Back to index

glibc  2.9
Classes | Defines | Functions | Variables
key_call.c File Reference
#include <stdio.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <string.h>
#include <rpc/rpc.h>
#include <rpc/auth.h>
#include <sys/wait.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <rpc/key_prot.h>
#include <bits/libc-lock.h>

Go to the source code of this file.

Classes

struct  key_call_private

Defines

#define KEY_TIMEOUT   5 /* per-try timeout in seconds */
#define KEY_NRETRY   12 /* number of retries */
#define debug(msg)   /* turn off debugging */
#define TOTAL_TIMEOUT   30 /* total timeout talking to keyserver */
#define TOTAL_TRIES   5 /* Number of tries */

Functions

int _openchild (const char *command, FILE **fto, FILE **ffrom)
static int key_call (u_long, xdrproc_t xdr_arg, char *, xdrproc_t xdr_rslt, char *) internal_function
int key_setsecret (char *secretkey)
int key_secretkey_is_set (void)
int key_encryptsession (char *remotename, des_block *deskey)
int key_decryptsession (char *remotename, des_block *deskey)
int key_encryptsession_pk (char *remotename, netobj *remotekey, des_block *deskey)
 libc_hidden_def (key_encryptsession_pk)
 libc_hidden_def (key_decryptsession_pk)
 libc_hidden_def (key_gendes)
int key_get_conv (char *pkey, des_block *deskey)
static int internal_function key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg, xdrproc_t xdr_rslt, char *rslt)
 __libc_lock_define_initialized (static, keycall_lock)
static int internal_function key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg, xdrproc_t xdr_rslt, char *rslt)

Variables

static struct timeval = {KEY_TIMEOUT, 0}
cryptkeyres *(* __key_encryptsession_pk_LOCAL )(uid_t, char *)
cryptkeyres *(* __key_decryptsession_pk_LOCAL )(uid_t, char *)
des_block *(* __key_gendes_LOCAL )(uid_t, char *)
static struct key_call_privatekey_call_private_main

Class Documentation

struct key_call_private

Definition at line 363 of file key_call.c.

Collaboration diagram for key_call_private:
Class Members
CLIENT * client
pid_t pid
uid_t uid

Define Documentation

#define debug (   msg)    /* turn off debugging */

Definition at line 57 of file key_call.c.

#define KEY_NRETRY   12 /* number of retries */

Definition at line 55 of file key_call.c.

#define KEY_TIMEOUT   5 /* per-try timeout in seconds */

Definition at line 54 of file key_call.c.

#define TOTAL_TIMEOUT   30 /* total timeout talking to keyserver */
#define TOTAL_TRIES   5 /* Number of tries */

Function Documentation

__libc_lock_define_initialized ( static  ,
keycall_lock   
)

Definition at line 373 of file key_call.c.

{
  struct key_call_private *kcp = key_call_private_main;
  struct timeval wait_time;
  int fd;
  struct sockaddr_un name;
  socklen_t namelen = sizeof(struct sockaddr_un);

#define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
#define TOTAL_TRIES     5       /* Number of tries */

  if (kcp == (struct key_call_private *)NULL)
    {
      kcp = (struct key_call_private *)malloc (sizeof (*kcp));
      if (kcp == (struct key_call_private *)NULL)
       return (CLIENT *) NULL;

      key_call_private_main = kcp;
      kcp->client = NULL;
    }

  /* if pid has changed, destroy client and rebuild */
  if (kcp->client != NULL && kcp->pid != __getpid ())
    {
      auth_destroy (kcp->client->cl_auth);
      clnt_destroy (kcp->client);
      kcp->client = NULL;
    }

  if (kcp->client != NULL)
    {
      /* if other side closed socket, build handle again */
      clnt_control (kcp->client, CLGET_FD, (char *)&fd);
      if (__getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
       {
         auth_destroy (kcp->client->cl_auth);
         clnt_destroy (kcp->client);
         kcp->client = NULL;
       }
    }

  if (kcp->client != NULL)
    {
      /* if uid has changed, build client handle again */
      if (kcp->uid != __geteuid ())
       {
        kcp->uid = __geteuid ();
        auth_destroy (kcp->client->cl_auth);
        kcp->client->cl_auth =
          INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0, NULL);
        if (kcp->client->cl_auth == NULL)
          {
            clnt_destroy (kcp->client);
            kcp->client = NULL;
            return ((CLIENT *) NULL);
          }
       }
      /* Change the version number to the new one */
      clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
      return kcp->client;
    }

  if ((kcp->client == (CLIENT *) NULL))
    /* Use the AF_UNIX transport */
    kcp->client = INTUSE(clnt_create) ("/var/run/keyservsock", KEY_PROG, vers,
                                   "unix");

  if (kcp->client == (CLIENT *) NULL)
    return (CLIENT *) NULL;

  kcp->uid = __geteuid ();
  kcp->pid = __getpid ();
  kcp->client->cl_auth = INTUSE(authunix_create) ((char *)"", kcp->uid, 0, 0,
                                            NULL);
  if (kcp->client->cl_auth == NULL)
    {
      clnt_destroy (kcp->client);
      kcp->client = NULL;
      return (CLIENT *) NULL;
    }

  wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
  wait_time.tv_usec = 0;
  clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
              (char *)&wait_time);
  if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
    __fcntl (fd, F_SETFD, FD_CLOEXEC);  /* make it "close on exec" */

  return kcp->client;
}

Here is the call graph for this function:

int _openchild ( const char *  command,
FILE **  fto,
FILE **  ffrom 
)

Definition at line 56 of file openchild.c.

{
  int i;
  int pid;
  int pdto[2];
  int pdfrom[2];

  if (__pipe (pdto) < 0)
    goto error1;
  if (__pipe (pdfrom) < 0)
    goto error2;
  switch (pid = __fork ())
    {
    case -1:
      goto error3;

    case 0:
      /*
       * child: read from pdto[0], write into pdfrom[1]
       */
      __close (0);
      __dup (pdto[0]);
      __close (1);
      __dup (pdfrom[1]);
      fflush (stderr);
      for (i = _rpc_dtablesize () - 1; i >= 3; i--)
       __close (i);
      fflush (stderr);
      execlp (command, command, NULL);
      perror ("exec");
      _exit (~0);

    default:
      /*
       * parent: write into pdto[1], read from pdfrom[0]
       */
      *fto = __fdopen (pdto[1], "w");
      __close (pdto[0]);
      *ffrom = __fdopen (pdfrom[0], "r");
      __close (pdfrom[1]);
      break;
    }
  return pid;

  /*
   * error cleanup and return
   */
error3:
  __close (pdfrom[0]);
  __close (pdfrom[1]);
error2:
  __close (pdto[0]);
  __close (pdto[1]);
error1:
  return -1;
}

Here is the call graph for this function:

static int internal_function key_call ( u_long  proc,
xdrproc_t  xdr_arg,
char *  arg,
xdrproc_t  xdr_rslt,
char *  rslt 
) [static]

Definition at line 507 of file key_call.c.

{
#ifndef SO_PASSCRED
  static int use_keyenvoy;
#endif

  if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
    {
      cryptkeyres *res;
      res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
      *(cryptkeyres *) rslt = *res;
      return 1;
    }
  else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
    {
      cryptkeyres *res;
      res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
      *(cryptkeyres *) rslt = *res;
      return 1;
    }
  else if (proc == KEY_GEN && __key_gendes_LOCAL)
    {
      des_block *res;
      res = (*__key_gendes_LOCAL) (__geteuid (), 0);
      *(des_block *) rslt = *res;
      return 1;
    }

#ifdef SO_PASSCRED
  return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
#else
  if (!use_keyenvoy)
    {
      if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
       return 1;
      use_keyenvoy = 1;
    }
  return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
#endif
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int internal_function key_call_keyenvoy ( u_long  proc,
xdrproc_t  xdr_arg,
char *  arg,
xdrproc_t  xdr_rslt,
char *  rslt 
) [static]

Definition at line 286 of file key_call.c.

{
  XDR xdrargs;
  XDR xdrrslt;
  FILE *fargs;
  FILE *frslt;
  sigset_t oldmask, mask;
  union wait status;
  int pid;
  int success;
  uid_t ruid;
  uid_t euid;
  static const char MESSENGER[] = "/usr/etc/keyenvoy";

  success = 1;
  sigemptyset (&mask);
  sigaddset (&mask, SIGCHLD);
  __sigprocmask (SIG_BLOCK, &mask, &oldmask);

  /*
   * We are going to exec a set-uid program which makes our effective uid
   * zero, and authenticates us with our real uid. We need to make the
   * effective uid be the real uid for the setuid program, and
   * the real uid be the effective uid so that we can change things back.
   */
  euid = __geteuid ();
  ruid = __getuid ();
  __setreuid (euid, ruid);
  pid = _openchild (MESSENGER, &fargs, &frslt);
  __setreuid (ruid, euid);
  if (pid < 0)
    {
      debug ("open_streams");
      __sigprocmask (SIG_SETMASK, &oldmask, NULL);
      return (0);
    }
  xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
  xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);

  if (!INTUSE(xdr_u_long) (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
    {
      debug ("xdr args");
      success = 0;
    }
  fclose (fargs);

  if (success && !(*xdr_rslt) (&xdrrslt, rslt))
    {
      debug ("xdr rslt");
      success = 0;
    }
  fclose(frslt);

 wait_again:
  if (__wait4 (pid, &status, 0, NULL) < 0)
    {
      if (errno == EINTR)
       goto wait_again;
      debug ("wait4");
      if (errno == ECHILD || errno == ESRCH)
       perror ("wait");
      else
       success = 0;
    }
  else
    if (status.w_retcode)
      {
       debug ("wait4 1");
       success = 0;
      }
  __sigprocmask (SIG_SETMASK, &oldmask, NULL);

  return success;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int internal_function key_call_socket ( u_long  proc,
xdrproc_t  xdr_arg,
char *  arg,
xdrproc_t  xdr_rslt,
char *  rslt 
) [static]

Definition at line 473 of file key_call.c.

{
  CLIENT *clnt;
  struct timeval wait_time;
  int result = 0;

  __libc_lock_lock (keycall_lock);
  if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
      (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
      (proc == KEY_GET_CONV))
    clnt = getkeyserv_handle(2); /* talk to version 2 */
  else
    clnt = getkeyserv_handle(1); /* talk to version 1 */

  if (clnt != NULL)
    {
      wait_time.tv_sec = TOTAL_TIMEOUT;
      wait_time.tv_usec = 0;

      if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
                   wait_time) == RPC_SUCCESS)
       result = 1;
    }

  __libc_lock_unlock (keycall_lock);

  return result;
}

Here is the caller graph for this function:

int key_decryptsession ( char *  remotename,
des_block deskey 
)

Definition at line 133 of file key_call.c.

{
  cryptkeyarg arg;
  cryptkeyres res;

  arg.remotename = remotename;
  arg.deskey = *deskey;
  if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
               (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
               (char *) &res))
    return -1;
  if (res.status != KEY_SUCCESS)
    {
      debug ("decrypt status is nonzero");
      return -1;
    }
  *deskey = res.cryptkeyres_u.deskey;
  return 0;
}

Here is the call graph for this function:

int key_encryptsession ( char *  remotename,
des_block deskey 
)

Definition at line 111 of file key_call.c.

{
  cryptkeyarg arg;
  cryptkeyres res;

  arg.remotename = remotename;
  arg.deskey = *deskey;
  if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) INTUSE(xdr_cryptkeyarg),
               (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
               (char *) &res))
    return -1;

  if (res.status != KEY_SUCCESS)
    {
      debug ("encrypt status is nonzero");
      return -1;
    }
  *deskey = res.cryptkeyres_u.deskey;
  return 0;
}

Here is the call graph for this function:

int key_encryptsession_pk ( char *  remotename,
netobj remotekey,
des_block deskey 
)

Definition at line 154 of file key_call.c.

{
  cryptkeyarg2 arg;
  cryptkeyres res;

  arg.remotename = remotename;
  arg.remotekey = *remotekey;
  arg.deskey = *deskey;
  if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
               (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
               (char *) &res))
    return -1;

  if (res.status != KEY_SUCCESS)
    {
      debug ("encrypt status is nonzero");
      return -1;
    }
  *deskey = res.cryptkeyres_u.deskey;
  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int key_get_conv ( char *  pkey,
des_block deskey 
)

Definition at line 253 of file key_call.c.

{
  cryptkeyres res;

  if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) INTUSE(xdr_keybuf), pkey,
               (xdrproc_t) INTUSE(xdr_cryptkeyres), (char *) &res))
    return -1;

  if (res.status != KEY_SUCCESS)
    {
      debug ("get_conv status is nonzero");
      return -1;
    }
  *deskey = res.cryptkeyres_u.deskey;
  return 0;
}

Here is the call graph for this function:

Definition at line 92 of file key_call.c.

{
  struct key_netstres kres;

  memset (&kres, 0, sizeof (kres));
  if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) INTUSE(xdr_void),
              (char *) NULL, (xdrproc_t) INTUSE(xdr_key_netstres),
              (char *) &kres) &&
      (kres.status == KEY_SUCCESS) &&
      (kres.key_netstres_u.knet.st_priv_key[0] != 0))
    {
      /* avoid leaving secret key in memory */
      memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
      return 1;
    }
  return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int key_setsecret ( char *  secretkey)

Definition at line 70 of file key_call.c.

{
  keystatus status;

  if (!key_call ((u_long) KEY_SET, (xdrproc_t) INTUSE(xdr_keybuf), secretkey,
               (xdrproc_t) INTUSE(xdr_keystatus), (char *) &status))
    return -1;
  if (status != KEY_SUCCESS)
    {
      debug ("set status is nonzero");
      return -1;
    }
  return 0;
}

Here is the call graph for this function:

Definition at line 176 of file key_call.c.

{
  cryptkeyarg2 arg;
  cryptkeyres res;

  arg.remotename = remotename;
  arg.remotekey = *remotekey;
  arg.deskey = *deskey;
  if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) INTUSE(xdr_cryptkeyarg2),
               (char *) &arg, (xdrproc_t) INTUSE(xdr_cryptkeyres),
               (char *) &res))
    return -1;

  if (res.status != KEY_SUCCESS)
    {
      debug ("decrypt status is nonzero");
      return -1;
    }
  *deskey = res.cryptkeyres_u.deskey;
  return 0;
}

Here is the call graph for this function:

Definition at line 201 of file key_call.c.

{
  struct sockaddr_in sin;
  CLIENT *client;
  int socket;
  enum clnt_stat stat;

  sin.sin_family = AF_INET;
  sin.sin_port = 0;
  sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
  __bzero (sin.sin_zero, sizeof (sin.sin_zero));
  socket = RPC_ANYSOCK;
  client = INTUSE(clntudp_bufcreate) (&sin, (u_long) KEY_PROG,
                                  (u_long) KEY_VERS, trytimeout, &socket,
                                  RPCSMALLMSGSIZE, RPCSMALLMSGSIZE);
  if (client == NULL)
    return -1;

  stat = clnt_call (client, KEY_GEN, (xdrproc_t) INTUSE(xdr_void), NULL,
                  (xdrproc_t) INTUSE(xdr_des_block), (caddr_t) key,
                  tottimeout);
  clnt_destroy (client);
  __close (socket);
  if (stat != RPC_SUCCESS)
    return -1;

  return 0;
}

Here is the call graph for this function:

Definition at line 232 of file key_call.c.

{
  keystatus status;

  if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) INTUSE(xdr_key_netstarg),
               (char *) arg,(xdrproc_t) INTUSE(xdr_keystatus),
               (char *) &status))
    return -1;

  if (status != KEY_SUCCESS)
    {
      debug ("key_setnet status is nonzero");
      return -1;
    }
  return 1;
}

Here is the call graph for this function:


Variable Documentation

Definition at line 280 of file key_call.c.

Definition at line 279 of file key_call.c.

Definition at line 281 of file key_call.c.

Definition at line 371 of file key_call.c.

static struct timeval = {KEY_TIMEOUT, 0} [static]

Definition at line 66 of file key_call.c.