#if defined(LIBC_SCCS) && !defined(lint)
static char sccsid
[] = "@(#)key_call.c 2.2 88/08/15 4.0 RPCSRC; from 1.11 88/02/08 SMI";
* Copyright (c) 1988 by Sun Microsystems, Inc.
* Sun RPC is a product of Sun Microsystems, Inc. and is provided for
* unrestricted use provided that this legend is included on all tape
* media and as a part of the software program in whole or part. Users
* may copy or modify Sun RPC without charge, but are not authorized
* to license or distribute it to anyone else except as part of a product or
* program developed by the user.
* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
* Sun RPC is provided with no support and without any obligation on the
* part of Sun Microsystems, Inc. to assist in its use, correction,
* modification or enhancement.
* SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
* INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
* In no event will Sun Microsystems, Inc. be liable for any lost revenue
* or profits or other special, indirect and consequential damages, even if
* Sun has been advised of the possibility of such damages.
* Mountain View, California 94043
* key_call.c, Interface to keyserver
* setsecretkey(key) - set your secret key
* encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent
* decryptsessionkey(agent, deskey) - decrypt ditto
* gendeskey(deskey) - generate a secure des key
* netname2user(...) - get unix credential for given name (kernel only)
#include <rpc/key_prot.h>
#define KEY_TIMEOUT 5 /* per-try timeout in seconds */
#define KEY_NRETRY 12 /* number of retries */
#define debug(msg) /* turn off debugging */
static struct timeval trytimeout
= { KEY_TIMEOUT
, 0 };
static struct timeval tottimeout
= { KEY_TIMEOUT
* KEY_NRETRY
, 0 };
if (!key_call((u_long
)KEY_SET
, xdr_keybuf
, secretkey
, xdr_keystatus
,
if (status
!= KEY_SUCCESS
) {
debug("set status is nonzero");
key_encryptsession(remotename
, deskey
)
arg
.remotename
= remotename
;
if (!key_call((u_long
)KEY_ENCRYPT
,
xdr_cryptkeyarg
, (char *)&arg
, xdr_cryptkeyres
, (char *)&res
))
if (res
.status
!= KEY_SUCCESS
) {
debug("encrypt status is nonzero");
*deskey
= res
.cryptkeyres_u
.deskey
;
key_decryptsession(remotename
, deskey
)
arg
.remotename
= remotename
;
if (!key_call((u_long
)KEY_DECRYPT
,
xdr_cryptkeyarg
, (char *)&arg
, xdr_cryptkeyres
, (char *)&res
))
if (res
.status
!= KEY_SUCCESS
) {
debug("decrypt status is nonzero");
*deskey
= res
.cryptkeyres_u
.deskey
;
sin
.sin_family
= AF_INET
;
sin
.sin_addr
.s_addr
= htonl(INADDR_LOOPBACK
);
bzero(sin
.sin_zero
, sizeof(sin
.sin_zero
));
client
= clntudp_bufcreate(&sin
, (u_long
)KEY_PROG
, (u_long
)KEY_VERS
,
trytimeout
, &socket
, RPCSMALLMSGSIZE
, RPCSMALLMSGSIZE
);
stat
= clnt_call(client
, KEY_GEN
, xdr_void
, NULL
,
xdr_des_block
, key
, tottimeout
);
if (stat
!= RPC_SUCCESS
) {
key_call(proc
, xdr_arg
, arg
, xdr_rslt
, rslt
)
static char MESSENGER
[] = "/usr/etc/keyenvoy";
osigchild
= signal(SIGCHLD
, SIG_IGN
);
* We are going to exec a set-uid program which makes our effective uid
* zero, and authenticates us with our real uid. We need to make the
* effective uid be the real uid for the setuid program, and
* the real uid be the effective uid so that we can change things back.
(void) setreuid(euid
, ruid
);
pid
= _openchild(MESSENGER
, &fargs
, &frslt
);
(void) setreuid(ruid
, euid
);
xdrstdio_create(&xdrargs
, fargs
, XDR_ENCODE
);
xdrstdio_create(&xdrrslt
, frslt
, XDR_DECODE
);
if (!xdr_u_long(&xdrargs
, &proc
) || !(*xdr_arg
)(&xdrargs
, arg
)) {
if (success
&& !(*xdr_rslt
)(&xdrrslt
, rslt
)) {
* The original code appears first. wait4 returns only after the process
* with the requested pid terminates. The effect of using wait() instead
* has not been determined.
if (wait4(pid
, &status
, 0, NULL
) < 0 || status
.w_retcode
!= 0) {
if (wait(&status
) < 0 || status
.w_retcode
!= 0) {
(void)signal(SIGCHLD
, osigchild
);