illumos-gate Sdiff usr/src/lib/gss_mechs/mech_dh/dh_common/dh

Print this page

10116 mech_dh needs smatch fixes

   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  *      dh_template.c
  24  *
  25  *      Copyright (c) 1997, by Sun Microsystems, Inc.
  26  *      All rights reserved.
  27  */
  28 
  29 #pragma ident   "%Z%%M% %I%     %E% SMI"


  30 
  31 #include <stdlib.h>
  32 #include <string.h>
  33 #include <syslog.h>
  34 #include <dh_gssapi.h>
  35 #include <dlfcn.h>
  36 #include "../dh_common/dh_common.h"
  37 
  38 extern int key_encryptsession_pk_g();
  39 extern int key_decryptsession_pk_g();
  40 extern int key_gendes_g();
  41 extern int key_secretkey_is_set_g();
  42 
  43 static int __encrypt(const char *remotename, des_block deskeys[], int no_keys);
  44 static int __decrypt(const char *remotename,
  45                     des_block deskeys[], int no_keys, int *key_cached);
  46 static int __gendes(des_block deskeys[], int no_keys);
  47 static int __secret_is_set(void);
  48 static char *__get_principal(void);
  49

  87         return (mech);
  88 }
  89 
  90 /*
  91  * A NIS+ server will define the function __rpcsec_gss_is_server.
  92  * This function will return one when it is appropriate to get public
  93  * keys out of the per process public key cache. Appropriateness here
  94  * is when the name server just put the public key in the cache from a
  95  * received directory object, typically from the cold start file.
  96  */
  97 static int
  98 dh_getpublickey(const char *remote, keylen_t keylen, algtype_t algtype,
  99                 char *pk, size_t pklen)
 100 {
 101         static mutex_t init_nis_pubkey_lock = DEFAULTMUTEX;
 102         static int init_nis_pubkey = 0;
 103         static int (*nis_call)();
 104         static const char NIS_SYMBOL[] = "__rpcsec_gss_is_server";
 105 
 106         if (!init_nis_pubkey) {
 107                 mutex_lock(&init_nis_pubkey_lock);
 108                 if (!init_nis_pubkey) {
 109                         void *dlhandle = dlopen(0, RTLD_NOLOAD);
 110                         if (dlhandle == 0) {
 111                                 syslog(LOG_ERR, "dh: Could not dlopen "
 112                                     "in dh_getpublickey for %s. "
 113                                     "dlopen returned %s", remote, dlerror());
 114                         } else {
 115                                 nis_call = (int (*)())
 116                                         dlsym(dlhandle, NIS_SYMBOL);
 117                         }
 118                         init_nis_pubkey = 1;
 119                 }
 120                 mutex_unlock(&init_nis_pubkey_lock);
 121         }
 122         if (nis_call && (*nis_call)()) {
 123                 int key_cached;
 124                 return (__getpublickey_cached_g(remote, keylen, algtype,
 125                                             pk, pklen, &key_cached));
 126         }
 127 
 128         /*
 129          * If we're not being called by a nis plus server or that
 130          * server does not want to get the keys from the cache we
 131          * get the key in the normal manner.
 132          */
 133 
 134         return (getpublickey_g(remote, keylen, algtype, pk, pklen));
 135 }
 136 
 137 
 138 /*
 139  * Routine to encrypt a set of session keys with keys derived from
 140  * the common key with the caller and the remote principal.

   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  *      dh_template.c
  24  *
  25  *      Copyright (c) 1997, by Sun Microsystems, Inc.
  26  *      All rights reserved.
  27  */
  28 
  29 /*
  30  * Copyright (c) 2018, Joyent, Inc.
  31  */
  32 
  33 #include <stdlib.h>
  34 #include <string.h>
  35 #include <syslog.h>
  36 #include <dh_gssapi.h>
  37 #include <dlfcn.h>
  38 #include "../dh_common/dh_common.h"
  39 
  40 extern int key_encryptsession_pk_g();
  41 extern int key_decryptsession_pk_g();
  42 extern int key_gendes_g();
  43 extern int key_secretkey_is_set_g();
  44 
  45 static int __encrypt(const char *remotename, des_block deskeys[], int no_keys);
  46 static int __decrypt(const char *remotename,
  47                     des_block deskeys[], int no_keys, int *key_cached);
  48 static int __gendes(des_block deskeys[], int no_keys);
  49 static int __secret_is_set(void);
  50 static char *__get_principal(void);
  51

  89         return (mech);
  90 }
  91 
  92 /*
  93  * A NIS+ server will define the function __rpcsec_gss_is_server.
  94  * This function will return one when it is appropriate to get public
  95  * keys out of the per process public key cache. Appropriateness here
  96  * is when the name server just put the public key in the cache from a
  97  * received directory object, typically from the cold start file.
  98  */
  99 static int
 100 dh_getpublickey(const char *remote, keylen_t keylen, algtype_t algtype,
 101                 char *pk, size_t pklen)
 102 {
 103         static mutex_t init_nis_pubkey_lock = DEFAULTMUTEX;
 104         static int init_nis_pubkey = 0;
 105         static int (*nis_call)();
 106         static const char NIS_SYMBOL[] = "__rpcsec_gss_is_server";
 107 
 108         if (!init_nis_pubkey) {
 109                 (void) mutex_lock(&init_nis_pubkey_lock);
 110                 if (!init_nis_pubkey) {
 111                         void *dlhandle = dlopen(0, RTLD_NOLOAD);
 112                         if (dlhandle == 0) {
 113                                 syslog(LOG_ERR, "dh: Could not dlopen "
 114                                     "in dh_getpublickey for %s. "
 115                                     "dlopen returned %s", remote, dlerror());
 116                         } else {
 117                                 nis_call = (int (*)())
 118                                         dlsym(dlhandle, NIS_SYMBOL);
 119                         }
 120                         init_nis_pubkey = 1;
 121                 }
 122                 (void) mutex_unlock(&init_nis_pubkey_lock);
 123         }
 124         if (nis_call && (*nis_call)()) {
 125                 int key_cached;
 126                 return (__getpublickey_cached_g(remote, keylen, algtype,
 127                                             pk, pklen, &key_cached));
 128         }
 129 
 130         /*
 131          * If we're not being called by a nis plus server or that
 132          * server does not want to get the keys from the cache we
 133          * get the key in the normal manner.
 134          */
 135 
 136         return (getpublickey_g(remote, keylen, algtype, pk, pklen));
 137 }
 138 
 139 
 140 /*
 141  * Routine to encrypt a set of session keys with keys derived from
 142  * the common key with the caller and the remote principal.