search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2.9
[glibc/nacl-glibc.git] / sunrpc / key_call.c
blob319d8017e81703d199c737c046071faf02c96d2a
1 /*
2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 * unrestricted use provided that this legend is included on all tape
4 * media and as a part of the software program in whole or part. Users
5 * may copy or modify Sun RPC without charge, but are not authorized
6 * to license or distribute it to anyone else except as part of a product or
7 * program developed by the user.
8 *
9 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12 *
13 * Sun RPC is provided with no support and without any obligation on the
14 * part of Sun Microsystems, Inc. to assist in its use, correction,
15 * modification or enhancement.
16 *
17 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19 * OR ANY PART THEREOF.
20 *
21 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22 * or profits or other special, indirect and consequential damages, even if
23 * Sun has been advised of the possibility of such damages.
24 *
25 * Sun Microsystems, Inc.
26 * 2550 Garcia Avenue
27 * Mountain View, California 94043
28 */
29 /*
30 * Copyright (c) 1988 by Sun Microsystems, Inc.
31 */
32 /*
33 * The original source is from the RPCSRC 4.0 package from Sun Microsystems.
34 * The Interface to keyserver protocoll 2, RPC over AF_UNIX and Linux/doors
35 * was added by Thorsten Kukuk <kukuk@suse.de>
36 * Since the Linux/doors project was stopped, I doubt that this code will
37 * ever be useful <kukuk@suse.de>.
38 */
39
40 #include <stdio.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <signal.h>
44 #include <unistd.h>
45 #include <string.h>
46 #include <rpc/rpc.h>
47 #include <rpc/auth.h>
48 #include <sys/wait.h>
49 #include <sys/param.h>
50 #include <sys/socket.h>
51 #include <rpc/key_prot.h>
52 #include <bits/libc-lock.h>
53
54 #define KEY_TIMEOUT 5 /* per-try timeout in seconds */
55 #define KEY_NRETRY 12 /* number of retries */
56
57 #define debug(msg) /* turn off debugging */
58
59 #ifndef SO_PASSCRED
60 extern int _openchild (const char *command, FILE **fto, FILE **ffrom);
61 #endif
62
63 static int key_call (u_long, xdrproc_t xdr_arg, char *,
64 xdrproc_t xdr_rslt, char *) internal_function;
65
66 static const struct timeval trytimeout = {KEY_TIMEOUT, 0};
67 static const struct timeval tottimeout = {KEY_TIMEOUT *KEY_NRETRY, 0};
68
69 int
70 key_setsecret (char *secretkey)
71 {
72 keystatus status;
73
74 if (!key_call ((u_long) KEY_SET, (xdrproc_t) INTUSE(xdr_keybuf), secretkey,
75 (xdrproc_t) INTUSE(xdr_keystatus), (char *) &status))
76 return -1;
77 if (status != KEY_SUCCESS)
78 {
79 debug ("set status is nonzero");
80 return -1;
81 }
82 return 0;
83 }
84
85 /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
86 * stored for the caller's effective uid; it returns 0 otherwise
87 *
88 * N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't
89 * be using it, because it allows them to get the user's secret key.
90 */
91 int
92 key_secretkey_is_set (void)
93 {
94 struct key_netstres kres;
95
96 memset (&kres, 0, sizeof (kres));
97 if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) INTUSE(xdr_void),
98 (char *) NULL, (xdrproc_t) INTUSE(xdr_key_netstres),
99 (char *) &kres) &&
100 (kres.status == KEY_SUCCESS) &&
101 (kres.key_netstres_u.knet.st_priv_key[0] != 0))
102 {
103 /* avoid leaving secret key in memory */
104 memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
105 return 1;
106 }
107 return 0;
108 }
109
110 int
111 key_encryptsession (char *remotename, des_block *deskey)
112 {
113 cryptkeyarg arg;
114 cryptkeyres res;
115
116 arg.remotename = remotename;
117 arg.deskey = *deskey;
118 if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
119 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
120 (char *) &res))
121 return -1;
122
123 if (res.status != KEY_SUCCESS)
124 {
125 debug ("encrypt status is nonzero");
126 return -1;
127 }
128 *deskey = res.cryptkeyres_u.deskey;
129 return 0;
130 }
131
132 int
133 key_decryptsession (char *remotename, des_block *deskey)
134 {
135 cryptkeyarg arg;
136 cryptkeyres res;
137
138 arg.remotename = remotename;
139 arg.deskey = *deskey;
140 if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
141 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
142 (char *) &res))
143 return -1;
144 if (res.status != KEY_SUCCESS)
145 {
146 debug ("decrypt status is nonzero");
147 return -1;
148 }
149 *deskey = res.cryptkeyres_u.deskey;
150 return 0;
151 }
152
153 int
154 key_encryptsession_pk (char *remotename, netobj *remotekey,
155 des_block *deskey)
156 {
157 cryptkeyarg2 arg;
158 cryptkeyres res;
159
160 arg.remotename = remotename;
161 arg.remotekey = *remotekey;
162 arg.deskey = *deskey;
163 if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
164 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
165 (char *) &res))
166 return -1;
167
168 if (res.status != KEY_SUCCESS)
169 {
170 debug ("encrypt status is nonzero");
171 return -1;
172 }
173 *deskey = res.cryptkeyres_u.deskey;
174 return 0;
175 }
176 libc_hidden_def (key_encryptsession_pk)
177
178 int
179 key_decryptsession_pk (char *remotename, netobj *remotekey,
180 des_block *deskey)
181 {
182 cryptkeyarg2 arg;
183 cryptkeyres res;
184
185 arg.remotename = remotename;
186 arg.remotekey = *remotekey;
187 arg.deskey = *deskey;
188 if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
189 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
190 (char *) &res))
191 return -1;
192
193 if (res.status != KEY_SUCCESS)
194 {
195 debug ("decrypt status is nonzero");
196 return -1;
197 }
198 *deskey = res.cryptkeyres_u.deskey;
199 return 0;
200 }
201 libc_hidden_def (key_decryptsession_pk)
202
203 int
204 key_gendes (des_block *key)
205 {
206 struct sockaddr_in sin;
207 CLIENT *client;
208 int socket;
209 enum clnt_stat stat;
210
211 sin.sin_family = AF_INET;
212 sin.sin_port = 0;
213 sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
214 __bzero (sin.sin_zero, sizeof (sin.sin_zero));
215 socket = RPC_ANYSOCK;
216 client = INTUSE(clntudp_bufcreate) (&sin, (u_long) KEY_PROG,
217 (u_long) KEY_VERS, trytimeout, &socket,
218 RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
219 if (client == NULL)
220 return -1;
221
222 stat = clnt_call (client, KEY_GEN, (xdrproc_t) INTUSE(xdr_void), NULL,
223 (xdrproc_t) INTUSE(xdr_des_block), (caddr_t) key,
224 tottimeout);
225 clnt_destroy (client);
226 __close (socket);
227 if (stat != RPC_SUCCESS)
228 return -1;
229
230 return 0;
231 }
232 libc_hidden_def (key_gendes)
233
234 int
235 key_setnet (struct key_netstarg *arg)
236 {
237 keystatus status;
238
239 if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) INTUSE(xdr_key_netstarg),
240 (char *) arg,(xdrproc_t) INTUSE(xdr_keystatus),
241 (char *) &status))
242 return -1;
243
244 if (status != KEY_SUCCESS)
245 {
246 debug ("key_setnet status is nonzero");
247 return -1;
248 }
249 return 1;
250 }
251
252 int
253 key_get_conv (char *pkey, des_block *deskey)
254 {
255 cryptkeyres res;
256
257 if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) INTUSE(xdr_keybuf), pkey,
258 (xdrproc_t) INTUSE(xdr_cryptkeyres), (char *) &res))
259 return -1;
260
261 if (res.status != KEY_SUCCESS)
262 {
263 debug ("get_conv status is nonzero");
264 return -1;
265 }
266 *deskey = res.cryptkeyres_u.deskey;
267 return 0;
268 }
269
270 /*
271 * Hack to allow the keyserver to use AUTH_DES (for authenticated
272 * NIS+ calls, for example). The only functions that get called
273 * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
274 *
275 * The approach is to have the keyserver fill in pointers to local
276 * implementations of these functions, and to call those in key_call().
277 */
278
279 cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *);
280 cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *);
281 des_block *(*__key_gendes_LOCAL) (uid_t, char *);
282
283 #ifndef SO_PASSCRED
284 static int
285 internal_function
286 key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
287 xdrproc_t xdr_rslt, char *rslt)
288 {
289 XDR xdrargs;
290 XDR xdrrslt;
291 FILE *fargs;
292 FILE *frslt;
293 sigset_t oldmask, mask;
294 union wait status;
295 int pid;
296 int success;
297 uid_t ruid;
298 uid_t euid;
299 static const char MESSENGER[] = "/usr/etc/keyenvoy";
300
301 success = 1;
302 sigemptyset (&mask);
303 sigaddset (&mask, SIGCHLD);
304 __sigprocmask (SIG_BLOCK, &mask, &oldmask);
305
306 /*
307 * We are going to exec a set-uid program which makes our effective uid
308 * zero, and authenticates us with our real uid. We need to make the
309 * effective uid be the real uid for the setuid program, and
310 * the real uid be the effective uid so that we can change things back.
311 */
312 euid = __geteuid ();
313 ruid = __getuid ();
314 __setreuid (euid, ruid);
315 pid = _openchild (MESSENGER, &fargs, &frslt);
316 __setreuid (ruid, euid);
317 if (pid < 0)
318 {
319 debug ("open_streams");
320 __sigprocmask (SIG_SETMASK, &oldmask, NULL);
321 return (0);
322 }
323 xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
324 xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
325
326 if (!INTUSE(xdr_u_long) (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
327 {
328 debug ("xdr args");
329 success = 0;
330 }
331 fclose (fargs);
332
333 if (success && !(*xdr_rslt) (&xdrrslt, rslt))
334 {
335 debug ("xdr rslt");
336 success = 0;
337 }
338 fclose(frslt);
339
340 wait_again:
341 if (__wait4 (pid, &status, 0, NULL) < 0)
342 {
343 if (errno == EINTR)
344 goto wait_again;
345 debug ("wait4");
346 if (errno == ECHILD || errno == ESRCH)
347 perror ("wait");
348 else
349 success = 0;
350 }
351 else
352 if (status.w_retcode)
353 {
354 debug ("wait4 1");
355 success = 0;
356 }
357 __sigprocmask (SIG_SETMASK, &oldmask, NULL);
358
359 return success;
360 }
361 #endif
362
363 struct key_call_private {
364 CLIENT *client; /* Client handle */
365 pid_t pid; /* process-id at moment of creation */
366 uid_t uid; /* user-id at last authorization */
367 };
368 #ifdef _RPC_THREAD_SAFE_
369 #define key_call_private_main RPC_THREAD_VARIABLE(key_call_private_s)
370 #else
371 static struct key_call_private *key_call_private_main;
372 #endif
373 __libc_lock_define_initialized (static, keycall_lock)
374
375 /*
376 * Keep the handle cached. This call may be made quite often.
377 */
378 static CLIENT *
379 getkeyserv_handle (int vers)
380 {
381 struct key_call_private *kcp = key_call_private_main;
382 struct timeval wait_time;
383 int fd;
384 struct sockaddr_un name;
385 socklen_t namelen = sizeof(struct sockaddr_un);
386
387 #define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */
388 #define TOTAL_TRIES 5 /* Number of tries */
389
390 if (kcp == (struct key_call_private *)NULL)
391 {
392 kcp = (struct key_call_private *)malloc (sizeof (*kcp));
393 if (kcp == (struct key_call_private *)NULL)
394 return (CLIENT *) NULL;
395
396 key_call_private_main = kcp;
397 kcp->client = NULL;
398 }
399
400 /* if pid has changed, destroy client and rebuild */
401 if (kcp->client != NULL && kcp->pid != __getpid ())
402 {
403 auth_destroy (kcp->client->cl_auth);
404 clnt_destroy (kcp->client);
405 kcp->client = NULL;
406 }
407
408 if (kcp->client != NULL)
409 {
410 /* if other side closed socket, build handle again */
411 clnt_control (kcp->client, CLGET_FD, (char *)&fd);
412 if (__getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
413 {
414 auth_destroy (kcp->client->cl_auth);
415 clnt_destroy (kcp->client);
416 kcp->client = NULL;
417 }
418 }
419
420 if (kcp->client != NULL)
421 {
422 /* if uid has changed, build client handle again */
423 if (kcp->uid != __geteuid ())
424 {
425 kcp->uid = __geteuid ();
426 auth_destroy (kcp->client->cl_auth);
427 kcp->client->cl_auth =
428 INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0, NULL);
429 if (kcp->client->cl_auth == NULL)
430 {
431 clnt_destroy (kcp->client);
432 kcp->client = NULL;
433 return ((CLIENT *) NULL);
434 }
435 }
436 /* Change the version number to the new one */
437 clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
438 return kcp->client;
439 }
440
441 if ((kcp->client == (CLIENT *) NULL))
442 /* Use the AF_UNIX transport */
443 kcp->client = INTUSE(clnt_create) ("/var/run/keyservsock", KEY_PROG, vers,
444 "unix");
445
446 if (kcp->client == (CLIENT *) NULL)
447 return (CLIENT *) NULL;
448
449 kcp->uid = __geteuid ();
450 kcp->pid = __getpid ();
451 kcp->client->cl_auth = INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0,
452 NULL);
453 if (kcp->client->cl_auth == NULL)
454 {
455 clnt_destroy (kcp->client);
456 kcp->client = NULL;
457 return (CLIENT *) NULL;
458 }
459
460 wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
461 wait_time.tv_usec = 0;
462 clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
463 (char *)&wait_time);
464 if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
465 __fcntl (fd, F_SETFD, FD_CLOEXEC); /* make it "close on exec" */
466
467 return kcp->client;
468 }
469
470 /* returns 0 on failure, 1 on success */
471 static int
472 internal_function
473 key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
474 xdrproc_t xdr_rslt, char *rslt)
475 {
476 CLIENT *clnt;
477 struct timeval wait_time;
478 int result = 0;
479
480 __libc_lock_lock (keycall_lock);
481 if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
482 (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
483 (proc == KEY_GET_CONV))
484 clnt = getkeyserv_handle(2); /* talk to version 2 */
485 else
486 clnt = getkeyserv_handle(1); /* talk to version 1 */
487
488 if (clnt != NULL)
489 {
490 wait_time.tv_sec = TOTAL_TIMEOUT;
491 wait_time.tv_usec = 0;
492
493 if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
494 wait_time) == RPC_SUCCESS)
495 result = 1;
496 }
497
498 __libc_lock_unlock (keycall_lock);
499
500 return result;
501 }
502
503
504 /* returns 0 on failure, 1 on success */
505 static int
506 internal_function
507 key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
508 xdrproc_t xdr_rslt, char *rslt)
509 {
510 #ifndef SO_PASSCRED
511 static int use_keyenvoy;
512 #endif
513
514 if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
515 {
516 cryptkeyres *res;
517 res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
518 *(cryptkeyres *) rslt = *res;
519 return 1;
520 }
521 else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
522 {
523 cryptkeyres *res;
524 res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
525 *(cryptkeyres *) rslt = *res;
526 return 1;
527 }
528 else if (proc == KEY_GEN && __key_gendes_LOCAL)
529 {
530 des_block *res;
531 res = (*__key_gendes_LOCAL) (__geteuid (), 0);
532 *(des_block *) rslt = *res;
533 return 1;
534 }
535
536 #ifdef SO_PASSCRED
537 return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
538 #else
539 if (!use_keyenvoy)
540 {
541 if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
542 return 1;
543 use_keyenvoy = 1;
544 }
545 return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
546 #endif
547 }
548
549 #ifdef _RPC_THREAD_SAFE_
550 void
551 __rpc_thread_key_cleanup (void)
552 {
553 struct key_call_private *kcp = RPC_THREAD_VARIABLE(key_call_private_s);
554
555 if (kcp) {
556 if (kcp->client) {
557 if (kcp->client->cl_auth)
558 auth_destroy (kcp->client->cl_auth);
559 clnt_destroy(kcp->client);
560 }
561 free (kcp);
562 }
563 }
564 #endif /* _RPC_THREAD_SAFE_ */
Port of glibc to Google Native Client (NaCl)