sunrpc/key_call.c

   1 /*
   2  * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
   3  * unrestricted use provided that this legend is included on all tape
   4  * media and as a part of the software program in whole or part.  Users
   5  * may copy or modify Sun RPC without charge, but are not authorized
   6  * to license or distribute it to anyone else except as part of a product or
   7  * program developed by the user.
   8  *
   9  * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
  10  * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
  11  * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
  12  *
  13  * Sun RPC is provided with no support and without any obligation on the
  14  * part of Sun Microsystems, Inc. to assist in its use, correction,
  15  * modification or enhancement.
  16  *
  17  * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
  18  * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
  19  * OR ANY PART THEREOF.
  20  *
  21  * In no event will Sun Microsystems, Inc. be liable for any lost revenue
  22  * or profits or other special, indirect and consequential damages, even if
  23  * Sun has been advised of the possibility of such damages.
  24  *
  25  * Sun Microsystems, Inc.
  26  * 2550 Garcia Avenue
  27  * Mountain View, California  94043
  28  */
  29 /*
  30  * Copyright (c) 1988 by Sun Microsystems, Inc.
  31  */
  32 /*
  33  * The original source is from the RPCSRC 4.0 package from Sun Microsystems.
  34  * The Interface to keyserver protocoll 2, RPC over AF_UNIX and Linux/doors
  35  * was added by Thorsten Kukuk <kukuk@suse.de>
  36  * Since the Linux/doors project was stopped, I doubt that this code will
  37  * ever be useful <kukuk@suse.de>.
  38  */
  39
  40 #include <stdio.h>
  41 #include <errno.h>
  42 #include <fcntl.h>
  43 #include <signal.h>
  44 #include <unistd.h>
  45 #include <string.h>
  46 #include <rpc/rpc.h>
  47 #include <rpc/auth.h>
  48 #include <sys/wait.h>
  49 #include <sys/param.h>
  50 #include <sys/socket.h>
  51 #include <rpc/key_prot.h>
  52 #include <bits/libc-lock.h>
  53
  54 #ifdef HAVE_DOORS
  55 # include "door/door.h"
  56 #endif
  57
  58 #define KEY_TIMEOUT     5       /* per-try timeout in seconds */
  59 #define KEY_NRETRY      12      /* number of retries */
  60
  61 #define debug(msg)              /* turn off debugging */
  62
  63 #ifndef SO_PASSCRED
  64 extern int _openchild (const char *command, FILE **fto, FILE **ffrom);
  65 #endif
  66
  67 static int key_call (u_long, xdrproc_t xdr_arg, char *,
  68                      xdrproc_t xdr_rslt, char *) internal_function;
  69
  70 static const struct timeval trytimeout = {KEY_TIMEOUT, 0};
  71 static const struct timeval tottimeout = {KEY_TIMEOUT *KEY_NRETRY, 0};
  72
  73 int
  74 key_setsecret (char *secretkey)
  75 {
  76   keystatus status;
  77
  78   if (!key_call ((u_long) KEY_SET, (xdrproc_t) xdr_keybuf, secretkey,
  79                  (xdrproc_t) xdr_keystatus, (char *) &status))
  80     return -1;
  81   if (status != KEY_SUCCESS)
  82     {
  83       debug ("set status is nonzero");
  84       return -1;
  85     }
  86   return 0;
  87 }
  88
  89 /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
  90  * stored for the caller's effective uid; it returns 0 otherwise
  91  *
  92  * N.B.:  The KEY_NET_GET key call is undocumented.  Applications shouldn't
  93  * be using it, because it allows them to get the user's secret key.
  94  */
  95 int
  96 key_secretkey_is_set (void)
  97 {
  98   struct key_netstres kres;
  99
 100   memset (&kres, 0, sizeof (kres));
 101   if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) xdr_void, (char *) NULL,
 102                 (xdrproc_t) xdr_key_netstres, (char *) &kres) &&
 103       (kres.status == KEY_SUCCESS) &&
 104       (kres.key_netstres_u.knet.st_priv_key[0] != 0))
 105     {
 106       /* avoid leaving secret key in memory */
 107       memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
 108       return 1;
 109     }
 110   return 0;
 111 }
 112
 113 int
 114 key_encryptsession (char *remotename, des_block *deskey)
 115 {
 116   cryptkeyarg arg;
 117   cryptkeyres res;
 118
 119   arg.remotename = remotename;
 120   arg.deskey = *deskey;
 121   if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) xdr_cryptkeyarg,
 122                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 123     return -1;
 124
 125   if (res.status != KEY_SUCCESS)
 126     {
 127       debug ("encrypt status is nonzero");
 128       return -1;
 129     }
 130   *deskey = res.cryptkeyres_u.deskey;
 131   return 0;
 132 }
 133
 134 int
 135 key_decryptsession (char *remotename, des_block *deskey)
 136 {
 137   cryptkeyarg arg;
 138   cryptkeyres res;
 139
 140   arg.remotename = remotename;
 141   arg.deskey = *deskey;
 142   if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) xdr_cryptkeyarg,
 143                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 144     return -1;
 145   if (res.status != KEY_SUCCESS)
 146     {
 147       debug ("decrypt status is nonzero");
 148       return -1;
 149     }
 150   *deskey = res.cryptkeyres_u.deskey;
 151   return 0;
 152 }
 153
 154 int
 155 key_encryptsession_pk (char *remotename, netobj *remotekey,
 156                        des_block *deskey)
 157 {
 158   cryptkeyarg2 arg;
 159   cryptkeyres res;
 160
 161   arg.remotename = remotename;
 162   arg.remotekey = *remotekey;
 163   arg.deskey = *deskey;
 164   if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
 165                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 166     return -1;
 167
 168   if (res.status != KEY_SUCCESS)
 169     {
 170       debug ("encrypt status is nonzero");
 171       return -1;
 172     }
 173   *deskey = res.cryptkeyres_u.deskey;
 174   return 0;
 175 }
 176
 177 int
 178 key_decryptsession_pk (char *remotename, netobj *remotekey,
 179                        des_block *deskey)
 180 {
 181   cryptkeyarg2 arg;
 182   cryptkeyres res;
 183
 184   arg.remotename = remotename;
 185   arg.remotekey = *remotekey;
 186   arg.deskey = *deskey;
 187   if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
 188                  (char *) &arg, (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 189     return -1;
 190
 191   if (res.status != KEY_SUCCESS)
 192     {
 193       debug ("decrypt status is nonzero");
 194       return -1;
 195     }
 196   *deskey = res.cryptkeyres_u.deskey;
 197   return 0;
 198 }
 199
 200 int
 201 key_gendes (des_block *key)
 202 {
 203   struct sockaddr_in sin;
 204   CLIENT *client;
 205   int socket;
 206   enum clnt_stat stat;
 207
 208   sin.sin_family = AF_INET;
 209   sin.sin_port = 0;
 210   sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
 211   __bzero (sin.sin_zero, sizeof (sin.sin_zero));
 212   socket = RPC_ANYSOCK;
 213   client = clntudp_bufcreate (&sin, (u_long) KEY_PROG, (u_long) KEY_VERS,
 214                               trytimeout, &socket, RPCSMALLMSGSIZE,
 215                               RPCSMALLMSGSIZE);
 216   if (client == NULL)
 217     return -1;
 218
 219   stat = clnt_call (client, KEY_GEN, (xdrproc_t) xdr_void, NULL,
 220                     (xdrproc_t) xdr_des_block, (caddr_t) key, tottimeout);
 221   clnt_destroy (client);
 222   __close (socket);
 223   if (stat != RPC_SUCCESS)
 224     return -1;
 225
 226   return 0;
 227 }
 228
 229 int
 230 key_setnet (struct key_netstarg *arg)
 231 {
 232   keystatus status;
 233
 234   if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) xdr_key_netstarg,
 235                  (char *) arg,(xdrproc_t) xdr_keystatus, (char *) &status))
 236     return -1;
 237
 238   if (status != KEY_SUCCESS)
 239     {
 240       debug ("key_setnet status is nonzero");
 241       return -1;
 242     }
 243   return 1;
 244 }
 245
 246 int
 247 key_get_conv (char *pkey, des_block *deskey)
 248 {
 249   cryptkeyres res;
 250
 251   if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) xdr_keybuf, pkey,
 252                  (xdrproc_t) xdr_cryptkeyres, (char *) &res))
 253     return -1;
 254
 255   if (res.status != KEY_SUCCESS)
 256     {
 257       debug ("get_conv status is nonzero");
 258       return -1;
 259     }
 260   *deskey = res.cryptkeyres_u.deskey;
 261   return 0;
 262 }
 263
 264 /*
 265  * Hack to allow the keyserver to use AUTH_DES (for authenticated
 266  * NIS+ calls, for example).  The only functions that get called
 267  * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
 268  *
 269  * The approach is to have the keyserver fill in pointers to local
 270  * implementations of these functions, and to call those in key_call().
 271  */
 272
 273 cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *);
 274 cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *);
 275 des_block *(*__key_gendes_LOCAL) (uid_t, char *);
 276
 277 #ifndef SO_PASSCRED
 278 static int
 279 internal_function
 280 key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
 281                    xdrproc_t xdr_rslt, char *rslt)
 282 {
 283   XDR xdrargs;
 284   XDR xdrrslt;
 285   FILE *fargs;
 286   FILE *frslt;
 287   sigset_t oldmask, mask;
 288   union wait status;
 289   int pid;
 290   int success;
 291   uid_t ruid;
 292   uid_t euid;
 293   static const char MESSENGER[] = "/usr/etc/keyenvoy";
 294
 295   success = 1;
 296   sigemptyset (&mask);
 297   sigaddset (&mask, SIGCHLD);
 298   __sigprocmask (SIG_BLOCK, &mask, &oldmask);
 299
 300   /*
 301    * We are going to exec a set-uid program which makes our effective uid
 302    * zero, and authenticates us with our real uid. We need to make the
 303    * effective uid be the real uid for the setuid program, and
 304    * the real uid be the effective uid so that we can change things back.
 305    */
 306   euid = __geteuid ();
 307   ruid = __getuid ();
 308   __setreuid (euid, ruid);
 309   pid = _openchild (MESSENGER, &fargs, &frslt);
 310   __setreuid (ruid, euid);
 311   if (pid < 0)
 312     {
 313       debug ("open_streams");
 314       __sigprocmask (SIG_SETMASK, &oldmask, NULL);
 315       return (0);
 316     }
 317   xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
 318   xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
 319
 320   if (!xdr_u_long (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
 321     {
 322       debug ("xdr args");
 323       success = 0;
 324     }
 325   fclose (fargs);
 326
 327   if (success && !(*xdr_rslt) (&xdrrslt, rslt))
 328     {
 329       debug ("xdr rslt");
 330       success = 0;
 331     }
 332   fclose(frslt);
 333
 334  wait_again:
 335   if (__wait4 (pid, &status, 0, NULL) < 0)
 336     {
 337       if (errno == EINTR)
 338         goto wait_again;
 339       debug ("wait4");
 340       if (errno == ECHILD || errno == ESRCH)
 341         perror ("wait");
 342       else
 343         success = 0;
 344     }
 345   else
 346     if (status.w_retcode)
 347       {
 348         debug ("wait4 1");
 349         success = 0;
 350       }
 351   __sigprocmask (SIG_SETMASK, &oldmask, NULL);
 352
 353   return success;
 354 }
 355 #endif
 356
 357 struct  key_call_private {
 358   CLIENT  *client;        /* Client handle */
 359   pid_t   pid;            /* process-id at moment of creation */
 360   uid_t   uid;            /* user-id at last authorization */
 361 };
 362 #ifdef _RPC_THREAD_SAFE_
 363 #define key_call_private_main ((struct  key_call_private *)RPC_THREAD_VARIABLE(key_call_private_s))
 364 #else
 365 static struct key_call_private *key_call_private_main;
 366 #endif
 367 __libc_lock_define_initialized (static, keycall_lock)
 368
 369 /*
 370  * Keep the handle cached.  This call may be made quite often.
 371  */
 372 static CLIENT *
 373 getkeyserv_handle (int vers)
 374 {
 375   struct key_call_private *kcp = key_call_private_main;
 376   struct timeval wait_time;
 377   int fd;
 378   struct sockaddr_un name;
 379   int namelen = sizeof(struct sockaddr_un);
 380
 381 #define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
 382 #define TOTAL_TRIES     5       /* Number of tries */
 383
 384   if (kcp == (struct key_call_private *)NULL)
 385     {
 386       kcp = (struct key_call_private *)malloc (sizeof (*kcp));
 387       if (kcp == (struct key_call_private *)NULL)
 388         return (CLIENT *) NULL;
 389
 390       key_call_private_main = kcp;
 391       kcp->client = NULL;
 392     }
 393
 394   /* if pid has changed, destroy client and rebuild */
 395   if (kcp->client != NULL && kcp->pid != __getpid ())
 396     {
 397       clnt_destroy (kcp->client);
 398       kcp->client = NULL;
 399     }
 400
 401   if (kcp->client != NULL)
 402     {
 403       /* if other side closed socket, build handle again */
 404       clnt_control (kcp->client, CLGET_FD, (char *)&fd);
 405       if (__getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
 406         {
 407           auth_destroy (kcp->client->cl_auth);
 408           clnt_destroy (kcp->client);
 409           kcp->client = NULL;
 410         }
 411     }
 412
 413   if (kcp->client != NULL)
 414     {
 415       /* if uid has changed, build client handle again */
 416       if (kcp->uid != __geteuid ())
 417         {
 418         kcp->uid = __geteuid ();
 419         auth_destroy (kcp->client->cl_auth);
 420         kcp->client->cl_auth =
 421           authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
 422         if (kcp->client->cl_auth == NULL)
 423           {
 424             clnt_destroy (kcp->client);
 425             kcp->client = NULL;
 426             return ((CLIENT *) NULL);
 427           }
 428         }
 429       /* Change the version number to the new one */
 430       clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
 431       return kcp->client;
 432     }
 433
 434   if ((kcp->client == (CLIENT *) NULL))
 435     /* Use the AF_UNIX transport */
 436     kcp->client = clnt_create ("/var/run/keyservsock", KEY_PROG, vers, "unix");
 437
 438   if (kcp->client == (CLIENT *) NULL)
 439     return (CLIENT *) NULL;
 440
 441   kcp->uid = __geteuid ();
 442   kcp->pid = __getpid ();
 443   kcp->client->cl_auth = authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
 444   if (kcp->client->cl_auth == NULL)
 445     {
 446       clnt_destroy (kcp->client);
 447       kcp->client = NULL;
 448       return (CLIENT *) NULL;
 449     }
 450
 451   wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
 452   wait_time.tv_usec = 0;
 453   clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
 454                 (char *)&wait_time);
 455   if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
 456     __fcntl (fd, F_SETFD, 1);  /* make it "close on exec" */
 457
 458   return kcp->client;
 459 }
 460
 461 /* returns  0 on failure, 1 on success */
 462 static int
 463 internal_function
 464 key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
 465                xdrproc_t xdr_rslt, char *rslt)
 466 {
 467   CLIENT *clnt;
 468   struct timeval wait_time;
 469   int result = 0;
 470
 471   __libc_lock_lock (keycall_lock);
 472   if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
 473       (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
 474       (proc == KEY_GET_CONV))
 475     clnt = getkeyserv_handle(2); /* talk to version 2 */
 476   else
 477     clnt = getkeyserv_handle(1); /* talk to version 1 */
 478
 479   if (clnt != NULL)
 480     {
 481       wait_time.tv_sec = TOTAL_TIMEOUT;
 482       wait_time.tv_usec = 0;
 483
 484       if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
 485                      wait_time) == RPC_SUCCESS)
 486         result = 1;
 487     }
 488
 489   __libc_lock_unlock (keycall_lock);
 490
 491   return result;
 492 }
 493
 494 #ifdef HAVE_DOORS
 495 /* returns 0 on failure, 1 on success */
 496 static int
 497 internal_function
 498 key_call_door (u_long proc, xdrproc_t xdr_arg, char *arg,
 499                xdrproc_t xdr_rslt, char *rslt)
 500 {
 501   XDR xdrs;
 502   int fd, ret;
 503   door_arg_t args;
 504   char *data_ptr;
 505   u_long data_len = 0;
 506   char res[255];
 507
 508   if ((fd = open("/var/run/keyservdoor", O_RDONLY)) < 0)
 509     return 0;
 510   res[0] = 0;
 511
 512   data_len = xdr_sizeof (xdr_arg, arg);
 513   data_ptr = calloc (1, data_len + 2 * sizeof (u_long));
 514   if (data_ptr == NULL)
 515     return 0;
 516
 517   xdrmem_create (&xdrs, &data_ptr[2 * sizeof (u_long)], data_len, XDR_ENCODE);
 518   if (!xdr_arg (&xdrs, arg))
 519     {
 520       xdr_destroy (&xdrs);
 521       free (data_ptr);
 522       return 0;
 523     }
 524   xdr_destroy (&xdrs);
 525
 526   memcpy (data_ptr, &proc, sizeof (u_long));
 527   memcpy (&data_ptr[sizeof (proc)], &data_len, sizeof (u_long));
 528
 529   args.data_ptr = data_ptr;
 530   args.data_size = data_len + 2 * sizeof (u_long);
 531   args.desc_ptr = NULL;
 532   args.desc_num = 0;
 533   args.rbuf = res;
 534   args.rsize = sizeof (res);
 535
 536   ret = __door_call (fd, &args);
 537   free (data_ptr);
 538   close (fd);
 539
 540   if (ret < 0)
 541     return 0;
 542
 543   memcpy (&data_len, args.data_ptr, sizeof (u_long));
 544   if (data_len != 0)
 545     return 0;
 546
 547   memcpy (&data_len, &args.data_ptr[sizeof (u_long)], sizeof (u_long));
 548   xdrmem_create (&xdrs, &args.data_ptr[2 * sizeof (u_long)],
 549                  data_len, XDR_DECODE);
 550   if (!xdr_rslt (&xdrs, rslt))
 551     {
 552       xdr_destroy (&xdrs);
 553       return 0;
 554     }
 555   xdr_destroy (&xdrs);
 556
 557   return 1;
 558 }
 559 #endif
 560
 561 /* returns 0 on failure, 1 on success */
 562 static int
 563 internal_function
 564 key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
 565           xdrproc_t xdr_rslt, char *rslt)
 566 {
 567 #ifndef SO_PASSCRED
 568   static int use_keyenvoy;
 569 #endif
 570 #ifdef HAVE_DOORS
 571   static int not_use_doors;
 572 #endif
 573
 574   if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
 575     {
 576       cryptkeyres *res;
 577       res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
 578       *(cryptkeyres *) rslt = *res;
 579       return 1;
 580     }
 581   else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
 582     {
 583       cryptkeyres *res;
 584       res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
 585       *(cryptkeyres *) rslt = *res;
 586       return 1;
 587     }
 588   else if (proc == KEY_GEN && __key_gendes_LOCAL)
 589     {
 590       des_block *res;
 591       res = (*__key_gendes_LOCAL) (__geteuid (), 0);
 592       *(des_block *) rslt = *res;
 593       return 1;
 594     }
 595
 596 #ifdef HAVE_DOORS
 597   if (!not_use_doors)
 598     {
 599       if (key_call_door (proc, xdr_arg, arg, xdr_rslt, rslt))
 600         return 1;
 601       not_use_doors = 1;
 602     }
 603 #endif
 604
 605 #ifdef SO_PASSCRED
 606   return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
 607 #else
 608   if (!use_keyenvoy)
 609     {
 610       if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
 611         return 1;
 612       use_keyenvoy = 1;
 613     }
 614   return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
 615 #endif
 616 }
 617
 618 #ifdef _RPC_THREAD_SAFE_
 619 void
 620 __rpc_thread_key_cleanup (void)
 621 {
 622         struct key_call_private *kcp = RPC_THREAD_VARIABLE(key_call_private_s);
 623
 624         if (kcp) {
 625                 if (kcp->client)
 626                         clnt_destroy(kcp->client);
 627                 free (kcp);
 628         }
 629 }
 630 #endif /* _RPC_THREAD_SAFE_ */