Sākums Izpētīt Palīdzība
Pierakstīties
SoftwareDesign
/
csu3_am335x
8
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: c7fff1ca50
Atzari Tagi
csu3_am335x
/
EVSE
/
GPL
/
glibc-2.29
/
sunrpc
/
key_call.c

key_call.c 15 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567 
  1. /*
    2. 

  2.  * Copyright (c) 2010, Oracle America, Inc.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions are
    6. 

  6.  * met:
    7. 

  7.  *
    8. 

  8.  *     * Redistributions of source code must retain the above copyright
    9. 

  9.  *       notice, this list of conditions and the following disclaimer.
    10. 

  10.  *     * Redistributions in binary form must reproduce the above
    11. 

  11.  *       copyright notice, this list of conditions and the following
    12. 

  12.  *       disclaimer in the documentation and/or other materials
    13. 

  13.  *       provided with the distribution.
    14. 

  14.  *     * Neither the name of the "Oracle America, Inc." nor the names of its
    15. 

  15.  *       contributors may be used to endorse or promote products derived
    16. 

  16.  *       from this software without specific prior written permission.
    17. 

  17.  *
    18. 

  18.  *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    19. 

  19.  *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    20. 

  20.  *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
    21. 

  21.  *   FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    22. 

  22.  *   COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
    23. 

  23.  *   INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    24. 

  24.  *   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
    25. 

  25.  *   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    26. 

  26.  *   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    27. 

  27.  *   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
    28. 

  28.  *   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    29. 

  29.  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    30. 

  30.  */
    31. 

  31. /*
    32. 

  32.  * The original source is from the RPCSRC 4.0 package from Sun Microsystems.
    33. 

  33.  * The Interface to keyserver protocoll 2, RPC over AF_UNIX and Linux/doors
    34. 

  34.  * was added by Thorsten Kukuk <kukuk@suse.de>
    35. 

  35.  * Since the Linux/doors project was stopped, I doubt that this code will
    36. 

  36.  * ever be useful <kukuk@suse.de>.
    37. 

  37.  */
    38. 

  38. 

  39. #include <stdio.h>
    40. 

  40. #include <errno.h>
    41. 

  41. #include <fcntl.h>
    42. 

  42. #include <signal.h>
    43. 

  43. #include <unistd.h>
    44. 

  44. #include <string.h>
    45. 

  45. #include <rpc/rpc.h>
    46. 

  46. #include <rpc/auth.h>
    47. 

  47. #include <sys/wait.h>
    48. 

  48. #include <sys/param.h>
    49. 

  49. #include <sys/socket.h>
    50. 

  50. #include <rpc/key_prot.h>
    51. 

  51. #include <libc-lock.h>
    52. 

  52. #include <shlib-compat.h>
    53. 

  53. 

  54. #define KEY_TIMEOUT	5	/* per-try timeout in seconds */
    55. 

  55. #define KEY_NRETRY	12	/* number of retries */
    56. 

  56. 

  57. #define debug(msg)		/* turn off debugging */
    58. 

  58. 

  59. #ifndef SO_PASSCRED
    60. 

  60. extern int _openchild (const char *command, FILE **fto, FILE **ffrom);
    61. 

  61. #endif
    62. 

  62. 

  63. static int key_call (u_long, xdrproc_t xdr_arg, char *,
    64. 

  64. 		     xdrproc_t xdr_rslt, char *);
    65. 

  65. 

  66. static const struct timeval trytimeout = {KEY_TIMEOUT, 0};
    67. 

  67. static const struct timeval tottimeout = {KEY_TIMEOUT *KEY_NRETRY, 0};
    68. 

  68. 

  69. int
    70. 

  70. key_setsecret (char *secretkey)
    71. 

  71. {
    72. 

  72.   keystatus status;
    73. 

  73. 

  74.   if (!key_call ((u_long) KEY_SET, (xdrproc_t) xdr_keybuf, secretkey,
    75. 

  75. 		 (xdrproc_t) xdr_keystatus, (char *) &status))
    76. 

  76.     return -1;
    77. 

  77.   if (status != KEY_SUCCESS)
    78. 

  78.     {
    79. 

  79.       debug ("set status is nonzero");
    80. 

  80.       return -1;
    81. 

  81.     }
    82. 

  82.   return 0;
    83. 

  83. }
    84. 

  84. libc_hidden_nolink_sunrpc (key_setsecret, GLIBC_2_1)
    85. 

  85. 

  86. /* key_secretkey_is_set() returns 1 if the keyserver has a secret key
    87. 

  87.  * stored for the caller's effective uid; it returns 0 otherwise
    88. 

  88.  *
    89. 

  89.  * N.B.:  The KEY_NET_GET key call is undocumented.  Applications shouldn't
    90. 

  90.  * be using it, because it allows them to get the user's secret key.
    91. 

  91.  */
    92. 

  92. int
    93. 

  93. key_secretkey_is_set (void)
    94. 

  94. {
    95. 

  95.   struct key_netstres kres;
    96. 

  96. 

  97.   memset (&kres, 0, sizeof (kres));
    98. 

  98.   if (key_call ((u_long) KEY_NET_GET, (xdrproc_t) xdr_void,
    99. 

  99. 		(char *) NULL, (xdrproc_t) xdr_key_netstres,
    100. 

  100. 		(char *) &kres) &&
    101. 

  101.       (kres.status == KEY_SUCCESS) &&
    102. 

  102.       (kres.key_netstres_u.knet.st_priv_key[0] != 0))
    103. 

  103.     {
    104. 

  104.       /* avoid leaving secret key in memory */
    105. 

  105.       memset (kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
    106. 

  106.       return 1;
    107. 

  107.     }
    108. 

  108.   return 0;
    109. 

  109. }
    110. 

  110. #ifdef EXPORT_RPC_SYMBOLS
    111. 

  111. libc_hidden_def (key_secretkey_is_set)
    112. 

  112. #else
    113. 

  113. libc_hidden_nolink_sunrpc (key_secretkey_is_set, GLIBC_2_1)
    114. 

  114. #endif
    115. 

  115. 

  116. int
    117. 

  117. key_encryptsession (char *remotename, des_block *deskey)
    118. 

  118. {
    119. 

  119.   cryptkeyarg arg;
    120. 

  120.   cryptkeyres res;
    121. 

  121. 

  122.   arg.remotename = remotename;
    123. 

  123.   arg.deskey = *deskey;
    124. 

  124.   if (!key_call ((u_long) KEY_ENCRYPT, (xdrproc_t) xdr_cryptkeyarg,
    125. 

  125. 		 (char *) &arg, (xdrproc_t) xdr_cryptkeyres,
    126. 

  126. 		 (char *) &res))
    127. 

  127.     return -1;
    128. 

  128. 

  129.   if (res.status != KEY_SUCCESS)
    130. 

  130.     {
    131. 

  131.       debug ("encrypt status is nonzero");
    132. 

  132.       return -1;
    133. 

  133.     }
    134. 

  134.   *deskey = res.cryptkeyres_u.deskey;
    135. 

  135.   return 0;
    136. 

  136. }
    137. 

  137. libc_hidden_nolink_sunrpc (key_encryptsession, GLIBC_2_1)
    138. 

  138. 

  139. int
    140. 

  140. key_decryptsession (char *remotename, des_block *deskey)
    141. 

  141. {
    142. 

  142.   cryptkeyarg arg;
    143. 

  143.   cryptkeyres res;
    144. 

  144. 

  145.   arg.remotename = remotename;
    146. 

  146.   arg.deskey = *deskey;
    147. 

  147.   if (!key_call ((u_long) KEY_DECRYPT, (xdrproc_t) xdr_cryptkeyarg,
    148. 

  148. 		 (char *) &arg, (xdrproc_t) xdr_cryptkeyres,
    149. 

  149. 		 (char *) &res))
    150. 

  150.     return -1;
    151. 

  151.   if (res.status != KEY_SUCCESS)
    152. 

  152.     {
    153. 

  153.       debug ("decrypt status is nonzero");
    154. 

  154.       return -1;
    155. 

  155.     }
    156. 

  156.   *deskey = res.cryptkeyres_u.deskey;
    157. 

  157.   return 0;
    158. 

  158. }
    159. 

  159. libc_hidden_nolink_sunrpc (key_decryptsession, GLIBC_2_1)
    160. 

  160. 

  161. int
    162. 

  162. key_encryptsession_pk (char *remotename, netobj *remotekey,
    163. 

  163. 		       des_block *deskey)
    164. 

  164. {
    165. 

  165.   cryptkeyarg2 arg;
    166. 

  166.   cryptkeyres res;
    167. 

  167. 

  168.   arg.remotename = remotename;
    169. 

  169.   arg.remotekey = *remotekey;
    170. 

  170.   arg.deskey = *deskey;
    171. 

  171.   if (!key_call ((u_long) KEY_ENCRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
    172. 

  172. 		 (char *) &arg, (xdrproc_t) xdr_cryptkeyres,
    173. 

  173. 		 (char *) &res))
    174. 

  174.     return -1;
    175. 

  175. 

  176.   if (res.status != KEY_SUCCESS)
    177. 

  177.     {
    178. 

  178.       debug ("encrypt status is nonzero");
    179. 

  179.       return -1;
    180. 

  180.     }
    181. 

  181.   *deskey = res.cryptkeyres_u.deskey;
    182. 

  182.   return 0;
    183. 

  183. }
    184. 

  184. libc_hidden_nolink_sunrpc (key_encryptsession_pk, GLIBC_2_1)
    185. 

  185. 

  186. int
    187. 

  187. key_decryptsession_pk (char *remotename, netobj *remotekey,
    188. 

  188. 		       des_block *deskey)
    189. 

  189. {
    190. 

  190.   cryptkeyarg2 arg;
    191. 

  191.   cryptkeyres res;
    192. 

  192. 

  193.   arg.remotename = remotename;
    194. 

  194.   arg.remotekey = *remotekey;
    195. 

  195.   arg.deskey = *deskey;
    196. 

  196.   if (!key_call ((u_long) KEY_DECRYPT_PK, (xdrproc_t) xdr_cryptkeyarg2,
    197. 

  197. 		 (char *) &arg, (xdrproc_t) xdr_cryptkeyres,
    198. 

  198. 		 (char *) &res))
    199. 

  199.     return -1;
    200. 

  200. 

  201.   if (res.status != KEY_SUCCESS)
    202. 

  202.     {
    203. 

  203.       debug ("decrypt status is nonzero");
    204. 

  204.       return -1;
    205. 

  205.     }
    206. 

  206.   *deskey = res.cryptkeyres_u.deskey;
    207. 

  207.   return 0;
    208. 

  208. }
    209. 

  209. libc_hidden_nolink_sunrpc (key_decryptsession_pk, GLIBC_2_1)
    210. 

  210. 

  211. int
    212. 

  212. key_gendes (des_block *key)
    213. 

  213. {
    214. 

  214.   struct sockaddr_in sin;
    215. 

  215.   CLIENT *client;
    216. 

  216.   int socket;
    217. 

  217.   enum clnt_stat stat;
    218. 

  218. 

  219.   sin.sin_family = AF_INET;
    220. 

  220.   sin.sin_port = 0;
    221. 

  221.   sin.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
    222. 

  222.   memset (sin.sin_zero, 0, sizeof (sin.sin_zero));
    223. 

  223.   socket = RPC_ANYSOCK;
    224. 

  224.   client = clntudp_bufcreate (&sin, (u_long) KEY_PROG, (u_long) KEY_VERS,
    225. 

  225. 			      trytimeout, &socket, RPCSMALLMSGSIZE,
    226. 

  226. 			      RPCSMALLMSGSIZE);
    227. 

  227.   if (client == NULL)
    228. 

  228.     return -1;
    229. 

  229. 

  230.   stat = clnt_call (client, KEY_GEN, (xdrproc_t) xdr_void, NULL,
    231. 

  231. 		    (xdrproc_t) xdr_des_block, (caddr_t) key,
    232. 

  232. 		    tottimeout);
    233. 

  233.   clnt_destroy (client);
    234. 

  234.   __close (socket);
    235. 

  235.   if (stat != RPC_SUCCESS)
    236. 

  236.     return -1;
    237. 

  237. 

  238.   return 0;
    239. 

  239. }
    240. 

  240. #ifdef EXPORT_RPC_SYMBOLS
    241. 

  241. libc_hidden_def (key_gendes)
    242. 

  242. #else
    243. 

  243. libc_hidden_nolink_sunrpc (key_gendes, GLIBC_2_1)
    244. 

  244. #endif
    245. 

  245. 

  246. int
    247. 

  247. key_setnet (struct key_netstarg *arg)
    248. 

  248. {
    249. 

  249.   keystatus status;
    250. 

  250. 

  251.   if (!key_call ((u_long) KEY_NET_PUT, (xdrproc_t) xdr_key_netstarg,
    252. 

  252. 		 (char *) arg,(xdrproc_t) xdr_keystatus,
    253. 

  253. 		 (char *) &status))
    254. 

  254.     return -1;
    255. 

  255. 

  256.   if (status != KEY_SUCCESS)
    257. 

  257.     {
    258. 

  258.       debug ("key_setnet status is nonzero");
    259. 

  259.       return -1;
    260. 

  260.     }
    261. 

  261.   return 1;
    262. 

  262. }
    263. 

  263. libc_hidden_nolink_sunrpc (key_setnet, GLIBC_2_1)
    264. 

  264. 

  265. int
    266. 

  266. key_get_conv (char *pkey, des_block *deskey)
    267. 

  267. {
    268. 

  268.   cryptkeyres res;
    269. 

  269. 

  270.   if (!key_call ((u_long) KEY_GET_CONV, (xdrproc_t) xdr_keybuf, pkey,
    271. 

  271. 		 (xdrproc_t) xdr_cryptkeyres, (char *) &res))
    272. 

  272.     return -1;
    273. 

  273. 

  274.   if (res.status != KEY_SUCCESS)
    275. 

  275.     {
    276. 

  276.       debug ("get_conv status is nonzero");
    277. 

  277.       return -1;
    278. 

  278.     }
    279. 

  279.   *deskey = res.cryptkeyres_u.deskey;
    280. 

  280.   return 0;
    281. 

  281. }
    282. 

  282. libc_hidden_nolink_sunrpc (key_get_conv, GLIBC_2_1)
    283. 

  283. 

  284. /*
    285. 

  285.  * Hack to allow the keyserver to use AUTH_DES (for authenticated
    286. 

  286.  * NIS+ calls, for example).  The only functions that get called
    287. 

  287.  * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
    288. 

  288.  *
    289. 

  289.  * The approach is to have the keyserver fill in pointers to local
    290. 

  290.  * implementations of these functions, and to call those in key_call().
    291. 

  291.  */
    292. 

  292. 

  293. cryptkeyres *(*__key_encryptsession_pk_LOCAL) (uid_t, char *);
    294. 

  294. cryptkeyres *(*__key_decryptsession_pk_LOCAL) (uid_t, char *);
    295. 

  295. des_block *(*__key_gendes_LOCAL) (uid_t, char *);
    296. 

  296. 

  297. #ifndef SO_PASSCRED
    298. 

  298. static int
    299. 

  299. key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
    300. 

  300. 		   xdrproc_t xdr_rslt, char *rslt)
    301. 

  301. {
    302. 

  302.   XDR xdrargs;
    303. 

  303.   XDR xdrrslt;
    304. 

  304.   FILE *fargs;
    305. 

  305.   FILE *frslt;
    306. 

  306.   sigset_t oldmask, mask;
    307. 

  307.   int status;
    308. 

  308.   int pid;
    309. 

  309.   int success;
    310. 

  310.   uid_t ruid;
    311. 

  311.   uid_t euid;
    312. 

  312.   static const char MESSENGER[] = "/usr/etc/keyenvoy";
    313. 

  313. 

  314.   success = 1;
    315. 

  315.   sigemptyset (&mask);
    316. 

  316.   sigaddset (&mask, SIGCHLD);
    317. 

  317.   __sigprocmask (SIG_BLOCK, &mask, &oldmask);
    318. 

  318. 

  319.   /*
    320. 

  320.    * We are going to exec a set-uid program which makes our effective uid
    321. 

  321.    * zero, and authenticates us with our real uid. We need to make the
    322. 

  322.    * effective uid be the real uid for the setuid program, and
    323. 

  323.    * the real uid be the effective uid so that we can change things back.
    324. 

  324.    */
    325. 

  325.   euid = __geteuid ();
    326. 

  326.   ruid = __getuid ();
    327. 

  327.   __setreuid (euid, ruid);
    328. 

  328.   pid = _openchild (MESSENGER, &fargs, &frslt);
    329. 

  329.   __setreuid (ruid, euid);
    330. 

  330.   if (pid < 0)
    331. 

  331.     {
    332. 

  332.       debug ("open_streams");
    333. 

  333.       __sigprocmask (SIG_SETMASK, &oldmask, NULL);
    334. 

  334.       return (0);
    335. 

  335.     }
    336. 

  336.   xdrstdio_create (&xdrargs, fargs, XDR_ENCODE);
    337. 

  337.   xdrstdio_create (&xdrrslt, frslt, XDR_DECODE);
    338. 

  338. 

  339.   if (!xdr_u_long (&xdrargs, &proc) || !(*xdr_arg) (&xdrargs, arg))
    340. 

  340.     {
    341. 

  341.       debug ("xdr args");
    342. 

  342.       success = 0;
    343. 

  343.     }
    344. 

  344.   fclose (fargs);
    345. 

  345. 

  346.   if (success && !(*xdr_rslt) (&xdrrslt, rslt))
    347. 

  347.     {
    348. 

  348.       debug ("xdr rslt");
    349. 

  349.       success = 0;
    350. 

  350.     }
    351. 

  351.   fclose(frslt);
    352. 

  352. 

  353.  wait_again:
    354. 

  354.   if (__wait4 (pid, &status, 0, NULL) < 0)
    355. 

  355.     {
    356. 

  356.       if (errno == EINTR)
    357. 

  357. 	goto wait_again;
    358. 

  358.       debug ("wait4");
    359. 

  359.       if (errno == ECHILD || errno == ESRCH)
    360. 

  360. 	perror ("wait");
    361. 

  361.       else
    362. 

  362. 	success = 0;
    363. 

  363.     }
    364. 

  364.   else
    365. 

  365.     if (status != 0)
    366. 

  366.       {
    367. 

  367. 	debug ("wait4 1");
    368. 

  368. 	success = 0;
    369. 

  369.       }
    370. 

  370.   __sigprocmask (SIG_SETMASK, &oldmask, NULL);
    371. 

  371. 

  372.   return success;
    373. 

  373. }
    374. 

  374. #endif
    375. 

  375. 

  376. struct  key_call_private {
    377. 

  377.   CLIENT  *client;        /* Client handle */
    378. 

  378.   pid_t   pid;            /* process-id at moment of creation */
    379. 

  379.   uid_t   uid;            /* user-id at last authorization */
    380. 

  380. };
    381. 

  381. #define key_call_private_main RPC_THREAD_VARIABLE(key_call_private_s)
    382. 

  382. __libc_lock_define_initialized (static, keycall_lock)
    383. 

  383. 

  384. /*
    385. 

  385.  * Keep the handle cached.  This call may be made quite often.
    386. 

  386.  */
    387. 

  387. static CLIENT *
    388. 

  388. getkeyserv_handle (int vers)
    389. 

  389. {
    390. 

  390.   struct key_call_private *kcp = key_call_private_main;
    391. 

  391.   struct timeval wait_time;
    392. 

  392.   int fd;
    393. 

  393.   struct sockaddr_un name;
    394. 

  394.   socklen_t namelen = sizeof(struct sockaddr_un);
    395. 

  395. 

  396. #define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
    397. 

  397. #define TOTAL_TRIES     5       /* Number of tries */
    398. 

  398. 

  399.   if (kcp == (struct key_call_private *)NULL)
    400. 

  400.     {
    401. 

  401.       kcp = (struct key_call_private *)malloc (sizeof (*kcp));
    402. 

  402.       if (kcp == (struct key_call_private *)NULL)
    403. 

  403. 	return (CLIENT *) NULL;
    404. 

  404. 

  405.       key_call_private_main = kcp;
    406. 

  406.       kcp->client = NULL;
    407. 

  407.     }
    408. 

  408. 

  409.   /* if pid has changed, destroy client and rebuild */
    410. 

  410.   if (kcp->client != NULL && kcp->pid != __getpid ())
    411. 

  411.     {
    412. 

  412.       auth_destroy (kcp->client->cl_auth);
    413. 

  413.       clnt_destroy (kcp->client);
    414. 

  414.       kcp->client = NULL;
    415. 

  415.     }
    416. 

  416. 

  417.   if (kcp->client != NULL)
    418. 

  418.     {
    419. 

  419.       /* if other side closed socket, build handle again */
    420. 

  420.       clnt_control (kcp->client, CLGET_FD, (char *)&fd);
    421. 

  421.       if (__getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
    422. 

  422. 	{
    423. 

  423. 	  auth_destroy (kcp->client->cl_auth);
    424. 

  424. 	  clnt_destroy (kcp->client);
    425. 

  425. 	  kcp->client = NULL;
    426. 

  426. 	}
    427. 

  427.     }
    428. 

  428. 

  429.   if (kcp->client != NULL)
    430. 

  430.     {
    431. 

  431.       /* if uid has changed, build client handle again */
    432. 

  432.       if (kcp->uid != __geteuid ())
    433. 

  433. 	{
    434. 

  434. 	kcp->uid = __geteuid ();
    435. 

  435. 	auth_destroy (kcp->client->cl_auth);
    436. 

  436. 	kcp->client->cl_auth =
    437. 

  437. 	  authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
    438. 

  438. 	if (kcp->client->cl_auth == NULL)
    439. 

  439. 	  {
    440. 

  440. 	    clnt_destroy (kcp->client);
    441. 

  441. 	    kcp->client = NULL;
    442. 

  442. 	    return ((CLIENT *) NULL);
    443. 

  443. 	  }
    444. 

  444. 	}
    445. 

  445.       /* Change the version number to the new one */
    446. 

  446.       clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
    447. 

  447.       return kcp->client;
    448. 

  448.     }
    449. 

  449. 

  450.   if ((kcp->client == (CLIENT *) NULL))
    451. 

  451.     /* Use the AF_UNIX transport */
    452. 

  452.     kcp->client = clnt_create ("/var/run/keyservsock", KEY_PROG, vers, "unix");
    453. 

  453. 

  454.   if (kcp->client == (CLIENT *) NULL)
    455. 

  455.     return (CLIENT *) NULL;
    456. 

  456. 

  457.   kcp->uid = __geteuid ();
    458. 

  458.   kcp->pid = __getpid ();
    459. 

  459.   kcp->client->cl_auth = authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
    460. 

  460.   if (kcp->client->cl_auth == NULL)
    461. 

  461.     {
    462. 

  462.       clnt_destroy (kcp->client);
    463. 

  463.       kcp->client = NULL;
    464. 

  464.       return (CLIENT *) NULL;
    465. 

  465.     }
    466. 

  466. 

  467.   wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
    468. 

  468.   wait_time.tv_usec = 0;
    469. 

  469.   clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
    470. 

  470. 		(char *)&wait_time);
    471. 

  471.   if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
    472. 

  472.     __fcntl (fd, F_SETFD, FD_CLOEXEC);  /* make it "close on exec" */
    473. 

  473. 

  474.   return kcp->client;
    475. 

  475. }
    476. 

  476. 

  477. /* returns  0 on failure, 1 on success */
    478. 

  478. static int
    479. 

  479. key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
    480. 

  480. 	       xdrproc_t xdr_rslt, char *rslt)
    481. 

  481. {
    482. 

  482.   CLIENT *clnt;
    483. 

  483.   struct timeval wait_time;
    484. 

  484.   int result = 0;
    485. 

  485. 

  486.   __libc_lock_lock (keycall_lock);
    487. 

  487.   if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
    488. 

  488.       (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
    489. 

  489.       (proc == KEY_GET_CONV))
    490. 

  490.     clnt = getkeyserv_handle(2); /* talk to version 2 */
    491. 

  491.   else
    492. 

  492.     clnt = getkeyserv_handle(1); /* talk to version 1 */
    493. 

  493. 

  494.   if (clnt != NULL)
    495. 

  495.     {
    496. 

  496.       wait_time.tv_sec = TOTAL_TIMEOUT;
    497. 

  497.       wait_time.tv_usec = 0;
    498. 

  498. 

  499.       if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
    500. 

  500. 		     wait_time) == RPC_SUCCESS)
    501. 

  501. 	result = 1;
    502. 

  502.     }
    503. 

  503. 

  504.   __libc_lock_unlock (keycall_lock);
    505. 

  505. 

  506.   return result;
    507. 

  507. }
    508. 

  508. 

  509. 

  510. /* returns 0 on failure, 1 on success */
    511. 

  511. static int
    512. 

  512. key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
    513. 

  513. 	  xdrproc_t xdr_rslt, char *rslt)
    514. 

  514. {
    515. 

  515. #ifndef SO_PASSCRED
    516. 

  516.   static int use_keyenvoy;
    517. 

  517. #endif
    518. 

  518. 

  519.   if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
    520. 

  520.     {
    521. 

  521.       cryptkeyres *res;
    522. 

  522.       res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
    523. 

  523.       *(cryptkeyres *) rslt = *res;
    524. 

  524.       return 1;
    525. 

  525.     }
    526. 

  526.   else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
    527. 

  527.     {
    528. 

  528.       cryptkeyres *res;
    529. 

  529.       res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
    530. 

  530.       *(cryptkeyres *) rslt = *res;
    531. 

  531.       return 1;
    532. 

  532.     }
    533. 

  533.   else if (proc == KEY_GEN && __key_gendes_LOCAL)
    534. 

  534.     {
    535. 

  535.       des_block *res;
    536. 

  536.       res = (*__key_gendes_LOCAL) (__geteuid (), 0);
    537. 

  537.       *(des_block *) rslt = *res;
    538. 

  538.       return 1;
    539. 

  539.     }
    540. 

  540. 

  541. #ifdef SO_PASSCRED
    542. 

  542.   return key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt);
    543. 

  543. #else
    544. 

  544.   if (!use_keyenvoy)
    545. 

  545.     {
    546. 

  546.       if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
    547. 

  547. 	return 1;
    548. 

  548.       use_keyenvoy = 1;
    549. 

  549.     }
    550. 

  550.   return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
    551. 

  551. #endif
    552. 

  552. }
    553. 

  553. 

  554. void
    555. 

  555. __rpc_thread_key_cleanup (void)
    556. 

  556. {
    557. 

  557. 	struct key_call_private *kcp = RPC_THREAD_VARIABLE(key_call_private_s);
    558. 

  558. 

  559. 	if (kcp) {
    560. 

  560. 		if (kcp->client) {
    561. 

  561. 			if (kcp->client->cl_auth)
    562. 

  562. 				auth_destroy (kcp->client->cl_auth);
    563. 

  563. 			clnt_destroy(kcp->client);
    564. 

  564. 		}
    565. 

  565. 		free (kcp);
    566. 

  566. 	}
    567. 

  567. }
    568.