1 /* 2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for 3 * unrestricted use provided that this legend is included on all tape 4 * media and as a part of the software program in whole or part. Users 5 * may copy or modify Sun RPC without charge, but are not authorized 6 * to license or distribute it to anyone else except as part of a product or 7 * program developed by the user. 8 * 9 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE 10 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR 11 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. 12 * 13 * Sun RPC is provided with no support and without any obligation on the 14 * part of Sun Microsystems, Inc. to assist in its use, correction, 15 * modification or enhancement. 16 * 17 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE 18 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC 19 * OR ANY PART THEREOF. 20 * 21 * In no event will Sun Microsystems, Inc. be liable for any lost revenue 22 * or profits or other special, indirect and consequential damages, even if 23 * Sun has been advised of the possibility of such damages. 24 * 25 * Sun Microsystems, Inc. 26 * 2550 Garcia Avenue 27 * Mountain View, California 94043 28 * 29 * @(#)keyserv.c 1.15 94/04/25 SMI 30 * $FreeBSD: src/usr.sbin/keyserv/keyserv.c,v 1.12 2007/11/07 10:53:35 kevlo Exp $ 31 * $DragonFly: src/usr.sbin/keyserv/keyserv.c,v 1.6 2004/12/18 22:48:03 swildner Exp $ 32 */ 33 34 /* 35 * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. 36 */ 37 38 /* 39 * Keyserver 40 * Store secret keys per uid. Do public key encryption and decryption 41 * operations. Generate "random" keys. 42 * Do not talk to anything but a local root 43 * process on the local transport only 44 */ 45 46 #include <err.h> 47 #include <pwd.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <unistd.h> 52 #include <sys/stat.h> 53 #include <sys/types.h> 54 #include <rpc/rpc.h> 55 #include <sys/param.h> 56 #include <sys/file.h> 57 #include <rpc/des_crypt.h> 58 #include <rpc/des.h> 59 #include <rpc/key_prot.h> 60 #include <rpcsvc/crypt.h> 61 #include "keyserv.h" 62 63 #ifndef NGROUPS 64 #define NGROUPS 16 65 #endif 66 67 #ifndef KEYSERVSOCK 68 #define KEYSERVSOCK "/var/run/keyservsock" 69 #endif 70 71 static void randomize( des_block * ); 72 static void usage( void ); 73 static int getrootkey( des_block *, int ); 74 static int root_auth( SVCXPRT *, struct svc_req * ); 75 76 #ifdef DEBUG 77 static int debugging = 1; 78 #else 79 static int debugging = 0; 80 #endif 81 82 static void keyprogram(); 83 static des_block masterkey; 84 char *getenv(); 85 static char ROOTKEY[] = "/etc/.rootkey"; 86 87 /* 88 * Hack to allow the keyserver to use AUTH_DES (for authenticated 89 * NIS+ calls, for example). The only functions that get called 90 * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes. 91 * 92 * The approach is to have the keyserver fill in pointers to local 93 * implementations of these functions, and to call those in key_call(). 94 */ 95 96 extern cryptkeyres *(*__key_encryptsession_pk_LOCAL)(); 97 extern cryptkeyres *(*__key_decryptsession_pk_LOCAL)(); 98 extern des_block *(*__key_gendes_LOCAL)(); 99 extern int (*__des_crypt_LOCAL)(); 100 101 cryptkeyres *key_encrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * ); 102 cryptkeyres *key_decrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * ); 103 des_block *key_gen_1_svc_prog( void *, struct svc_req * ); 104 105 int 106 main(int argc, char **argv) 107 { 108 int nflag = 0; 109 int c; 110 int warn = 0; 111 char *path = NULL; 112 void *localhandle; 113 SVCXPRT *transp; 114 struct netconfig *nconf = NULL; 115 116 __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog; 117 __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog; 118 __key_gendes_LOCAL = &key_gen_1_svc_prog; 119 120 while ((c = getopt(argc, argv, "ndDvp:")) != -1) 121 switch (c) { 122 case 'n': 123 nflag++; 124 break; 125 case 'd': 126 pk_nodefaultkeys(); 127 break; 128 case 'D': 129 debugging = 1; 130 break; 131 case 'v': 132 warn = 1; 133 break; 134 case 'p': 135 path = optarg; 136 break; 137 default: 138 usage(); 139 } 140 141 load_des(warn, path); 142 __des_crypt_LOCAL = _my_crypt; 143 if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1) 144 errx(1, "failed to register AUTH_DES authenticator"); 145 146 if (optind != argc) { 147 usage(); 148 } 149 150 /* 151 * Initialize 152 */ 153 umask(S_IXUSR|S_IXGRP|S_IXOTH); 154 if (geteuid() != 0) 155 errx(1, "keyserv must be run as root"); 156 setmodulus(HEXMODULUS); 157 getrootkey(&masterkey, nflag); 158 159 rpcb_unset(KEY_PROG, KEY_VERS, NULL); 160 rpcb_unset(KEY_PROG, KEY_VERS2, NULL); 161 162 if (svc_create(keyprogram, KEY_PROG, KEY_VERS, 163 "netpath") == 0) { 164 fprintf(stderr, "%s: unable to create service\n", argv[0]); 165 exit(1); 166 } 167 168 if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, 169 "netpath") == 0) { 170 fprintf(stderr, "%s: unable to create service\n", argv[0]); 171 exit(1); 172 } 173 174 localhandle = setnetconfig(); 175 while ((nconf = getnetconfig(localhandle)) != NULL) { 176 if (nconf->nc_protofmly != NULL && 177 strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) 178 break; 179 } 180 181 if (nconf == NULL) 182 errx(1, "getnetconfig: %s", nc_sperror()); 183 184 unlink(KEYSERVSOCK); 185 rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf); 186 transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK); 187 if (transp == NULL) 188 errx(1, "cannot create AF_LOCAL service"); 189 if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf)) 190 errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)"); 191 if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf)) 192 errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)"); 193 if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf)) 194 errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)"); 195 196 endnetconfig(localhandle); 197 198 umask(066); /* paranoia */ 199 200 if (!debugging) { 201 daemon(0,0); 202 } 203 204 signal(SIGPIPE, SIG_IGN); 205 206 svc_run(); 207 abort(); 208 /* NOTREACHED */ 209 } 210 211 /* 212 * In the event that we don't get a root password, we try to 213 * randomize the master key the best we can 214 */ 215 static void 216 randomize(des_block *master) 217 { 218 #ifdef KEYSERV_RANDOM 219 master->key.low = arc4random(); 220 master->key.high = arc4random(); 221 #else 222 /* use stupid dangerous bad rand() */ 223 sranddev(); 224 master->key.low = rand(); 225 master->key.high = rand(); 226 #endif 227 } 228 229 /* 230 * Try to get root's secret key, by prompting if terminal is a tty, else trying 231 * from standard input. 232 * Returns 1 on success. 233 */ 234 static int 235 getrootkey(des_block *master, int prompt) 236 { 237 char *passwd; 238 char name[MAXNETNAMELEN + 1]; 239 char secret[HEXKEYBYTES]; 240 key_netstarg netstore; 241 int fd; 242 243 if (!prompt) { 244 /* 245 * Read secret key out of ROOTKEY 246 */ 247 fd = open(ROOTKEY, O_RDONLY, 0); 248 if (fd < 0) { 249 randomize(master); 250 return (0); 251 } 252 if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) { 253 warnx("the key read from %s was too short", ROOTKEY); 254 close(fd); 255 return (0); 256 } 257 close(fd); 258 if (!getnetname(name)) { 259 warnx( 260 "failed to generate host's netname when establishing root's key"); 261 return (0); 262 } 263 memcpy(netstore.st_priv_key, secret, HEXKEYBYTES); 264 memset(netstore.st_pub_key, 0, HEXKEYBYTES); 265 netstore.st_netname = name; 266 if (pk_netput(0, &netstore) != KEY_SUCCESS) { 267 warnx("could not set root's key and netname"); 268 return (0); 269 } 270 return (1); 271 } 272 /* 273 * Decrypt yellow pages publickey entry to get secret key 274 */ 275 passwd = getpass("root password:"); 276 passwd2des(passwd, (char *)master); 277 getnetname(name); 278 if (!getsecretkey(name, secret, passwd)) { 279 warnx("can't find %s's secret key", name); 280 return (0); 281 } 282 if (secret[0] == 0) { 283 warnx("password does not decrypt secret key for %s", name); 284 return (0); 285 } 286 pk_setkey(0, secret); 287 /* 288 * Store it for future use in $ROOTKEY, if possible 289 */ 290 fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0); 291 if (fd > 0) { 292 char newline = '\n'; 293 294 write(fd, secret, strlen(secret)); 295 write(fd, &newline, sizeof (newline)); 296 close(fd); 297 } 298 return (1); 299 } 300 301 /* 302 * Procedures to implement RPC service 303 */ 304 char * 305 strstatus(keystatus status) 306 { 307 switch (status) { 308 case KEY_SUCCESS: 309 return ("KEY_SUCCESS"); 310 case KEY_NOSECRET: 311 return ("KEY_NOSECRET"); 312 case KEY_UNKNOWN: 313 return ("KEY_UNKNOWN"); 314 case KEY_SYSTEMERR: 315 return ("KEY_SYSTEMERR"); 316 default: 317 return ("(bad result code)"); 318 } 319 } 320 321 keystatus * 322 key_set_1_svc_prog(uid_t uid, keybuf key) 323 { 324 static keystatus status; 325 326 if (debugging) { 327 fprintf(stderr, "set(%ld, %.*s) = ", uid, 328 (int) sizeof (keybuf), key); 329 } 330 status = pk_setkey(uid, key); 331 if (debugging) { 332 fprintf(stderr, "%s\n", strstatus(status)); 333 fflush(stderr); 334 } 335 return (&status); 336 } 337 338 cryptkeyres * 339 key_encrypt_pk_2_svc_prog(uid_t uid, cryptkeyarg2 *arg) 340 { 341 static cryptkeyres res; 342 343 if (debugging) { 344 fprintf(stderr, "encrypt(%ld, %s, %08x%08x) = ", uid, 345 arg->remotename, arg->deskey.key.high, 346 arg->deskey.key.low); 347 } 348 res.cryptkeyres_u.deskey = arg->deskey; 349 res.status = pk_encrypt(uid, arg->remotename, &(arg->remotekey), 350 &res.cryptkeyres_u.deskey); 351 if (debugging) { 352 if (res.status == KEY_SUCCESS) { 353 fprintf(stderr, "%08x%08x\n", 354 res.cryptkeyres_u.deskey.key.high, 355 res.cryptkeyres_u.deskey.key.low); 356 } else { 357 fprintf(stderr, "%s\n", strstatus(res.status)); 358 } 359 fflush(stderr); 360 } 361 return (&res); 362 } 363 364 cryptkeyres * 365 key_decrypt_pk_2_svc_prog(uid_t uid, cryptkeyarg2 *arg) 366 { 367 static cryptkeyres res; 368 369 if (debugging) { 370 fprintf(stderr, "decrypt(%ld, %s, %08x%08x) = ", uid, 371 arg->remotename, arg->deskey.key.high, 372 arg->deskey.key.low); 373 } 374 res.cryptkeyres_u.deskey = arg->deskey; 375 res.status = pk_decrypt(uid, arg->remotename, &(arg->remotekey), 376 &res.cryptkeyres_u.deskey); 377 if (debugging) { 378 if (res.status == KEY_SUCCESS) { 379 fprintf(stderr, "%08x%08x\n", 380 res.cryptkeyres_u.deskey.key.high, 381 res.cryptkeyres_u.deskey.key.low); 382 } else { 383 fprintf(stderr, "%s\n", strstatus(res.status)); 384 } 385 fflush(stderr); 386 } 387 return (&res); 388 } 389 390 keystatus * 391 key_net_put_2_svc_prog(uid_t uid, key_netstarg *arg) 392 { 393 static keystatus status; 394 395 if (debugging) { 396 fprintf(stderr, "net_put(%s, %.*s, %.*s) = ", 397 arg->st_netname, (int)sizeof (arg->st_pub_key), 398 arg->st_pub_key, (int)sizeof (arg->st_priv_key), 399 arg->st_priv_key); 400 }; 401 402 status = pk_netput(uid, arg); 403 404 if (debugging) { 405 fprintf(stderr, "%s\n", strstatus(status)); 406 fflush(stderr); 407 } 408 409 return (&status); 410 } 411 412 key_netstres * 413 key_net_get_2_svc_prog(uid_t uid, void *arg) 414 { 415 static key_netstres keynetname; 416 417 if (debugging) 418 fprintf(stderr, "net_get(%ld) = ", uid); 419 420 keynetname.status = pk_netget(uid, &keynetname.key_netstres_u.knet); 421 if (debugging) { 422 if (keynetname.status == KEY_SUCCESS) { 423 fprintf(stderr, "<%s, %.*s, %.*s>\n", 424 keynetname.key_netstres_u.knet.st_netname, 425 (int)sizeof (keynetname.key_netstres_u.knet.st_pub_key), 426 keynetname.key_netstres_u.knet.st_pub_key, 427 (int)sizeof (keynetname.key_netstres_u.knet.st_priv_key), 428 keynetname.key_netstres_u.knet.st_priv_key); 429 } else { 430 fprintf(stderr, "NOT FOUND\n"); 431 } 432 fflush(stderr); 433 } 434 435 return (&keynetname); 436 437 } 438 439 cryptkeyres * 440 key_get_conv_2_svc_prog(uid_t uid, keybuf arg) 441 { 442 static cryptkeyres res; 443 444 if (debugging) 445 fprintf(stderr, "get_conv(%ld, %.*s) = ", uid, 446 (int)sizeof (arg), arg); 447 448 449 res.status = pk_get_conv_key(uid, arg, &res); 450 451 if (debugging) { 452 if (res.status == KEY_SUCCESS) { 453 fprintf(stderr, "%08x%08x\n", 454 res.cryptkeyres_u.deskey.key.high, 455 res.cryptkeyres_u.deskey.key.low); 456 } else { 457 fprintf(stderr, "%s\n", strstatus(res.status)); 458 } 459 fflush(stderr); 460 } 461 return (&res); 462 } 463 464 465 cryptkeyres * 466 key_encrypt_1_svc_prog(uid_t uid, cryptkeyarg *arg) 467 { 468 static cryptkeyres res; 469 470 if (debugging) { 471 fprintf(stderr, "encrypt(%ld, %s, %08x%08x) = ", uid, 472 arg->remotename, arg->deskey.key.high, 473 arg->deskey.key.low); 474 } 475 res.cryptkeyres_u.deskey = arg->deskey; 476 res.status = pk_encrypt(uid, arg->remotename, NULL, 477 &res.cryptkeyres_u.deskey); 478 if (debugging) { 479 if (res.status == KEY_SUCCESS) { 480 fprintf(stderr, "%08x%08x\n", 481 res.cryptkeyres_u.deskey.key.high, 482 res.cryptkeyres_u.deskey.key.low); 483 } else { 484 fprintf(stderr, "%s\n", strstatus(res.status)); 485 } 486 fflush(stderr); 487 } 488 return (&res); 489 } 490 491 cryptkeyres * 492 key_decrypt_1_svc_prog(uid_t uid, cryptkeyarg *arg) 493 { 494 static cryptkeyres res; 495 496 if (debugging) { 497 fprintf(stderr, "decrypt(%ld, %s, %08x%08x) = ", uid, 498 arg->remotename, arg->deskey.key.high, 499 arg->deskey.key.low); 500 } 501 res.cryptkeyres_u.deskey = arg->deskey; 502 res.status = pk_decrypt(uid, arg->remotename, NULL, 503 &res.cryptkeyres_u.deskey); 504 if (debugging) { 505 if (res.status == KEY_SUCCESS) { 506 fprintf(stderr, "%08x%08x\n", 507 res.cryptkeyres_u.deskey.key.high, 508 res.cryptkeyres_u.deskey.key.low); 509 } else { 510 fprintf(stderr, "%s\n", strstatus(res.status)); 511 } 512 fflush(stderr); 513 } 514 return (&res); 515 } 516 517 /* ARGSUSED */ 518 des_block * 519 key_gen_1_svc_prog(void *v, struct svc_req *s) 520 { 521 struct timeval time; 522 static des_block keygen; 523 static des_block key; 524 525 gettimeofday(&time, NULL); 526 keygen.key.high += (time.tv_sec ^ time.tv_usec); 527 keygen.key.low += (time.tv_sec ^ time.tv_usec); 528 ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen), 529 DES_ENCRYPT | DES_HW); 530 key = keygen; 531 des_setparity((char *)&key); 532 if (debugging) { 533 fprintf(stderr, "gen() = %08x%08x\n", key.key.high, 534 key.key.low); 535 fflush(stderr); 536 } 537 return (&key); 538 } 539 540 getcredres * 541 key_getcred_1_svc_prog(uid_t uid, netnamestr *name) 542 { 543 static getcredres res; 544 static u_int gids[NGROUPS]; 545 struct unixcred *cred; 546 547 cred = &res.getcredres_u.cred; 548 cred->gids.gids_val = gids; 549 if (!netname2user(*name, (uid_t *) &cred->uid, (gid_t *) &cred->gid, 550 (int *)&cred->gids.gids_len, (gid_t *)gids)) { 551 res.status = KEY_UNKNOWN; 552 } else { 553 res.status = KEY_SUCCESS; 554 } 555 if (debugging) { 556 fprintf(stderr, "getcred(%s) = ", *name); 557 if (res.status == KEY_SUCCESS) { 558 fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n", 559 cred->uid, cred->gid, cred->gids.gids_len); 560 } else { 561 fprintf(stderr, "%s\n", strstatus(res.status)); 562 } 563 fflush(stderr); 564 } 565 return (&res); 566 } 567 568 /* 569 * RPC boilerplate 570 */ 571 static void 572 keyprogram(struct svc_req *rqstp, SVCXPRT *transp) 573 { 574 union { 575 keybuf key_set_1_arg; 576 cryptkeyarg key_encrypt_1_arg; 577 cryptkeyarg key_decrypt_1_arg; 578 netnamestr key_getcred_1_arg; 579 cryptkeyarg key_encrypt_2_arg; 580 cryptkeyarg key_decrypt_2_arg; 581 netnamestr key_getcred_2_arg; 582 cryptkeyarg2 key_encrypt_pk_2_arg; 583 cryptkeyarg2 key_decrypt_pk_2_arg; 584 key_netstarg key_net_put_2_arg; 585 netobj key_get_conv_2_arg; 586 } argument; 587 char *result; 588 xdrproc_t xdr_argument, xdr_result; 589 char *(*local) (); 590 uid_t uid = -1; 591 int check_auth; 592 593 switch (rqstp->rq_proc) { 594 case NULLPROC: 595 svc_sendreply(transp, (xdrproc_t)xdr_void, NULL); 596 return; 597 598 case KEY_SET: 599 xdr_argument = (xdrproc_t)xdr_keybuf; 600 xdr_result = (xdrproc_t)xdr_int; 601 local = (char *(*)()) key_set_1_svc_prog; 602 check_auth = 1; 603 break; 604 605 case KEY_ENCRYPT: 606 xdr_argument = (xdrproc_t)xdr_cryptkeyarg; 607 xdr_result = (xdrproc_t)xdr_cryptkeyres; 608 local = (char *(*)()) key_encrypt_1_svc_prog; 609 check_auth = 1; 610 break; 611 612 case KEY_DECRYPT: 613 xdr_argument = (xdrproc_t)xdr_cryptkeyarg; 614 xdr_result = (xdrproc_t)xdr_cryptkeyres; 615 local = (char *(*)()) key_decrypt_1_svc_prog; 616 check_auth = 1; 617 break; 618 619 case KEY_GEN: 620 xdr_argument = (xdrproc_t)xdr_void; 621 xdr_result = (xdrproc_t)xdr_des_block; 622 local = (char *(*)()) key_gen_1_svc_prog; 623 check_auth = 0; 624 break; 625 626 case KEY_GETCRED: 627 xdr_argument = (xdrproc_t)xdr_netnamestr; 628 xdr_result = (xdrproc_t)xdr_getcredres; 629 local = (char *(*)()) key_getcred_1_svc_prog; 630 check_auth = 0; 631 break; 632 633 case KEY_ENCRYPT_PK: 634 xdr_argument = (xdrproc_t)xdr_cryptkeyarg2; 635 xdr_result = (xdrproc_t)xdr_cryptkeyres; 636 local = (char *(*)()) key_encrypt_pk_2_svc_prog; 637 check_auth = 1; 638 break; 639 640 case KEY_DECRYPT_PK: 641 xdr_argument = (xdrproc_t)xdr_cryptkeyarg2; 642 xdr_result = (xdrproc_t)xdr_cryptkeyres; 643 local = (char *(*)()) key_decrypt_pk_2_svc_prog; 644 check_auth = 1; 645 break; 646 647 648 case KEY_NET_PUT: 649 xdr_argument = (xdrproc_t)xdr_key_netstarg; 650 xdr_result = (xdrproc_t)xdr_keystatus; 651 local = (char *(*)()) key_net_put_2_svc_prog; 652 check_auth = 1; 653 break; 654 655 case KEY_NET_GET: 656 xdr_argument = (xdrproc_t) xdr_void; 657 xdr_result = (xdrproc_t)xdr_key_netstres; 658 local = (char *(*)()) key_net_get_2_svc_prog; 659 check_auth = 1; 660 break; 661 662 case KEY_GET_CONV: 663 xdr_argument = (xdrproc_t) xdr_keybuf; 664 xdr_result = (xdrproc_t)xdr_cryptkeyres; 665 local = (char *(*)()) key_get_conv_2_svc_prog; 666 check_auth = 1; 667 break; 668 669 default: 670 svcerr_noproc(transp); 671 return; 672 } 673 if (check_auth) { 674 if (root_auth(transp, rqstp) == 0) { 675 if (debugging) { 676 fprintf(stderr, 677 "not local privileged process\n"); 678 } 679 svcerr_weakauth(transp); 680 return; 681 } 682 if (rqstp->rq_cred.oa_flavor != AUTH_SYS) { 683 if (debugging) { 684 fprintf(stderr, "not unix authentication\n"); 685 } 686 svcerr_weakauth(transp); 687 return; 688 } 689 uid = ((struct authsys_parms *)rqstp->rq_clntcred)->aup_uid; 690 } 691 692 memset(&argument, 0, sizeof (argument)); 693 if (!svc_getargs(transp, xdr_argument, &argument)) { 694 svcerr_decode(transp); 695 return; 696 } 697 result = (*local) (uid, &argument); 698 if (!svc_sendreply(transp, xdr_result, result)) { 699 if (debugging) 700 fprintf(stderr, "unable to reply\n"); 701 svcerr_systemerr(transp); 702 } 703 if (!svc_freeargs(transp, xdr_argument, &argument)) { 704 if (debugging) 705 fprintf(stderr, "unable to free arguments\n"); 706 exit(1); 707 } 708 return; 709 } 710 711 static int 712 root_auth(SVCXPRT *trans, struct svc_req *rqstp) 713 { 714 uid_t uid; 715 struct sockaddr *remote; 716 717 remote = svc_getrpccaller(trans)->buf; 718 if (remote->sa_family != AF_UNIX) { 719 if (debugging) 720 fprintf(stderr, "client didn't use AF_UNIX\n"); 721 return (0); 722 } 723 724 if (__rpc_get_local_uid(trans, &uid) < 0) { 725 if (debugging) 726 fprintf(stderr, "__rpc_get_local_uid failed\n"); 727 return (0); 728 } 729 730 if (debugging) 731 fprintf(stderr, "local_uid %ld\n", uid); 732 if (uid == 0) 733 return (1); 734 if (rqstp->rq_cred.oa_flavor == AUTH_SYS) { 735 if (((uid_t) ((struct authunix_parms *) 736 rqstp->rq_clntcred)->aup_uid) 737 == uid) { 738 return (1); 739 } else { 740 if (debugging) 741 fprintf(stderr, 742 "local_uid %ld mismatches auth %ld\n", uid, 743 ((uid_t) ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid)); 744 return (0); 745 } 746 } else { 747 if (debugging) 748 fprintf(stderr, "Not auth sys\n"); 749 return (0); 750 } 751 } 752 753 static void 754 usage(void) 755 { 756 fprintf(stderr, "usage: keyserv [-n] [-D] [-d] [-v] [-p path]\n"); 757 fprintf(stderr, "-d disables the use of default keys\n"); 758 exit(1); 759 } 760