summary refs log tree commit diff
path: root/sunrpc/key_call.c
diff options
context:
space:
mode:
Diffstat (limited to 'sunrpc/key_call.c')
-rw-r--r--sunrpc/key_call.c200
1 files changed, 176 insertions, 24 deletions
diff --git a/sunrpc/key_call.c b/sunrpc/key_call.c
index e59a8b7a37..0219eaf5ad 100644
--- a/sunrpc/key_call.c
+++ b/sunrpc/key_call.c
@@ -38,6 +38,7 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <signal.h>
 #include <unistd.h>
 #include <string.h>
@@ -47,6 +48,7 @@
 #include <sys/param.h>
 #include <sys/socket.h>
 #include <rpc/key_prot.h>
+#include <bits/libc-lock.h>
 
 #define KEY_TIMEOUT	5	/* per-try timeout in seconds */
 #define KEY_NRETRY	12	/* number of retries */
@@ -268,8 +270,8 @@ des_block *(*__key_gendes_LOCAL) (uid_t, char *) = 0;
 
 static int
 internal_function
-key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
-	  xdrproc_t xdr_rslt, char *rslt)
+key_call_keyenvoy (u_long proc, xdrproc_t xdr_arg, char *arg,
+		   xdrproc_t xdr_rslt, char *rslt)
 {
   XDR xdrargs;
   XDR xdrrslt;
@@ -283,28 +285,6 @@ key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
   uid_t euid;
   static char MESSENGER[] = "/usr/etc/keyenvoy";
 
-  if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
-    {
-      cryptkeyres *res;
-      res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
-      *(cryptkeyres *) rslt = *res;
-      return 1;
-    }
-  else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
-    {
-      cryptkeyres *res;
-      res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
-      *(cryptkeyres *) rslt = *res;
-      return 1;
-    }
-  else if (proc == KEY_GEN && __key_gendes_LOCAL)
-    {
-      des_block *res;
-      res = (*__key_gendes_LOCAL) (__geteuid (), 0);
-      *(des_block *) rslt = *res;
-      return 1;
-    }
-
   success = 1;
   sigemptyset (&mask);
   sigaddset (&mask, SIGCHLD);
@@ -365,3 +345,175 @@ key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
 
   return success;
 }
+
+struct  key_call_private {
+  CLIENT  *client;        /* Client handle */
+  pid_t   pid;            /* process-id at moment of creation */
+  uid_t   uid;            /* user-id at last authorization */
+};
+static struct key_call_private *key_call_private_main = NULL;
+__libc_lock_define_initialized (static, keycall_lock)
+
+/*
+ * Keep the handle cached.  This call may be made quite often.
+ */
+static CLIENT *
+getkeyserv_handle (int vers)
+{
+  struct key_call_private *kcp = key_call_private_main;
+  struct timeval wait_time;
+  int fd;
+  struct sockaddr_un name;
+  int namelen = sizeof(struct sockaddr_un);
+
+#define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
+#define TOTAL_TRIES     5       /* Number of tries */
+
+  if (kcp == (struct key_call_private *)NULL)
+    {
+      kcp = (struct key_call_private *)malloc (sizeof (*kcp));
+      if (kcp == (struct key_call_private *)NULL)
+	return (CLIENT *) NULL;
+
+      key_call_private_main = kcp;
+      kcp->client = NULL;
+    }
+
+  /* if pid has changed, destroy client and rebuild */
+  if (kcp->client != NULL && kcp->pid != __getpid ())
+    {
+      clnt_destroy (kcp->client);
+      kcp->client = NULL;
+    }
+
+  if (kcp->client != NULL)
+    {
+      /* if other side closed socket, build handle again */
+      clnt_control (kcp->client, CLGET_FD, (char *)&fd);
+      if (getpeername (fd,(struct sockaddr *)&name,&namelen) == -1)
+	{
+	  auth_destroy (kcp->client->cl_auth);
+	  clnt_destroy (kcp->client);
+	  kcp->client = NULL;
+	}
+    }
+
+  if (kcp->client != NULL)
+    {
+      /* if uid has changed, build client handle again */
+      if (kcp->uid != __geteuid ())
+	{
+        kcp->uid = __geteuid ();
+        auth_destroy (kcp->client->cl_auth);
+        kcp->client->cl_auth =
+          authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
+        if (kcp->client->cl_auth == NULL)
+          {
+            clnt_destroy (kcp->client);
+            kcp->client = NULL;
+            return ((CLIENT *) NULL);
+          }
+	}
+      /* Change the version number to the new one */
+      clnt_control (kcp->client, CLSET_VERS, (void *)&vers);
+      return kcp->client;
+    }
+
+  if ((kcp->client == (CLIENT *) NULL))
+    /* Use the AF_UNIX transport */
+    kcp->client = clnt_create ("/var/run/keyservsock", KEY_PROG, vers, "unix");
+
+  if (kcp->client == (CLIENT *) NULL)
+    return (CLIENT *) NULL;
+
+  kcp->uid = __geteuid ();
+  kcp->pid = __getpid ();
+  kcp->client->cl_auth = authunix_create ((char *)"", kcp->uid, 0, 0, NULL);
+  if (kcp->client->cl_auth == NULL)
+    {
+      clnt_destroy (kcp->client);
+      kcp->client = NULL;
+      return (CLIENT *) NULL;
+    }
+
+  wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
+  wait_time.tv_usec = 0;
+  clnt_control (kcp->client, CLSET_RETRY_TIMEOUT,
+		(char *)&wait_time);
+  if (clnt_control (kcp->client, CLGET_FD, (char *)&fd))
+    fcntl (fd, F_SETFD, 1);  /* make it "close on exec" */
+
+  return kcp->client;
+}
+
+/* returns  0 on failure, 1 on success */
+static int
+internal_function
+key_call_socket (u_long proc, xdrproc_t xdr_arg, char *arg,
+               xdrproc_t xdr_rslt, char *rslt)
+{
+  CLIENT *clnt;
+  struct timeval wait_time;
+  int result = 0;
+
+  __libc_lock_lock (keycall_lock);
+  if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
+      (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
+      (proc == KEY_GET_CONV))
+    clnt = getkeyserv_handle(2); /* talk to version 2 */
+  else
+    clnt = getkeyserv_handle(1); /* talk to version 1 */
+
+  if (clnt != NULL)
+    {
+      wait_time.tv_sec = TOTAL_TIMEOUT;
+      wait_time.tv_usec = 0;
+
+      if (clnt_call (clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
+		     wait_time) == RPC_SUCCESS)
+	result = 1;
+    }
+
+  __libc_lock_unlock (keycall_lock);
+
+  return result;
+}
+
+/* returns  0 on failure, 1 on success */
+static int
+internal_function
+key_call (u_long proc, xdrproc_t xdr_arg, char *arg,
+	  xdrproc_t xdr_rslt, char *rslt)
+{
+  static int use_keyenvoy = 0;
+
+  if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL)
+    {
+      cryptkeyres *res;
+      res = (*__key_encryptsession_pk_LOCAL) (__geteuid (), arg);
+      *(cryptkeyres *) rslt = *res;
+      return 1;
+    }
+  else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL)
+    {
+      cryptkeyres *res;
+      res = (*__key_decryptsession_pk_LOCAL) (__geteuid (), arg);
+      *(cryptkeyres *) rslt = *res;
+      return 1;
+    }
+  else if (proc == KEY_GEN && __key_gendes_LOCAL)
+    {
+      des_block *res;
+      res = (*__key_gendes_LOCAL) (__geteuid (), 0);
+      *(des_block *) rslt = *res;
+      return 1;
+    }
+
+  if (!use_keyenvoy)
+    {
+      if (key_call_socket (proc, xdr_arg, arg, xdr_rslt, rslt))
+	return 1;
+      use_keyenvoy = 1;
+    }
+  return key_call_keyenvoy (proc, xdr_arg, arg, xdr_rslt, rslt);
+}