Page MenuHomeFreeBSD
Files F107109859

D30683.diff
No OneTemporary
Actions

D30683.diff
View Options

Index: ObsoleteFiles.inc
===================================================================
--- ObsoleteFiles.inc
+++ ObsoleteFiles.inc
@@ -40,6 +40,18 @@
# xargs -n1 | sort | uniq -d;
# done
+# 20210607: remove publickey(5) related programs
+OLD_FILES+=usr/bin/chkey
+OLD_FILES+=usr/bin/keylogin
+OLD_FILES+=usr/bin/keylogout
+OLD_FILES+=usr/sbin/keyserv
+OLD_FILES+=usr/bin/newkey
+OLD_FILES+=usr/share/man/man1/chkey.1.gz
+OLD_FILES+=usr/share/man/man1/keylogin.1.gz
+OLD_FILES+=usr/share/man/man1/keylogin.1.gz
+OLD_FILES+=usr/share/man/man5/publickey.5.gz
+OLD_FILES+=usr/share/man/man8/keyserv.1.gz
+
# 20210426: remove unused libexec/rc.d/addswap
OLD_FILES+=etc/rc.d/addswap
Index: lib/libc/rpc/Makefile.inc
===================================================================
--- lib/libc/rpc/Makefile.inc
+++ lib/libc/rpc/Makefile.inc
@@ -50,7 +50,7 @@
rpc_clnt_create.3 rpc_svc_calls.3 rpc_svc_create.3 rpc_svc_err.3 \
rpc_svc_reg.3 rpc_xdr.3 rpcbind.3 publickey.3 rpc_secure.3 \
rtime.3
-MAN+= publickey.5 rpc.5 netconfig.5
+MAN+= rpc.5 netconfig.5
MLINKS+= bindresvport.3 bindresvport_sa.3 \
des_crypt.3 ecb_crypt.3 \
des_crypt.3 cbc_crypt.3 \
Index: lib/libc/rpc/publickey.5
===================================================================
--- lib/libc/rpc/publickey.5
+++ /dev/null
@@ -1,42 +0,0 @@
-.\" $FreeBSD$
-.\" @(#)publickey.5 2.1 88/08/07 4.0 RPCSRC; from 1.6 88/02/29 SMI;
-.Dd October 19, 1987
-.Dt PUBLICKEY 5
-.Os
-.Sh NAME
-.Nm publickey
-.Nd "public key database"
-.Sh SYNOPSIS
-.Pa /etc/publickey
-.Sh DESCRIPTION
-.Pa /etc/publickey
-is the public key database used for secure
-RPC (Remote Procedure Calls).
-Each entry in
-the database consists of a network user
-name (which may either refer to
-a user or a hostname), followed by the user's
-public key (in hex
-notation), a colon, and then the user's
-secret key encrypted with
-its login password (also in hex notation).
-.Pp
-This file is altered either by the user through the
-.Xr chkey 1
-command or by the system administrator through the
-.Xr newkey 8
-command.
-The file
-.Pa /etc/publickey
-should only contain data on the
-.Tn NIS
-master machine, where it
-is converted into the
-.Tn NIS
-database
-.Pa publickey.byname .
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr publickey 3 ,
-.Xr newkey 8 ,
-.Xr ypupdated 8
Index: usr.bin/Makefile
===================================================================
--- usr.bin/Makefile
+++ usr.bin/Makefile
@@ -61,8 +61,6 @@
ipcs \
join \
jot \
- keylogin \
- keylogout \
killall \
ktrace \
ktrdump \
@@ -241,8 +239,6 @@
SUBDIR.${MK_NIS}+= ypmatch
SUBDIR.${MK_NIS}+= ypwhich
SUBDIR.${MK_OPENSSH}+= ssh-copy-id
-SUBDIR.${MK_OPENSSL}+= chkey
-SUBDIR.${MK_OPENSSL}+= newkey
SUBDIR.${MK_QUOTAS}+= quota
SUBDIR.${MK_SENDMAIL}+= vacation
SUBDIR.${MK_TALK}+= talk
Index: usr.bin/chkey/Makefile
===================================================================
--- usr.bin/chkey/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-.PATH: ${SRCTOP}/usr.bin/newkey
-
-PROG= chkey
-SRCS= chkey.c generic.c update.c
-CFLAGS+= -I${SRCTOP}/usr.bin/newkey
-.if ${MK_NIS} != "no"
-CFLAGS+= -DYP
-.endif
-LIBADD+= rpcsvc mp
-
-.include <bsd.prog.mk>
Index: usr.bin/chkey/Makefile.depend
===================================================================
--- usr.bin/chkey/Makefile.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- include \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libthr \
- secure/lib/libcrypto \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
Index: usr.bin/chkey/Makefile.depend.options
===================================================================
--- usr.bin/chkey/Makefile.depend.options
+++ /dev/null
@@ -1,8 +0,0 @@
-# $FreeBSD$
-# This file is not autogenerated - take care!
-
-DIRDEPS_OPTIONS= NIS
-
-DIRDEPS.NIS.yes= lib/libmp
-
-.include <dirdeps-options.mk>
Index: usr.bin/chkey/chkey.1
===================================================================
--- usr.bin/chkey/chkey.1
+++ /dev/null
@@ -1,30 +0,0 @@
-.\" @(#)chkey.1 1.5 91/03/11 TIRPC 1.0;
-.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\" $FreeBSD$
-.\"
-.Dd July 5, 1989
-.Dt CHKEY 1
-.Os
-.Sh NAME
-.Nm chkey
-.Nd change your encryption key
-.Sh SYNOPSIS
-.Nm
-.Sh DESCRIPTION
-The
-.Nm
-utility prompts the user for their login password,
-and uses it to encrypt a new encryption key
-for the user to be stored in the
-.Xr publickey 5
-database.
-.Sh "SEE ALSO"
-.Xr keylogin 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 14.0 .
Index: usr.bin/chkey/chkey.c
===================================================================
--- usr.bin/chkey/chkey.c
+++ /dev/null
@@ -1,275 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if 0
-#ifndef lint
-static char sccsid[] = "@(#)chkey.c 1.7 91/03/11 Copyr 1986 Sun Micro";
-#endif
-#endif
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-/*
- * Command to change one's public key in the public key database
- */
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-#ifdef YP
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
-#else
-#define YPOP_STORE 4
-#endif
-#include <sys/fcntl.h>
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-
-#ifdef YPPASSWD
-struct passwd *ypgetpwuid(uid_t);
-#endif
-
-#ifdef YP
-static char *domain;
-static char PKMAP[] = "publickey.byname";
-#else
-static char PKFILE[] = "/etc/publickey";
-#endif /* YP */
-static char ROOTKEY[] = "/etc/.rootkey";
-
-static void usage(void);
-extern int yp_update(char *, char *, int, char *, size_t, char *, size_t);
-
-int
-main(int argc, char **argv)
-{
- char name[MAXNETNAMELEN+1];
- char public[HEXKEYBYTES + 1];
- char secret[HEXKEYBYTES + 1];
- char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- int status;
- char *pass;
- struct passwd *pw;
- uid_t uid;
- int force = 0;
- int ch;
-#ifdef YP
- char *master;
-#endif
-#ifdef YPPASSWD
- char *cryptpw;
-#endif
-
- fprintf(stderr, "chkey is deprecated and removed from FreeBSD 14.\n");
- while ((ch = getopt(argc, argv, "f")) != -1)
- switch(ch) {
- case 'f':
- force = 1;
- break;
- default:
- usage();
- }
- argc -= optind;
- argv += optind;
-
- if (argc != 0)
- usage();
-
-#ifdef YP
- (void)yp_get_default_domain(&domain);
- if (yp_master(domain, PKMAP, &master) != 0)
- errx(1, "can't find master of publickey database");
-#endif
- uid = getuid() /*geteuid()*/;
- if (uid == 0) {
- if (host2netname(name, NULL, NULL) == 0)
- errx(1, "cannot convert hostname to netname");
- } else {
- if (user2netname(name, uid, NULL) == 0)
- errx(1, "cannot convert username to netname");
- }
- (void)printf("Generating new key for %s.\n", name);
-
- if (!force) {
- if (uid != 0) {
-#ifdef YPPASSWD
- pw = ypgetpwuid(uid);
-#else
- pw = getpwuid(uid);
-#endif
- if (pw == NULL) {
-#ifdef YPPASSWD
- errx(1,
- "no NIS password entry found: can't change key");
-#else
- errx(1,
- "no password entry found: can't change key");
-#endif
- }
- } else {
- pw = getpwuid(0);
- if (pw == NULL)
- errx(1, "no password entry found: can't change key");
- }
- }
- pass = getpass("Password:");
-#ifdef YPPASSWD
- if (!force) {
- cryptpw = crypt(pass, pw->pw_passwd);
- if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0)
- errx(1, "invalid password");
- }
-#else
- force = 1; /* Make this mandatory */
-#endif
- genkeys(public, secret, pass);
-
- memcpy(crypt1, secret, HEXKEYBYTES);
- memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
- crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
- xencrypt(crypt1, pass);
-
- if (force) {
- memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
- xdecrypt(crypt2, getpass("Retype password:"));
- if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0
- || memcmp(crypt2, secret, HEXKEYBYTES) != 0)
- errx(1, "password incorrect");
- }
-
-#ifdef YP
- (void)printf("Sending key change request to %s...\n", master);
-#endif
- status = setpublicmap(name, public, crypt1);
- if (status != 0) {
-#ifdef YP
- errx(1, "unable to update NIS database (%u): %s",
- status, yperr_string(status));
-#else
- errx(1, "unable to update publickey database");
-#endif
- }
-
- if (uid == 0) {
- /*
- * Root users store their key in /etc/$ROOTKEY so
- * that they can auto reboot without having to be
- * around to type a password. Storing this in a file
- * is rather dubious: it should really be in the EEPROM
- * so it does not go over the net.
- */
- int fd;
-
- fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
- if (fd < 0) {
- warn("%s", ROOTKEY);
- } else {
- char newline = '\n';
-
- if (write(fd, secret, strlen(secret)) < 0 ||
- write(fd, &newline, sizeof(newline)) < 0)
- warn("%s: write", ROOTKEY);
- }
- close(fd);
- }
-
- if (key_setsecret(secret) < 0)
- errx(1, "unable to login with new secret key");
- (void)printf("Done.\n");
- exit(0);
- /* NOTREACHED */
-}
-
-static void
-usage(void)
-{
- (void)fprintf(stderr, "usage: chkey [-f]\n");
- exit(1);
- /* NOTREACHED */
-}
-
-
-/*
- * Set the entry in the public key file
- */
-int
-setpublicmap(char *name, char *public, char *secret)
-{
- char pkent[1024];
-
- (void)sprintf(pkent,"%s:%s", public, secret);
-#ifdef YP
- return (yp_update(domain, PKMAP, YPOP_STORE,
- name, strlen(name), pkent, strlen(pkent)));
-#else
- return (localupdate(name, PKFILE, YPOP_STORE,
- strlen(name), name, strlen(pkent), pkent));
-#endif
-}
-
-#ifdef YPPASSWD
-struct passwd *
-ypgetpwuid(uid_t uid)
-{
- char uidstr[10];
- char *val;
- int vallen;
- static struct passwd pw;
- char *p;
-
- (void)sprintf(uidstr, "%d", uid);
- if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
- &val, &vallen) != 0) {
- return (NULL);
- }
- p = strchr(val, ':');
- if (p == NULL) {
- return (NULL);
- }
- pw.pw_passwd = p + 1;
- p = strchr(pw.pw_passwd, ':');
- if (p == NULL) {
- return (NULL);
- }
- *p = 0;
- return (&pw);
-}
-#endif /* YPPASSWD */
Index: usr.bin/keylogin/Makefile
===================================================================
--- usr.bin/keylogin/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-# $FreeBSD$
-
-PROG= keylogin
-
-LIBADD= rpcsvc
-
-.include <bsd.prog.mk>
Index: usr.bin/keylogin/Makefile.depend
===================================================================
--- usr.bin/keylogin/Makefile.depend
+++ /dev/null
@@ -1,20 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/librpcsvc \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
Index: usr.bin/keylogin/keylogin.1
===================================================================
--- usr.bin/keylogin/keylogin.1
+++ /dev/null
@@ -1,35 +0,0 @@
-.\" @(#)keylogin.1 1.5 91/03/11 TIRPC 1.0;
-.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved.
-.\" $FreeBSD$
-.\"
-.Dd September 9, 1987
-.Dt KEYLOGIN 1
-.Os
-.Sh NAME
-.Nm keylogin
-.Nd decrypt and store secret key
-.Sh SYNOPSIS
-.Nm
-.Sh DESCRIPTION
-The
-.Nm
-utility prompts the user for their login password, and uses it to decrypt
-the user's secret key stored in the
-.Xr publickey 5
-database.
-Once decrypted, the user's key is stored by the local
-key server process
-.Xr keyserv 8
-to be used by any secure network services, such as NFS.
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr keylogout 1 ,
-.Xr login 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 14.0 .
Index: usr.bin/keylogin/keylogin.c
===================================================================
--- usr.bin/keylogin/keylogin.c
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-#if !defined(lint) && defined(SCCSIDS)
-static char sccsid[] = "@(#)keylogin.c 1.4 91/03/11 Copyr 1986 Sun Micro";
-#endif
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-/*
- * Set secret key on local machine
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <pwd.h>
-#include <unistd.h>
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-extern int key_setnet(struct key_netstarg *);
-
-int
-main(void)
-{
- char fullname[MAXNETNAMELEN + 1];
- struct key_netstarg netst;
-
- fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 14.\n");
- if (!getnetname(fullname)) {
- fprintf(stderr, "netname lookup failed -- make sure the ");
- fprintf(stderr, "system domain name is set.\n");
- exit(1);
- }
-
- if (! getsecretkey(fullname, (char *)&(netst.st_priv_key),
- getpass("Password:"))) {
- fprintf(stderr, "Can't find %s's secret key\n", fullname);
- exit(1);
- }
- if (netst.st_priv_key[0] == 0) {
- fprintf(stderr, "Password incorrect for %s\n", fullname);
- exit(1);
- }
-
- netst.st_pub_key[0] = 0;
- netst.st_netname = strdup(fullname);
-
- if (key_setnet(&netst) < 0) {
- fprintf(stderr, "Could not set %s's secret key\n", fullname);
- fprintf(stderr, "Maybe the keyserver is down?\n");
- exit(1);
- }
- exit(0);
- /* NOTREACHED */
-}
Index: usr.bin/keylogout/Makefile
===================================================================
--- usr.bin/keylogout/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-# $FreeBSD$
-
-PROG= keylogout
-
-.include <bsd.prog.mk>
Index: usr.bin/keylogout/Makefile.depend
===================================================================
--- usr.bin/keylogout/Makefile.depend
+++ /dev/null
@@ -1,19 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
Index: usr.bin/keylogout/keylogout.1
===================================================================
--- usr.bin/keylogout/keylogout.1
+++ /dev/null
@@ -1,47 +0,0 @@
-.\" $FreeBSD$
-.\" @(#)keylogout.1 1.4 91/03/11 TIRPC 1.0; from 1.3 89/07/26 SMI;
-.Dd April 15, 1989
-.Dt KEYLOGOUT 1
-.Os
-.Sh NAME
-.Nm keylogout
-.Nd delete stored secret key
-.Sh SYNOPSIS
-.Nm
-.Op Fl f
-.Sh DESCRIPTION
-The
-.Nm
-utility deletes the key stored by the key server process
-.Xr keyserv 8
-to be used by any secure network services, such as NFS.
-Further access to the key is revoked,
-however current session keys may remain valid till they expire,
-or are refreshed.
-This option will cause any background jobs that need secure RPC
-services to fail, and any scheduled
-.Nm at
-jobs that need the key to fail.
-Also since only one copy is kept on a machine of the key,
-it is a bad idea to place this in your
-.Pa .logout
-file since it will affect other sessions on the same machine.
-.Pp
-The following option is available:
-.Bl -tag -width indent
-.It Fl f
-Forget the rootkey.
-This will break secure NFS if it is done on a server.
-.El
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr keylogin 1 ,
-.Xr login 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8 ,
-.Xr newkey 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 14.0 .
Index: usr.bin/keylogout/keylogout.c
===================================================================
--- usr.bin/keylogout/keylogout.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-/*
- * unset the secret key on local machine
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <rpc/key_prot.h>
-
-int
-main(int argc, char **argv)
-{
- static char secret[HEXKEYBYTES + 1];
-
- fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 14.\n");
- if (geteuid() == 0) {
- if ((argc != 2 ) || (strcmp(argv[1], "-f") != 0)) {
- fprintf(stderr,
-"keylogout by root would break all servers that use secure rpc!\n");
- fprintf(stderr,
-"root may use keylogout -f to do this (at your own risk)!\n");
- exit(1);
- }
- }
-
- if (key_setsecret(secret) < 0) {
- fprintf(stderr, "Could not unset your secret key.\n");
- fprintf(stderr, "Maybe the keyserver is down?\n");
- exit(1);
- }
- exit(0);
- /* NOTREACHED */
-}
Index: usr.bin/newkey/Makefile
===================================================================
--- usr.bin/newkey/Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-# $FreeBSD$
-
-.include <src.opts.mk>
-
-PROG= newkey
-SRCS= newkey.c generic.c update.c
-.if ${MK_NIS} != "no"
-CFLAGS+= -DYP
-.endif
-MAN= newkey.8
-LIBADD= rpcsvc mp
-
-.include <bsd.prog.mk>
Index: usr.bin/newkey/Makefile.depend
===================================================================
--- usr.bin/newkey/Makefile.depend
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libmp \
- lib/librpcsvc \
- secure/lib/libcrypto \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
Index: usr.bin/newkey/extern.h
===================================================================
--- usr.bin/newkey/extern.h
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- *
- * $FreeBSD$
- */
-
-#ifdef YP
-#define MAXMAPNAMELEN 256
-#else
-#define YPOP_CHANGE 1 /* change, do not add */
-#define YPOP_INSERT 2 /* add, do not change */
-#define YPOP_DELETE 3 /* delete this entry */
-#define YPOP_STORE 4 /* add, or change */
-#endif
-
-void genkeys(char *, char *, char *);
-int setpublicmap(char *, char *, char *);
-int mapupdate(char *, char *, u_int, u_int, char *, u_int, char *);
-void xencrypt(char *, char *);
-void xdecrypt(char *, char *);
-int localupdate(char *, char *, u_int, u_int, char *, u_int, char *);
Index: usr.bin/newkey/generic.c
===================================================================
--- usr.bin/newkey/generic.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if !defined(lint) && defined(SCCSIDS)
-#if 0
-static char sccsid[] = "@(#)generic.c 1.2 91/03/11 Copyr 1986 Sun Micro";
-#endif
-#endif
-
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/file.h>
-
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-#include <mp.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "extern.h"
-
-static void adjust(char[], char *);
-static void getseed(char *, int, unsigned char *);
-
-/*
- * Generate a seed
- */
-static void
-getseed(char *seed, int seedsize, unsigned char *pass)
-{
- int i;
-
- for (i = 0; i < seedsize; i++) {
- seed[i] = (arc4random() & 0xff) ^ pass[i % 8];
- }
-}
-
-/*
- * Generate a random public/secret key pair
- */
-void
-genkeys(char *public, char *secret, char *pass)
-{
- unsigned int i;
-
-# define BASEBITS (8*sizeof (short) - 1)
-# define BASE (1 << BASEBITS)
-
- MINT *pk = mp_itom(0);
- MINT *sk = mp_itom(0);
- MINT *tmp;
- MINT *base = mp_itom((short)BASE);
- MINT *root = mp_itom(PROOT);
- MINT *modulus = mp_xtom(HEXMODULUS);
- short r;
- unsigned short seed[KEYSIZE/BASEBITS + 1];
- char *xkey;
-
- getseed((char *)seed, sizeof (seed), (u_char *)pass);
- for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
- r = seed[i] % BASE;
- tmp = mp_itom(r);
- mp_mult(sk, base, sk);
- mp_madd(sk, tmp, sk);
- mp_mfree(tmp);
- }
- tmp = mp_itom(0);
- mp_mdiv(sk, modulus, tmp, sk);
- mp_mfree(tmp);
- mp_pow(root, sk, modulus, pk);
- xkey = mp_mtox(sk);
- adjust(secret, xkey);
- xkey = mp_mtox(pk);
- adjust(public, xkey);
- mp_mfree(sk);
- mp_mfree(base);
- mp_mfree(pk);
- mp_mfree(root);
- mp_mfree(modulus);
-}
-
-/*
- * Adjust the input key so that it is 0-filled on the left
- */
-static void
-adjust(char keyout[HEXKEYBYTES+1], char *keyin)
-{
- char *p;
- char *s;
-
- for (p = keyin; *p; p++)
- ;
- for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) {
- *s = *p;
- }
- while (s >= keyout) {
- *s-- = '0';
- }
-}
Index: usr.bin/newkey/newkey.8
===================================================================
--- usr.bin/newkey/newkey.8
+++ /dev/null
@@ -1,64 +0,0 @@
-.\" @(#)newkey.8 1.3 91/03/11 TIRPC 1.0; from 1.12 90/02/03 SMI;
-.\" $FreeBSD$
-.Dd October 12, 1987
-.Dt NEWKEY 8
-.Os
-.Sh NAME
-.Nm newkey
-.Nd create a new key in the publickey database
-.Sh SYNOPSIS
-.Nm
-.Fl h Ar hostname
-.Nm
-.Fl u Ar username
-.Sh DESCRIPTION
-The
-.Nm
-utility is normally run by the network administrator on the
-Network Interface Service
-.Pq NIS
-master machine in order to establish public keys for
-users and super-users on the network.
-These keys are needed for using secure
-RPC
-or secure
-NFS .
-.Pp
-The
-.Nm
-utility will prompt for the login password of the given username and then
-create a new public/secret key pair in
-.Pa /etc/publickey
-encrypted with the login password of the given user.
-.Pp
-Use of this program is
-not required: users may create their own keys using
-.Xr chkey 1 .
-.Sh OPTIONS
-.Bl -tag -width indent
-.It Fl h Ar hostname
-Create a new public key for the super-user at the given hostname.
-Prompts for the root password of the given hostname.
-.It Fl u Ar username
-Create a new public key for the given username.
-Prompts for the
-NIS
-password of the given username.
-.El
-.Sh SEE ALSO
-.Xr chkey 1 ,
-.Xr keylogin 1 ,
-.Xr publickey 5 ,
-.Xr keyserv 8
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 14.0 .
-.Sh NOTES
-The Network Information Service
-.Pq NIS
-was formerly known as Sun Yellow Pages
-.Pq YP .
-The functionality of the two remains the same;
-only the name has changed.
Index: usr.bin/newkey/newkey.c
===================================================================
--- usr.bin/newkey/newkey.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#if !defined(lint) && defined(SCCSIDS)
-#if 0
-static char sccsid[] = "@(#)newkey.c 1.8 91/03/11 Copyr 1986 Sun Micro";
-#endif
-#endif
-
-/*
- * Copyright (C) 1986, Sun Microsystems, Inc.
- */
-
-/*
- * Administrative tool to add a new user to the publickey database
- */
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-#ifdef YP
-#include <sys/wait.h>
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
-#include <netdb.h>
-#endif /* YP */
-
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-
-#ifdef YP
-#define MAXMAPNAMELEN 256
-#else
-#define YPOP_CHANGE 1 /* change, do not add */
-#define YPOP_INSERT 2 /* add, do not change */
-#define YPOP_DELETE 3 /* delete this entry */
-#define YPOP_STORE 4 /* add, or change */
-#define ERR_ACCESS 1
-#define ERR_MALLOC 2
-#define ERR_READ 3
-#define ERR_WRITE 4
-#define ERR_DBASE 5
-#define ERR_KEY 6
-#endif
-
-#ifdef YP
-static char YPDBPATH[]="/var/yp";
-static char PKMAP[] = "publickey.byname";
-#else
-static char PKFILE[] = "/etc/publickey";
-static const char *err_string(int);
-#endif /* YP */
-
-static void usage(void);
-
-int
-main(int argc, char *argv[])
-{
- char name[MAXNETNAMELEN + 1];
- char public[HEXKEYBYTES + 1];
- char secret[HEXKEYBYTES + 1];
- char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1];
- int status;
- char *pass;
- struct passwd *pw;
-#ifdef undef
- struct hostent *h;
-#endif
-
- fprintf(stderr, "newkey is deprecated and removed from FreeBSD 14.\n");
- if (argc != 3 || !(strcmp(argv[1], "-u") == 0 ||
- strcmp(argv[1], "-h") == 0)) {
- usage();
- }
- if (geteuid() != 0)
- errx(1, "must be superuser");
-
-#ifdef YP
- if (chdir(YPDBPATH) < 0)
- warn("cannot chdir to %s", YPDBPATH);
-#endif /* YP */
- if (strcmp(argv[1], "-u") == 0) {
- pw = getpwnam(argv[2]);
- if (pw == NULL)
- errx(1, "unknown user: %s", argv[2]);
- (void)user2netname(name, (int)pw->pw_uid, (char *)NULL);
- } else {
-#ifdef undef
- h = gethostbyname(argv[2]);
- if (h == NULL)
- errx(1, "unknown host: %s", argv[1]);
- (void)host2netname(name, h->h_name, (char *)NULL);
-#else
- (void)host2netname(name, argv[2], (char *)NULL);
-#endif
- }
-
- (void)printf("Adding new key for %s.\n", name);
- pass = getpass("New password:");
- genkeys(public, secret, pass);
-
- memcpy(crypt1, secret, HEXKEYBYTES);
- memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE);
- crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0;
- xencrypt(crypt1, pass);
-
- memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1);
- xdecrypt(crypt2, getpass("Retype password:"));
- if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 ||
- memcmp(crypt2, secret, HEXKEYBYTES) != 0)
- errx(1, "password incorrect");
-
-#ifdef YP
- (void)printf("Please wait for the database to get updated...\n");
-#endif
- if ((status = setpublicmap(name, public, crypt1))) {
-#ifdef YP
- errx(1, "unable to update NIS database (%u): %s",
- status, yperr_string(status));
-#else
- errx(1, "unable to update publickey database (%u): %s",
- status, err_string(status));
-#endif
- }
- (void)printf("Your new key has been successfully stored away.\n");
- exit(0);
- /* NOTREACHED */
-}
-
-static void
-usage(void)
-{
- (void)fprintf(stderr, "%s\n%s\n",
- "usage: newkey -h hostname",
- " newkey -u username");
- exit(1);
-}
-
-/*
- * Set the entry in the public key file
- */
-int
-setpublicmap(char *name, char *public, char *secret)
-{
- char pkent[1024];
-
- (void)sprintf(pkent, "%s:%s", public, secret);
-#ifdef YP
- return (mapupdate(name, PKMAP, YPOP_STORE,
- strlen(name), name, strlen(pkent), pkent));
-#else
- return (localupdate(name, PKFILE, YPOP_STORE,
- strlen(name), name, strlen(pkent), pkent));
-#endif
- }
-
-#ifndef YP
- /*
- * This returns a pointer to an error message string appropriate
- * to an input error code. An input value of zero will return
- * a success message.
- */
-static const char *
-err_string(int code)
-{
- const char *pmesg;
-
- switch (code) {
- case 0:
- pmesg = "update operation succeeded";
- break;
- case ERR_KEY:
- pmesg = "no such key in file";
- break;
- case ERR_READ:
- pmesg = "cannot read the database";
- break;
- case ERR_WRITE:
- pmesg = "cannot write to the database";
- break;
- case ERR_DBASE:
- pmesg = "cannot update database";
- break;
- case ERR_ACCESS:
- pmesg = "permission denied";
- break;
- case ERR_MALLOC:
- pmesg = "malloc failed";
- break;
- default:
- pmesg = "unknown error";
- break;
- }
- return (pmesg);
-}
-#endif
Index: usr.bin/newkey/update.c
===================================================================
--- usr.bin/newkey/update.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user or with the express written consent of
- * Sun Microsystems, Inc.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)update.c 1.2 91/03/11 Copyr 1986 Sun Micro";
-#endif
-#endif
-
-/*
- * Copyright (C) 1986, 1989, Sun Microsystems, Inc.
- */
-
-/*
- * Administrative tool to add a new user to the publickey database
- */
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-
-#ifdef YP
-#include <sys/wait.h>
-#include <rpcsvc/yp_prot.h>
-#include <rpcsvc/ypclnt.h>
-#include <netdb.h>
-#endif /* YP */
-
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "extern.h"
-
-#ifdef YP
-static char SHELL[] = "/bin/sh";
-static char YPDBPATH[]="/var/yp"; /* This is defined but not used! */
-static char UPDATEFILE[] = "updaters";
-
-static int _openchild(char *, FILE **, FILE **);
-static char *basename(char *path);
-
-/*
- * Determine if requester is allowed to update the given map,
- * and update it if so. Returns the yp status, which is zero
- * if there is no access violation.
- */
-int
-mapupdate(char *requester, char *mapname, u_int op, u_int keylen,
- char *key, u_int datalen, char *data)
-{
- char updater[MAXMAPNAMELEN + 40];
- FILE *childargs;
- FILE *childrslt;
-#ifdef WEXITSTATUS
- int status;
-#else
- union wait status;
-#endif
- pid_t pid;
- u_int yperrno;
-
-
-#ifdef DEBUG
- printf("%s %s\n", key, data);
-#endif
- (void)sprintf(updater, "make -s -f %s/%s %s", YPDBPATH, /* !!! */
- UPDATEFILE, mapname);
- pid = _openchild(updater, &childargs, &childrslt);
- if (pid < 0) {
- return (YPERR_YPERR);
- }
-
- /*
- * Write to child
- */
- (void)fprintf(childargs, "%s\n", requester);
- (void)fprintf(childargs, "%u\n", op);
- (void)fprintf(childargs, "%u\n", keylen);
- (void)fwrite(key, (int)keylen, 1, childargs);
- (void)fprintf(childargs, "\n");
- (void)fprintf(childargs, "%u\n", datalen);
- (void)fwrite(data, (int)datalen, 1, childargs);
- (void)fprintf(childargs, "\n");
- (void)fclose(childargs);
-
- /*
- * Read from child
- */
- (void)fscanf(childrslt, "%d", &yperrno);
- (void)fclose(childrslt);
-
- (void)wait(&status);
-#ifdef WEXITSTATUS
- if (WEXITSTATUS(status) != 0) {
-#else
- if (status.w_retcode != 0) {
-#endif
- return (YPERR_YPERR);
- }
- return (yperrno);
-}
-
-/*
- * returns pid, or -1 for failure
- */
-static pid_t
-_openchild(char *command, FILE **fto, FILE **ffrom)
-{
- int i;
- pid_t pid;
- int pdto[2];
- int pdfrom[2];
- char *com;
- struct rlimit rl;
-
- if (pipe(pdto) < 0) {
- goto error1;
- }
- if (pipe(pdfrom) < 0) {
- goto error2;
- }
- switch (pid = fork()) {
- case -1:
- goto error3;
-
- case 0:
- /*
- * child: read from pdto[0], write into pdfrom[1]
- */
- (void)close(0);
- (void)dup(pdto[0]);
- (void)close(1);
- (void)dup(pdfrom[1]);
- getrlimit(RLIMIT_NOFILE, &rl);
- for (i = rl.rlim_max - 1; i >= 3; i--) {
- (void) close(i);
- }
- com = malloc((unsigned) strlen(command) + 6);
- if (com == NULL) {
- _exit(~0);
- }
- (void)sprintf(com, "exec %s", command);
- execl(SHELL, basename(SHELL), "-c", com, (char *)NULL);
- _exit(~0);
-
- default:
- /*
- * parent: write into pdto[1], read from pdfrom[0]
- */
- *fto = fdopen(pdto[1], "w");
- (void)close(pdto[0]);
- *ffrom = fdopen(pdfrom[0], "r");
- (void)close(pdfrom[1]);
- break;
- }
- return (pid);
-
- /*
- * error cleanup and return
- */
-error3:
- (void)close(pdfrom[0]);
- (void)close(pdfrom[1]);
-error2:
- (void)close(pdto[0]);
- (void)close(pdto[1]);
-error1:
- return (-1);
-}
-
-static char *
-basename(char *path)
-{
- char *p;
-
- p = strrchr(path, '/');
- if (p == NULL) {
- return (path);
- } else {
- return (p + 1);
- }
-}
-
-#else /* YP */
-
-#define ERR_ACCESS 1
-#define ERR_MALLOC 2
-#define ERR_READ 3
-#define ERR_WRITE 4
-#define ERR_DBASE 5
-#define ERR_KEY 6
-
-static int match(char *, char *);
-
-/*
- * Determine if requester is allowed to update the given map,
- * and update it if so. Returns the status, which is zero
- * if there is no access violation. This function updates
- * the local file and then shuts up.
- */
-int
-localupdate(char *name, char *filename, u_int op, u_int keylen __unused,
- char *key, u_int datalen __unused, char *data)
-{
- char line[256];
- FILE *rf;
- FILE *wf;
- char *tmpname;
- int err;
-
- /*
- * Check permission
- */
- if (strcmp(name, key) != 0) {
- return (ERR_ACCESS);
- }
- if (strcmp(name, "nobody") == 0) {
- /*
- * Can't change "nobody"s key.
- */
- return (ERR_ACCESS);
- }
-
- /*
- * Open files
- */
- tmpname = malloc(strlen(filename) + 4);
- if (tmpname == NULL) {
- return (ERR_MALLOC);
- }
- sprintf(tmpname, "%s.tmp", filename);
- rf = fopen(filename, "r");
- if (rf == NULL) {
- err = ERR_READ;
- goto cleanup;
- }
- wf = fopen(tmpname, "w");
- if (wf == NULL) {
- fclose(rf);
- err = ERR_WRITE;
- goto cleanup;
- }
- err = -1;
- while (fgets(line, sizeof (line), rf)) {
- if (err < 0 && match(line, name)) {
- switch (op) {
- case YPOP_INSERT:
- err = ERR_KEY;
- break;
- case YPOP_STORE:
- case YPOP_CHANGE:
- fprintf(wf, "%s %s\n", key, data);
- err = 0;
- break;
- case YPOP_DELETE:
- /* do nothing */
- err = 0;
- break;
- }
- } else {
- fputs(line, wf);
- }
- }
- if (err < 0) {
- switch (op) {
- case YPOP_CHANGE:
- case YPOP_DELETE:
- err = ERR_KEY;
- break;
- case YPOP_INSERT:
- case YPOP_STORE:
- err = 0;
- fprintf(wf, "%s %s\n", key, data);
- break;
- }
- }
- fclose(wf);
- fclose(rf);
- if (err == 0) {
- if (rename(tmpname, filename) < 0) {
- err = ERR_DBASE;
- goto cleanup;
- }
- } else {
- if (unlink(tmpname) < 0) {
- err = ERR_DBASE;
- goto cleanup;
- }
- }
-
-cleanup:
- free(tmpname);
- return (err);
-}
-
-static int
-match(char *line, char *name)
-{
- int len;
-
- len = strlen(name);
- return (strncmp(line, name, len) == 0 &&
- (line[len] == ' ' || line[len] == '\t'));
-}
-#endif /* !YP */
Index: usr.sbin/Makefile
===================================================================
--- usr.sbin/Makefile
+++ usr.sbin/Makefile
@@ -180,7 +180,6 @@
SUBDIR.${MK_NIS}+= ypserv
SUBDIR.${MK_NIS}+= ypset
SUBDIR.${MK_NTP}+= ntp
-SUBDIR.${MK_OPENSSL}+= keyserv
SUBDIR.${MK_OPENSSL_KTLS}+= rpc.tlsclntd
SUBDIR.${MK_OPENSSL_KTLS}+= rpc.tlsservd
SUBDIR.${MK_PF}+= ftp-proxy
Index: usr.sbin/keyserv/Makefile
===================================================================
--- usr.sbin/keyserv/Makefile
+++ /dev/null
@@ -1,25 +0,0 @@
-# $FreeBSD$
-
-PROG= keyserv
-MAN= keyserv.8
-SRCS= keyserv.c setkey.c crypt_svc.c crypt_server.c crypt.h
-
-CFLAGS+= -DBROKEN_DES -I.
-
-LIBADD= mp rpcsvc
-
-WARNS?= 1
-
-RPCDIR= ${SYSROOT:U${DESTDIR}}/usr/include/rpcsvc
-
-CLEANFILES= crypt_svc.c crypt.h
-
-RPCGEN= RPCGEN_CPP=${CPP:Q} rpcgen -C
-
-crypt_svc.c: ${RPCDIR}/crypt.x
- ${RPCGEN} -m -o ${.TARGET} ${RPCDIR}/crypt.x
-
-crypt.h: ${RPCDIR}/crypt.x
- ${RPCGEN} -h -o ${.TARGET} ${RPCDIR}/crypt.x
-
-.include <bsd.prog.mk>
Index: usr.sbin/keyserv/Makefile.depend
===================================================================
--- usr.sbin/keyserv/Makefile.depend
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
- gnu/lib/csu \
- include \
- include/rpc \
- include/rpcsvc \
- include/xlocale \
- lib/${CSU_DIR} \
- lib/libc \
- lib/libcompiler_rt \
- lib/libmp \
- lib/librpcsvc \
- secure/lib/libcrypto \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
Index: usr.sbin/keyserv/crypt_server.c
===================================================================
--- usr.sbin/keyserv/crypt_server.c
+++ /dev/null
@@ -1,277 +0,0 @@
-/*
- * Copyright (c) 1996
- * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by Bill Paul.
- * 4. Neither the name of the author nor the names of any co-contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <dirent.h>
-#include <dlfcn.h>
-#include <err.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <rpc/des_crypt.h>
-#include <rpc/des.h>
-#include "crypt.h"
-
-#ifndef lint
-static const char rcsid[] =
- "$FreeBSD$";
-#endif /* not lint */
-
-/*
- * The U.S. government stupidly believes that a) it can keep strong
- * crypto code a secret and b) that doing so somehow protects national
- * interests. It's wrong on both counts, but until it listens to reason
- * we have to make certain compromises so it doesn't have an excuse to
- * throw us in federal prison.
- *
- * Consequently, the core OS ships without DES support, and keyserv
- * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape.
- * This breaks compatibility with Secure RPC on other systems, but it
- * allows Secure RPC to work between FreeBSD systems that don't have the
- * DES package installed without throwing security totally out the window.
- *
- * In order to avoid having to supply two versions of keyserv (one with
- * DES and one without), we use dlopen() and friends to load libdes.so
- * into our address space at runtime. We check for the presence of
- * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we
- * can't find it, or the __des_crypt symbol doesn't exist, we fall back
- * to the ARCFOUR encryption code. The user can specify another path using
- * the -p flag.
- */
-
- /* arcfour.h */
-typedef struct arcfour_key
-{
- unsigned char state[256];
- unsigned char x;
- unsigned char y;
-} arcfour_key;
-
-static void prepare_key(unsigned char *key_data_ptr,int key_data_len,
- arcfour_key *key);
-static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key);
-static void swap_byte(unsigned char *a, unsigned char *b);
-
-static void prepare_key(unsigned char *key_data_ptr, int key_data_len,
- arcfour_key *key)
-{
- unsigned char index1;
- unsigned char index2;
- unsigned char* state;
- short counter;
-
- state = &key->state[0];
- for(counter = 0; counter < 256; counter++)
- state[counter] = counter;
- key->x = 0;
- key->y = 0;
- index1 = 0;
- index2 = 0;
- for(counter = 0; counter < 256; counter++)
- {
- index2 = (key_data_ptr[index1] + state[counter] +
- index2) % 256;
- swap_byte(&state[counter], &state[index2]);
-
- index1 = (index1 + 1) % key_data_len;
- }
-}
-
-static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key)
-{
- unsigned char x;
- unsigned char y;
- unsigned char* state;
- unsigned char xorIndex;
- short counter;
-
- x = key->x;
- y = key->y;
-
- state = &key->state[0];
- for(counter = 0; counter < buffer_len; counter ++)
- {
- x = (x + 1) % 256;
- y = (state[x] + y) % 256;
- swap_byte(&state[x], &state[y]);
-
- xorIndex = (state[x] + state[y]) % 256;
-
- buffer_ptr[counter] ^= state[xorIndex];
- }
- key->x = x;
- key->y = y;
-}
-
-static void swap_byte(unsigned char *a, unsigned char *b)
-{
- unsigned char swapByte;
-
- swapByte = *a;
- *a = *b;
- *b = swapByte;
-}
-
-/* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */
-int _arcfour_crypt(buf, len, desp)
- char *buf;
- int len;
- struct desparams *desp;
-{
- struct arcfour_key arcfourk;
-
- /*
- * U.S. government anti-crypto weasels take
- * note: although we are supplied with a 64 bit
- * key, we're only passing 40 bits to the ARCFOUR
- * encryption code. So there.
- */
- prepare_key(desp->des_key, 5, &arcfourk);
- arcfour(buf, len, &arcfourk);
-
- return(DESERR_NOHWDEVICE);
-}
-
-int (*_my_crypt)(char *, int, struct desparams *) = NULL;
-
-static void *dlhandle;
-
-#ifndef _PATH_USRLIB
-#define _PATH_USRLIB "/usr/lib"
-#endif
-
-#ifndef LIBCRYPTO
-#define LIBCRYPTO "libcrypto.so.2"
-#endif
-
-void load_des(warn, libpath)
- int warn;
- char *libpath;
-{
- char dlpath[MAXPATHLEN];
-
- if (libpath == NULL)
- snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB,
- LIBCRYPTO);
- else
- snprintf(dlpath, sizeof(dlpath), "%s", libpath);
-
- if ((dlhandle = dlopen(dlpath, 0444)) != NULL)
- _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt");
-
- if (_my_crypt == NULL) {
- if (dlhandle != NULL)
- dlclose(dlhandle);
- _my_crypt = &_arcfour_crypt;
- if (warn) {
- printf ("DES support disabled -- using ARCFOUR instead.\n");
- printf ("Warning: ARCFOUR cipher is not compatible with ");
- printf ("other Secure RPC implementations.\nInstall ");
- printf ("the FreeBSD 'des' distribution to enable");
- printf (" DES encryption.\n");
- }
- } else {
- if (warn) {
- printf ("DES support enabled\n");
- printf ("Using %s shared object.\n", dlpath);
- }
- }
-
- return;
-}
-
-desresp *
-des_crypt_1_svc(desargs *argp, struct svc_req *rqstp)
-{
- static desresp result;
- struct desparams dparm;
-
- if (argp->desbuf.desbuf_len > DES_MAXDATA) {
- result.stat = DESERR_BADPARAM;
- return(&result);
- }
-
-
- bcopy(argp->des_key, dparm.des_key, 8);
- bcopy(argp->des_ivec, dparm.des_ivec, 8);
- dparm.des_mode = (argp->des_mode == CBC_DES) ? CBC : ECB;
- dparm.des_dir = (argp->des_dir == ENCRYPT_DES) ? ENCRYPT : DECRYPT;
-#ifdef BROKEN_DES
- dparm.UDES.UDES_buf = argp->desbuf.desbuf_val;
-#endif
-
- /*
- * XXX This compensates for a bug in the libdes Secure RPC
- * compat interface. (Actually, there are a couple.) The
- * des_ecb_encrypt() routine in libdes only encrypts 8 bytes
- * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt()
- * routine is supposed to be able to handle buffers up to 8Kbytes.
- * The rpc_enc module in libdes ignores this fact and just drops
- * the length parameter on the floor, encrypting only the
- * first 64 bits of whatever buffer you feed it. We deal with
- * this here: if we're using DES encryption, and we're using
- * ECB mode, then we make a pass over the entire buffer
- * ourselves. Note: the rpc_enc module incorrectly transposes
- * the mode flags, so when you ask for CBC mode, you're really
- * getting ECB mode.
- */
-#ifdef BROKEN_DES
- if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) {
-#else
- if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) {
-#endif
- int i;
- char *dptr;
-
- for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) {
- dptr = argp->desbuf.desbuf_val;
- dptr += (i * 8);
-#ifdef BROKEN_DES
- dparm.UDES.UDES_buf = dptr;
-#endif
- result.stat = _my_crypt(dptr, 8, &dparm);
- }
- } else {
- result.stat = _my_crypt(argp->desbuf.desbuf_val,
- argp->desbuf.desbuf_len,
- &dparm);
- }
-
- if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) {
- bcopy(dparm.des_ivec, result.des_ivec, 8);
- result.desbuf.desbuf_len = argp->desbuf.desbuf_len;
- result.desbuf.desbuf_val = argp->desbuf.desbuf_val;
- }
-
- return (&result);
-}
Index: usr.sbin/keyserv/keyserv.h
===================================================================
--- usr.sbin/keyserv/keyserv.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * $FreeBSD$
- */
-extern void setmodulus(char *modx);
-
-extern keystatus pk_setkey( uid_t, keybuf );
-extern keystatus pk_encrypt( uid_t, char *, netobj *, des_block * );
-extern keystatus pk_decrypt( uid_t, char *, netobj *, des_block * );
-extern keystatus pk_netput( uid_t, key_netstarg * );
-extern keystatus pk_netget( uid_t, key_netstarg * );
-extern keystatus pk_get_conv_key( uid_t, keybuf, cryptkeyres * );
-extern void pk_nodefaultkeys( void );
-
-extern void crypt_prog_1( struct svc_req *, register SVCXPRT * );
-extern void load_des( int, char * );
-
-extern int (*_my_crypt)( char *, int, struct desparams * );
Index: usr.sbin/keyserv/keyserv.8
===================================================================
--- usr.sbin/keyserv/keyserv.8
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" @(#)keyserv.1m 1.21 93/07/14 SMI; from SVr4
-.\"macro stdmacro
-.\" Copyright 1989 AT&T
-.\" @(#)keyserv.8c 1.8 89/03/29 SMI;
-.\" $FreeBSD$
-.\".TH KEYSERV 8C "9 September 1987"
-.Dd September 14, 1992
-.Dt KEYSERV 8
-.Os
-.Sh NAME
-.Nm keyserv
-.Nd server for storing private encryption keys
-.Sh SYNOPSIS
-.Nm
-.Op Fl d
-.Op Fl D
-.Op Fl n
-.Op Fl p Ar path
-.Op Fl v
-.Sh DESCRIPTION
-The
-.Nm
-utility is a daemon that is used for storing the
-private encryption keys of each
-user logged into the system.
-These encryption keys are used for accessing
-secure network services such as secure
-.Tn NFS .
-.Pp
-Normally, root's key is read from the file
-.Pa /etc/.rootkey
-when the daemon is started.
-This is useful during power-fail reboots
-when no one is around to type a password.
-.Pp
-If a client with no secret key calls
-.Nm ,
-then the key of user
-.Em nobody
-is used instead as the default key.
-.Pp
-The following options are available:
-.Bl -tag -width indent
-.It Fl d
-Disable the use of default keys for
-.Em nobody .
-.It Fl D
-Run in debugging mode and log all requests to
-.Nm .
-.It Fl n
-Root's secret key is not read from
-.Pa /etc/.rootkey .
-Instead,
-.Nm
-prompts the user for the password to decrypt
-root's key stored in the
-.Pa /etc/publickey
-database and then stores the decrypted key in
-.Pa /etc/.rootkey
-for future use.
-This option is useful if the
-.Pa /etc/.rootkey
-file ever gets out of date or corrupted.
-.It Fl p Ar path
-Specify where to search for
-.Pa libdes.so.3 .
-Default is
-.Pa /usr/lib .
-.It Fl v
-Display status of DES support (enabled/disabled).
-.El
-.Sh FILES
-.Bl -tag -width /usr/lib/libdes.so.3 -compact
-.It Pa /etc/.rootkey
-.It Pa /usr/lib/libdes.so.3
-.El
-.Sh "SEE ALSO"
-.Xr keylogin 1 ,
-.Xr keylogout 1 ,
-.Xr publickey 5
-.Sh HISTORY
-The
-.Nm
-utility was removed from
-.Fx 14.0 .
Index: usr.sbin/keyserv/keyserv.c
===================================================================
--- usr.sbin/keyserv/keyserv.c
+++ /dev/null
@@ -1,792 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)keyserv.c 1.15 94/04/25 SMI";
-#endif
-static const char rcsid[] =
- "$FreeBSD$";
-#endif /* not lint */
-
-/*
- * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
- */
-
-/*
- * Keyserver
- * Store secret keys per uid. Do public key encryption and decryption
- * operations. Generate "random" keys.
- * Do not talk to anything but a local root
- * process on the local transport only
- */
-
-#include <err.h>
-#include <pwd.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <rpc/rpc.h>
-#include <sys/param.h>
-#include <sys/file.h>
-#include <rpc/des_crypt.h>
-#include <rpc/des.h>
-#include <rpc/key_prot.h>
-#include <rpcsvc/crypt.h>
-#include "keyserv.h"
-
-#ifndef NGROUPS
-#define NGROUPS 16
-#endif
-
-#ifndef KEYSERVSOCK
-#define KEYSERVSOCK "/var/run/keyservsock"
-#endif
-
-static void randomize( des_block * );
-static void usage( void );
-static int getrootkey( des_block *, int );
-static int root_auth( SVCXPRT *, struct svc_req * );
-
-#ifdef DEBUG
-static int debugging = 1;
-#else
-static int debugging = 0;
-#endif
-
-static void keyprogram();
-static des_block masterkey;
-char *getenv();
-static char ROOTKEY[] = "/etc/.rootkey";
-
-/*
- * Hack to allow the keyserver to use AUTH_DES (for authenticated
- * NIS+ calls, for example). The only functions that get called
- * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
- *
- * The approach is to have the keyserver fill in pointers to local
- * implementations of these functions, and to call those in key_call().
- */
-
-extern cryptkeyres *(*__key_encryptsession_pk_LOCAL)();
-extern cryptkeyres *(*__key_decryptsession_pk_LOCAL)();
-extern des_block *(*__key_gendes_LOCAL)();
-extern int (*__des_crypt_LOCAL)();
-
-cryptkeyres *key_encrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
-cryptkeyres *key_decrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
-des_block *key_gen_1_svc_prog( void *, struct svc_req * );
-
-int
-main(argc, argv)
- int argc;
- char *argv[];
-{
- int nflag = 0;
- int c;
- int warn = 0;
- char *path = NULL;
- void *localhandle;
- register SVCXPRT *transp;
- struct netconfig *nconf = NULL;
-
- fprintf(stderr, "keyserv is deprecated and removed from FreeBSD 14.\n");
- __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog;
- __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog;
- __key_gendes_LOCAL = &key_gen_1_svc_prog;
-
- while ((c = getopt(argc, argv, "ndDvp:")) != -1)
- switch (c) {
- case 'n':
- nflag++;
- break;
- case 'd':
- pk_nodefaultkeys();
- break;
- case 'D':
- debugging = 1;
- break;
- case 'v':
- warn = 1;
- break;
- case 'p':
- path = optarg;
- break;
- default:
- usage();
- }
-
- load_des(warn, path);
- __des_crypt_LOCAL = _my_crypt;
- if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1)
- errx(1, "failed to register AUTH_DES authenticator");
-
- if (optind != argc) {
- usage();
- }
-
- /*
- * Initialize
- */
- (void) umask(S_IXUSR|S_IXGRP|S_IXOTH);
- if (geteuid() != 0)
- errx(1, "keyserv must be run as root");
- setmodulus(HEXMODULUS);
- getrootkey(&masterkey, nflag);
-
- rpcb_unset(KEY_PROG, KEY_VERS, NULL);
- rpcb_unset(KEY_PROG, KEY_VERS2, NULL);
-
- if (svc_create(keyprogram, KEY_PROG, KEY_VERS,
- "netpath") == 0) {
- (void) fprintf(stderr,
- "%s: unable to create service\n", argv[0]);
- exit(1);
- }
-
- if (svc_create(keyprogram, KEY_PROG, KEY_VERS2,
- "netpath") == 0) {
- (void) fprintf(stderr,
- "%s: unable to create service\n", argv[0]);
- exit(1);
- }
-
- localhandle = setnetconfig();
- while ((nconf = getnetconfig(localhandle)) != NULL) {
- if (nconf->nc_protofmly != NULL &&
- strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
- break;
- }
-
- if (nconf == NULL)
- errx(1, "getnetconfig: %s", nc_sperror());
-
- unlink(KEYSERVSOCK);
- rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf);
- transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK);
- if (transp == NULL)
- errx(1, "cannot create AF_LOCAL service");
- if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf))
- errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)");
- if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf))
- errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)");
- if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf))
- errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)");
-
- endnetconfig(localhandle);
-
- (void) umask(066); /* paranoia */
-
- if (!debugging) {
- daemon(0,0);
- }
-
- signal(SIGPIPE, SIG_IGN);
-
- svc_run();
- abort();
- /* NOTREACHED */
-}
-
-/*
- * In the event that we don't get a root password, we try to
- * randomize the master key the best we can
- */
-static void
-randomize(master)
- des_block *master;
-{
- master->key.low = arc4random();
- master->key.high = arc4random();
-}
-
-/*
- * Try to get root's secret key, by prompting if terminal is a tty, else trying
- * from standard input.
- * Returns 1 on success.
- */
-static int
-getrootkey(master, prompt)
- des_block *master;
- int prompt;
-{
- char *passwd;
- char name[MAXNETNAMELEN + 1];
- char secret[HEXKEYBYTES];
- key_netstarg netstore;
- int fd;
-
- if (!prompt) {
- /*
- * Read secret key out of ROOTKEY
- */
- fd = open(ROOTKEY, O_RDONLY, 0);
- if (fd < 0) {
- randomize(master);
- return (0);
- }
- if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) {
- warnx("the key read from %s was too short", ROOTKEY);
- (void) close(fd);
- return (0);
- }
- (void) close(fd);
- if (!getnetname(name)) {
- warnx(
- "failed to generate host's netname when establishing root's key");
- return (0);
- }
- memcpy(netstore.st_priv_key, secret, HEXKEYBYTES);
- memset(netstore.st_pub_key, 0, HEXKEYBYTES);
- netstore.st_netname = name;
- if (pk_netput(0, &netstore) != KEY_SUCCESS) {
- warnx("could not set root's key and netname");
- return (0);
- }
- return (1);
- }
- /*
- * Decrypt yellow pages publickey entry to get secret key
- */
- passwd = getpass("root password:");
- passwd2des(passwd, (char *)master);
- getnetname(name);
- if (!getsecretkey(name, secret, passwd)) {
- warnx("can't find %s's secret key", name);
- return (0);
- }
- if (secret[0] == 0) {
- warnx("password does not decrypt secret key for %s", name);
- return (0);
- }
- (void) pk_setkey(0, secret);
- /*
- * Store it for future use in $ROOTKEY, if possible
- */
- fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
- if (fd > 0) {
- char newline = '\n';
-
- write(fd, secret, strlen(secret));
- write(fd, &newline, sizeof (newline));
- close(fd);
- }
- return (1);
-}
-
-/*
- * Procedures to implement RPC service
- */
-char *
-strstatus(status)
- keystatus status;
-{
- switch (status) {
- case KEY_SUCCESS:
- return ("KEY_SUCCESS");
- case KEY_NOSECRET:
- return ("KEY_NOSECRET");
- case KEY_UNKNOWN:
- return ("KEY_UNKNOWN");
- case KEY_SYSTEMERR:
- return ("KEY_SYSTEMERR");
- default:
- return ("(bad result code)");
- }
-}
-
-keystatus *
-key_set_1_svc_prog(uid, key)
- uid_t uid;
- keybuf key;
-{
- static keystatus status;
-
- if (debugging) {
- (void) fprintf(stderr, "set(%u, %.*s) = ", uid,
- (int) sizeof (keybuf), key);
- }
- status = pk_setkey(uid, key);
- if (debugging) {
- (void) fprintf(stderr, "%s\n", strstatus(status));
- (void) fflush(stderr);
- }
- return (&status);
-}
-
-cryptkeyres *
-key_encrypt_pk_2_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg2 *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_encrypt(uid, arg->remotename, &(arg->remotekey),
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-cryptkeyres *
-key_decrypt_pk_2_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg2 *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_decrypt(uid, arg->remotename, &(arg->remotekey),
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-keystatus *
-key_net_put_2_svc_prog(uid, arg)
- uid_t uid;
- key_netstarg *arg;
-{
- static keystatus status;
-
- if (debugging) {
- (void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ",
- arg->st_netname, (int)sizeof (arg->st_pub_key),
- arg->st_pub_key, (int)sizeof (arg->st_priv_key),
- arg->st_priv_key);
- }
-
- status = pk_netput(uid, arg);
-
- if (debugging) {
- (void) fprintf(stderr, "%s\n", strstatus(status));
- (void) fflush(stderr);
- }
-
- return (&status);
-}
-
-key_netstres *
-key_net_get_2_svc_prog(uid, arg)
- uid_t uid;
- void *arg;
-{
- static key_netstres keynetname;
-
- if (debugging)
- (void) fprintf(stderr, "net_get(%u) = ", uid);
-
- keynetname.status = pk_netget(uid, &keynetname.key_netstres_u.knet);
- if (debugging) {
- if (keynetname.status == KEY_SUCCESS) {
- fprintf(stderr, "<%s, %.*s, %.*s>\n",
- keynetname.key_netstres_u.knet.st_netname,
- (int)sizeof (keynetname.key_netstres_u.knet.st_pub_key),
- keynetname.key_netstres_u.knet.st_pub_key,
- (int)sizeof (keynetname.key_netstres_u.knet.st_priv_key),
- keynetname.key_netstres_u.knet.st_priv_key);
- } else {
- (void) fprintf(stderr, "NOT FOUND\n");
- }
- (void) fflush(stderr);
- }
-
- return (&keynetname);
-
-}
-
-cryptkeyres *
-key_get_conv_2_svc_prog(uid, arg)
- uid_t uid;
- keybuf arg;
-{
- static cryptkeyres res;
-
- if (debugging)
- (void) fprintf(stderr, "get_conv(%u, %.*s) = ", uid,
- (int)sizeof (keybuf), arg);
-
-
- res.status = pk_get_conv_key(uid, arg, &res);
-
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-
-cryptkeyres *
-key_encrypt_1_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_encrypt(uid, arg->remotename, NULL,
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-cryptkeyres *
-key_decrypt_1_svc_prog(uid, arg)
- uid_t uid;
- cryptkeyarg *arg;
-{
- static cryptkeyres res;
-
- if (debugging) {
- (void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid,
- arg->remotename, arg->deskey.key.high,
- arg->deskey.key.low);
- }
- res.cryptkeyres_u.deskey = arg->deskey;
- res.status = pk_decrypt(uid, arg->remotename, NULL,
- &res.cryptkeyres_u.deskey);
- if (debugging) {
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "%08x%08x\n",
- res.cryptkeyres_u.deskey.key.high,
- res.cryptkeyres_u.deskey.key.low);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-/* ARGSUSED */
-des_block *
-key_gen_1_svc_prog(v, s)
- void *v;
- struct svc_req *s;
-{
- struct timeval time;
- static des_block keygen;
- static des_block key;
-
- (void)gettimeofday(&time, NULL);
- keygen.key.high += (time.tv_sec ^ time.tv_usec);
- keygen.key.low += (time.tv_sec ^ time.tv_usec);
- ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen),
- DES_ENCRYPT | DES_HW);
- key = keygen;
- des_setparity((char *)&key);
- if (debugging) {
- (void) fprintf(stderr, "gen() = %08x%08x\n", key.key.high,
- key.key.low);
- (void) fflush(stderr);
- }
- return (&key);
-}
-
-getcredres *
-key_getcred_1_svc_prog(uid, name)
- uid_t uid;
- netnamestr *name;
-{
- static getcredres res;
- static u_int gids[NGROUPS];
- struct unixcred *cred;
-
- cred = &res.getcredres_u.cred;
- cred->gids.gids_val = gids;
- if (!netname2user(*name, (uid_t *) &cred->uid, (gid_t *) &cred->gid,
- (int *)&cred->gids.gids_len, (gid_t *)gids)) {
- res.status = KEY_UNKNOWN;
- } else {
- res.status = KEY_SUCCESS;
- }
- if (debugging) {
- (void) fprintf(stderr, "getcred(%s) = ", *name);
- if (res.status == KEY_SUCCESS) {
- (void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n",
- cred->uid, cred->gid, cred->gids.gids_len);
- } else {
- (void) fprintf(stderr, "%s\n", strstatus(res.status));
- }
- (void) fflush(stderr);
- }
- return (&res);
-}
-
-/*
- * RPC boilerplate
- */
-static void
-keyprogram(rqstp, transp)
- struct svc_req *rqstp;
- SVCXPRT *transp;
-{
- union {
- keybuf key_set_1_arg;
- cryptkeyarg key_encrypt_1_arg;
- cryptkeyarg key_decrypt_1_arg;
- netnamestr key_getcred_1_arg;
- cryptkeyarg key_encrypt_2_arg;
- cryptkeyarg key_decrypt_2_arg;
- netnamestr key_getcred_2_arg;
- cryptkeyarg2 key_encrypt_pk_2_arg;
- cryptkeyarg2 key_decrypt_pk_2_arg;
- key_netstarg key_net_put_2_arg;
- netobj key_get_conv_2_arg;
- } argument;
- char *result;
- xdrproc_t xdr_argument, xdr_result;
- char *(*local) ();
- uid_t uid = -1;
- int check_auth;
-
- switch (rqstp->rq_proc) {
- case NULLPROC:
- svc_sendreply(transp, (xdrproc_t)xdr_void, NULL);
- return;
-
- case KEY_SET:
- xdr_argument = (xdrproc_t)xdr_keybuf;
- xdr_result = (xdrproc_t)xdr_int;
- local = (char *(*)()) key_set_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_ENCRYPT:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_encrypt_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_DECRYPT:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_decrypt_1_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_GEN:
- xdr_argument = (xdrproc_t)xdr_void;
- xdr_result = (xdrproc_t)xdr_des_block;
- local = (char *(*)()) key_gen_1_svc_prog;
- check_auth = 0;
- break;
-
- case KEY_GETCRED:
- xdr_argument = (xdrproc_t)xdr_netnamestr;
- xdr_result = (xdrproc_t)xdr_getcredres;
- local = (char *(*)()) key_getcred_1_svc_prog;
- check_auth = 0;
- break;
-
- case KEY_ENCRYPT_PK:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_encrypt_pk_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_DECRYPT_PK:
- xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_decrypt_pk_2_svc_prog;
- check_auth = 1;
- break;
-
-
- case KEY_NET_PUT:
- xdr_argument = (xdrproc_t)xdr_key_netstarg;
- xdr_result = (xdrproc_t)xdr_keystatus;
- local = (char *(*)()) key_net_put_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_NET_GET:
- xdr_argument = (xdrproc_t) xdr_void;
- xdr_result = (xdrproc_t)xdr_key_netstres;
- local = (char *(*)()) key_net_get_2_svc_prog;
- check_auth = 1;
- break;
-
- case KEY_GET_CONV:
- xdr_argument = (xdrproc_t) xdr_keybuf;
- xdr_result = (xdrproc_t)xdr_cryptkeyres;
- local = (char *(*)()) key_get_conv_2_svc_prog;
- check_auth = 1;
- break;
-
- default:
- svcerr_noproc(transp);
- return;
- }
- if (check_auth) {
- if (root_auth(transp, rqstp) == 0) {
- if (debugging) {
- (void) fprintf(stderr,
- "not local privileged process\n");
- }
- svcerr_weakauth(transp);
- return;
- }
- if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
- if (debugging) {
- (void) fprintf(stderr,
- "not unix authentication\n");
- }
- svcerr_weakauth(transp);
- return;
- }
- uid = ((struct authsys_parms *)rqstp->rq_clntcred)->aup_uid;
- }
-
- memset(&argument, 0, sizeof (argument));
- if (!svc_getargs(transp, xdr_argument, &argument)) {
- svcerr_decode(transp);
- return;
- }
- result = (*local) (uid, &argument);
- if (!svc_sendreply(transp, xdr_result, result)) {
- if (debugging)
- (void) fprintf(stderr, "unable to reply\n");
- svcerr_systemerr(transp);
- }
- if (!svc_freeargs(transp, xdr_argument, &argument)) {
- if (debugging)
- (void) fprintf(stderr,
- "unable to free arguments\n");
- exit(1);
- }
- return;
-}
-
-static int
-root_auth(trans, rqstp)
- SVCXPRT *trans;
- struct svc_req *rqstp;
-{
- uid_t uid;
- struct sockaddr *remote;
-
- remote = svc_getrpccaller(trans)->buf;
- if (remote->sa_family != AF_UNIX) {
- if (debugging)
- fprintf(stderr, "client didn't use AF_UNIX\n");
- return (0);
- }
-
- if (__rpc_get_local_uid(trans, &uid) < 0) {
- if (debugging)
- fprintf(stderr, "__rpc_get_local_uid failed\n");
- return (0);
- }
-
- if (debugging)
- fprintf(stderr, "local_uid %u\n", uid);
- if (uid == 0)
- return (1);
- if (rqstp->rq_cred.oa_flavor == AUTH_SYS) {
- if (((uid_t) ((struct authunix_parms *)
- rqstp->rq_clntcred)->aup_uid)
- == uid) {
- return (1);
- } else {
- if (debugging)
- fprintf(stderr,
- "local_uid %u mismatches auth %u\n", uid,
-((uid_t) ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid));
- return (0);
- }
- } else {
- if (debugging)
- fprintf(stderr, "Not auth sys\n");
- return (0);
- }
-}
-
-static void
-usage()
-{
- (void) fprintf(stderr,
- "usage: keyserv [-n] [-D] [-d] [-v] [-p path]\n");
- (void) fprintf(stderr, "-d disables the use of default keys\n");
- exit(1);
-}
Index: usr.sbin/keyserv/setkey.c
===================================================================
--- usr.sbin/keyserv/setkey.c
+++ /dev/null
@@ -1,550 +0,0 @@
-/*
- * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
- * unrestricted use provided that this legend is included on all tape
- * media and as a part of the software program in whole or part. Users
- * may copy or modify Sun RPC without charge, but are not authorized
- * to license or distribute it to anyone else except as part of a product or
- * program developed by the user.
- *
- * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
- * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
- *
- * Sun RPC is provided with no support and without any obligation on the
- * part of Sun Microsystems, Inc. to assist in its use, correction,
- * modification or enhancement.
- *
- * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
- * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
- * OR ANY PART THEREOF.
- *
- * In no event will Sun Microsystems, Inc. be liable for any lost revenue
- * or profits or other special, indirect and consequential damages, even if
- * Sun has been advised of the possibility of such damages.
- *
- * Sun Microsystems, Inc.
- * 2550 Garcia Avenue
- * Mountain View, California 94043
- */
-
-#ifndef lint
-#if 0
-static char sccsid[] = "@(#)setkey.c 1.11 94/04/25 SMI";
-#endif
-static const char rcsid[] =
- "$FreeBSD$";
-#endif /* not lint */
-
-/*
- * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
- */
-
-/*
- * Do the real work of the keyserver.
- * Store secret keys. Compute common keys,
- * and use them to decrypt and encrypt DES keys.
- * Cache the common keys, so the expensive computation is avoided.
- */
-#include <mp.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <rpc/rpc.h>
-#include <rpc/key_prot.h>
-#include <rpc/des_crypt.h>
-#include <rpc/des.h>
-#include <sys/errno.h>
-#include "keyserv.h"
-
-static MINT *MODULUS;
-static char *fetchsecretkey( uid_t );
-static void writecache( char *, char *, des_block * );
-static int readcache( char *, char *, des_block * );
-static void extractdeskey( MINT *, des_block * );
-static int storesecretkey( uid_t, keybuf );
-static keystatus pk_crypt( uid_t, char *, netobj *, des_block *, int);
-static int nodefaultkeys = 0;
-
-
-/*
- * prohibit the nobody key on this machine k (the -d flag)
- */
-void
-pk_nodefaultkeys()
-{
- nodefaultkeys = 1;
-}
-
-/*
- * Set the modulus for all our Diffie-Hellman operations
- */
-void
-setmodulus(modx)
- char *modx;
-{
- MODULUS = mp_xtom(modx);
-}
-
-/*
- * Set the secretkey key for this uid
- */
-keystatus
-pk_setkey(uid, skey)
- uid_t uid;
- keybuf skey;
-{
- if (!storesecretkey(uid, skey)) {
- return (KEY_SYSTEMERR);
- }
- return (KEY_SUCCESS);
-}
-
-/*
- * Encrypt the key using the public key associated with remote_name and the
- * secret key associated with uid.
- */
-keystatus
-pk_encrypt(uid, remote_name, remote_key, key)
- uid_t uid;
- char *remote_name;
- netobj *remote_key;
- des_block *key;
-{
- return (pk_crypt(uid, remote_name, remote_key, key, DES_ENCRYPT));
-}
-
-/*
- * Decrypt the key using the public key associated with remote_name and the
- * secret key associated with uid.
- */
-keystatus
-pk_decrypt(uid, remote_name, remote_key, key)
- uid_t uid;
- char *remote_name;
- netobj *remote_key;
- des_block *key;
-{
- return (pk_crypt(uid, remote_name, remote_key, key, DES_DECRYPT));
-}
-
-static int store_netname( uid_t, key_netstarg * );
-static int fetch_netname( uid_t, key_netstarg * );
-
-keystatus
-pk_netput(uid, netstore)
- uid_t uid;
- key_netstarg *netstore;
-{
- if (!store_netname(uid, netstore)) {
- return (KEY_SYSTEMERR);
- }
- return (KEY_SUCCESS);
-}
-
-keystatus
-pk_netget(uid, netstore)
- uid_t uid;
- key_netstarg *netstore;
-{
- if (!fetch_netname(uid, netstore)) {
- return (KEY_SYSTEMERR);
- }
- return (KEY_SUCCESS);
-}
-
-
-/*
- * Do the work of pk_encrypt && pk_decrypt
- */
-static keystatus
-pk_crypt(uid, remote_name, remote_key, key, mode)
- uid_t uid;
- char *remote_name;
- netobj *remote_key;
- des_block *key;
- int mode;
-{
- char *xsecret;
- char xpublic[1024];
- char xsecret_hold[1024];
- des_block deskey;
- int err;
- MINT *public;
- MINT *secret;
- MINT *common;
- char zero[8];
-
- xsecret = fetchsecretkey(uid);
- if (xsecret == NULL || xsecret[0] == 0) {
- memset(zero, 0, sizeof (zero));
- xsecret = xsecret_hold;
- if (nodefaultkeys)
- return (KEY_NOSECRET);
-
- if (!getsecretkey("nobody", xsecret, zero) || xsecret[0] == 0) {
- return (KEY_NOSECRET);
- }
- }
- if (remote_key) {
- memcpy(xpublic, remote_key->n_bytes, remote_key->n_len);
- } else {
- bzero((char *)&xpublic, sizeof(xpublic));
- if (!getpublickey(remote_name, xpublic)) {
- if (nodefaultkeys || !getpublickey("nobody", xpublic))
- return (KEY_UNKNOWN);
- }
- }
-
- if (!readcache(xpublic, xsecret, &deskey)) {
- public = mp_xtom(xpublic);
- secret = mp_xtom(xsecret);
- /* Sanity Check on public and private keys */
- if ((public == NULL) || (secret == NULL))
- return (KEY_SYSTEMERR);
-
- common = mp_itom(0);
- mp_pow(public, secret, MODULUS, common);
- extractdeskey(common, &deskey);
- writecache(xpublic, xsecret, &deskey);
- mp_mfree(secret);
- mp_mfree(public);
- mp_mfree(common);
- }
- err = ecb_crypt((char *)&deskey, (char *)key, sizeof (des_block),
- DES_HW | mode);
- if (DES_FAILED(err)) {
- return (KEY_SYSTEMERR);
- }
- return (KEY_SUCCESS);
-}
-
-keystatus
-pk_get_conv_key(uid, xpublic, result)
- uid_t uid;
- keybuf xpublic;
- cryptkeyres *result;
-{
- char *xsecret;
- char xsecret_hold[1024];
- MINT *public;
- MINT *secret;
- MINT *common;
- char zero[8];
-
-
- xsecret = fetchsecretkey(uid);
-
- if (xsecret == NULL || xsecret[0] == 0) {
- memset(zero, 0, sizeof (zero));
- xsecret = xsecret_hold;
- if (nodefaultkeys)
- return (KEY_NOSECRET);
-
- if (!getsecretkey("nobody", xsecret, zero) ||
- xsecret[0] == 0)
- return (KEY_NOSECRET);
- }
-
- if (!readcache(xpublic, xsecret, &result->cryptkeyres_u.deskey)) {
- public = mp_xtom(xpublic);
- secret = mp_xtom(xsecret);
- /* Sanity Check on public and private keys */
- if ((public == NULL) || (secret == NULL))
- return (KEY_SYSTEMERR);
-
- common = mp_itom(0);
- mp_pow(public, secret, MODULUS, common);
- extractdeskey(common, &result->cryptkeyres_u.deskey);
- writecache(xpublic, xsecret, &result->cryptkeyres_u.deskey);
- mp_mfree(secret);
- mp_mfree(public);
- mp_mfree(common);
- }
-
- return (KEY_SUCCESS);
-}
-
-/*
- * Choose middle 64 bits of the common key to use as our des key, possibly
- * overwriting the lower order bits by setting parity.
- */
-static void
-extractdeskey(ck, deskey)
- MINT *ck;
- des_block *deskey;
-{
- MINT *a;
- short r;
- int i;
- short base = (1 << 8);
- char *k;
-
- a = mp_itom(0);
-#ifdef SOLARIS_MP
- _mp_move(ck, a);
-#else
- mp_move(ck, a);
-#endif
- for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) {
- mp_sdiv(a, base, a, &r);
- }
- k = deskey->c;
- for (i = 0; i < 8; i++) {
- mp_sdiv(a, base, a, &r);
- *k++ = r;
- }
- mp_mfree(a);
- des_setparity((char *)deskey);
-}
-
-/*
- * Key storage management
- */
-
-#define KEY_ONLY 0
-#define KEY_NAME 1
-struct secretkey_netname_list {
- uid_t uid;
- key_netstarg keynetdata;
- u_char sc_flag;
- struct secretkey_netname_list *next;
-};
-
-
-
-static struct secretkey_netname_list *g_secretkey_netname;
-
-/*
- * Store the keys and netname for this uid
- */
-static int
-store_netname(uid, netstore)
- uid_t uid;
- key_netstarg *netstore;
-{
- struct secretkey_netname_list *new;
- struct secretkey_netname_list **l;
-
- for (l = &g_secretkey_netname; *l != NULL && (*l)->uid != uid;
- l = &(*l)->next) {
- }
- if (*l == NULL) {
- new = (struct secretkey_netname_list *)malloc(sizeof (*new));
- if (new == NULL) {
- return (0);
- }
- new->uid = uid;
- new->next = NULL;
- *l = new;
- } else {
- new = *l;
- if (new->keynetdata.st_netname)
- (void) free (new->keynetdata.st_netname);
- }
- memcpy(new->keynetdata.st_priv_key, netstore->st_priv_key,
- HEXKEYBYTES);
- memcpy(new->keynetdata.st_pub_key, netstore->st_pub_key, HEXKEYBYTES);
-
- if (netstore->st_netname)
- new->keynetdata.st_netname = strdup(netstore->st_netname);
- else
- new->keynetdata.st_netname = (char *)NULL;
- new->sc_flag = KEY_NAME;
- return (1);
-
-}
-
-/*
- * Fetch the keys and netname for this uid
- */
-
-static int
-fetch_netname(uid, key_netst)
- uid_t uid;
- struct key_netstarg *key_netst;
-{
- struct secretkey_netname_list *l;
-
- for (l = g_secretkey_netname; l != NULL; l = l->next) {
- if ((l->uid == uid) && (l->sc_flag == KEY_NAME)){
-
- memcpy(key_netst->st_priv_key,
- l->keynetdata.st_priv_key, HEXKEYBYTES);
-
- memcpy(key_netst->st_pub_key,
- l->keynetdata.st_pub_key, HEXKEYBYTES);
-
- if (l->keynetdata.st_netname)
- key_netst->st_netname =
- strdup(l->keynetdata.st_netname);
- else
- key_netst->st_netname = NULL;
- return (1);
- }
- }
-
- return (0);
-}
-
-static char *
-fetchsecretkey(uid)
- uid_t uid;
-{
- struct secretkey_netname_list *l;
-
- for (l = g_secretkey_netname; l != NULL; l = l->next) {
- if (l->uid == uid) {
- return (l->keynetdata.st_priv_key);
- }
- }
- return (NULL);
-}
-
-/*
- * Store the secretkey for this uid
- */
-static int
-storesecretkey(uid, key)
- uid_t uid;
- keybuf key;
-{
- struct secretkey_netname_list *new;
- struct secretkey_netname_list **l;
-
- for (l = &g_secretkey_netname; *l != NULL && (*l)->uid != uid;
- l = &(*l)->next) {
- }
- if (*l == NULL) {
- new = (struct secretkey_netname_list *) malloc(sizeof (*new));
- if (new == NULL) {
- return (0);
- }
- new->uid = uid;
- new->sc_flag = KEY_ONLY;
- memset(new->keynetdata.st_pub_key, 0, HEXKEYBYTES);
- new->keynetdata.st_netname = NULL;
- new->next = NULL;
- *l = new;
- } else {
- new = *l;
- }
-
- memcpy(new->keynetdata.st_priv_key, key,
- HEXKEYBYTES);
- return (1);
-}
-
-static int
-hexdigit(val)
- int val;
-{
- return ("0123456789abcdef"[val]);
-}
-
-void
-bin2hex(bin, hex, size)
- unsigned char *bin;
- unsigned char *hex;
- int size;
-{
- int i;
-
- for (i = 0; i < size; i++) {
- *hex++ = hexdigit(*bin >> 4);
- *hex++ = hexdigit(*bin++ & 0xf);
- }
-}
-
-static int
-hexval(dig)
- char dig;
-{
- if ('0' <= dig && dig <= '9') {
- return (dig - '0');
- } else if ('a' <= dig && dig <= 'f') {
- return (dig - 'a' + 10);
- } else if ('A' <= dig && dig <= 'F') {
- return (dig - 'A' + 10);
- } else {
- return (-1);
- }
-}
-
-void
-hex2bin(hex, bin, size)
- unsigned char *hex;
- unsigned char *bin;
- int size;
-{
- int i;
-
- for (i = 0; i < size; i++) {
- *bin = hexval(*hex++) << 4;
- *bin++ |= hexval(*hex++);
- }
-}
-
-/*
- * Exponential caching management
- */
-struct cachekey_list {
- keybuf secret;
- keybuf public;
- des_block deskey;
- struct cachekey_list *next;
-};
-static struct cachekey_list *g_cachedkeys;
-
-/*
- * cache result of expensive multiple precision exponential operation
- */
-static void
-writecache(pub, sec, deskey)
- char *pub;
- char *sec;
- des_block *deskey;
-{
- struct cachekey_list *new;
-
- new = (struct cachekey_list *) malloc(sizeof (struct cachekey_list));
- if (new == NULL) {
- return;
- }
- memcpy(new->public, pub, sizeof (keybuf));
- memcpy(new->secret, sec, sizeof (keybuf));
- new->deskey = *deskey;
- new->next = g_cachedkeys;
- g_cachedkeys = new;
-}
-
-/*
- * Try to find the common key in the cache
- */
-static int
-readcache(pub, sec, deskey)
- char *pub;
- char *sec;
- des_block *deskey;
-{
- struct cachekey_list *found;
- register struct cachekey_list **l;
-
-#define cachehit(pub, sec, list) \
- (memcmp(pub, (list)->public, sizeof (keybuf)) == 0 && \
- memcmp(sec, (list)->secret, sizeof (keybuf)) == 0)
-
- for (l = &g_cachedkeys; (*l) != NULL && !cachehit(pub, sec, *l);
- l = &(*l)->next)
- ;
- if ((*l) == NULL) {
- return (0);
- }
- found = *l;
- (*l) = (*l)->next;
- found->next = g_cachedkeys;
- g_cachedkeys = found;
- *deskey = found->deskey;
- return (1);
-}

File Metadata

Mime Type
text/plain
Expires
Sat, Jan 11, 6:27 AM (19 h, 20 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
15751360
Default Alt Text
D30683.diff (85 KB)

Event Timeline