Merge branch 'master' of ssh://sourceware.org/git/glibc
[glibc.git] / sunrpc / key_call.c
blob4ab6b97bc628e9cb475542f3a70e33f917446039
1 /*
2 * Copyright (c) 2010, Oracle America, Inc.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following
12 * disclaimer in the documentation and/or other materials
13 * provided with the distribution.
14 * * Neither the name of the "Oracle America, Inc." nor the names of its
15 * contributors may be used to endorse or promote products derived
16 * from this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
21 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
22 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
23 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
25 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
27 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
28 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 * The original source is from the RPCSRC 4.0 package from Sun Microsystems.
33 * The Interface to keyserver protocoll 2, RPC over AF_UNIX and Linux/doors
34 * was added by Thorsten Kukuk <kukuk@suse.de>
35 * Since the Linux/doors project was stopped, I doubt that this code will
36 * ever be useful <kukuk@suse.de>.
39 #include <stdio.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #include <signal.h>
43 #include <unistd.h>
44 #include <string.h>
45 #include <rpc/rpc.h>
46 #include <rpc/auth.h>
47 #include <sys/wait.h>
48 #include <sys/param.h>
49 #include <sys/socket.h>
50 #include <rpc/key_prot.h>
51 #include <bits/libc-lock.h>
53 #define KEY_TIMEOUT 5 /* per-try timeout in seconds */
54 #define KEY_NRETRY 12 /* number of retries */
56 #define debug(msg) /* turn off debugging */
58 #ifndef SO_PASSCRED
59 extern int _openchild (const char *command, FILE **fto, FILE **ffrom);
60 #endif
62 static int key_call (u_long, xdrproc_t xdr_arg, char *,
63 xdrproc_t xdr_rslt, char *) internal_function;
65 static const struct timeval trytimeout = {KEY_TIMEOUT, 0};
66 static const struct timeval tottimeout = {KEY_TIMEOUT *KEY_NRETRY, 0};
68 int
69 key_setsecret (char *secretkey)
71 keystatus status;
73 if (!key_call ((u_long) KEY_SET, (xdrproc_t) INTUSE(xdr_keybuf), secretkey,
74 (xdrproc_t) INTUSE(xdr_keystatus), (char *) &status))
75 return -1;
76 if (status != KEY_SUCCESS)
78 debug ("set status is nonzero");
79 return -1;
81 return 0;
84 /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
85 * stored for the caller's effective uid; it returns 0 otherwise
87 * N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't
88 * be using it, because it allows them to get the user's secret key.
90 int
91 key_secretkey_is_set (void)
93 struct key_netstres kres;
95 memset (&kres, 0, sizeof (kres));
96 if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) INTUSE(xdr_void),
97 (char *) NULL, (xdrproc_t) INTUSE(xdr_key_netstres),
98 (char *) &kres) &&
99 (kres.status == KEY_SUCCESS) &&
100 (kres.key_netstres_u.knet.st_priv_key[0] != 0))
102 /* avoid leaving secret key in memory */
103 memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
104 return 1;
106 return 0;
110 key_encryptsession (char *remotename, des_block *deskey)
112 cryptkeyarg arg;
113 cryptkeyres res;
115 arg.remotename = remotename;
116 arg.deskey = *deskey;
117 if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
118 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
119 (char *) &res))
120 return -1;
122 if (res.status != KEY_SUCCESS)
124 debug ("encrypt status is nonzero");
125 return -1;
127 *deskey = res.cryptkeyres_u.deskey;
128 return 0;
132 key_decryptsession (char *remotename, des_block *deskey)
134 cryptkeyarg arg;
135 cryptkeyres res;
137 arg.remotename = remotename;
138 arg.deskey = *deskey;
139 if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
140 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
141 (char *) &res))
142 return -1;
143 if (res.status != KEY_SUCCESS)
145 debug ("decrypt status is nonzero");
146 return -1;
148 *deskey = res.cryptkeyres_u.deskey;
149 return 0;
153 key_encryptsession_pk (char *remotename, netobj *remotekey,
154 des_block *deskey)
156 cryptkeyarg2 arg;
157 cryptkeyres res;
159 arg.remotename = remotename;
160 arg.remotekey = *remotekey;
161 arg.deskey = *deskey;
162 if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
163 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
164 (char *) &res))
165 return -1;
167 if (res.status != KEY_SUCCESS)
169 debug ("encrypt status is nonzero");
170 return -1;
172 *deskey = res.cryptkeyres_u.deskey;
173 return 0;
175 libc_hidden_def (key_encryptsession_pk)
178 key_decryptsession_pk (char *remotename, netobj *remotekey,
179 des_block *deskey)
181 cryptkeyarg2 arg;
182 cryptkeyres res;
184 arg.remotename = remotename;
185 arg.remotekey = *remotekey;
186 arg.deskey = *deskey;
187 if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
188 (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
189 (char *) &res))
190 return -1;
192 if (res.status != KEY_SUCCESS)
194 debug ("decrypt status is nonzero");
195 return -1;
197 *deskey = res.cryptkeyres_u.deskey;
198 return 0;
200 libc_hidden_def (key_decryptsession_pk)
203 key_gendes (des_block *key)
205 struct sockaddr_in sin;
206 CLIENT *client;
207 int socket;
208 enum clnt_stat stat;
210 sin.sin_family = AF_INET;
211 sin.sin_port = 0;
212 sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
213 __bzero (sin.sin_zero, sizeof (sin.sin_zero));
214 socket = RPC_ANYSOCK;
215 client = INTUSE(clntudp_bufcreate) (&sin, (u_long) KEY_PROG,
216 (u_long) KEY_VERS, trytimeout, &socket,
217 RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
218 if (client == NULL)
219 return -1;
221 stat = clnt_call (client, KEY_GEN, (xdrproc_t) INTUSE(xdr_void), NULL,
222 (xdrproc_t) INTUSE(xdr_des_block), (caddr_t) key,
223 tottimeout);
224 clnt_destroy (client);
225 __close (socket);
226 if (stat != RPC_SUCCESS)
227 return -1;
229 return 0;
231 libc_hidden_def (key_gendes)
234 key_setnet (struct key_netstarg *arg)
236 keystatus status;
238 if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) INTUSE(xdr_key_netstarg),
239 (char *) arg,(xdrproc_t) INTUSE(xdr_keystatus),
240 (char *) &status))
241 return -1;
243 if (status != KEY_SUCCESS)
245 debug ("key_setnet status is nonzero");
246 return -1;
248 return 1;
252 key_get_conv (char *pkey, des_block *deskey)
254 cryptkeyres res;
256 if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) INTUSE(xdr_keybuf), pkey,
257 (xdrproc_t) INTUSE(xdr_cryptkeyres), (char *) &res))
258 return -1;
260 if (res.status != KEY_SUCCESS)
262 debug ("get_conv status is nonzero");
263 return -1;
265 *deskey = res.cryptkeyres_u.deskey;
266 return 0;
270 * Hack to allow the keyserver to use AUTH_DES (for authenticated
271 * NIS+ calls, for example). The only functions that get called
272 * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
274 * The approach is to have the keyserver fill in pointers to local
275 * implementations of these functions, and to call those in key_call().
278 cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *);
279 cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *);
280 des_block *(*__key_gendes_LOCAL) (uid_t, char *);
282 #ifndef SO_PASSCRED
283 static int
284 internal_function
285 key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
286 xdrproc_t xdr_rslt, char *rslt)
288 XDR xdrargs;
289 XDR xdrrslt;
290 FILE *fargs;
291 FILE *frslt;
292 sigset_t oldmask, mask;
293 union wait status;
294 int pid;
295 int success;
296 uid_t ruid;
297 uid_t euid;
298 static const char MESSENGER[] = "/usr/etc/keyenvoy";
300 success = 1;
301 sigemptyset (&mask);
302 sigaddset (&mask, SIGCHLD);
303 __sigprocmask (SIG_BLOCK, &mask, &oldmask);
306 * We are going to exec a set-uid program which makes our effective uid
307 * zero, and authenticates us with our real uid. We need to make the
308 * effective uid be the real uid for the setuid program, and
309 * the real uid be the effective uid so that we can change things back.
311 euid = __geteuid ();
312 ruid = __getuid ();
313 __setreuid (euid, ruid);
314 pid = _openchild (MESSENGER, &fargs, &frslt);
315 __setreuid (ruid, euid);
316 if (pid < 0)
318 debug ("open_streams");
319 __sigprocmask (SIG_SETMASK, &oldmask, NULL);
320 return (0);
322 xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
323 xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
325 if (!INTUSE(xdr_u_long) (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
327 debug ("xdr args");
328 success = 0;
330 fclose (fargs);
332 if (success && !(*xdr_rslt) (&xdrrslt, rslt))
334 debug ("xdr rslt");
335 success = 0;
337 fclose(frslt);
339 wait_again:
340 if (__wait4 (pid, &status, 0, NULL) < 0)
342 if (errno == EINTR)
343 goto wait_again;
344 debug ("wait4");
345 if (errno == ECHILD || errno == ESRCH)
346 perror ("wait");
347 else
348 success = 0;
350 else
351 if (status.w_retcode)
353 debug ("wait4 1");
354 success = 0;
356 __sigprocmask (SIG_SETMASK, &oldmask, NULL);
358 return success;
360 #endif
362 struct key_call_private {
363 CLIENT *client; /* Client handle */
364 pid_t pid; /* process-id at moment of creation */
365 uid_t uid; /* user-id at last authorization */
367 #ifdef _RPC_THREAD_SAFE_
368 #define key_call_private_main RPC_THREAD_VARIABLE(key_call_private_s)
369 #else
370 static struct key_call_private *key_call_private_main;
371 #endif
372 __libc_lock_define_initialized (static, keycall_lock)
375 * Keep the handle cached. This call may be made quite often.
377 static CLIENT *
378 getkeyserv_handle (int vers)
380 struct key_call_private *kcp = key_call_private_main;
381 struct timeval wait_time;
382 int fd;
383 struct sockaddr_un name;
384 socklen_t namelen = sizeof(struct sockaddr_un);
386 #define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */
387 #define TOTAL_TRIES 5 /* Number of tries */
389 if (kcp == (struct key_call_private *)NULL)
391 kcp = (struct key_call_private *)malloc (sizeof (*kcp));
392 if (kcp == (struct key_call_private *)NULL)
393 return (CLIENT *) NULL;
395 key_call_private_main = kcp;
396 kcp->client = NULL;
399 /* if pid has changed, destroy client and rebuild */
400 if (kcp->client != NULL && kcp->pid != __getpid ())
402 auth_destroy (kcp->client->cl_auth);
403 clnt_destroy (kcp->client);
404 kcp->client = NULL;
407 if (kcp->client != NULL)
409 /* if other side closed socket, build handle again */
410 clnt_control (kcp->client, CLGET_FD, (char *)&fd);
411 if (__getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
413 auth_destroy (kcp->client->cl_auth);
414 clnt_destroy (kcp->client);
415 kcp->client = NULL;
419 if (kcp->client != NULL)
421 /* if uid has changed, build client handle again */
422 if (kcp->uid != __geteuid ())
424 kcp->uid = __geteuid ();
425 auth_destroy (kcp->client->cl_auth);
426 kcp->client->cl_auth =
427 INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0, NULL);
428 if (kcp->client->cl_auth == NULL)
430 clnt_destroy (kcp->client);
431 kcp->client = NULL;
432 return ((CLIENT *) NULL);
435 /* Change the version number to the new one */
436 clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
437 return kcp->client;
440 if ((kcp->client == (CLIENT *) NULL))
441 /* Use the AF_UNIX transport */
442 kcp->client = INTUSE(clnt_create) ("/var/run/keyservsock", KEY_PROG, vers,
443 "unix");
445 if (kcp->client == (CLIENT *) NULL)
446 return (CLIENT *) NULL;
448 kcp->uid = __geteuid ();
449 kcp->pid = __getpid ();
450 kcp->client->cl_auth = INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0,
451 NULL);
452 if (kcp->client->cl_auth == NULL)
454 clnt_destroy (kcp->client);
455 kcp->client = NULL;
456 return (CLIENT *) NULL;
459 wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
460 wait_time.tv_usec = 0;
461 clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
462 (char *)&wait_time);
463 if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
464 __fcntl (fd, F_SETFD, FD_CLOEXEC); /* make it "close on exec" */
466 return kcp->client;
469 /* returns 0 on failure, 1 on success */
470 static int
471 internal_function
472 key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
473 xdrproc_t xdr_rslt, char *rslt)
475 CLIENT *clnt;
476 struct timeval wait_time;
477 int result = 0;
479 __libc_lock_lock (keycall_lock);
480 if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
481 (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
482 (proc == KEY_GET_CONV))
483 clnt = getkeyserv_handle(2); /* talk to version 2 */
484 else
485 clnt = getkeyserv_handle(1); /* talk to version 1 */
487 if (clnt != NULL)
489 wait_time.tv_sec = TOTAL_TIMEOUT;
490 wait_time.tv_usec = 0;
492 if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
493 wait_time) == RPC_SUCCESS)
494 result = 1;
497 __libc_lock_unlock (keycall_lock);
499 return result;
503 /* returns 0 on failure, 1 on success */
504 static int
505 internal_function
506 key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
507 xdrproc_t xdr_rslt, char *rslt)
509 #ifndef SO_PASSCRED
510 static int use_keyenvoy;
511 #endif
513 if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
515 cryptkeyres *res;
516 res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
517 *(cryptkeyres *) rslt = *res;
518 return 1;
520 else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
522 cryptkeyres *res;
523 res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
524 *(cryptkeyres *) rslt = *res;
525 return 1;
527 else if (proc == KEY_GEN && __key_gendes_LOCAL)
529 des_block *res;
530 res = (*__key_gendes_LOCAL) (__geteuid (), 0);
531 *(des_block *) rslt = *res;
532 return 1;
535 #ifdef SO_PASSCRED
536 return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
537 #else
538 if (!use_keyenvoy)
540 if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
541 return 1;
542 use_keyenvoy = 1;
544 return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
545 #endif
548 #ifdef _RPC_THREAD_SAFE_
549 void
550 __rpc_thread_key_cleanup (void)
552 struct key_call_private *kcp = RPC_THREAD_VARIABLE(key_call_private_s);
554 if (kcp) {
555 if (kcp->client) {
556 if (kcp->client->cl_auth)
557 auth_destroy (kcp->client->cl_auth);
558 clnt_destroy(kcp->client);
560 free (kcp);
563 #endif /* _RPC_THREAD_SAFE_ */