#include "mt.h"
#include "rpc_mt.h"
#include <errno.h>
#include <rpc/rpc.h>
#include <rpc/key_prot.h>
#include <stdio.h>
#include <syslog.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#define CLASSIC_PK_DH(k, a) (((k) == 192) && ((a) == 0))
#ifdef DEBUG
#define debug(msg) (void) fprintf(stderr, "%s\n", msg);
#else
#define debug(msg)
#endif
int key_call(rpcproc_t, xdrproc_t, char *, xdrproc_t, char *);
int key_call_ext(rpcproc_t, xdrproc_t, char *, xdrproc_t, char *, int);
int key_setnet(struct key_netstarg *);
bool_t (*__key_encryptsession_pk_LOCAL)() = NULL;
bool_t (*__key_decryptsession_pk_LOCAL)() = NULL;
bool_t (*__key_gendes_LOCAL)() = NULL;
int
key_setsecret(const char *secretkey)
{
char netName[MAXNETNAMELEN+1];
struct key_netstarg netst;
int ret;
if (getnetname(netName) == 0) {
debug("getnetname failed");
return (-1);
}
(void) memcpy(netst.st_priv_key, secretkey, HEXKEYBYTES);
netst.st_pub_key[0] = 0;
netst.st_netname = netName;
ret = key_setnet(&netst);
(void) memset(netst.st_priv_key, '\0', HEXKEYBYTES);
if (ret == 1)
return (0);
return (-1);
}
int
key_setsecret_g(
char *secretkey,
keylen_t keylen,
algtype_t algtype,
des_block userkey)
{
setkeyarg3 arg;
keystatus status;
if (CLASSIC_PK_DH(keylen, algtype))
return (key_setsecret(secretkey));
arg.key.keybuf3_len = keylen/4 + 1;
arg.key.keybuf3_val = secretkey;
arg.algtype = algtype;
arg.keylen = keylen;
arg.userkey = userkey;
if (!key_call((rpcproc_t)KEY_SET_3, xdr_setkeyarg3, (char *)&arg,
xdr_keystatus, (char *)&status))
return (-1);
if (status != KEY_SUCCESS) {
debug("set3 status is nonzero");
return (-1);
}
return (0);
}
int
key_removesecret_g_ext(int use_uid)
{
keystatus status;
if (!key_call_ext((rpcproc_t)KEY_CLEAR_3, xdr_void, NULL,
xdr_keystatus, (char *)&status, use_uid)) {
debug("remove secret key call failed");
return (-1);
}
if (status != KEY_SUCCESS) {
debug("remove secret status is nonzero");
return (-1);
}
return (0);
}
int
key_removesecret_g(void)
{
return (key_removesecret_g_ext(0));
}
int
key_removesecret_g_ruid(void)
{
return (key_removesecret_g_ext(1));
}
int
key_secretkey_is_set_ext(int use_ruid)
{
struct key_netstres kres;
(void) memset(&kres, 0, sizeof (kres));
if (key_call_ext((rpcproc_t)KEY_NET_GET, xdr_void, NULL,
xdr_key_netstres, (char *)&kres, use_ruid) &&
(kres.status == KEY_SUCCESS) &&
(kres.key_netstres_u.knet.st_priv_key[0] != 0)) {
(void) memset(kres.key_netstres_u.knet.st_priv_key, 0,
HEXKEYBYTES);
xdr_free(xdr_key_netstres, (char *)&kres);
return (1);
}
return (0);
}
int
key_secretkey_is_set(void)
{
return (key_secretkey_is_set_ext(0));
}
int
key_secretkey_is_set_ruid(void)
{
return (key_secretkey_is_set_ext(1));
}
int
key_secretkey_is_set_g_ext(keylen_t keylen, algtype_t algtype, int use_ruid)
{
mechtype arg;
key_netstres3 kres;
if ((keylen == 0) && key_secretkey_is_set_ext(use_ruid))
return (1);
if (CLASSIC_PK_DH(keylen, algtype))
return (key_secretkey_is_set_ext(use_ruid));
arg.keylen = keylen;
arg.algtype = algtype;
(void) memset(&kres, 0, sizeof (kres));
if (key_call_ext((rpcproc_t)KEY_NET_GET_3, xdr_mechtype, (char *)&arg,
xdr_key_netstres3, (char *)&kres, use_ruid) &&
(kres.status == KEY_SUCCESS) &&
(kres.key_netstres3_u.knet.st_priv_key.keybuf3_len != 0)) {
(void) memset(kres.key_netstres3_u.knet.st_priv_key.keybuf3_val,
0, kres.key_netstres3_u.knet.st_priv_key.keybuf3_len);
xdr_free(xdr_key_netstres3, (char *)&kres);
return (1);
}
return (0);
}
int
key_secretkey_is_set_g(keylen_t keylen, algtype_t algtype)
{
return (key_secretkey_is_set_g_ext(keylen, algtype, 0));
}
int
key_secretkey_is_set_g_ruid(keylen_t keylen, algtype_t algtype)
{
return (key_secretkey_is_set_g_ext(keylen, algtype, 1));
}
int
key_encryptsession_pk(const char *remotename, netobj *remotekey,
des_block *deskey)
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = (char *)remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
if (!key_call((rpcproc_t)KEY_ENCRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,
xdr_cryptkeyres, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("encrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
key_encryptsession_pk_g(
const char *remotename,
const char *remotekey,
keylen_t remotekeylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
cryptkeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(remotekeylen, algtype)) {
int i;
netobj npk;
npk.n_len = remotekeylen/4 + 1;
npk.n_bytes = (char *)remotekey;
for (i = 0; i < keynum; i++) {
if (key_encryptsession_pk(remotename, &npk, &deskey[i]))
return (-1);
}
return (0);
}
arg.remotename = (char *)remotename;
arg.remotekey.keybuf3_len = remotekeylen/4 + 1;
arg.remotekey.keybuf3_val = (char *)remotekey;
arg.keylen = remotekeylen;
arg.algtype = algtype;
arg.deskey.deskeyarray_len = keynum;
arg.deskey.deskeyarray_val = deskey;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_ENCRYPT_PK_3,
xdr_cryptkeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("encrypt3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("number of keys don't match");
return (-1);
}
return (0);
}
int
key_decryptsession_pk(const char *remotename, netobj *remotekey,
des_block *deskey)
{
cryptkeyarg2 arg;
cryptkeyres res;
arg.remotename = (char *)remotename;
arg.remotekey = *remotekey;
arg.deskey = *deskey;
if (!key_call((rpcproc_t)KEY_DECRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,
xdr_cryptkeyres, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("decrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
key_decryptsession_pk_g(
const char *remotename,
const char *remotekey,
keylen_t remotekeylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
cryptkeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(remotekeylen, algtype)) {
int i;
netobj npk;
npk.n_len = remotekeylen/4 + 1;
npk.n_bytes = (char *)remotekey;
for (i = 0; i < keynum; i++) {
if (key_decryptsession_pk(remotename,
&npk, &deskey[i]))
return (-1);
}
return (0);
}
arg.remotename = (char *)remotename;
arg.remotekey.keybuf3_len = remotekeylen/4 + 1;
arg.remotekey.keybuf3_val = (char *)remotekey;
arg.deskey.deskeyarray_len = keynum;
arg.deskey.deskeyarray_val = deskey;
arg.algtype = algtype;
arg.keylen = remotekeylen;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_DECRYPT_PK_3,
xdr_cryptkeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("decrypt3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("number of keys don't match");
return (-1);
}
return (0);
}
int
key_encryptsession(const char *remotename, des_block *deskey)
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = (char *)remotename;
arg.deskey = *deskey;
if (!key_call((rpcproc_t)KEY_ENCRYPT, xdr_cryptkeyarg, (char *)&arg,
xdr_cryptkeyres, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("encrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
key_encryptsession_g(
const char *remotename,
keylen_t keylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
cryptkeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(keylen, algtype))
return (key_encryptsession(remotename, deskey));
arg.remotename = (char *)remotename;
arg.algtype = algtype;
arg.keylen = keylen;
arg.deskey.deskeyarray_len = keynum;
arg.deskey.deskeyarray_val = deskey;
arg.remotekey.keybuf3_len = 0;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_ENCRYPT_3, xdr_cryptkeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("encrypt3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("encrypt3 didn't return same number of keys");
return (-1);
}
return (0);
}
int
key_decryptsession(const char *remotename, des_block *deskey)
{
cryptkeyarg arg;
cryptkeyres res;
arg.remotename = (char *)remotename;
arg.deskey = *deskey;
if (!key_call((rpcproc_t)KEY_DECRYPT, xdr_cryptkeyarg, (char *)&arg,
xdr_cryptkeyres, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("decrypt status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
key_decryptsession_g(
const char *remotename,
keylen_t keylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
cryptkeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(keylen, algtype))
return (key_decryptsession(remotename, deskey));
arg.remotename = (char *)remotename;
arg.algtype = algtype;
arg.keylen = keylen;
arg.deskey.deskeyarray_len = keynum;
arg.deskey.deskeyarray_val = deskey;
arg.remotekey.keybuf3_len = 0;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_DECRYPT_3, xdr_cryptkeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("decrypt3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("decrypt3 didn't return same number of keys");
return (-1);
}
return (0);
}
int
key_gendes(des_block *key)
{
if (!key_call((rpcproc_t)KEY_GEN, xdr_void, NULL,
xdr_des_block, (char *)key))
return (-1);
return (0);
}
int
key_gendes_g(
des_block deskey[],
keynum_t keynum
)
{
deskeyarray res;
res.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_GEN_3, xdr_keynum_t, (char *)&keynum,
xdr_deskeyarray, (char *)&res))
return (-1);
if (res.deskeyarray_len != keynum) {
debug("return length doesn't match\n");
return (-1);
}
return (0);
}
int
key_setnet_ext(struct key_netstarg *arg, int use_ruid)
{
keystatus status;
if (!key_call_ext((rpcproc_t)KEY_NET_PUT, xdr_key_netstarg,
(char *)arg, xdr_keystatus, (char *)&status, use_ruid))
return (-1);
if (status != KEY_SUCCESS) {
debug("key_setnet status is nonzero");
return (-1);
}
return (1);
}
int
key_setnet(struct key_netstarg *arg)
{
return (key_setnet_ext(arg, 0));
}
int
key_setnet_ruid(struct key_netstarg *arg)
{
return (key_setnet_ext(arg, 1));
}
int
key_setnet_g_ext(
const char *netname,
const char *skey,
keylen_t skeylen,
const char *pkey,
keylen_t pkeylen,
algtype_t algtype,
int use_ruid)
{
key_netstarg3 arg;
keystatus status;
arg.st_netname = (char *)netname;
arg.algtype = algtype;
if (skeylen == 0) {
arg.st_priv_key.keybuf3_len = 0;
} else {
arg.st_priv_key.keybuf3_len = skeylen/4 + 1;
}
arg.st_priv_key.keybuf3_val = (char *)skey;
if (pkeylen == 0) {
arg.st_pub_key.keybuf3_len = 0;
} else {
arg.st_pub_key.keybuf3_len = pkeylen/4 + 1;
}
arg.st_pub_key.keybuf3_val = (char *)pkey;
if (skeylen == 0) {
if (pkeylen == 0) {
debug("keylens are both 0");
return (-1);
}
arg.keylen = pkeylen;
} else {
if ((pkeylen != 0) && (skeylen != pkeylen)) {
debug("keylens don't match");
return (-1);
}
arg.keylen = skeylen;
}
if (CLASSIC_PK_DH(arg.keylen, arg.algtype)) {
key_netstarg tmp;
if (skeylen != 0) {
(void) memcpy(&tmp.st_priv_key, skey,
sizeof (tmp.st_priv_key));
} else {
(void) memset(&tmp.st_priv_key, 0,
sizeof (tmp.st_priv_key));
}
if (pkeylen != 0) {
(void) memcpy(&tmp.st_pub_key, skey,
sizeof (tmp.st_pub_key));
} else {
(void) memset(&tmp.st_pub_key, 0,
sizeof (tmp.st_pub_key));
}
tmp.st_netname = (char *)netname;
return (key_setnet(&tmp));
}
if (!key_call_ext((rpcproc_t)KEY_NET_PUT_3,
xdr_key_netstarg3, (char *)&arg,
xdr_keystatus, (char *)&status, use_ruid)) {
return (-1);
}
if (status != KEY_SUCCESS) {
debug("key_setnet3 status is nonzero");
return (-1);
}
return (0);
}
int
key_setnet_g(const char *netname, const char *skey, keylen_t skeylen,
const char *pkey, keylen_t pkeylen, algtype_t algtype)
{
return (key_setnet_g_ext(netname, skey, skeylen, pkey, pkeylen,
algtype, 0));
}
int
key_setnet_g_ruid(const char *netname, const char *skey, keylen_t skeylen,
const char *pkey, keylen_t pkeylen, algtype_t algtype)
{
return (key_setnet_g_ext(netname, skey, skeylen, pkey, pkeylen,
algtype, 1));
}
int
key_get_conv(char *pkey, des_block *deskey)
{
cryptkeyres res;
if (!key_call((rpcproc_t)KEY_GET_CONV, xdr_keybuf, pkey,
xdr_cryptkeyres, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("get_conv status is nonzero");
return (-1);
}
*deskey = res.cryptkeyres_u.deskey;
return (0);
}
int
key_get_conv_g(
const char *pkey,
keylen_t pkeylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
deskeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(pkeylen, algtype))
return (key_get_conv((char *)pkey, deskey));
arg.pub_key.keybuf3_len = pkeylen/4 + 1;
arg.pub_key.keybuf3_val = (char *)pkey;
arg.nkeys = keynum;
arg.algtype = algtype;
arg.keylen = pkeylen;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_GET_CONV_3, xdr_deskeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("get_conv3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("get_conv3 number of keys dont match");
return (-1);
}
return (0);
}
struct key_call_private {
CLIENT *client;
pid_t pid;
int fd;
dev_t rdev;
};
static void set_rdev(struct key_call_private *);
static int check_rdev(struct key_call_private *);
static void
key_call_destroy(void *vp)
{
struct key_call_private *kcp = (struct key_call_private *)vp;
if (kcp != NULL && kcp->client != NULL) {
(void) check_rdev(kcp);
clnt_destroy(kcp->client);
free(kcp);
}
}
static pthread_key_t key_call_key = PTHREAD_ONCE_KEY_NP;
void
_key_call_fini(void)
{
struct key_call_private *kcp;
if ((kcp = pthread_getspecific(key_call_key)) != NULL) {
key_call_destroy(kcp);
(void) pthread_setspecific(key_call_key, NULL);
}
}
static CLIENT *
getkeyserv_handle(int vers, int stale)
{
struct key_call_private *kcp = NULL;
int _update_did();
kcp = thr_get_storage(&key_call_key, sizeof (*kcp), key_call_destroy);
if (kcp == NULL) {
syslog(LOG_CRIT, "getkeyserv_handle: out of memory");
return (NULL);
}
if (kcp->client &&
(!check_rdev(kcp) || kcp->pid != getpid() || stale)) {
clnt_destroy(kcp->client);
kcp->client = NULL;
}
if (kcp->client) {
int fd;
clnt_control(kcp->client, CLSET_VERS, (void *)&vers);
if (!_update_did(kcp->client, vers)) {
if (rpc_createerr.cf_stat == RPC_SYSTEMERROR)
syslog(LOG_DEBUG, "getkeyserv_handle: "
"out of memory!");
return (NULL);
}
if (clnt_control(kcp->client, CLGET_FD, (void *)&fd) &&
(fd >= 0))
(void) fcntl(fd, F_SETFD, FD_CLOEXEC);
kcp->fd = fd;
return (kcp->client);
}
if ((kcp->client = clnt_door_create(KEY_PROG, vers, 0)) == NULL)
return (NULL);
kcp->pid = getpid();
set_rdev(kcp);
(void) fcntl(kcp->fd, F_SETFD, FD_CLOEXEC);
return (kcp->client);
}
int
key_call_ext(rpcproc_t proc, xdrproc_t xdr_arg, char *arg, xdrproc_t xdr_rslt,
char *rslt, int use_ruid)
{
CLIENT *clnt;
struct timeval wait_time = {0, 0};
enum clnt_stat status;
int vers;
if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) {
cryptkeyres res;
bool_t r;
r = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg, &res);
if (r == TRUE) {
*(cryptkeyres*)rslt = res;
return (1);
}
return (0);
}
if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) {
cryptkeyres res;
bool_t r;
r = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg, &res);
if (r == TRUE) {
*(cryptkeyres*)rslt = res;
return (1);
}
return (0);
}
if (proc == KEY_GEN && __key_gendes_LOCAL) {
des_block res;
bool_t r;
r = (*__key_gendes_LOCAL)(geteuid(), 0, &res);
if (r == TRUE) {
*(des_block*)rslt = res;
return (1);
}
return (0);
}
if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
(proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
(proc == KEY_GET_CONV))
vers = 2;
else
vers = 1;
clnt = getkeyserv_handle(vers, 0);
if (clnt == NULL)
return (0);
auth_destroy(clnt->cl_auth);
if (use_ruid)
clnt->cl_auth = authsys_create_ruid();
else
clnt->cl_auth = authnone_create();
status = CLNT_CALL(clnt, proc, xdr_arg, arg, xdr_rslt,
rslt, wait_time);
switch (status) {
case RPC_SUCCESS:
return (1);
case RPC_CANTRECV:
if ((clnt = getkeyserv_handle(vers, 1)) == NULL)
return (0);
auth_destroy(clnt->cl_auth);
if (use_ruid)
clnt->cl_auth = authsys_create_ruid();
else
clnt->cl_auth = authnone_create();
if (CLNT_CALL(clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
wait_time) == RPC_SUCCESS)
return (1);
return (0);
default:
return (0);
}
}
int
key_call(rpcproc_t proc, xdrproc_t xdr_arg, char *arg, xdrproc_t xdr_rslt,
char *rslt)
{
return (key_call_ext(proc, xdr_arg, arg, xdr_rslt, rslt, 0));
}
int
key_call_ruid(rpcproc_t proc, xdrproc_t xdr_arg, char *arg,
xdrproc_t xdr_rslt, char *rslt)
{
return (key_call_ext(proc, xdr_arg, arg, xdr_rslt, rslt, 1));
}
static void
set_rdev(struct key_call_private *kcp)
{
int fd;
struct stat stbuf;
if (clnt_control(kcp->client, CLGET_FD, (char *)&fd) != TRUE ||
fstat(fd, &stbuf) == -1) {
syslog(LOG_DEBUG, "keyserv_client: can't get info");
kcp->fd = -1;
return;
}
kcp->fd = fd;
kcp->rdev = stbuf.st_rdev;
}
static int
check_rdev(struct key_call_private *kcp)
{
struct stat stbuf;
if (kcp->fd == -1)
return (1);
if (fstat(kcp->fd, &stbuf) == -1) {
syslog(LOG_DEBUG, "keyserv_client: can't stat %d", kcp->fd);
clnt_control(kcp->client, CLSET_FD_NCLOSE, NULL);
return (0);
}
if (kcp->rdev != stbuf.st_rdev) {
syslog(LOG_DEBUG,
"keyserv_client: fd %d changed, old=0x%x, new=0x%x",
kcp->fd, kcp->rdev, stbuf.st_rdev);
clnt_control(kcp->client, CLSET_FD_NCLOSE, NULL);
return (0);
}
return (1);
}
