sunrpc/key_call.c

   1 /*
   2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   3  * unrestricted use provided that this legend is included on all tape
   4  * media and as a part of the software program in whole or part.  Users
   5  * may copy or modify Sun RPC without charge, but are not authorized
   6  * to license or distribute it to anyone else except as part of a product or
   7  * program developed by the user.
   8  *
   9  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  10  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  11  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  12  *
  13  * Sun RPC is provided with no support and without any obligation on the
  14  * part of Sun Microsystems, Inc. to assist in its use, correction,
  15  * modification or enhancement.
  16  *
  17  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  18  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  19  * OR ANY PART THEREOF.
  20  *
  21  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  22  * or profits or other special, indirect and consequential damages, even if
  23  * Sun has been advised of the possibility of such damages.
  24  *
  25  * Sun Microsystems, Inc.
  26  * 2550 Garcia Avenue
  27  * Mountain View, California  94043
  28  */
  29 /*
  30  * Copyright (c) 1988 by Sun Microsystems, Inc.
  31  */
  32 /*
  33  * The original source is from the RPCSRC 4.0 package from Sun Microsystems.
  34  * The Interface to keyserver protocoll 2, RPC over AF_UNIX and Linux/doors
  35  * was added by Thorsten Kukuk <kukuk@suse.de>
  36  * Since the Linux/doors project was stopped, I doubt that this code will
  37  * ever be useful <kukuk@suse.de>.
  38  */
  39
  40 #include <stdio.h>
  41 #include <errno.h>
  42 #include <fcntl.h>
  43 #include <signal.h>
  44 #include <unistd.h>
  45 #include <string.h>
  46 #include <rpc/rpc.h>
  47 #include <rpc/auth.h>
  48 #include <sys/wait.h>
  49 #include <sys/param.h>
  50 #include <sys/socket.h>
  51 #include <rpc/key_prot.h>
  52 #include <bits/libc-lock.h>
  53
  54 #ifdef HAVE_DOORS
  55 # include "door/door.h"
  56 #endif
  57
  58 #define KEY_TIMEOUT     5       /* per-try timeout in seconds */
  59 #define KEY_NRETRY      12      /* number of retries */
  60
  61 #define debug(msg)              /* turn off debugging */
  62
  63 #ifndef SO_PASSCRED
  64 extern int _openchild (const char *command, FILE **fto, FILE **ffrom);
  65 #endif
  66
  67 static int key_call (u_long, xdrproc_t xdr_arg, char *,
  68                      xdrproc_t xdr_rslt, char *) internal_function;
  69
  70 static const struct timeval trytimeout = {KEY_TIMEOUT, 0};
  71 static const struct timeval tottimeout = {KEY_TIMEOUT *KEY_NRETRY, 0};
  72
  73 int
  74 key_setsecret (char *secretkey)
  75 {
  76   keystatus status;
  77
  78   if (!key_call ((u_long) KEY_SET, (xdrproc_t) xdr_keybuf, secretkey,
  79                  (xdrproc_t) xdr_keystatus, (char *) &status))
  80     return -1;
  81   if (status != KEY_SUCCESS)
  82     {
  83       debug ("set status is nonzero");
  84       return -1;
  85     }
  86   return 0;
  87 }
  88
  89 /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
  90  * stored for the caller's effective uid; it returns 0 otherwise
  91  *
  92  * N.B.:  The KEY_NET_GET key call is undocumented.  Applications shouldn't
  93  * be using it, because it allows them to get the user's secret key.
  94  */
  95 int
  96 key_secretkey_is_set (void)
  97 {
  98   struct key_netstres kres;
  99
 100   memset (&kres, 0, sizeof (kres));
 101   if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) xdr_void, (char *) NULL,
 102                 (xdrproc_t) xdr_key_netstres, (char *) &kres) &&
 103       (kres.status == KEY_SUCCESS) &&
 104       (kres.key_netstres_u.knet.st_priv_key[0] != 0))
 105     {
 106       /* avoid leaving secret key in memory */
 107       memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
 108       return 1;
 109     }
 110   return 0;
 111 }
 112
 113 int
 114 key_encryptsession (char *remotename, des_block *deskey)
 115 {
 116   cryptkeyarg arg;
 117   cryptkeyres res;
 118
 119   arg.remotename = remotename;
 120   arg.deskey = *deskey;
 121   if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) xdr_cryptkeyarg,
 122                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 123     return -1;
 124
 125   if (res.status != KEY_SUCCESS)
 126     {
 127       debug ("encrypt status is nonzero");
 128       return -1;
 129     }
 130   *deskey = res.cryptkeyres_u.deskey;
 131   return 0;
 132 }
 133
 134 int
 135 key_decryptsession (char *remotename, des_block *deskey)
 136 {
 137   cryptkeyarg arg;
 138   cryptkeyres res;
 139
 140   arg.remotename = remotename;
 141   arg.deskey = *deskey;
 142   if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) xdr_cryptkeyarg,
 143                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 144     return -1;
 145   if (res.status != KEY_SUCCESS)
 146     {
 147       debug ("decrypt status is nonzero");
 148       return -1;
 149     }
 150   *deskey = res.cryptkeyres_u.deskey;
 151   return 0;
 152 }
 153
 154 int
 155 key_encryptsession_pk (char *remotename, netobj *remotekey,
 156                        des_block *deskey)
 157 {
 158   cryptkeyarg2 arg;
 159   cryptkeyres res;
 160
 161   arg.remotename = remotename;
 162   arg.remotekey = *remotekey;
 163   arg.deskey = *deskey;
 164   if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
 165                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 166     return -1;
 167
 168   if (res.status != KEY_SUCCESS)
 169     {
 170       debug ("encrypt status is nonzero");
 171       return -1;
 172     }
 173   *deskey = res.cryptkeyres_u.deskey;
 174   return 0;
 175 }
 176
 177 int
 178 key_decryptsession_pk (char *remotename, netobj *remotekey,
 179                        des_block *deskey)
 180 {
 181   cryptkeyarg2 arg;
 182   cryptkeyres res;
 183
 184   arg.remotename = remotename;
 185   arg.remotekey = *remotekey;
 186   arg.deskey = *deskey;
 187   if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
 188                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 189     return -1;
 190
 191   if (res.status != KEY_SUCCESS)
 192     {
 193       debug ("decrypt status is nonzero");
 194       return -1;
 195     }
 196   *deskey = res.cryptkeyres_u.deskey;
 197   return 0;
 198 }
 199
 200 int
 201 key_gendes (des_block *key)
 202 {
 203   struct sockaddr_in sin;
 204   CLIENT *client;
 205   int socket;
 206   enum clnt_stat stat;
 207
 208   sin.sin_family = AF_INET;
 209   sin.sin_port = 0;
 210   sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
 211   __bzero (sin.sin_zero, sizeof (sin.sin_zero));
 212   socket = RPC_ANYSOCK;
 213   client = clntudp_bufcreate (&sin, (u_long) KEY_PROG, (u_long) KEY_VERS,
 214                               trytimeout, &socket, RPCSMALLMSGSIZE,
 215                               RPCSMALLMSGSIZE);
 216   if (client == NULL)
 217     return -1;
 218
 219   stat = clnt_call (client, KEY_GEN, (xdrproc_t) xdr_void, NULL,
 220                     (xdrproc_t) xdr_des_block, (caddr_t) key, tottimeout);
 221   clnt_destroy (client);
 222   __close (socket);
 223   if (stat != RPC_SUCCESS)
 224     return -1;
 225
 226   return 0;
 227 }
 228
 229 int
 230 key_setnet (struct key_netstarg *arg)
 231 {
 232   keystatus status;
 233
 234   if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) xdr_key_netstarg,
 235                  (char *) arg,(xdrproc_t) xdr_keystatus, (char *) &status))
 236     return -1;
 237
 238   if (status != KEY_SUCCESS)
 239     {
 240       debug ("key_setnet status is nonzero");
 241       return -1;
 242     }
 243   return 1;
 244 }
 245
 246 int
 247 key_get_conv (char *pkey, des_block *deskey)
 248 {
 249   cryptkeyres res;
 250
 251   if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) xdr_keybuf, pkey,
 252                  (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 253     return -1;
 254
 255   if (res.status != KEY_SUCCESS)
 256     {
 257       debug ("get_conv status is nonzero");
 258       return -1;
 259     }
 260   *deskey = res.cryptkeyres_u.deskey;
 261   return 0;
 262 }
 263
 264 /*
 265  * Hack to allow the keyserver to use AUTH_DES (for authenticated
 266  * NIS+ calls, for example).  The only functions that get called
 267  * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
 268  *
 269  * The approach is to have the keyserver fill in pointers to local
 270  * implementations of these functions, and to call those in key_call().
 271  */
 272
 273 cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *);
 274 cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *);
 275 des_block *(*__key_gendes_LOCAL) (uid_t, char *);
 276
 277 #ifndef SO_PASSCRED
 278 static int
 279 internal_function
 280 key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
 281                    xdrproc_t xdr_rslt, char *rslt)
 282 {
 283   XDR xdrargs;
 284   XDR xdrrslt;
 285   FILE *fargs;
 286   FILE *frslt;
 287   sigset_t oldmask, mask;
 288   union wait status;
 289   int pid;
 290   int success;
 291   uid_t ruid;
 292   uid_t euid;
 293   static const char MESSENGER[] = "/usr/etc/keyenvoy";
 294
 295   success = 1;
 296   sigemptyset (&mask);
 297   sigaddset (&mask, SIGCHLD);
 298   __sigprocmask (SIG_BLOCK, &mask, &oldmask);
 299
 300   /*
 301    * We are going to exec a set-uid program which makes our effective uid
 302    * zero, and authenticates us with our real uid. We need to make the
 303    * effective uid be the real uid for the setuid program, and
 304    * the real uid be the effective uid so that we can change things back.
 305    */
 306   euid = __geteuid ();
 307   ruid = __getuid ();
 308   __setreuid (euid, ruid);
 309   pid = _openchild (MESSENGER, &fargs, &frslt);
 310   __setreuid (ruid, euid);
 311   if (pid < 0)
 312     {
 313       debug ("open_streams");
 314       __sigprocmask (SIG_SETMASK, &oldmask, NULL);
 315       return (0);
 316     }
 317   xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
 318   xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
 319
 320   if (!xdr_u_long (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
 321     {
 322       debug ("xdr args");
 323       success = 0;
 324     }
 325   fclose (fargs);
 326
 327   if (success && !(*xdr_rslt) (&xdrrslt, rslt))
 328     {
 329       debug ("xdr rslt");
 330       success = 0;
 331     }
 332   fclose(frslt);
 333
 334  wait_again:
 335   if (__wait4 (pid, &status, 0, NULL) < 0)
 336     {
 337       if (errno == EINTR)
 338         goto wait_again;
 339       debug ("wait4");
 340       if (errno == ECHILD || errno == ESRCH)
 341         perror ("wait");
 342       else
 343         success = 0;
 344     }
 345   else
 346     if (status.w_retcode)
 347       {
 348         debug ("wait4 1");
 349         success = 0;
 350       }
 351   __sigprocmask (SIG_SETMASK, &oldmask, NULL);
 352
 353   return success;
 354 }
 355 #endif
 356
 357 struct  key_call_private {
 358   CLIENT  *client;        /* Client handle */
 359   pid_t   pid;            /* process-id at moment of creation */
 360   uid_t   uid;            /* user-id at last authorization */
 361 };
 362 static struct key_call_private *key_call_private_main;
 363 __libc_lock_define_initialized (static, keycall_lock)
 364
 365 /*
 366  * Keep the handle cached.  This call may be made quite often.
 367  */
 368 static CLIENT *
 369 getkeyserv_handle (int vers)
 370 {
 371   struct key_call_private *kcp = key_call_private_main;
 372   struct timeval wait_time;
 373   int fd;
 374   struct sockaddr_un name;
 375   int namelen = sizeof(struct sockaddr_un);
 376
 377 #define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
 378 #define TOTAL_TRIES     5       /* Number of tries */
 379
 380   if (kcp == (struct key_call_private *)NULL)
 381     {
 382       kcp = (struct key_call_private *)malloc (sizeof (*kcp));
 383       if (kcp == (struct key_call_private *)NULL)
 384         return (CLIENT *) NULL;
 385
 386       key_call_private_main = kcp;
 387       kcp->client = NULL;
 388     }
 389
 390   /* if pid has changed, destroy client and rebuild */
 391   if (kcp->client != NULL && kcp->pid != __getpid ())
 392     {
 393       clnt_destroy (kcp->client);
 394       kcp->client = NULL;
 395     }
 396
 397   if (kcp->client != NULL)
 398     {
 399       /* if other side closed socket, build handle again */
 400       clnt_control (kcp->client, CLGET_FD, (char *)&fd);
 401       if (getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
 402         {
 403           auth_destroy (kcp->client->cl_auth);
 404           clnt_destroy (kcp->client);
 405           kcp->client = NULL;
 406         }
 407     }
 408
 409   if (kcp->client != NULL)
 410     {
 411       /* if uid has changed, build client handle again */
 412       if (kcp->uid != __geteuid ())
 413         {
 414         kcp->uid = __geteuid ();
 415         auth_destroy (kcp->client->cl_auth);
 416         kcp->client->cl_auth =
 417           authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
 418         if (kcp->client->cl_auth == NULL)
 419           {
 420             clnt_destroy (kcp->client);
 421             kcp->client = NULL;
 422             return ((CLIENT *) NULL);
 423           }
 424         }
 425       /* Change the version number to the new one */
 426       clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
 427       return kcp->client;
 428     }
 429
 430   if ((kcp->client == (CLIENT *) NULL))
 431     /* Use the AF_UNIX transport */
 432     kcp->client = clnt_create ("/var/run/keyservsock", KEY_PROG, vers, "unix");
 433
 434   if (kcp->client == (CLIENT *) NULL)
 435     return (CLIENT *) NULL;
 436
 437   kcp->uid = __geteuid ();
 438   kcp->pid = __getpid ();
 439   kcp->client->cl_auth = authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
 440   if (kcp->client->cl_auth == NULL)
 441     {
 442       clnt_destroy (kcp->client);
 443       kcp->client = NULL;
 444       return (CLIENT *) NULL;
 445     }
 446
 447   wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
 448   wait_time.tv_usec = 0;
 449   clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
 450                 (char *)&wait_time);
 451   if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
 452     __fcntl (fd, F_SETFD, 1);  /* make it "close on exec" */
 453
 454   return kcp->client;
 455 }
 456
 457 /* returns  0 on failure, 1 on success */
 458 static int
 459 internal_function
 460 key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
 461                xdrproc_t xdr_rslt, char *rslt)
 462 {
 463   CLIENT *clnt;
 464   struct timeval wait_time;
 465   int result = 0;
 466
 467   __libc_lock_lock (keycall_lock);
 468   if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
 469       (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
 470       (proc == KEY_GET_CONV))
 471     clnt = getkeyserv_handle(2); /* talk to version 2 */
 472   else
 473     clnt = getkeyserv_handle(1); /* talk to version 1 */
 474
 475   if (clnt != NULL)
 476     {
 477       wait_time.tv_sec = TOTAL_TIMEOUT;
 478       wait_time.tv_usec = 0;
 479
 480       if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
 481                      wait_time) == RPC_SUCCESS)
 482         result = 1;
 483     }
 484
 485   __libc_lock_unlock (keycall_lock);
 486
 487   return result;
 488 }
 489
 490 #ifdef HAVE_DOORS
 491 /* returns 0 on failure, 1 on success */
 492 static int
 493 internal_function
 494 key_call_door (u_long proc, xdrproc_t xdr_arg, char *arg,
 495                xdrproc_t xdr_rslt, char *rslt)
 496 {
 497   XDR xdrs;
 498   int fd, ret;
 499   door_arg_t args;
 500   char *data_ptr;
 501   u_long data_len = 0;
 502   char res[255];
 503
 504   if ((fd = open("/var/run/keyservdoor", O_RDONLY)) < 0)
 505     return 0;
 506   res[0] = 0;
 507
 508   data_len = xdr_sizeof (xdr_arg, arg);
 509   data_ptr = calloc (1, data_len + 2 * sizeof (u_long));
 510   if (data_ptr == NULL)
 511     return 0;
 512
 513   xdrmem_create (&xdrs, &data_ptr[2 * sizeof (u_long)], data_len, XDR_ENCODE);
 514   if (!xdr_arg (&xdrs, arg))
 515     {
 516       xdr_destroy (&xdrs);
 517       free (data_ptr);
 518       return 0;
 519     }
 520   xdr_destroy (&xdrs);
 521
 522   memcpy (data_ptr, &proc, sizeof (u_long));
 523   memcpy (&data_ptr[sizeof (proc)], &data_len, sizeof (u_long));
 524
 525   args.data_ptr = data_ptr;
 526   args.data_size = data_len + 2 * sizeof (u_long);
 527   args.desc_ptr = NULL;
 528   args.desc_num = 0;
 529   args.rbuf = res;
 530   args.rsize = sizeof (res);
 531
 532   ret = __door_call (fd, &args);
 533   free (data_ptr);
 534   close (fd);
 535
 536   if (ret < 0)
 537     return 0;
 538
 539   memcpy (&data_len, args.data_ptr, sizeof (u_long));
 540   if (data_len != 0)
 541     return 0;
 542
 543   memcpy (&data_len, &args.data_ptr[sizeof (u_long)], sizeof (u_long));
 544   xdrmem_create (&xdrs, &args.data_ptr[2 * sizeof (u_long)],
 545                  data_len, XDR_DECODE);
 546   if (!xdr_rslt (&xdrs, rslt))
 547     {
 548       xdr_destroy (&xdrs);
 549       return 0;
 550     }
 551   xdr_destroy (&xdrs);
 552
 553   return 1;
 554 }
 555 #endif
 556
 557 /* returns 0 on failure, 1 on success */
 558 static int
 559 internal_function
 560 key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
 561           xdrproc_t xdr_rslt, char *rslt)
 562 {
 563 #ifndef SO_PASSCRED
 564   static int use_keyenvoy;
 565 #endif
 566 #ifdef HAVE_DOORS
 567   static int not_use_doors;
 568 #endif
 569
 570   if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
 571     {
 572       cryptkeyres *res;
 573       res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
 574       *(cryptkeyres *) rslt = *res;
 575       return 1;
 576     }
 577   else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
 578     {
 579       cryptkeyres *res;
 580       res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
 581       *(cryptkeyres *) rslt = *res;
 582       return 1;
 583     }
 584   else if (proc == KEY_GEN && __key_gendes_LOCAL)
 585     {
 586       des_block *res;
 587       res = (*__key_gendes_LOCAL) (__geteuid (), 0);
 588       *(des_block *) rslt = *res;
 589       return 1;
 590     }
 591
 592 #ifdef HAVE_DOORS
 593   if (!not_use_doors)
 594     {
 595       if (key_call_door (proc, xdr_arg, arg, xdr_rslt, rslt))
 596         return 1;
 597       not_use_doors = 1;
 598     }
 599 #endif
 600
 601 #ifdef SO_PASSCRED
 602   return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
 603 #else
 604   if (!use_keyenvoy)
 605     {
 606       if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
 607         return 1;
 608       use_keyenvoy = 1;
 609     }
 610   return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
 611 #endif
 612 }