey.deskeyarray_val); 10147c478bd9Sstevel@tonic-gate } 10157c478bd9Sstevel@tonic-gate } 10167c478bd9Sstevel@tonic-gate 10177c478bd9Sstevel@tonic-gate static bool_t 10187c478bd9Sstevel@tonic-gate __key_net_put_3_svc(uid_t uid, key_netstarg3 *arg, keystatus *status) 10197c478bd9Sstevel@tonic-gate { 10207c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_put_3 (%d, %x)", uid, arg)); 10217c478bd9Sstevel@tonic-gate *status = pk_netput3(uid, arg); 10227c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_put_3 ret %s", strstatus(*status))); 10237c478bd9Sstevel@tonic-gate return (TRUE); 10247c478bd9Sstevel@tonic-gate } 10257c478bd9Sstevel@tonic-gate 10267c478bd9Sstevel@tonic-gate static bool_t 10277c478bd9Sstevel@tonic-gate __key_net_get_3_svc(uid_t uid, mechtype *arg, key_netstres3 *keynetname) 10287c478bd9Sstevel@tonic-gate { 10297c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("net_get_3 (%d, %x)", uid, arg)); 10307c478bd9Sstevel@tonic-gate keynetname->status = pk_netget3(uid, 103136e852a1SRaja Andra arg, &keynetname->key_netstres3_u.knet); 10327c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, 103336e852a1SRaja Andra ("net_get_3 ret %s", strstatus(keynetname->status))); 10347c478bd9Sstevel@tonic-gate return (TRUE); 10357c478bd9Sstevel@tonic-gate } 10367c478bd9Sstevel@tonic-gate 10377c478bd9Sstevel@tonic-gate static void 10387c478bd9Sstevel@tonic-gate __key_net_get_3_svc_free(key_netstres3 *keynetname) 10397c478bd9Sstevel@tonic-gate { 10407c478bd9Sstevel@tonic-gate if (keynetname->status == KEY_SUCCESS) { 10417c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_priv_key.keybuf3_val); 10427c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_pub_key.keybuf3_val); 10437c478bd9Sstevel@tonic-gate free(keynetname->key_netstres3_u.knet.st_netname); 10447c478bd9Sstevel@tonic-gate } 10457c478bd9Sstevel@tonic-gate } 10467c478bd9Sstevel@tonic-gate 10477c478bd9Sstevel@tonic-gate static bool_t 10487c478bd9Sstevel@tonic-gate __key_get_conv_3_svc(uid_t uid, deskeyarg3 *arg, cryptkeyres3 *res) 10497c478bd9Sstevel@tonic-gate { 10507c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("get_conv_3(%d %x %x)", uid, arg, res)); 10517c478bd9Sstevel@tonic-gate res->status = pk_get_conv_key3(uid, arg, res); 10527c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, 105336e852a1SRaja Andra ("get_conv_3 ret %s", strstatus(res->status))); 10547c478bd9Sstevel@tonic-gate return (TRUE); 10557c478bd9Sstevel@tonic-gate } 10567c478bd9Sstevel@tonic-gate 10577c478bd9Sstevel@tonic-gate /* ARGSUSED */ 10587c478bd9Sstevel@tonic-gate static bool_t 10597c478bd9Sstevel@tonic-gate __key_clear_3_svc(uid_t uid, void *arg, keystatus *status) 10607c478bd9Sstevel@tonic-gate { 10617c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("clear_3(%d)", uid)); 10627c478bd9Sstevel@tonic-gate *status = pk_clear3(uid); 10637c478bd9Sstevel@tonic-gate debug(KEYSERV_DEBUG, ("clear_3 ret %s", strstatus(*status))); 10647c478bd9Sstevel@tonic-gate return (TRUE); 10657c478bd9Sstevel@tonic-gate } 10667c478bd9Sstevel@tonic-gate 10677c478bd9Sstevel@tonic-gate /* 10687c478bd9Sstevel@tonic-gate * RPC boilerplate 10697c478bd9Sstevel@tonic-gate */ 10707c478bd9Sstevel@tonic-gate static void 10717c478bd9Sstevel@tonic-gate keyprogram(rqstp, transp) 10727c478bd9Sstevel@tonic-gate struct svc_req *rqstp; 10737c478bd9Sstevel@tonic-gate SVCXPRT *transp; 10747c478bd9Sstevel@tonic-gate { 10757c478bd9Sstevel@tonic-gate union { 10767c478bd9Sstevel@tonic-gate keybuf key_set_1_arg; 10777c478bd9Sstevel@tonic-gate cryptkeyarg key_encrypt_1_arg; 10787c478bd9Sstevel@tonic-gate cryptkeyarg key_decrypt_1_arg; 10797c478bd9Sstevel@tonic-gate netnamestr key_getcred_1_arg; 10807c478bd9Sstevel@tonic-gate cryptkeyarg key_encrypt_2_arg; 10817c478bd9Sstevel@tonic-gate cryptkeyarg key_decrypt_2_arg; 10827c478bd9Sstevel@tonic-gate netnamestr key_getcred_2_arg; 10837c478bd9Sstevel@tonic-gate cryptkeyarg2 key_encrypt_pk_2_arg; 10847c478bd9Sstevel@tonic-gate cryptkeyarg2 key_decrypt_pk_2_arg; 10857c478bd9Sstevel@tonic-gate key_netstarg key_net_put_2_arg; 10867c478bd9Sstevel@tonic-gate netobj key_get_conv_2_arg; 10877c478bd9Sstevel@tonic-gate keybuf3 key_set_3_arg; 10887c478bd9Sstevel@tonic-gate cryptkeyarg3 key_encrypt_3_arg; 10897c478bd9Sstevel@tonic-gate cryptkeyarg3 key_decrypt_3_arg; 10907c478bd9Sstevel@tonic-gate cryptkeyarg3 key_encrypt_pk_3_arg; 10917c478bd9Sstevel@tonic-gate cryptkeyarg3 key_decrypt_pk_3_arg; 10927c478bd9Sstevel@tonic-gate keynum_t key_gen_3_arg; 10937c478bd9Sstevel@tonic-gate netnamestr key_getcred_3_arg; 10947c478bd9Sstevel@tonic-gate key_netstarg3 key_net_put_3_arg; 10957c478bd9Sstevel@tonic-gate key_netstarg3 key_net_get_3_arg; 10967c478bd9Sstevel@tonic-gate deskeyarg3 key_get_conv_3_arg; 10977c478bd9Sstevel@tonic-gate } argument; 10987c478bd9Sstevel@tonic-gate union { 10997c478bd9Sstevel@tonic-gate keystatus status; 11007c478bd9Sstevel@tonic-gate cryptkeyres cres; 11017c478bd9Sstevel@tonic-gate des_block key; 11027c478bd9Sstevel@tonic-gate getcredres gres; 11037c478bd9Sstevel@tonic-gate key_netstres keynetname; 11047c478bd9Sstevel@tonic-gate cryptkeyres3 cres3; 11057c478bd9Sstevel@tonic-gate deskeyarray keyarray; 11067c478bd9Sstevel@tonic-gate getcredres3 gres3; 11077c478bd9Sstevel@tonic-gate key_netstres3 keynetname3; 11087c478bd9Sstevel@tonic-gate } result; 11097c478bd9Sstevel@tonic-gate uint_t gids[MAXGIDS]; 11107c478bd9Sstevel@tonic-gate char netname_str[MAXNETNAMELEN + 1]; 11117c478bd9Sstevel@tonic-gate bool_t (*xdr_argument)(), (*xdr_result)(); 11127c478bd9Sstevel@tonic-gate bool_t (*local)(); 11137c478bd9Sstevel@tonic-gate void (*local_free)() = NULL; 11147c478bd9Sstevel@tonic-gate bool_t retval; 11157c478bd9Sstevel@tonic-gate uid_t uid; 11167c478bd9Sstevel@tonic-gate int check_auth; 11177c478bd9Sstevel@tonic-gate 11187c478bd9Sstevel@tonic-gate switch (rqstp->rq_proc) { 11197c478bd9Sstevel@tonic-gate case NULLPROC: 11207c478bd9Sstevel@tonic-gate svc_sendreply(transp, xdr_void, (char *)NULL); 11217c478bd9Sstevel@tonic-gate return; 11227c478bd9Sstevel@tonic-gate 11237c478bd9Sstevel@tonic-gate case KEY_SET: 11247c478bd9Sstevel@tonic-gate xdr_argument = xdr_keybuf; 11257c478bd9Sstevel@tonic-gate xdr_result = xdr_int; 11267c478bd9Sstevel@tonic-gate local = __key_set_1_svc; 11277c478bd9Sstevel@tonic-gate check_auth = 1; 11287c478bd9Sstevel@tonic-gate break; 11297c478bd9Sstevel@tonic-gate 11307c478bd9Sstevel@tonic-gate case KEY_ENCRYPT: 11317c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg; 11327c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11337c478bd9Sstevel@tonic-gate local = __key_encrypt_1_svc; 11347c478bd9Sstevel@tonic-gate check_auth = 1; 11357c478bd9Sstevel@tonic-gate break; 11367c478bd9Sstevel@tonic-gate 11377c478bd9Sstevel@tonic-gate case KEY_DECRYPT: 11387c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg; 11397c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11407c478bd9Sstevel@tonic-gate local = __key_decrypt_1_svc; 11417c478bd9Sstevel@tonic-gate check_auth = 1; 11427c478bd9Sstevel@tonic-gate break; 11437c478bd9Sstevel@tonic-gate 11447c478bd9Sstevel@tonic-gate case KEY_GEN: 11457c478bd9Sstevel@tonic-gate xdr_argument = xdr_void; 11467c478bd9Sstevel@tonic-gate xdr_result = xdr_des_block; 11477c478bd9Sstevel@tonic-gate local = __key_gen_1_svc; 11487c478bd9Sstevel@tonic-gate check_auth = 0; 11497c478bd9Sstevel@tonic-gate break; 11507c478bd9Sstevel@tonic-gate 11517c478bd9Sstevel@tonic-gate case KEY_GETCRED: 11527c478bd9Sstevel@tonic-gate xdr_argument = xdr_netnamestr; 11537c478bd9Sstevel@tonic-gate xdr_result = xdr_getcredres; 11547c478bd9Sstevel@tonic-gate local = __key_getcred_1_svc; 11557c478bd9Sstevel@tonic-gate result.gres.getcredres_u.cred.gids.gids_val = gids; 11567c478bd9Sstevel@tonic-gate check_auth = 0; 11577c478bd9Sstevel@tonic-gate break; 11587c478bd9Sstevel@tonic-gate 11597c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_PK: 11607c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg2; 11617c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11627c478bd9Sstevel@tonic-gate local = __key_encrypt_pk_2_svc; 11637c478bd9Sstevel@tonic-gate check_auth = 1; 11647c478bd9Sstevel@tonic-gate break; 11657c478bd9Sstevel@tonic-gate 11667c478bd9Sstevel@tonic-gate case KEY_DECRYPT_PK: 11677c478bd9Sstevel@tonic-gate xdr_argument = xdr_cryptkeyarg2; 11687c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11697c478bd9Sstevel@tonic-gate local = __key_decrypt_pk_2_svc; 11707c478bd9Sstevel@tonic-gate check_auth = 1; 11717c478bd9Sstevel@tonic-gate break; 11727c478bd9Sstevel@tonic-gate 11737c478bd9Sstevel@tonic-gate 11747c478bd9Sstevel@tonic-gate case KEY_NET_PUT: 11757c478bd9Sstevel@tonic-gate xdr_argument = xdr_key_netstarg; 11767c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 11777c478bd9Sstevel@tonic-gate local = __key_net_put_2_svc; 11787c478bd9Sstevel@tonic-gate check_auth = 1; 11797c478bd9Sstevel@tonic-gate break; 11807c478bd9Sstevel@tonic-gate 11817c478bd9Sstevel@tonic-gate case KEY_NET_GET: 11827c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_void; 11837c478bd9Sstevel@tonic-gate xdr_result = xdr_key_netstres; 11847c478bd9Sstevel@tonic-gate local = __key_net_get_2_svc; 11857c478bd9Sstevel@tonic-gate result.keynetname.key_netstres_u.knet.st_netname = netname_str; 11867c478bd9Sstevel@tonic-gate check_auth = 1; 11877c478bd9Sstevel@tonic-gate break; 11887c478bd9Sstevel@tonic-gate 11897c478bd9Sstevel@tonic-gate case KEY_GET_CONV: 11907c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_keybuf; 11917c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres; 11927c478bd9Sstevel@tonic-gate local = __key_get_conv_2_svc; 11937c478bd9Sstevel@tonic-gate check_auth = 1; 11947c478bd9Sstevel@tonic-gate break; 11957c478bd9Sstevel@tonic-gate 11967c478bd9Sstevel@tonic-gate /* 11977c478bd9Sstevel@tonic-gate * Version 3 procedures follow... 11987c478bd9Sstevel@tonic-gate */ 11997c478bd9Sstevel@tonic-gate 12007c478bd9Sstevel@tonic-gate case KEY_SET_3: 12017c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_setkeyarg3; 12027c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12037c478bd9Sstevel@tonic-gate local = __key_set_3_svc; 12047c478bd9Sstevel@tonic-gate check_auth = 1; 12057c478bd9Sstevel@tonic-gate break; 12067c478bd9Sstevel@tonic-gate 12077c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_3: 12087c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12097c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12107c478bd9Sstevel@tonic-gate local = __key_encrypt_3_svc; 12117c478bd9Sstevel@tonic-gate check_auth = 1; 12127c478bd9Sstevel@tonic-gate break; 12137c478bd9Sstevel@tonic-gate 12147c478bd9Sstevel@tonic-gate case KEY_DECRYPT_3: 12157c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12167c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12177c478bd9Sstevel@tonic-gate local = __key_decrypt_3_svc; 12187c478bd9Sstevel@tonic-gate check_auth = 1; 12197c478bd9Sstevel@tonic-gate break; 12207c478bd9Sstevel@tonic-gate 12217c478bd9Sstevel@tonic-gate case KEY_GEN_3: 12227c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_keynum_t; 12237c478bd9Sstevel@tonic-gate xdr_result = xdr_deskeyarray; 12247c478bd9Sstevel@tonic-gate local = __key_gen_3_svc; 12257c478bd9Sstevel@tonic-gate local_free = __key_gen_3_svc_free; 12267c478bd9Sstevel@tonic-gate check_auth = 0; 12277c478bd9Sstevel@tonic-gate break; 12287c478bd9Sstevel@tonic-gate 12297c478bd9Sstevel@tonic-gate case KEY_GETCRED_3: 12307c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_netnamestr; 12317c478bd9Sstevel@tonic-gate xdr_result = xdr_getcredres3; 12327c478bd9Sstevel@tonic-gate local = __key_getcred_3_svc; 12337c478bd9Sstevel@tonic-gate check_auth = 0; 12347c478bd9Sstevel@tonic-gate break; 12357c478bd9Sstevel@tonic-gate 12367c478bd9Sstevel@tonic-gate case KEY_ENCRYPT_PK_3: 12377c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12387c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12397c478bd9Sstevel@tonic-gate local = __key_encrypt_pk_3_svc; 12407c478bd9Sstevel@tonic-gate local_free = __key_encrypt_pk_3_svc_free; 12417c478bd9Sstevel@tonic-gate check_auth = 1; 12427c478bd9Sstevel@tonic-gate break; 12437c478bd9Sstevel@tonic-gate 12447c478bd9Sstevel@tonic-gate case KEY_DECRYPT_PK_3: 12457c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_cryptkeyarg3; 12467c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12477c478bd9Sstevel@tonic-gate local = __key_decrypt_pk_3; 12487c478bd9Sstevel@tonic-gate local_free = __key_decrypt_pk_3_free; 12497c478bd9Sstevel@tonic-gate check_auth = 1; 12507c478bd9Sstevel@tonic-gate break; 12517c478bd9Sstevel@tonic-gate 12527c478bd9Sstevel@tonic-gate case KEY_NET_PUT_3: 12537c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_key_netstarg3; 12547c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12557c478bd9Sstevel@tonic-gate local = __key_net_put_3_svc; 12567c478bd9Sstevel@tonic-gate check_auth = 1; 12577c478bd9Sstevel@tonic-gate break; 12587c478bd9Sstevel@tonic-gate 12597c478bd9Sstevel@tonic-gate case KEY_NET_GET_3: 12607c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_mechtype; 12617c478bd9Sstevel@tonic-gate xdr_result = xdr_key_netstres3; 12627c478bd9Sstevel@tonic-gate local = __key_net_get_3_svc; 12637c478bd9Sstevel@tonic-gate local_free = __key_net_get_3_svc_free; 12647c478bd9Sstevel@tonic-gate check_auth = 1; 12657c478bd9Sstevel@tonic-gate break; 12667c478bd9Sstevel@tonic-gate 12677c478bd9Sstevel@tonic-gate case KEY_GET_CONV_3: 12687c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_deskeyarg3; 12697c478bd9Sstevel@tonic-gate xdr_result = xdr_cryptkeyres3; 12707c478bd9Sstevel@tonic-gate local = __key_get_conv_3_svc; 12717c478bd9Sstevel@tonic-gate check_auth = 1; 12727c478bd9Sstevel@tonic-gate break; 12737c478bd9Sstevel@tonic-gate 12747c478bd9Sstevel@tonic-gate case KEY_CLEAR_3: 12757c478bd9Sstevel@tonic-gate xdr_argument = (xdrproc_t)xdr_void; 12767c478bd9Sstevel@tonic-gate xdr_result = xdr_keystatus; 12777c478bd9Sstevel@tonic-gate local = __key_clear_3_svc; 12787c478bd9Sstevel@tonic-gate check_auth = 1; 12797c478bd9Sstevel@tonic-gate break; 12807c478bd9Sstevel@tonic-gate 12817c478bd9Sstevel@tonic-gate default: 12827c478bd9Sstevel@tonic-gate svcerr_noproc(transp); 12837c478bd9Sstevel@tonic-gate return; 12847c478bd9Sstevel@tonic-gate } 12857c478bd9Sstevel@tonic-gate if (check_auth) { 12867c478bd9Sstevel@tonic-gate if (!get_auth(transp, rqstp, &uid)) { 12877c478bd9Sstevel@tonic-gate if (debugging) { 12887c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 12897c478bd9Sstevel@tonic-gate "not local privileged process\n"); 12907c478bd9Sstevel@tonic-gate } 12917c478bd9Sstevel@tonic-gate svcerr_weakauth(transp); 12927c478bd9Sstevel@tonic-gate return; 12937c478bd9Sstevel@tonic-gate } 12947c478bd9Sstevel@tonic-gate } 12957c478bd9Sstevel@tonic-gate 12967c478bd9Sstevel@tonic-gate memset((char *)&argument, 0, sizeof (argument)); 12977c478bd9Sstevel@tonic-gate if (!svc_getargs(transp, xdr_argument, (caddr_t)&argument)) { 12987c478bd9Sstevel@tonic-gate svcerr_decode(transp); 12997c478bd9Sstevel@tonic-gate return; 13007c478bd9Sstevel@tonic-gate } 13017c478bd9Sstevel@tonic-gate retval = (*local)(uid, &argument, &result); 13027c478bd9Sstevel@tonic-gate if (retval && !svc_sendreply(transp, xdr_result, (char *)&result)) { 13037c478bd9Sstevel@tonic-gate if (debugging) 13047c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "unable to reply\n"); 13057c478bd9Sstevel@tonic-gate svcerr_systemerr(transp); 13067c478bd9Sstevel@tonic-gate } 13077c478bd9Sstevel@tonic-gate if (!svc_freeargs(transp, xdr_argument, (caddr_t)&argument)) { 13087c478bd9Sstevel@tonic-gate if (debugging) 13097c478bd9Sstevel@tonic-gate (void) fprintf(stderr, 13107c478bd9Sstevel@tonic-gate "unable to free arguments\n"); 13117c478bd9Sstevel@tonic-gate exit(1); 13127c478bd9Sstevel@tonic-gate } 13137c478bd9Sstevel@tonic-gate if (local_free) { 13147c478bd9Sstevel@tonic-gate (*local_free)(&result); 13157c478bd9Sstevel@tonic-gate } 13167c478bd9Sstevel@tonic-gate } 13177c478bd9Sstevel@tonic-gate 13187c478bd9Sstevel@tonic-gate static bool_t 13197c478bd9Sstevel@tonic-gate get_auth(trans, rqstp, uid) 13207c478bd9Sstevel@tonic-gate SVCXPRT *trans; 13217c478bd9Sstevel@tonic-gate struct svc_req *rqstp; 13227c478bd9Sstevel@tonic-gate uid_t *uid; 13237c478bd9Sstevel@tonic-gate { 13247c478bd9Sstevel@tonic-gate svc_local_cred_t cred; 13257c478bd9Sstevel@tonic-gate 13267c478bd9Sstevel@tonic-gate if (!svc_get_local_cred(trans, &cred)) { 13277c478bd9Sstevel@tonic-gate if (debugging) 13287c478bd9Sstevel@tonic-gate fprintf(stderr, "svc_get_local_cred failed %s %s\n", 13297c478bd9Sstevel@tonic-gate trans->xp_netid, trans->xp_tp); 13307c478bd9Sstevel@tonic-gate return (FALSE); 13317c478bd9Sstevel@tonic-gate } 13327c478bd9Sstevel@tonic-gate if (debugging) 13337c478bd9Sstevel@tonic-gate fprintf(stderr, "local_uid %d\n", cred.euid); 13347c478bd9Sstevel@tonic-gate if (rqstp->rq_cred.oa_flavor == AUTH_SYS || 13357c478bd9Sstevel@tonic-gate rqstp->rq_cred.oa_flavor == AUTH_LOOPBACK) { 1336b1cdc720SAlex Wilson CTASSERT(sizeof (struct authunix_parms) <= RQCRED_SIZE); 13377c478bd9Sstevel@tonic-gate /* LINTED pointer alignment */ 13387c478bd9Sstevel@tonic-gate *uid = ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid; 13397c478bd9Sstevel@tonic-gate return (*uid == cred.euid || cred.euid == 0); 13407c478bd9Sstevel@tonic-gate } else { 13417c478bd9Sstevel@tonic-gate *uid = cred.euid; 13427c478bd9Sstevel@tonic-gate return (TRUE); 13437c478bd9Sstevel@tonic-gate } 13447c478bd9Sstevel@tonic-gate } 13457c478bd9Sstevel@tonic-gate 13467c478bd9Sstevel@tonic-gate static int 13477c478bd9Sstevel@tonic-gate get_cache_size(size) 13487c478bd9Sstevel@tonic-gate char *size; 13497c478bd9Sstevel@tonic-gate { 13507c478bd9Sstevel@tonic-gate int csize, len; 13517c478bd9Sstevel@tonic-gate 13527c478bd9Sstevel@tonic-gate len = (int)strlen(size); 13537c478bd9Sstevel@tonic-gate if (len == 0) { 13547c478bd9Sstevel@tonic-gate usage(); 13557c478bd9Sstevel@tonic-gate } 13567c478bd9Sstevel@tonic-gate 13577c478bd9Sstevel@tonic-gate if (size[len-1] == 'M' || size[len-1] == 'm') { 13587c478bd9Sstevel@tonic-gate /* 13597c478bd9Sstevel@tonic-gate * cache size in MB 13607c478bd9Sstevel@tonic-gate */ 13617c478bd9Sstevel@tonic-gate size[len-1] = '\0'; 13627c478bd9Sstevel@tonic-gate csize = atoi(size); 13637c478bd9Sstevel@tonic-gate } else { 13647c478bd9Sstevel@tonic-gate csize = atoi(size); 13657c478bd9Sstevel@tonic-gate /* 13667c478bd9Sstevel@tonic-gate * negative size indicates number of entries in cache 13677c478bd9Sstevel@tonic-gate */ 13687c478bd9Sstevel@tonic-gate csize = 0 - csize; 13697c478bd9Sstevel@tonic-gate } 13707c478bd9Sstevel@tonic-gate 13717c478bd9Sstevel@tonic-gate if (csize == 0) { 13727c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "invalid cache size: %s\n", size); 13737c478bd9Sstevel@tonic-gate usage(); 13747c478bd9Sstevel@tonic-gate } 13757c478bd9Sstevel@tonic-gate 13767c478bd9Sstevel@tonic-gate return (csize); 13777c478bd9Sstevel@tonic-gate } 13787c478bd9Sstevel@tonic-gate 13797c478bd9Sstevel@tonic-gate static void 13807c478bd9Sstevel@tonic-gate usage() 13817c478bd9Sstevel@tonic-gate { 13827c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "usage: \n"); 13837c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "keyserv [-c]|[-s "); 13847c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "<size>|<mechtype>=<size>[,...]] [-n] [-D] "); 13857c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "[-d | -e] "); 13867c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "[-t threads]\n"); 13877c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "-d disables the use of default keys\n"); 13887c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "-e enables the use of default keys\n"); 13897c478bd9Sstevel@tonic-gate exit(1); 13907c478bd9Sstevel@tonic-gate } 13917c478bd9Sstevel@tonic-gate 13927c478bd9Sstevel@tonic-gate static void 13937c478bd9Sstevel@tonic-gate defaults(void) 13947c478bd9Sstevel@tonic-gate { 13957c478bd9Sstevel@tonic-gate register int flags; 13967c478bd9Sstevel@tonic-gate register char *ptr; 13977c478bd9Sstevel@tonic-gate 13987c478bd9Sstevel@tonic-gate if (defopen(defaults_file) == 0) { 13997c478bd9Sstevel@tonic-gate /* 14007c478bd9Sstevel@tonic-gate * ignore case 14017c478bd9Sstevel@tonic-gate */ 14027c478bd9Sstevel@tonic-gate flags = defcntl(DC_GETFLAGS, 0); 14037c478bd9Sstevel@tonic-gate TURNOFF(flags, DC_CASE); 140406e1a714Sraf (void) defcntl(DC_SETFLAGS, flags); 14057c478bd9Sstevel@tonic-gate 14067c478bd9Sstevel@tonic-gate if ((ptr = defread("ENABLE_NOBODY_KEYS=")) != NULL) { 14077c478bd9Sstevel@tonic-gate if (strcasecmp(ptr, "NO") == 0) { 14087c478bd9Sstevel@tonic-gate use_nobody_keys = FALSE; 14097c478bd9Sstevel@tonic-gate } 14107c478bd9Sstevel@tonic-gate } 14117c478bd9Sstevel@tonic-gate 14127c478bd9Sstevel@tonic-gate (void) defopen((char *)NULL); 14137c478bd9Sstevel@tonic-gate } 14147c478bd9Sstevel@tonic-gate } 1415