Index: ObsoleteFiles.inc =================================================================== --- ObsoleteFiles.inc +++ ObsoleteFiles.inc @@ -40,6 +40,18 @@ # xargs -n1 | sort | uniq -d; # done +# 20210607: remove publickey(5) related programs +OLD_FILES+=usr/bin/chkey +OLD_FILES+=usr/bin/keylogin +OLD_FILES+=usr/bin/keylogout +OLD_FILES+=usr/sbin/keyserv +OLD_FILES+=usr/bin/newkey +OLD_FILES+=usr/share/man/man1/chkey.1.gz +OLD_FILES+=usr/share/man/man1/keylogin.1.gz +OLD_FILES+=usr/share/man/man1/keylogin.1.gz +OLD_FILES+=usr/share/man/man5/publickey.5.gz +OLD_FILES+=usr/share/man/man8/keyserv.1.gz + # 20210426: remove unused libexec/rc.d/addswap OLD_FILES+=etc/rc.d/addswap Index: lib/libc/rpc/Makefile.inc =================================================================== --- lib/libc/rpc/Makefile.inc +++ lib/libc/rpc/Makefile.inc @@ -50,7 +50,7 @@ rpc_clnt_create.3 rpc_svc_calls.3 rpc_svc_create.3 rpc_svc_err.3 \ rpc_svc_reg.3 rpc_xdr.3 rpcbind.3 publickey.3 rpc_secure.3 \ rtime.3 -MAN+= publickey.5 rpc.5 netconfig.5 +MAN+= rpc.5 netconfig.5 MLINKS+= bindresvport.3 bindresvport_sa.3 \ des_crypt.3 ecb_crypt.3 \ des_crypt.3 cbc_crypt.3 \ Index: lib/libc/rpc/publickey.5 =================================================================== --- lib/libc/rpc/publickey.5 +++ /dev/null @@ -1,42 +0,0 @@ -.\" $FreeBSD$ -.\" @(#)publickey.5 2.1 88/08/07 4.0 RPCSRC; from 1.6 88/02/29 SMI; -.Dd October 19, 1987 -.Dt PUBLICKEY 5 -.Os -.Sh NAME -.Nm publickey -.Nd "public key database" -.Sh SYNOPSIS -.Pa /etc/publickey -.Sh DESCRIPTION -.Pa /etc/publickey -is the public key database used for secure -RPC (Remote Procedure Calls). -Each entry in -the database consists of a network user -name (which may either refer to -a user or a hostname), followed by the user's -public key (in hex -notation), a colon, and then the user's -secret key encrypted with -its login password (also in hex notation). -.Pp -This file is altered either by the user through the -.Xr chkey 1 -command or by the system administrator through the -.Xr newkey 8 -command. -The file -.Pa /etc/publickey -should only contain data on the -.Tn NIS -master machine, where it -is converted into the -.Tn NIS -database -.Pa publickey.byname . -.Sh SEE ALSO -.Xr chkey 1 , -.Xr publickey 3 , -.Xr newkey 8 , -.Xr ypupdated 8 Index: usr.bin/Makefile =================================================================== --- usr.bin/Makefile +++ usr.bin/Makefile @@ -61,8 +61,6 @@ ipcs \ join \ jot \ - keylogin \ - keylogout \ killall \ ktrace \ ktrdump \ @@ -241,8 +239,6 @@ SUBDIR.${MK_NIS}+= ypmatch SUBDIR.${MK_NIS}+= ypwhich SUBDIR.${MK_OPENSSH}+= ssh-copy-id -SUBDIR.${MK_OPENSSL}+= chkey -SUBDIR.${MK_OPENSSL}+= newkey SUBDIR.${MK_QUOTAS}+= quota SUBDIR.${MK_SENDMAIL}+= vacation SUBDIR.${MK_TALK}+= talk Index: usr.bin/chkey/Makefile =================================================================== --- usr.bin/chkey/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# $FreeBSD$ - -.include - -.PATH: ${SRCTOP}/usr.bin/newkey - -PROG= chkey -SRCS= chkey.c generic.c update.c -CFLAGS+= -I${SRCTOP}/usr.bin/newkey -.if ${MK_NIS} != "no" -CFLAGS+= -DYP -.endif -LIBADD+= rpcsvc mp - -.include Index: usr.bin/chkey/Makefile.depend =================================================================== --- usr.bin/chkey/Makefile.depend +++ /dev/null @@ -1,18 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - include \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/libthr \ - secure/lib/libcrypto \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: usr.bin/chkey/Makefile.depend.options =================================================================== --- usr.bin/chkey/Makefile.depend.options +++ /dev/null @@ -1,8 +0,0 @@ -# $FreeBSD$ -# This file is not autogenerated - take care! - -DIRDEPS_OPTIONS= NIS - -DIRDEPS.NIS.yes= lib/libmp - -.include Index: usr.bin/chkey/chkey.1 =================================================================== --- usr.bin/chkey/chkey.1 +++ /dev/null @@ -1,30 +0,0 @@ -.\" @(#)chkey.1 1.5 91/03/11 TIRPC 1.0; -.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved. -.\" $FreeBSD$ -.\" -.Dd July 5, 1989 -.Dt CHKEY 1 -.Os -.Sh NAME -.Nm chkey -.Nd change your encryption key -.Sh SYNOPSIS -.Nm -.Sh DESCRIPTION -The -.Nm -utility prompts the user for their login password, -and uses it to encrypt a new encryption key -for the user to be stored in the -.Xr publickey 5 -database. -.Sh "SEE ALSO" -.Xr keylogin 1 , -.Xr publickey 5 , -.Xr keyserv 8 , -.Xr newkey 8 -.Sh HISTORY -The -.Nm -utility was removed from -.Fx 14.0 . Index: usr.bin/chkey/chkey.c =================================================================== --- usr.bin/chkey/chkey.c +++ /dev/null @@ -1,275 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if 0 -#ifndef lint -static char sccsid[] = "@(#)chkey.c 1.7 91/03/11 Copyr 1986 Sun Micro"; -#endif -#endif - -#include -__FBSDID("$FreeBSD$"); - -/* - * Copyright (C) 1986, Sun Microsystems, Inc. - */ - -/* - * Command to change one's public key in the public key database - */ -#include -#include -#ifdef YP -#include -#include -#else -#define YPOP_STORE 4 -#endif -#include -#include -#include -#include -#include -#include -#include - -#include "extern.h" - -#ifdef YPPASSWD -struct passwd *ypgetpwuid(uid_t); -#endif - -#ifdef YP -static char *domain; -static char PKMAP[] = "publickey.byname"; -#else -static char PKFILE[] = "/etc/publickey"; -#endif /* YP */ -static char ROOTKEY[] = "/etc/.rootkey"; - -static void usage(void); -extern int yp_update(char *, char *, int, char *, size_t, char *, size_t); - -int -main(int argc, char **argv) -{ - char name[MAXNETNAMELEN+1]; - char public[HEXKEYBYTES + 1]; - char secret[HEXKEYBYTES + 1]; - char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; - char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; - int status; - char *pass; - struct passwd *pw; - uid_t uid; - int force = 0; - int ch; -#ifdef YP - char *master; -#endif -#ifdef YPPASSWD - char *cryptpw; -#endif - - fprintf(stderr, "chkey is deprecated and removed from FreeBSD 14.\n"); - while ((ch = getopt(argc, argv, "f")) != -1) - switch(ch) { - case 'f': - force = 1; - break; - default: - usage(); - } - argc -= optind; - argv += optind; - - if (argc != 0) - usage(); - -#ifdef YP - (void)yp_get_default_domain(&domain); - if (yp_master(domain, PKMAP, &master) != 0) - errx(1, "can't find master of publickey database"); -#endif - uid = getuid() /*geteuid()*/; - if (uid == 0) { - if (host2netname(name, NULL, NULL) == 0) - errx(1, "cannot convert hostname to netname"); - } else { - if (user2netname(name, uid, NULL) == 0) - errx(1, "cannot convert username to netname"); - } - (void)printf("Generating new key for %s.\n", name); - - if (!force) { - if (uid != 0) { -#ifdef YPPASSWD - pw = ypgetpwuid(uid); -#else - pw = getpwuid(uid); -#endif - if (pw == NULL) { -#ifdef YPPASSWD - errx(1, - "no NIS password entry found: can't change key"); -#else - errx(1, - "no password entry found: can't change key"); -#endif - } - } else { - pw = getpwuid(0); - if (pw == NULL) - errx(1, "no password entry found: can't change key"); - } - } - pass = getpass("Password:"); -#ifdef YPPASSWD - if (!force) { - cryptpw = crypt(pass, pw->pw_passwd); - if (cryptpw == NULL || strcmp(cryptpw, pw->pw_passwd) != 0) - errx(1, "invalid password"); - } -#else - force = 1; /* Make this mandatory */ -#endif - genkeys(public, secret, pass); - - memcpy(crypt1, secret, HEXKEYBYTES); - memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); - crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; - xencrypt(crypt1, pass); - - if (force) { - memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); - xdecrypt(crypt2, getpass("Retype password:")); - if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 - || memcmp(crypt2, secret, HEXKEYBYTES) != 0) - errx(1, "password incorrect"); - } - -#ifdef YP - (void)printf("Sending key change request to %s...\n", master); -#endif - status = setpublicmap(name, public, crypt1); - if (status != 0) { -#ifdef YP - errx(1, "unable to update NIS database (%u): %s", - status, yperr_string(status)); -#else - errx(1, "unable to update publickey database"); -#endif - } - - if (uid == 0) { - /* - * Root users store their key in /etc/$ROOTKEY so - * that they can auto reboot without having to be - * around to type a password. Storing this in a file - * is rather dubious: it should really be in the EEPROM - * so it does not go over the net. - */ - int fd; - - fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0); - if (fd < 0) { - warn("%s", ROOTKEY); - } else { - char newline = '\n'; - - if (write(fd, secret, strlen(secret)) < 0 || - write(fd, &newline, sizeof(newline)) < 0) - warn("%s: write", ROOTKEY); - } - close(fd); - } - - if (key_setsecret(secret) < 0) - errx(1, "unable to login with new secret key"); - (void)printf("Done.\n"); - exit(0); - /* NOTREACHED */ -} - -static void -usage(void) -{ - (void)fprintf(stderr, "usage: chkey [-f]\n"); - exit(1); - /* NOTREACHED */ -} - - -/* - * Set the entry in the public key file - */ -int -setpublicmap(char *name, char *public, char *secret) -{ - char pkent[1024]; - - (void)sprintf(pkent,"%s:%s", public, secret); -#ifdef YP - return (yp_update(domain, PKMAP, YPOP_STORE, - name, strlen(name), pkent, strlen(pkent))); -#else - return (localupdate(name, PKFILE, YPOP_STORE, - strlen(name), name, strlen(pkent), pkent)); -#endif -} - -#ifdef YPPASSWD -struct passwd * -ypgetpwuid(uid_t uid) -{ - char uidstr[10]; - char *val; - int vallen; - static struct passwd pw; - char *p; - - (void)sprintf(uidstr, "%d", uid); - if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr), - &val, &vallen) != 0) { - return (NULL); - } - p = strchr(val, ':'); - if (p == NULL) { - return (NULL); - } - pw.pw_passwd = p + 1; - p = strchr(pw.pw_passwd, ':'); - if (p == NULL) { - return (NULL); - } - *p = 0; - return (&pw); -} -#endif /* YPPASSWD */ Index: usr.bin/keylogin/Makefile =================================================================== --- usr.bin/keylogin/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -# $FreeBSD$ - -PROG= keylogin - -LIBADD= rpcsvc - -.include Index: usr.bin/keylogin/Makefile.depend =================================================================== --- usr.bin/keylogin/Makefile.depend +++ /dev/null @@ -1,20 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - include \ - include/rpc \ - include/rpcsvc \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/librpcsvc \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: usr.bin/keylogin/keylogin.1 =================================================================== --- usr.bin/keylogin/keylogin.1 +++ /dev/null @@ -1,35 +0,0 @@ -.\" @(#)keylogin.1 1.5 91/03/11 TIRPC 1.0; -.\" Copyright (c) 1988 Sun Microsystems, Inc. - All Rights Reserved. -.\" $FreeBSD$ -.\" -.Dd September 9, 1987 -.Dt KEYLOGIN 1 -.Os -.Sh NAME -.Nm keylogin -.Nd decrypt and store secret key -.Sh SYNOPSIS -.Nm -.Sh DESCRIPTION -The -.Nm -utility prompts the user for their login password, and uses it to decrypt -the user's secret key stored in the -.Xr publickey 5 -database. -Once decrypted, the user's key is stored by the local -key server process -.Xr keyserv 8 -to be used by any secure network services, such as NFS. -.Sh SEE ALSO -.Xr chkey 1 , -.Xr keylogout 1 , -.Xr login 1 , -.Xr publickey 5 , -.Xr keyserv 8 , -.Xr newkey 8 -.Sh HISTORY -The -.Nm -utility was removed from -.Fx 14.0 . Index: usr.bin/keylogin/keylogin.c =================================================================== --- usr.bin/keylogin/keylogin.c +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ -#if !defined(lint) && defined(SCCSIDS) -static char sccsid[] = "@(#)keylogin.c 1.4 91/03/11 Copyr 1986 Sun Micro"; -#endif -#include -__FBSDID("$FreeBSD$"); - -/* - * Copyright (C) 1986, Sun Microsystems, Inc. - */ - -/* - * Set secret key on local machine - */ -#include -#include -#include -#include -#include -#include -#include - -extern int key_setnet(struct key_netstarg *); - -int -main(void) -{ - char fullname[MAXNETNAMELEN + 1]; - struct key_netstarg netst; - - fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 14.\n"); - if (!getnetname(fullname)) { - fprintf(stderr, "netname lookup failed -- make sure the "); - fprintf(stderr, "system domain name is set.\n"); - exit(1); - } - - if (! getsecretkey(fullname, (char *)&(netst.st_priv_key), - getpass("Password:"))) { - fprintf(stderr, "Can't find %s's secret key\n", fullname); - exit(1); - } - if (netst.st_priv_key[0] == 0) { - fprintf(stderr, "Password incorrect for %s\n", fullname); - exit(1); - } - - netst.st_pub_key[0] = 0; - netst.st_netname = strdup(fullname); - - if (key_setnet(&netst) < 0) { - fprintf(stderr, "Could not set %s's secret key\n", fullname); - fprintf(stderr, "Maybe the keyserver is down?\n"); - exit(1); - } - exit(0); - /* NOTREACHED */ -} Index: usr.bin/keylogout/Makefile =================================================================== --- usr.bin/keylogout/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -# $FreeBSD$ - -PROG= keylogout - -.include Index: usr.bin/keylogout/Makefile.depend =================================================================== --- usr.bin/keylogout/Makefile.depend +++ /dev/null @@ -1,19 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - include \ - include/rpc \ - include/rpcsvc \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: usr.bin/keylogout/keylogout.1 =================================================================== --- usr.bin/keylogout/keylogout.1 +++ /dev/null @@ -1,47 +0,0 @@ -.\" $FreeBSD$ -.\" @(#)keylogout.1 1.4 91/03/11 TIRPC 1.0; from 1.3 89/07/26 SMI; -.Dd April 15, 1989 -.Dt KEYLOGOUT 1 -.Os -.Sh NAME -.Nm keylogout -.Nd delete stored secret key -.Sh SYNOPSIS -.Nm -.Op Fl f -.Sh DESCRIPTION -The -.Nm -utility deletes the key stored by the key server process -.Xr keyserv 8 -to be used by any secure network services, such as NFS. -Further access to the key is revoked, -however current session keys may remain valid till they expire, -or are refreshed. -This option will cause any background jobs that need secure RPC -services to fail, and any scheduled -.Nm at -jobs that need the key to fail. -Also since only one copy is kept on a machine of the key, -it is a bad idea to place this in your -.Pa .logout -file since it will affect other sessions on the same machine. -.Pp -The following option is available: -.Bl -tag -width indent -.It Fl f -Forget the rootkey. -This will break secure NFS if it is done on a server. -.El -.Sh SEE ALSO -.Xr chkey 1 , -.Xr keylogin 1 , -.Xr login 1 , -.Xr publickey 5 , -.Xr keyserv 8 , -.Xr newkey 8 -.Sh HISTORY -The -.Nm -utility was removed from -.Fx 14.0 . Index: usr.bin/keylogout/keylogout.c =================================================================== --- usr.bin/keylogout/keylogout.c +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ -/* - * Copyright (C) 1986, Sun Microsystems, Inc. - */ - -#include -__FBSDID("$FreeBSD$"); - -/* - * unset the secret key on local machine - */ - -#include -#include -#include -#include -#include - -int -main(int argc, char **argv) -{ - static char secret[HEXKEYBYTES + 1]; - - fprintf(stderr, "keylogin is deprecated and removed from FreeBSD 14.\n"); - if (geteuid() == 0) { - if ((argc != 2 ) || (strcmp(argv[1], "-f") != 0)) { - fprintf(stderr, -"keylogout by root would break all servers that use secure rpc!\n"); - fprintf(stderr, -"root may use keylogout -f to do this (at your own risk)!\n"); - exit(1); - } - } - - if (key_setsecret(secret) < 0) { - fprintf(stderr, "Could not unset your secret key.\n"); - fprintf(stderr, "Maybe the keyserver is down?\n"); - exit(1); - } - exit(0); - /* NOTREACHED */ -} Index: usr.bin/newkey/Makefile =================================================================== --- usr.bin/newkey/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -# $FreeBSD$ - -.include - -PROG= newkey -SRCS= newkey.c generic.c update.c -.if ${MK_NIS} != "no" -CFLAGS+= -DYP -.endif -MAN= newkey.8 -LIBADD= rpcsvc mp - -.include Index: usr.bin/newkey/Makefile.depend =================================================================== --- usr.bin/newkey/Makefile.depend +++ /dev/null @@ -1,22 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - include \ - include/rpc \ - include/rpcsvc \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/libmp \ - lib/librpcsvc \ - secure/lib/libcrypto \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: usr.bin/newkey/extern.h =================================================================== --- usr.bin/newkey/extern.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - * - * $FreeBSD$ - */ - -#ifdef YP -#define MAXMAPNAMELEN 256 -#else -#define YPOP_CHANGE 1 /* change, do not add */ -#define YPOP_INSERT 2 /* add, do not change */ -#define YPOP_DELETE 3 /* delete this entry */ -#define YPOP_STORE 4 /* add, or change */ -#endif - -void genkeys(char *, char *, char *); -int setpublicmap(char *, char *, char *); -int mapupdate(char *, char *, u_int, u_int, char *, u_int, char *); -void xencrypt(char *, char *); -void xdecrypt(char *, char *); -int localupdate(char *, char *, u_int, u_int, char *, u_int, char *); Index: usr.bin/newkey/generic.c =================================================================== --- usr.bin/newkey/generic.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if !defined(lint) && defined(SCCSIDS) -#if 0 -static char sccsid[] = "@(#)generic.c 1.2 91/03/11 Copyr 1986 Sun Micro"; -#endif -#endif - -/* - * Copyright (C) 1986, Sun Microsystems, Inc. - */ - -#include -__FBSDID("$FreeBSD$"); - -#include - -#include -#include - -#include -#include -#include - -#include "extern.h" - -static void adjust(char[], char *); -static void getseed(char *, int, unsigned char *); - -/* - * Generate a seed - */ -static void -getseed(char *seed, int seedsize, unsigned char *pass) -{ - int i; - - for (i = 0; i < seedsize; i++) { - seed[i] = (arc4random() & 0xff) ^ pass[i % 8]; - } -} - -/* - * Generate a random public/secret key pair - */ -void -genkeys(char *public, char *secret, char *pass) -{ - unsigned int i; - -# define BASEBITS (8*sizeof (short) - 1) -# define BASE (1 << BASEBITS) - - MINT *pk = mp_itom(0); - MINT *sk = mp_itom(0); - MINT *tmp; - MINT *base = mp_itom((short)BASE); - MINT *root = mp_itom(PROOT); - MINT *modulus = mp_xtom(HEXMODULUS); - short r; - unsigned short seed[KEYSIZE/BASEBITS + 1]; - char *xkey; - - getseed((char *)seed, sizeof (seed), (u_char *)pass); - for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) { - r = seed[i] % BASE; - tmp = mp_itom(r); - mp_mult(sk, base, sk); - mp_madd(sk, tmp, sk); - mp_mfree(tmp); - } - tmp = mp_itom(0); - mp_mdiv(sk, modulus, tmp, sk); - mp_mfree(tmp); - mp_pow(root, sk, modulus, pk); - xkey = mp_mtox(sk); - adjust(secret, xkey); - xkey = mp_mtox(pk); - adjust(public, xkey); - mp_mfree(sk); - mp_mfree(base); - mp_mfree(pk); - mp_mfree(root); - mp_mfree(modulus); -} - -/* - * Adjust the input key so that it is 0-filled on the left - */ -static void -adjust(char keyout[HEXKEYBYTES+1], char *keyin) -{ - char *p; - char *s; - - for (p = keyin; *p; p++) - ; - for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) { - *s = *p; - } - while (s >= keyout) { - *s-- = '0'; - } -} Index: usr.bin/newkey/newkey.8 =================================================================== --- usr.bin/newkey/newkey.8 +++ /dev/null @@ -1,64 +0,0 @@ -.\" @(#)newkey.8 1.3 91/03/11 TIRPC 1.0; from 1.12 90/02/03 SMI; -.\" $FreeBSD$ -.Dd October 12, 1987 -.Dt NEWKEY 8 -.Os -.Sh NAME -.Nm newkey -.Nd create a new key in the publickey database -.Sh SYNOPSIS -.Nm -.Fl h Ar hostname -.Nm -.Fl u Ar username -.Sh DESCRIPTION -The -.Nm -utility is normally run by the network administrator on the -Network Interface Service -.Pq NIS -master machine in order to establish public keys for -users and super-users on the network. -These keys are needed for using secure -RPC -or secure -NFS . -.Pp -The -.Nm -utility will prompt for the login password of the given username and then -create a new public/secret key pair in -.Pa /etc/publickey -encrypted with the login password of the given user. -.Pp -Use of this program is -not required: users may create their own keys using -.Xr chkey 1 . -.Sh OPTIONS -.Bl -tag -width indent -.It Fl h Ar hostname -Create a new public key for the super-user at the given hostname. -Prompts for the root password of the given hostname. -.It Fl u Ar username -Create a new public key for the given username. -Prompts for the -NIS -password of the given username. -.El -.Sh SEE ALSO -.Xr chkey 1 , -.Xr keylogin 1 , -.Xr publickey 5 , -.Xr keyserv 8 -.Sh HISTORY -The -.Nm -utility was removed from -.Fx 14.0 . -.Sh NOTES -The Network Information Service -.Pq NIS -was formerly known as Sun Yellow Pages -.Pq YP . -The functionality of the two remains the same; -only the name has changed. Index: usr.bin/newkey/newkey.c =================================================================== --- usr.bin/newkey/newkey.c +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#if !defined(lint) && defined(SCCSIDS) -#if 0 -static char sccsid[] = "@(#)newkey.c 1.8 91/03/11 Copyr 1986 Sun Micro"; -#endif -#endif - -/* - * Copyright (C) 1986, Sun Microsystems, Inc. - */ - -/* - * Administrative tool to add a new user to the publickey database - */ -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include - -#include -#include - -#ifdef YP -#include -#include -#include -#include -#endif /* YP */ - -#include -#include -#include -#include -#include -#include - -#include "extern.h" - -#ifdef YP -#define MAXMAPNAMELEN 256 -#else -#define YPOP_CHANGE 1 /* change, do not add */ -#define YPOP_INSERT 2 /* add, do not change */ -#define YPOP_DELETE 3 /* delete this entry */ -#define YPOP_STORE 4 /* add, or change */ -#define ERR_ACCESS 1 -#define ERR_MALLOC 2 -#define ERR_READ 3 -#define ERR_WRITE 4 -#define ERR_DBASE 5 -#define ERR_KEY 6 -#endif - -#ifdef YP -static char YPDBPATH[]="/var/yp"; -static char PKMAP[] = "publickey.byname"; -#else -static char PKFILE[] = "/etc/publickey"; -static const char *err_string(int); -#endif /* YP */ - -static void usage(void); - -int -main(int argc, char *argv[]) -{ - char name[MAXNETNAMELEN + 1]; - char public[HEXKEYBYTES + 1]; - char secret[HEXKEYBYTES + 1]; - char crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; - char crypt2[HEXKEYBYTES + KEYCHECKSUMSIZE + 1]; - int status; - char *pass; - struct passwd *pw; -#ifdef undef - struct hostent *h; -#endif - - fprintf(stderr, "newkey is deprecated and removed from FreeBSD 14.\n"); - if (argc != 3 || !(strcmp(argv[1], "-u") == 0 || - strcmp(argv[1], "-h") == 0)) { - usage(); - } - if (geteuid() != 0) - errx(1, "must be superuser"); - -#ifdef YP - if (chdir(YPDBPATH) < 0) - warn("cannot chdir to %s", YPDBPATH); -#endif /* YP */ - if (strcmp(argv[1], "-u") == 0) { - pw = getpwnam(argv[2]); - if (pw == NULL) - errx(1, "unknown user: %s", argv[2]); - (void)user2netname(name, (int)pw->pw_uid, (char *)NULL); - } else { -#ifdef undef - h = gethostbyname(argv[2]); - if (h == NULL) - errx(1, "unknown host: %s", argv[1]); - (void)host2netname(name, h->h_name, (char *)NULL); -#else - (void)host2netname(name, argv[2], (char *)NULL); -#endif - } - - (void)printf("Adding new key for %s.\n", name); - pass = getpass("New password:"); - genkeys(public, secret, pass); - - memcpy(crypt1, secret, HEXKEYBYTES); - memcpy(crypt1 + HEXKEYBYTES, secret, KEYCHECKSUMSIZE); - crypt1[HEXKEYBYTES + KEYCHECKSUMSIZE] = 0; - xencrypt(crypt1, pass); - - memcpy(crypt2, crypt1, HEXKEYBYTES + KEYCHECKSUMSIZE + 1); - xdecrypt(crypt2, getpass("Retype password:")); - if (memcmp(crypt2, crypt2 + HEXKEYBYTES, KEYCHECKSUMSIZE) != 0 || - memcmp(crypt2, secret, HEXKEYBYTES) != 0) - errx(1, "password incorrect"); - -#ifdef YP - (void)printf("Please wait for the database to get updated...\n"); -#endif - if ((status = setpublicmap(name, public, crypt1))) { -#ifdef YP - errx(1, "unable to update NIS database (%u): %s", - status, yperr_string(status)); -#else - errx(1, "unable to update publickey database (%u): %s", - status, err_string(status)); -#endif - } - (void)printf("Your new key has been successfully stored away.\n"); - exit(0); - /* NOTREACHED */ -} - -static void -usage(void) -{ - (void)fprintf(stderr, "%s\n%s\n", - "usage: newkey -h hostname", - " newkey -u username"); - exit(1); -} - -/* - * Set the entry in the public key file - */ -int -setpublicmap(char *name, char *public, char *secret) -{ - char pkent[1024]; - - (void)sprintf(pkent, "%s:%s", public, secret); -#ifdef YP - return (mapupdate(name, PKMAP, YPOP_STORE, - strlen(name), name, strlen(pkent), pkent)); -#else - return (localupdate(name, PKFILE, YPOP_STORE, - strlen(name), name, strlen(pkent), pkent)); -#endif - } - -#ifndef YP - /* - * This returns a pointer to an error message string appropriate - * to an input error code. An input value of zero will return - * a success message. - */ -static const char * -err_string(int code) -{ - const char *pmesg; - - switch (code) { - case 0: - pmesg = "update operation succeeded"; - break; - case ERR_KEY: - pmesg = "no such key in file"; - break; - case ERR_READ: - pmesg = "cannot read the database"; - break; - case ERR_WRITE: - pmesg = "cannot write to the database"; - break; - case ERR_DBASE: - pmesg = "cannot update database"; - break; - case ERR_ACCESS: - pmesg = "permission denied"; - break; - case ERR_MALLOC: - pmesg = "malloc failed"; - break; - default: - pmesg = "unknown error"; - break; - } - return (pmesg); -} -#endif Index: usr.bin/newkey/update.c =================================================================== --- usr.bin/newkey/update.c +++ /dev/null @@ -1,340 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user or with the express written consent of - * Sun Microsystems, Inc. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)update.c 1.2 91/03/11 Copyr 1986 Sun Micro"; -#endif -#endif - -/* - * Copyright (C) 1986, 1989, Sun Microsystems, Inc. - */ - -/* - * Administrative tool to add a new user to the publickey database - */ -#include -__FBSDID("$FreeBSD$"); - -#include -#include -#include - -#include -#include - -#ifdef YP -#include -#include -#include -#include -#endif /* YP */ - -#include -#include -#include -#include -#include - -#include "extern.h" - -#ifdef YP -static char SHELL[] = "/bin/sh"; -static char YPDBPATH[]="/var/yp"; /* This is defined but not used! */ -static char UPDATEFILE[] = "updaters"; - -static int _openchild(char *, FILE **, FILE **); -static char *basename(char *path); - -/* - * Determine if requester is allowed to update the given map, - * and update it if so. Returns the yp status, which is zero - * if there is no access violation. - */ -int -mapupdate(char *requester, char *mapname, u_int op, u_int keylen, - char *key, u_int datalen, char *data) -{ - char updater[MAXMAPNAMELEN + 40]; - FILE *childargs; - FILE *childrslt; -#ifdef WEXITSTATUS - int status; -#else - union wait status; -#endif - pid_t pid; - u_int yperrno; - - -#ifdef DEBUG - printf("%s %s\n", key, data); -#endif - (void)sprintf(updater, "make -s -f %s/%s %s", YPDBPATH, /* !!! */ - UPDATEFILE, mapname); - pid = _openchild(updater, &childargs, &childrslt); - if (pid < 0) { - return (YPERR_YPERR); - } - - /* - * Write to child - */ - (void)fprintf(childargs, "%s\n", requester); - (void)fprintf(childargs, "%u\n", op); - (void)fprintf(childargs, "%u\n", keylen); - (void)fwrite(key, (int)keylen, 1, childargs); - (void)fprintf(childargs, "\n"); - (void)fprintf(childargs, "%u\n", datalen); - (void)fwrite(data, (int)datalen, 1, childargs); - (void)fprintf(childargs, "\n"); - (void)fclose(childargs); - - /* - * Read from child - */ - (void)fscanf(childrslt, "%d", &yperrno); - (void)fclose(childrslt); - - (void)wait(&status); -#ifdef WEXITSTATUS - if (WEXITSTATUS(status) != 0) { -#else - if (status.w_retcode != 0) { -#endif - return (YPERR_YPERR); - } - return (yperrno); -} - -/* - * returns pid, or -1 for failure - */ -static pid_t -_openchild(char *command, FILE **fto, FILE **ffrom) -{ - int i; - pid_t pid; - int pdto[2]; - int pdfrom[2]; - char *com; - struct rlimit rl; - - if (pipe(pdto) < 0) { - goto error1; - } - if (pipe(pdfrom) < 0) { - goto error2; - } - switch (pid = fork()) { - case -1: - goto error3; - - case 0: - /* - * child: read from pdto[0], write into pdfrom[1] - */ - (void)close(0); - (void)dup(pdto[0]); - (void)close(1); - (void)dup(pdfrom[1]); - getrlimit(RLIMIT_NOFILE, &rl); - for (i = rl.rlim_max - 1; i >= 3; i--) { - (void) close(i); - } - com = malloc((unsigned) strlen(command) + 6); - if (com == NULL) { - _exit(~0); - } - (void)sprintf(com, "exec %s", command); - execl(SHELL, basename(SHELL), "-c", com, (char *)NULL); - _exit(~0); - - default: - /* - * parent: write into pdto[1], read from pdfrom[0] - */ - *fto = fdopen(pdto[1], "w"); - (void)close(pdto[0]); - *ffrom = fdopen(pdfrom[0], "r"); - (void)close(pdfrom[1]); - break; - } - return (pid); - - /* - * error cleanup and return - */ -error3: - (void)close(pdfrom[0]); - (void)close(pdfrom[1]); -error2: - (void)close(pdto[0]); - (void)close(pdto[1]); -error1: - return (-1); -} - -static char * -basename(char *path) -{ - char *p; - - p = strrchr(path, '/'); - if (p == NULL) { - return (path); - } else { - return (p + 1); - } -} - -#else /* YP */ - -#define ERR_ACCESS 1 -#define ERR_MALLOC 2 -#define ERR_READ 3 -#define ERR_WRITE 4 -#define ERR_DBASE 5 -#define ERR_KEY 6 - -static int match(char *, char *); - -/* - * Determine if requester is allowed to update the given map, - * and update it if so. Returns the status, which is zero - * if there is no access violation. This function updates - * the local file and then shuts up. - */ -int -localupdate(char *name, char *filename, u_int op, u_int keylen __unused, - char *key, u_int datalen __unused, char *data) -{ - char line[256]; - FILE *rf; - FILE *wf; - char *tmpname; - int err; - - /* - * Check permission - */ - if (strcmp(name, key) != 0) { - return (ERR_ACCESS); - } - if (strcmp(name, "nobody") == 0) { - /* - * Can't change "nobody"s key. - */ - return (ERR_ACCESS); - } - - /* - * Open files - */ - tmpname = malloc(strlen(filename) + 4); - if (tmpname == NULL) { - return (ERR_MALLOC); - } - sprintf(tmpname, "%s.tmp", filename); - rf = fopen(filename, "r"); - if (rf == NULL) { - err = ERR_READ; - goto cleanup; - } - wf = fopen(tmpname, "w"); - if (wf == NULL) { - fclose(rf); - err = ERR_WRITE; - goto cleanup; - } - err = -1; - while (fgets(line, sizeof (line), rf)) { - if (err < 0 && match(line, name)) { - switch (op) { - case YPOP_INSERT: - err = ERR_KEY; - break; - case YPOP_STORE: - case YPOP_CHANGE: - fprintf(wf, "%s %s\n", key, data); - err = 0; - break; - case YPOP_DELETE: - /* do nothing */ - err = 0; - break; - } - } else { - fputs(line, wf); - } - } - if (err < 0) { - switch (op) { - case YPOP_CHANGE: - case YPOP_DELETE: - err = ERR_KEY; - break; - case YPOP_INSERT: - case YPOP_STORE: - err = 0; - fprintf(wf, "%s %s\n", key, data); - break; - } - } - fclose(wf); - fclose(rf); - if (err == 0) { - if (rename(tmpname, filename) < 0) { - err = ERR_DBASE; - goto cleanup; - } - } else { - if (unlink(tmpname) < 0) { - err = ERR_DBASE; - goto cleanup; - } - } - -cleanup: - free(tmpname); - return (err); -} - -static int -match(char *line, char *name) -{ - int len; - - len = strlen(name); - return (strncmp(line, name, len) == 0 && - (line[len] == ' ' || line[len] == '\t')); -} -#endif /* !YP */ Index: usr.sbin/Makefile =================================================================== --- usr.sbin/Makefile +++ usr.sbin/Makefile @@ -180,7 +180,6 @@ SUBDIR.${MK_NIS}+= ypserv SUBDIR.${MK_NIS}+= ypset SUBDIR.${MK_NTP}+= ntp -SUBDIR.${MK_OPENSSL}+= keyserv SUBDIR.${MK_OPENSSL_KTLS}+= rpc.tlsclntd SUBDIR.${MK_OPENSSL_KTLS}+= rpc.tlsservd SUBDIR.${MK_PF}+= ftp-proxy Index: usr.sbin/keyserv/Makefile =================================================================== --- usr.sbin/keyserv/Makefile +++ /dev/null @@ -1,25 +0,0 @@ -# $FreeBSD$ - -PROG= keyserv -MAN= keyserv.8 -SRCS= keyserv.c setkey.c crypt_svc.c crypt_server.c crypt.h - -CFLAGS+= -DBROKEN_DES -I. - -LIBADD= mp rpcsvc - -WARNS?= 1 - -RPCDIR= ${SYSROOT:U${DESTDIR}}/usr/include/rpcsvc - -CLEANFILES= crypt_svc.c crypt.h - -RPCGEN= RPCGEN_CPP=${CPP:Q} rpcgen -C - -crypt_svc.c: ${RPCDIR}/crypt.x - ${RPCGEN} -m -o ${.TARGET} ${RPCDIR}/crypt.x - -crypt.h: ${RPCDIR}/crypt.x - ${RPCGEN} -h -o ${.TARGET} ${RPCDIR}/crypt.x - -.include Index: usr.sbin/keyserv/Makefile.depend =================================================================== --- usr.sbin/keyserv/Makefile.depend +++ /dev/null @@ -1,22 +0,0 @@ -# $FreeBSD$ -# Autogenerated - do NOT edit! - -DIRDEPS = \ - gnu/lib/csu \ - include \ - include/rpc \ - include/rpcsvc \ - include/xlocale \ - lib/${CSU_DIR} \ - lib/libc \ - lib/libcompiler_rt \ - lib/libmp \ - lib/librpcsvc \ - secure/lib/libcrypto \ - - -.include - -.if ${DEP_RELDIR} == ${_DEP_RELDIR} -# local dependencies - needed for -jN in clean tree -.endif Index: usr.sbin/keyserv/crypt_server.c =================================================================== --- usr.sbin/keyserv/crypt_server.c +++ /dev/null @@ -1,277 +0,0 @@ -/* - * Copyright (c) 1996 - * Bill Paul . All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Bill Paul. - * 4. Neither the name of the author nor the names of any co-contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "crypt.h" - -#ifndef lint -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -/* - * The U.S. government stupidly believes that a) it can keep strong - * crypto code a secret and b) that doing so somehow protects national - * interests. It's wrong on both counts, but until it listens to reason - * we have to make certain compromises so it doesn't have an excuse to - * throw us in federal prison. - * - * Consequently, the core OS ships without DES support, and keyserv - * defaults to using ARCFOUR with only a 40 bit key, just like nutscrape. - * This breaks compatibility with Secure RPC on other systems, but it - * allows Secure RPC to work between FreeBSD systems that don't have the - * DES package installed without throwing security totally out the window. - * - * In order to avoid having to supply two versions of keyserv (one with - * DES and one without), we use dlopen() and friends to load libdes.so - * into our address space at runtime. We check for the presence of - * /usr/lib/libdes.so.3.0 at startup and load it if we find it. If we - * can't find it, or the __des_crypt symbol doesn't exist, we fall back - * to the ARCFOUR encryption code. The user can specify another path using - * the -p flag. - */ - - /* arcfour.h */ -typedef struct arcfour_key -{ - unsigned char state[256]; - unsigned char x; - unsigned char y; -} arcfour_key; - -static void prepare_key(unsigned char *key_data_ptr,int key_data_len, - arcfour_key *key); -static void arcfour(unsigned char *buffer_ptr,int buffer_len,arcfour_key * key); -static void swap_byte(unsigned char *a, unsigned char *b); - -static void prepare_key(unsigned char *key_data_ptr, int key_data_len, - arcfour_key *key) -{ - unsigned char index1; - unsigned char index2; - unsigned char* state; - short counter; - - state = &key->state[0]; - for(counter = 0; counter < 256; counter++) - state[counter] = counter; - key->x = 0; - key->y = 0; - index1 = 0; - index2 = 0; - for(counter = 0; counter < 256; counter++) - { - index2 = (key_data_ptr[index1] + state[counter] + - index2) % 256; - swap_byte(&state[counter], &state[index2]); - - index1 = (index1 + 1) % key_data_len; - } -} - -static void arcfour(unsigned char *buffer_ptr, int buffer_len, arcfour_key *key) -{ - unsigned char x; - unsigned char y; - unsigned char* state; - unsigned char xorIndex; - short counter; - - x = key->x; - y = key->y; - - state = &key->state[0]; - for(counter = 0; counter < buffer_len; counter ++) - { - x = (x + 1) % 256; - y = (state[x] + y) % 256; - swap_byte(&state[x], &state[y]); - - xorIndex = (state[x] + state[y]) % 256; - - buffer_ptr[counter] ^= state[xorIndex]; - } - key->x = x; - key->y = y; -} - -static void swap_byte(unsigned char *a, unsigned char *b) -{ - unsigned char swapByte; - - swapByte = *a; - *a = *b; - *b = swapByte; -} - -/* Dummy _des_crypt function that uses ARCFOUR with a 40 bit key */ -int _arcfour_crypt(buf, len, desp) - char *buf; - int len; - struct desparams *desp; -{ - struct arcfour_key arcfourk; - - /* - * U.S. government anti-crypto weasels take - * note: although we are supplied with a 64 bit - * key, we're only passing 40 bits to the ARCFOUR - * encryption code. So there. - */ - prepare_key(desp->des_key, 5, &arcfourk); - arcfour(buf, len, &arcfourk); - - return(DESERR_NOHWDEVICE); -} - -int (*_my_crypt)(char *, int, struct desparams *) = NULL; - -static void *dlhandle; - -#ifndef _PATH_USRLIB -#define _PATH_USRLIB "/usr/lib" -#endif - -#ifndef LIBCRYPTO -#define LIBCRYPTO "libcrypto.so.2" -#endif - -void load_des(warn, libpath) - int warn; - char *libpath; -{ - char dlpath[MAXPATHLEN]; - - if (libpath == NULL) - snprintf(dlpath, sizeof(dlpath), "%s/%s", _PATH_USRLIB, - LIBCRYPTO); - else - snprintf(dlpath, sizeof(dlpath), "%s", libpath); - - if ((dlhandle = dlopen(dlpath, 0444)) != NULL) - _my_crypt = (int (*)())dlsym(dlhandle, "_des_crypt"); - - if (_my_crypt == NULL) { - if (dlhandle != NULL) - dlclose(dlhandle); - _my_crypt = &_arcfour_crypt; - if (warn) { - printf ("DES support disabled -- using ARCFOUR instead.\n"); - printf ("Warning: ARCFOUR cipher is not compatible with "); - printf ("other Secure RPC implementations.\nInstall "); - printf ("the FreeBSD 'des' distribution to enable"); - printf (" DES encryption.\n"); - } - } else { - if (warn) { - printf ("DES support enabled\n"); - printf ("Using %s shared object.\n", dlpath); - } - } - - return; -} - -desresp * -des_crypt_1_svc(desargs *argp, struct svc_req *rqstp) -{ - static desresp result; - struct desparams dparm; - - if (argp->desbuf.desbuf_len > DES_MAXDATA) { - result.stat = DESERR_BADPARAM; - return(&result); - } - - - bcopy(argp->des_key, dparm.des_key, 8); - bcopy(argp->des_ivec, dparm.des_ivec, 8); - dparm.des_mode = (argp->des_mode == CBC_DES) ? CBC : ECB; - dparm.des_dir = (argp->des_dir == ENCRYPT_DES) ? ENCRYPT : DECRYPT; -#ifdef BROKEN_DES - dparm.UDES.UDES_buf = argp->desbuf.desbuf_val; -#endif - - /* - * XXX This compensates for a bug in the libdes Secure RPC - * compat interface. (Actually, there are a couple.) The - * des_ecb_encrypt() routine in libdes only encrypts 8 bytes - * (64 bits) at a time. However, the Sun Secure RPC ecb_crypt() - * routine is supposed to be able to handle buffers up to 8Kbytes. - * The rpc_enc module in libdes ignores this fact and just drops - * the length parameter on the floor, encrypting only the - * first 64 bits of whatever buffer you feed it. We deal with - * this here: if we're using DES encryption, and we're using - * ECB mode, then we make a pass over the entire buffer - * ourselves. Note: the rpc_enc module incorrectly transposes - * the mode flags, so when you ask for CBC mode, you're really - * getting ECB mode. - */ -#ifdef BROKEN_DES - if (_my_crypt != &_arcfour_crypt && argp->des_mode == CBC) { -#else - if (_my_crypt != &_arcfour_crypt && argp->des_mode == ECB) { -#endif - int i; - char *dptr; - - for (i = 0; i < argp->desbuf.desbuf_len / 8; i++) { - dptr = argp->desbuf.desbuf_val; - dptr += (i * 8); -#ifdef BROKEN_DES - dparm.UDES.UDES_buf = dptr; -#endif - result.stat = _my_crypt(dptr, 8, &dparm); - } - } else { - result.stat = _my_crypt(argp->desbuf.desbuf_val, - argp->desbuf.desbuf_len, - &dparm); - } - - if (result.stat == DESERR_NONE || result.stat == DESERR_NOHWDEVICE) { - bcopy(dparm.des_ivec, result.des_ivec, 8); - result.desbuf.desbuf_len = argp->desbuf.desbuf_len; - result.desbuf.desbuf_val = argp->desbuf.desbuf_val; - } - - return (&result); -} Index: usr.sbin/keyserv/keyserv.h =================================================================== --- usr.sbin/keyserv/keyserv.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * $FreeBSD$ - */ -extern void setmodulus(char *modx); - -extern keystatus pk_setkey( uid_t, keybuf ); -extern keystatus pk_encrypt( uid_t, char *, netobj *, des_block * ); -extern keystatus pk_decrypt( uid_t, char *, netobj *, des_block * ); -extern keystatus pk_netput( uid_t, key_netstarg * ); -extern keystatus pk_netget( uid_t, key_netstarg * ); -extern keystatus pk_get_conv_key( uid_t, keybuf, cryptkeyres * ); -extern void pk_nodefaultkeys( void ); - -extern void crypt_prog_1( struct svc_req *, register SVCXPRT * ); -extern void load_des( int, char * ); - -extern int (*_my_crypt)( char *, int, struct desparams * ); Index: usr.sbin/keyserv/keyserv.8 =================================================================== --- usr.sbin/keyserv/keyserv.8 +++ /dev/null @@ -1,85 +0,0 @@ -.\" @(#)keyserv.1m 1.21 93/07/14 SMI; from SVr4 -.\"macro stdmacro -.\" Copyright 1989 AT&T -.\" @(#)keyserv.8c 1.8 89/03/29 SMI; -.\" $FreeBSD$ -.\".TH KEYSERV 8C "9 September 1987" -.Dd September 14, 1992 -.Dt KEYSERV 8 -.Os -.Sh NAME -.Nm keyserv -.Nd server for storing private encryption keys -.Sh SYNOPSIS -.Nm -.Op Fl d -.Op Fl D -.Op Fl n -.Op Fl p Ar path -.Op Fl v -.Sh DESCRIPTION -The -.Nm -utility is a daemon that is used for storing the -private encryption keys of each -user logged into the system. -These encryption keys are used for accessing -secure network services such as secure -.Tn NFS . -.Pp -Normally, root's key is read from the file -.Pa /etc/.rootkey -when the daemon is started. -This is useful during power-fail reboots -when no one is around to type a password. -.Pp -If a client with no secret key calls -.Nm , -then the key of user -.Em nobody -is used instead as the default key. -.Pp -The following options are available: -.Bl -tag -width indent -.It Fl d -Disable the use of default keys for -.Em nobody . -.It Fl D -Run in debugging mode and log all requests to -.Nm . -.It Fl n -Root's secret key is not read from -.Pa /etc/.rootkey . -Instead, -.Nm -prompts the user for the password to decrypt -root's key stored in the -.Pa /etc/publickey -database and then stores the decrypted key in -.Pa /etc/.rootkey -for future use. -This option is useful if the -.Pa /etc/.rootkey -file ever gets out of date or corrupted. -.It Fl p Ar path -Specify where to search for -.Pa libdes.so.3 . -Default is -.Pa /usr/lib . -.It Fl v -Display status of DES support (enabled/disabled). -.El -.Sh FILES -.Bl -tag -width /usr/lib/libdes.so.3 -compact -.It Pa /etc/.rootkey -.It Pa /usr/lib/libdes.so.3 -.El -.Sh "SEE ALSO" -.Xr keylogin 1 , -.Xr keylogout 1 , -.Xr publickey 5 -.Sh HISTORY -The -.Nm -utility was removed from -.Fx 14.0 . Index: usr.sbin/keyserv/keyserv.c =================================================================== --- usr.sbin/keyserv/keyserv.c +++ /dev/null @@ -1,792 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)keyserv.c 1.15 94/04/25 SMI"; -#endif -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. - */ - -/* - * Keyserver - * Store secret keys per uid. Do public key encryption and decryption - * operations. Generate "random" keys. - * Do not talk to anything but a local root - * process on the local transport only - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "keyserv.h" - -#ifndef NGROUPS -#define NGROUPS 16 -#endif - -#ifndef KEYSERVSOCK -#define KEYSERVSOCK "/var/run/keyservsock" -#endif - -static void randomize( des_block * ); -static void usage( void ); -static int getrootkey( des_block *, int ); -static int root_auth( SVCXPRT *, struct svc_req * ); - -#ifdef DEBUG -static int debugging = 1; -#else -static int debugging = 0; -#endif - -static void keyprogram(); -static des_block masterkey; -char *getenv(); -static char ROOTKEY[] = "/etc/.rootkey"; - -/* - * Hack to allow the keyserver to use AUTH_DES (for authenticated - * NIS+ calls, for example). The only functions that get called - * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes. - * - * The approach is to have the keyserver fill in pointers to local - * implementations of these functions, and to call those in key_call(). - */ - -extern cryptkeyres *(*__key_encryptsession_pk_LOCAL)(); -extern cryptkeyres *(*__key_decryptsession_pk_LOCAL)(); -extern des_block *(*__key_gendes_LOCAL)(); -extern int (*__des_crypt_LOCAL)(); - -cryptkeyres *key_encrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * ); -cryptkeyres *key_decrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * ); -des_block *key_gen_1_svc_prog( void *, struct svc_req * ); - -int -main(argc, argv) - int argc; - char *argv[]; -{ - int nflag = 0; - int c; - int warn = 0; - char *path = NULL; - void *localhandle; - register SVCXPRT *transp; - struct netconfig *nconf = NULL; - - fprintf(stderr, "keyserv is deprecated and removed from FreeBSD 14.\n"); - __key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog; - __key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog; - __key_gendes_LOCAL = &key_gen_1_svc_prog; - - while ((c = getopt(argc, argv, "ndDvp:")) != -1) - switch (c) { - case 'n': - nflag++; - break; - case 'd': - pk_nodefaultkeys(); - break; - case 'D': - debugging = 1; - break; - case 'v': - warn = 1; - break; - case 'p': - path = optarg; - break; - default: - usage(); - } - - load_des(warn, path); - __des_crypt_LOCAL = _my_crypt; - if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1) - errx(1, "failed to register AUTH_DES authenticator"); - - if (optind != argc) { - usage(); - } - - /* - * Initialize - */ - (void) umask(S_IXUSR|S_IXGRP|S_IXOTH); - if (geteuid() != 0) - errx(1, "keyserv must be run as root"); - setmodulus(HEXMODULUS); - getrootkey(&masterkey, nflag); - - rpcb_unset(KEY_PROG, KEY_VERS, NULL); - rpcb_unset(KEY_PROG, KEY_VERS2, NULL); - - if (svc_create(keyprogram, KEY_PROG, KEY_VERS, - "netpath") == 0) { - (void) fprintf(stderr, - "%s: unable to create service\n", argv[0]); - exit(1); - } - - if (svc_create(keyprogram, KEY_PROG, KEY_VERS2, - "netpath") == 0) { - (void) fprintf(stderr, - "%s: unable to create service\n", argv[0]); - exit(1); - } - - localhandle = setnetconfig(); - while ((nconf = getnetconfig(localhandle)) != NULL) { - if (nconf->nc_protofmly != NULL && - strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0) - break; - } - - if (nconf == NULL) - errx(1, "getnetconfig: %s", nc_sperror()); - - unlink(KEYSERVSOCK); - rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf); - transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK); - if (transp == NULL) - errx(1, "cannot create AF_LOCAL service"); - if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf)) - errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)"); - if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf)) - errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)"); - if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf)) - errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)"); - - endnetconfig(localhandle); - - (void) umask(066); /* paranoia */ - - if (!debugging) { - daemon(0,0); - } - - signal(SIGPIPE, SIG_IGN); - - svc_run(); - abort(); - /* NOTREACHED */ -} - -/* - * In the event that we don't get a root password, we try to - * randomize the master key the best we can - */ -static void -randomize(master) - des_block *master; -{ - master->key.low = arc4random(); - master->key.high = arc4random(); -} - -/* - * Try to get root's secret key, by prompting if terminal is a tty, else trying - * from standard input. - * Returns 1 on success. - */ -static int -getrootkey(master, prompt) - des_block *master; - int prompt; -{ - char *passwd; - char name[MAXNETNAMELEN + 1]; - char secret[HEXKEYBYTES]; - key_netstarg netstore; - int fd; - - if (!prompt) { - /* - * Read secret key out of ROOTKEY - */ - fd = open(ROOTKEY, O_RDONLY, 0); - if (fd < 0) { - randomize(master); - return (0); - } - if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) { - warnx("the key read from %s was too short", ROOTKEY); - (void) close(fd); - return (0); - } - (void) close(fd); - if (!getnetname(name)) { - warnx( - "failed to generate host's netname when establishing root's key"); - return (0); - } - memcpy(netstore.st_priv_key, secret, HEXKEYBYTES); - memset(netstore.st_pub_key, 0, HEXKEYBYTES); - netstore.st_netname = name; - if (pk_netput(0, &netstore) != KEY_SUCCESS) { - warnx("could not set root's key and netname"); - return (0); - } - return (1); - } - /* - * Decrypt yellow pages publickey entry to get secret key - */ - passwd = getpass("root password:"); - passwd2des(passwd, (char *)master); - getnetname(name); - if (!getsecretkey(name, secret, passwd)) { - warnx("can't find %s's secret key", name); - return (0); - } - if (secret[0] == 0) { - warnx("password does not decrypt secret key for %s", name); - return (0); - } - (void) pk_setkey(0, secret); - /* - * Store it for future use in $ROOTKEY, if possible - */ - fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0); - if (fd > 0) { - char newline = '\n'; - - write(fd, secret, strlen(secret)); - write(fd, &newline, sizeof (newline)); - close(fd); - } - return (1); -} - -/* - * Procedures to implement RPC service - */ -char * -strstatus(status) - keystatus status; -{ - switch (status) { - case KEY_SUCCESS: - return ("KEY_SUCCESS"); - case KEY_NOSECRET: - return ("KEY_NOSECRET"); - case KEY_UNKNOWN: - return ("KEY_UNKNOWN"); - case KEY_SYSTEMERR: - return ("KEY_SYSTEMERR"); - default: - return ("(bad result code)"); - } -} - -keystatus * -key_set_1_svc_prog(uid, key) - uid_t uid; - keybuf key; -{ - static keystatus status; - - if (debugging) { - (void) fprintf(stderr, "set(%u, %.*s) = ", uid, - (int) sizeof (keybuf), key); - } - status = pk_setkey(uid, key); - if (debugging) { - (void) fprintf(stderr, "%s\n", strstatus(status)); - (void) fflush(stderr); - } - return (&status); -} - -cryptkeyres * -key_encrypt_pk_2_svc_prog(uid, arg) - uid_t uid; - cryptkeyarg2 *arg; -{ - static cryptkeyres res; - - if (debugging) { - (void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid, - arg->remotename, arg->deskey.key.high, - arg->deskey.key.low); - } - res.cryptkeyres_u.deskey = arg->deskey; - res.status = pk_encrypt(uid, arg->remotename, &(arg->remotekey), - &res.cryptkeyres_u.deskey); - if (debugging) { - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "%08x%08x\n", - res.cryptkeyres_u.deskey.key.high, - res.cryptkeyres_u.deskey.key.low); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - -cryptkeyres * -key_decrypt_pk_2_svc_prog(uid, arg) - uid_t uid; - cryptkeyarg2 *arg; -{ - static cryptkeyres res; - - if (debugging) { - (void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid, - arg->remotename, arg->deskey.key.high, - arg->deskey.key.low); - } - res.cryptkeyres_u.deskey = arg->deskey; - res.status = pk_decrypt(uid, arg->remotename, &(arg->remotekey), - &res.cryptkeyres_u.deskey); - if (debugging) { - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "%08x%08x\n", - res.cryptkeyres_u.deskey.key.high, - res.cryptkeyres_u.deskey.key.low); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - -keystatus * -key_net_put_2_svc_prog(uid, arg) - uid_t uid; - key_netstarg *arg; -{ - static keystatus status; - - if (debugging) { - (void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ", - arg->st_netname, (int)sizeof (arg->st_pub_key), - arg->st_pub_key, (int)sizeof (arg->st_priv_key), - arg->st_priv_key); - } - - status = pk_netput(uid, arg); - - if (debugging) { - (void) fprintf(stderr, "%s\n", strstatus(status)); - (void) fflush(stderr); - } - - return (&status); -} - -key_netstres * -key_net_get_2_svc_prog(uid, arg) - uid_t uid; - void *arg; -{ - static key_netstres keynetname; - - if (debugging) - (void) fprintf(stderr, "net_get(%u) = ", uid); - - keynetname.status = pk_netget(uid, &keynetname.key_netstres_u.knet); - if (debugging) { - if (keynetname.status == KEY_SUCCESS) { - fprintf(stderr, "<%s, %.*s, %.*s>\n", - keynetname.key_netstres_u.knet.st_netname, - (int)sizeof (keynetname.key_netstres_u.knet.st_pub_key), - keynetname.key_netstres_u.knet.st_pub_key, - (int)sizeof (keynetname.key_netstres_u.knet.st_priv_key), - keynetname.key_netstres_u.knet.st_priv_key); - } else { - (void) fprintf(stderr, "NOT FOUND\n"); - } - (void) fflush(stderr); - } - - return (&keynetname); - -} - -cryptkeyres * -key_get_conv_2_svc_prog(uid, arg) - uid_t uid; - keybuf arg; -{ - static cryptkeyres res; - - if (debugging) - (void) fprintf(stderr, "get_conv(%u, %.*s) = ", uid, - (int)sizeof (keybuf), arg); - - - res.status = pk_get_conv_key(uid, arg, &res); - - if (debugging) { - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "%08x%08x\n", - res.cryptkeyres_u.deskey.key.high, - res.cryptkeyres_u.deskey.key.low); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - - -cryptkeyres * -key_encrypt_1_svc_prog(uid, arg) - uid_t uid; - cryptkeyarg *arg; -{ - static cryptkeyres res; - - if (debugging) { - (void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid, - arg->remotename, arg->deskey.key.high, - arg->deskey.key.low); - } - res.cryptkeyres_u.deskey = arg->deskey; - res.status = pk_encrypt(uid, arg->remotename, NULL, - &res.cryptkeyres_u.deskey); - if (debugging) { - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "%08x%08x\n", - res.cryptkeyres_u.deskey.key.high, - res.cryptkeyres_u.deskey.key.low); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - -cryptkeyres * -key_decrypt_1_svc_prog(uid, arg) - uid_t uid; - cryptkeyarg *arg; -{ - static cryptkeyres res; - - if (debugging) { - (void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid, - arg->remotename, arg->deskey.key.high, - arg->deskey.key.low); - } - res.cryptkeyres_u.deskey = arg->deskey; - res.status = pk_decrypt(uid, arg->remotename, NULL, - &res.cryptkeyres_u.deskey); - if (debugging) { - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "%08x%08x\n", - res.cryptkeyres_u.deskey.key.high, - res.cryptkeyres_u.deskey.key.low); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - -/* ARGSUSED */ -des_block * -key_gen_1_svc_prog(v, s) - void *v; - struct svc_req *s; -{ - struct timeval time; - static des_block keygen; - static des_block key; - - (void)gettimeofday(&time, NULL); - keygen.key.high += (time.tv_sec ^ time.tv_usec); - keygen.key.low += (time.tv_sec ^ time.tv_usec); - ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen), - DES_ENCRYPT | DES_HW); - key = keygen; - des_setparity((char *)&key); - if (debugging) { - (void) fprintf(stderr, "gen() = %08x%08x\n", key.key.high, - key.key.low); - (void) fflush(stderr); - } - return (&key); -} - -getcredres * -key_getcred_1_svc_prog(uid, name) - uid_t uid; - netnamestr *name; -{ - static getcredres res; - static u_int gids[NGROUPS]; - struct unixcred *cred; - - cred = &res.getcredres_u.cred; - cred->gids.gids_val = gids; - if (!netname2user(*name, (uid_t *) &cred->uid, (gid_t *) &cred->gid, - (int *)&cred->gids.gids_len, (gid_t *)gids)) { - res.status = KEY_UNKNOWN; - } else { - res.status = KEY_SUCCESS; - } - if (debugging) { - (void) fprintf(stderr, "getcred(%s) = ", *name); - if (res.status == KEY_SUCCESS) { - (void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n", - cred->uid, cred->gid, cred->gids.gids_len); - } else { - (void) fprintf(stderr, "%s\n", strstatus(res.status)); - } - (void) fflush(stderr); - } - return (&res); -} - -/* - * RPC boilerplate - */ -static void -keyprogram(rqstp, transp) - struct svc_req *rqstp; - SVCXPRT *transp; -{ - union { - keybuf key_set_1_arg; - cryptkeyarg key_encrypt_1_arg; - cryptkeyarg key_decrypt_1_arg; - netnamestr key_getcred_1_arg; - cryptkeyarg key_encrypt_2_arg; - cryptkeyarg key_decrypt_2_arg; - netnamestr key_getcred_2_arg; - cryptkeyarg2 key_encrypt_pk_2_arg; - cryptkeyarg2 key_decrypt_pk_2_arg; - key_netstarg key_net_put_2_arg; - netobj key_get_conv_2_arg; - } argument; - char *result; - xdrproc_t xdr_argument, xdr_result; - char *(*local) (); - uid_t uid = -1; - int check_auth; - - switch (rqstp->rq_proc) { - case NULLPROC: - svc_sendreply(transp, (xdrproc_t)xdr_void, NULL); - return; - - case KEY_SET: - xdr_argument = (xdrproc_t)xdr_keybuf; - xdr_result = (xdrproc_t)xdr_int; - local = (char *(*)()) key_set_1_svc_prog; - check_auth = 1; - break; - - case KEY_ENCRYPT: - xdr_argument = (xdrproc_t)xdr_cryptkeyarg; - xdr_result = (xdrproc_t)xdr_cryptkeyres; - local = (char *(*)()) key_encrypt_1_svc_prog; - check_auth = 1; - break; - - case KEY_DECRYPT: - xdr_argument = (xdrproc_t)xdr_cryptkeyarg; - xdr_result = (xdrproc_t)xdr_cryptkeyres; - local = (char *(*)()) key_decrypt_1_svc_prog; - check_auth = 1; - break; - - case KEY_GEN: - xdr_argument = (xdrproc_t)xdr_void; - xdr_result = (xdrproc_t)xdr_des_block; - local = (char *(*)()) key_gen_1_svc_prog; - check_auth = 0; - break; - - case KEY_GETCRED: - xdr_argument = (xdrproc_t)xdr_netnamestr; - xdr_result = (xdrproc_t)xdr_getcredres; - local = (char *(*)()) key_getcred_1_svc_prog; - check_auth = 0; - break; - - case KEY_ENCRYPT_PK: - xdr_argument = (xdrproc_t)xdr_cryptkeyarg2; - xdr_result = (xdrproc_t)xdr_cryptkeyres; - local = (char *(*)()) key_encrypt_pk_2_svc_prog; - check_auth = 1; - break; - - case KEY_DECRYPT_PK: - xdr_argument = (xdrproc_t)xdr_cryptkeyarg2; - xdr_result = (xdrproc_t)xdr_cryptkeyres; - local = (char *(*)()) key_decrypt_pk_2_svc_prog; - check_auth = 1; - break; - - - case KEY_NET_PUT: - xdr_argument = (xdrproc_t)xdr_key_netstarg; - xdr_result = (xdrproc_t)xdr_keystatus; - local = (char *(*)()) key_net_put_2_svc_prog; - check_auth = 1; - break; - - case KEY_NET_GET: - xdr_argument = (xdrproc_t) xdr_void; - xdr_result = (xdrproc_t)xdr_key_netstres; - local = (char *(*)()) key_net_get_2_svc_prog; - check_auth = 1; - break; - - case KEY_GET_CONV: - xdr_argument = (xdrproc_t) xdr_keybuf; - xdr_result = (xdrproc_t)xdr_cryptkeyres; - local = (char *(*)()) key_get_conv_2_svc_prog; - check_auth = 1; - break; - - default: - svcerr_noproc(transp); - return; - } - if (check_auth) { - if (root_auth(transp, rqstp) == 0) { - if (debugging) { - (void) fprintf(stderr, - "not local privileged process\n"); - } - svcerr_weakauth(transp); - return; - } - if (rqstp->rq_cred.oa_flavor != AUTH_SYS) { - if (debugging) { - (void) fprintf(stderr, - "not unix authentication\n"); - } - svcerr_weakauth(transp); - return; - } - uid = ((struct authsys_parms *)rqstp->rq_clntcred)->aup_uid; - } - - memset(&argument, 0, sizeof (argument)); - if (!svc_getargs(transp, xdr_argument, &argument)) { - svcerr_decode(transp); - return; - } - result = (*local) (uid, &argument); - if (!svc_sendreply(transp, xdr_result, result)) { - if (debugging) - (void) fprintf(stderr, "unable to reply\n"); - svcerr_systemerr(transp); - } - if (!svc_freeargs(transp, xdr_argument, &argument)) { - if (debugging) - (void) fprintf(stderr, - "unable to free arguments\n"); - exit(1); - } - return; -} - -static int -root_auth(trans, rqstp) - SVCXPRT *trans; - struct svc_req *rqstp; -{ - uid_t uid; - struct sockaddr *remote; - - remote = svc_getrpccaller(trans)->buf; - if (remote->sa_family != AF_UNIX) { - if (debugging) - fprintf(stderr, "client didn't use AF_UNIX\n"); - return (0); - } - - if (__rpc_get_local_uid(trans, &uid) < 0) { - if (debugging) - fprintf(stderr, "__rpc_get_local_uid failed\n"); - return (0); - } - - if (debugging) - fprintf(stderr, "local_uid %u\n", uid); - if (uid == 0) - return (1); - if (rqstp->rq_cred.oa_flavor == AUTH_SYS) { - if (((uid_t) ((struct authunix_parms *) - rqstp->rq_clntcred)->aup_uid) - == uid) { - return (1); - } else { - if (debugging) - fprintf(stderr, - "local_uid %u mismatches auth %u\n", uid, -((uid_t) ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid)); - return (0); - } - } else { - if (debugging) - fprintf(stderr, "Not auth sys\n"); - return (0); - } -} - -static void -usage() -{ - (void) fprintf(stderr, - "usage: keyserv [-n] [-D] [-d] [-v] [-p path]\n"); - (void) fprintf(stderr, "-d disables the use of default keys\n"); - exit(1); -} Index: usr.sbin/keyserv/setkey.c =================================================================== --- usr.sbin/keyserv/setkey.c +++ /dev/null @@ -1,550 +0,0 @@ -/* - * Sun RPC is a product of Sun Microsystems, Inc. and is provided for - * unrestricted use provided that this legend is included on all tape - * media and as a part of the software program in whole or part. Users - * may copy or modify Sun RPC without charge, but are not authorized - * to license or distribute it to anyone else except as part of a product or - * program developed by the user. - * - * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE - * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR - * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. - * - * Sun RPC is provided with no support and without any obligation on the - * part of Sun Microsystems, Inc. to assist in its use, correction, - * modification or enhancement. - * - * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE - * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC - * OR ANY PART THEREOF. - * - * In no event will Sun Microsystems, Inc. be liable for any lost revenue - * or profits or other special, indirect and consequential damages, even if - * Sun has been advised of the possibility of such damages. - * - * Sun Microsystems, Inc. - * 2550 Garcia Avenue - * Mountain View, California 94043 - */ - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)setkey.c 1.11 94/04/25 SMI"; -#endif -static const char rcsid[] = - "$FreeBSD$"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. - */ - -/* - * Do the real work of the keyserver. - * Store secret keys. Compute common keys, - * and use them to decrypt and encrypt DES keys. - * Cache the common keys, so the expensive computation is avoided. - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "keyserv.h" - -static MINT *MODULUS; -static char *fetchsecretkey( uid_t ); -static void writecache( char *, char *, des_block * ); -static int readcache( char *, char *, des_block * ); -static void extractdeskey( MINT *, des_block * ); -static int storesecretkey( uid_t, keybuf ); -static keystatus pk_crypt( uid_t, char *, netobj *, des_block *, int); -static int nodefaultkeys = 0; - - -/* - * prohibit the nobody key on this machine k (the -d flag) - */ -void -pk_nodefaultkeys() -{ - nodefaultkeys = 1; -} - -/* - * Set the modulus for all our Diffie-Hellman operations - */ -void -setmodulus(modx) - char *modx; -{ - MODULUS = mp_xtom(modx); -} - -/* - * Set the secretkey key for this uid - */ -keystatus -pk_setkey(uid, skey) - uid_t uid; - keybuf skey; -{ - if (!storesecretkey(uid, skey)) { - return (KEY_SYSTEMERR); - } - return (KEY_SUCCESS); -} - -/* - * Encrypt the key using the public key associated with remote_name and the - * secret key associated with uid. - */ -keystatus -pk_encrypt(uid, remote_name, remote_key, key) - uid_t uid; - char *remote_name; - netobj *remote_key; - des_block *key; -{ - return (pk_crypt(uid, remote_name, remote_key, key, DES_ENCRYPT)); -} - -/* - * Decrypt the key using the public key associated with remote_name and the - * secret key associated with uid. - */ -keystatus -pk_decrypt(uid, remote_name, remote_key, key) - uid_t uid; - char *remote_name; - netobj *remote_key; - des_block *key; -{ - return (pk_crypt(uid, remote_name, remote_key, key, DES_DECRYPT)); -} - -static int store_netname( uid_t, key_netstarg * ); -static int fetch_netname( uid_t, key_netstarg * ); - -keystatus -pk_netput(uid, netstore) - uid_t uid; - key_netstarg *netstore; -{ - if (!store_netname(uid, netstore)) { - return (KEY_SYSTEMERR); - } - return (KEY_SUCCESS); -} - -keystatus -pk_netget(uid, netstore) - uid_t uid; - key_netstarg *netstore; -{ - if (!fetch_netname(uid, netstore)) { - return (KEY_SYSTEMERR); - } - return (KEY_SUCCESS); -} - - -/* - * Do the work of pk_encrypt && pk_decrypt - */ -static keystatus -pk_crypt(uid, remote_name, remote_key, key, mode) - uid_t uid; - char *remote_name; - netobj *remote_key; - des_block *key; - int mode; -{ - char *xsecret; - char xpublic[1024]; - char xsecret_hold[1024]; - des_block deskey; - int err; - MINT *public; - MINT *secret; - MINT *common; - char zero[8]; - - xsecret = fetchsecretkey(uid); - if (xsecret == NULL || xsecret[0] == 0) { - memset(zero, 0, sizeof (zero)); - xsecret = xsecret_hold; - if (nodefaultkeys) - return (KEY_NOSECRET); - - if (!getsecretkey("nobody", xsecret, zero) || xsecret[0] == 0) { - return (KEY_NOSECRET); - } - } - if (remote_key) { - memcpy(xpublic, remote_key->n_bytes, remote_key->n_len); - } else { - bzero((char *)&xpublic, sizeof(xpublic)); - if (!getpublickey(remote_name, xpublic)) { - if (nodefaultkeys || !getpublickey("nobody", xpublic)) - return (KEY_UNKNOWN); - } - } - - if (!readcache(xpublic, xsecret, &deskey)) { - public = mp_xtom(xpublic); - secret = mp_xtom(xsecret); - /* Sanity Check on public and private keys */ - if ((public == NULL) || (secret == NULL)) - return (KEY_SYSTEMERR); - - common = mp_itom(0); - mp_pow(public, secret, MODULUS, common); - extractdeskey(common, &deskey); - writecache(xpublic, xsecret, &deskey); - mp_mfree(secret); - mp_mfree(public); - mp_mfree(common); - } - err = ecb_crypt((char *)&deskey, (char *)key, sizeof (des_block), - DES_HW | mode); - if (DES_FAILED(err)) { - return (KEY_SYSTEMERR); - } - return (KEY_SUCCESS); -} - -keystatus -pk_get_conv_key(uid, xpublic, result) - uid_t uid; - keybuf xpublic; - cryptkeyres *result; -{ - char *xsecret; - char xsecret_hold[1024]; - MINT *public; - MINT *secret; - MINT *common; - char zero[8]; - - - xsecret = fetchsecretkey(uid); - - if (xsecret == NULL || xsecret[0] == 0) { - memset(zero, 0, sizeof (zero)); - xsecret = xsecret_hold; - if (nodefaultkeys) - return (KEY_NOSECRET); - - if (!getsecretkey("nobody", xsecret, zero) || - xsecret[0] == 0) - return (KEY_NOSECRET); - } - - if (!readcache(xpublic, xsecret, &result->cryptkeyres_u.deskey)) { - public = mp_xtom(xpublic); - secret = mp_xtom(xsecret); - /* Sanity Check on public and private keys */ - if ((public == NULL) || (secret == NULL)) - return (KEY_SYSTEMERR); - - common = mp_itom(0); - mp_pow(public, secret, MODULUS, common); - extractdeskey(common, &result->cryptkeyres_u.deskey); - writecache(xpublic, xsecret, &result->cryptkeyres_u.deskey); - mp_mfree(secret); - mp_mfree(public); - mp_mfree(common); - } - - return (KEY_SUCCESS); -} - -/* - * Choose middle 64 bits of the common key to use as our des key, possibly - * overwriting the lower order bits by setting parity. - */ -static void -extractdeskey(ck, deskey) - MINT *ck; - des_block *deskey; -{ - MINT *a; - short r; - int i; - short base = (1 << 8); - char *k; - - a = mp_itom(0); -#ifdef SOLARIS_MP - _mp_move(ck, a); -#else - mp_move(ck, a); -#endif - for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) { - mp_sdiv(a, base, a, &r); - } - k = deskey->c; - for (i = 0; i < 8; i++) { - mp_sdiv(a, base, a, &r); - *k++ = r; - } - mp_mfree(a); - des_setparity((char *)deskey); -} - -/* - * Key storage management - */ - -#define KEY_ONLY 0 -#define KEY_NAME 1 -struct secretkey_netname_list { - uid_t uid; - key_netstarg keynetdata; - u_char sc_flag; - struct secretkey_netname_list *next; -}; - - - -static struct secretkey_netname_list *g_secretkey_netname; - -/* - * Store the keys and netname for this uid - */ -static int -store_netname(uid, netstore) - uid_t uid; - key_netstarg *netstore; -{ - struct secretkey_netname_list *new; - struct secretkey_netname_list **l; - - for (l = &g_secretkey_netname; *l != NULL && (*l)->uid != uid; - l = &(*l)->next) { - } - if (*l == NULL) { - new = (struct secretkey_netname_list *)malloc(sizeof (*new)); - if (new == NULL) { - return (0); - } - new->uid = uid; - new->next = NULL; - *l = new; - } else { - new = *l; - if (new->keynetdata.st_netname) - (void) free (new->keynetdata.st_netname); - } - memcpy(new->keynetdata.st_priv_key, netstore->st_priv_key, - HEXKEYBYTES); - memcpy(new->keynetdata.st_pub_key, netstore->st_pub_key, HEXKEYBYTES); - - if (netstore->st_netname) - new->keynetdata.st_netname = strdup(netstore->st_netname); - else - new->keynetdata.st_netname = (char *)NULL; - new->sc_flag = KEY_NAME; - return (1); - -} - -/* - * Fetch the keys and netname for this uid - */ - -static int -fetch_netname(uid, key_netst) - uid_t uid; - struct key_netstarg *key_netst; -{ - struct secretkey_netname_list *l; - - for (l = g_secretkey_netname; l != NULL; l = l->next) { - if ((l->uid == uid) && (l->sc_flag == KEY_NAME)){ - - memcpy(key_netst->st_priv_key, - l->keynetdata.st_priv_key, HEXKEYBYTES); - - memcpy(key_netst->st_pub_key, - l->keynetdata.st_pub_key, HEXKEYBYTES); - - if (l->keynetdata.st_netname) - key_netst->st_netname = - strdup(l->keynetdata.st_netname); - else - key_netst->st_netname = NULL; - return (1); - } - } - - return (0); -} - -static char * -fetchsecretkey(uid) - uid_t uid; -{ - struct secretkey_netname_list *l; - - for (l = g_secretkey_netname; l != NULL; l = l->next) { - if (l->uid == uid) { - return (l->keynetdata.st_priv_key); - } - } - return (NULL); -} - -/* - * Store the secretkey for this uid - */ -static int -storesecretkey(uid, key) - uid_t uid; - keybuf key; -{ - struct secretkey_netname_list *new; - struct secretkey_netname_list **l; - - for (l = &g_secretkey_netname; *l != NULL && (*l)->uid != uid; - l = &(*l)->next) { - } - if (*l == NULL) { - new = (struct secretkey_netname_list *) malloc(sizeof (*new)); - if (new == NULL) { - return (0); - } - new->uid = uid; - new->sc_flag = KEY_ONLY; - memset(new->keynetdata.st_pub_key, 0, HEXKEYBYTES); - new->keynetdata.st_netname = NULL; - new->next = NULL; - *l = new; - } else { - new = *l; - } - - memcpy(new->keynetdata.st_priv_key, key, - HEXKEYBYTES); - return (1); -} - -static int -hexdigit(val) - int val; -{ - return ("0123456789abcdef"[val]); -} - -void -bin2hex(bin, hex, size) - unsigned char *bin; - unsigned char *hex; - int size; -{ - int i; - - for (i = 0; i < size; i++) { - *hex++ = hexdigit(*bin >> 4); - *hex++ = hexdigit(*bin++ & 0xf); - } -} - -static int -hexval(dig) - char dig; -{ - if ('0' <= dig && dig <= '9') { - return (dig - '0'); - } else if ('a' <= dig && dig <= 'f') { - return (dig - 'a' + 10); - } else if ('A' <= dig && dig <= 'F') { - return (dig - 'A' + 10); - } else { - return (-1); - } -} - -void -hex2bin(hex, bin, size) - unsigned char *hex; - unsigned char *bin; - int size; -{ - int i; - - for (i = 0; i < size; i++) { - *bin = hexval(*hex++) << 4; - *bin++ |= hexval(*hex++); - } -} - -/* - * Exponential caching management - */ -struct cachekey_list { - keybuf secret; - keybuf public; - des_block deskey; - struct cachekey_list *next; -}; -static struct cachekey_list *g_cachedkeys; - -/* - * cache result of expensive multiple precision exponential operation - */ -static void -writecache(pub, sec, deskey) - char *pub; - char *sec; - des_block *deskey; -{ - struct cachekey_list *new; - - new = (struct cachekey_list *) malloc(sizeof (struct cachekey_list)); - if (new == NULL) { - return; - } - memcpy(new->public, pub, sizeof (keybuf)); - memcpy(new->secret, sec, sizeof (keybuf)); - new->deskey = *deskey; - new->next = g_cachedkeys; - g_cachedkeys = new; -} - -/* - * Try to find the common key in the cache - */ -static int -readcache(pub, sec, deskey) - char *pub; - char *sec; - des_block *deskey; -{ - struct cachekey_list *found; - register struct cachekey_list **l; - -#define cachehit(pub, sec, list) \ - (memcmp(pub, (list)->public, sizeof (keybuf)) == 0 && \ - memcmp(sec, (list)->secret, sizeof (keybuf)) == 0) - - for (l = &g_cachedkeys; (*l) != NULL && !cachehit(pub, sec, *l); - l = &(*l)->next) - ; - if ((*l) == NULL) { - return (0); - } - found = *l; - (*l) = (*l)->next; - found->next = g_cachedkeys; - g_cachedkeys = found; - *deskey = found->deskey; - return (1); -}