summaryrefslogtreecommitdiffstats
path: root/tirpc/rpcsvc
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:45:02 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 05:45:02 +0000
commit68a560641f7a38c184fd3346dd8008b86e12d77a (patch)
treed927b2a890d51e5d9e037c03042fb6fabd689cc0 /tirpc/rpcsvc
parentInitial commit. (diff)
downloadlibtirpc-upstream/1.3.4+ds.tar.xz
libtirpc-upstream/1.3.4+ds.zip
Adding upstream version 1.3.4+ds.upstream/1.3.4+dsupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tirpc/rpcsvc')
-rw-r--r--tirpc/rpcsvc/crypt.h109
-rw-r--r--tirpc/rpcsvc/crypt.x87
-rw-r--r--tirpc/rpcsvc/key_prot.x283
3 files changed, 479 insertions, 0 deletions
diff --git a/tirpc/rpcsvc/crypt.h b/tirpc/rpcsvc/crypt.h
new file mode 100644
index 0000000..da1f9cc
--- /dev/null
+++ b/tirpc/rpcsvc/crypt.h
@@ -0,0 +1,109 @@
+/*
+ * Please do not edit this file.
+ * It was generated using rpcgen.
+ */
+
+#ifndef _CRYPT_H_RPCGEN
+#define _CRYPT_H_RPCGEN
+
+#include <rpc/rpc.h>
+
+#ifndef IXDR_GET_INT32
+#define IXDR_GET_INT32(buf) IXDR_GET_LONG((buf))
+#endif
+#ifndef IXDR_PUT_INT32
+#define IXDR_PUT_INT32(buf, v) IXDR_PUT_LONG((buf), (v))
+#endif
+#ifndef IXDR_GET_U_INT32
+#define IXDR_GET_U_INT32(buf) IXDR_GET_U_LONG((buf))
+#endif
+#ifndef IXDR_PUT_U_INT32
+#define IXDR_PUT_U_INT32(buf, v) IXDR_PUT_U_LONG((buf), (v))
+#endif
+
+enum des_dir {
+ ENCRYPT_DES = 0,
+ DECRYPT_DES = 1,
+};
+typedef enum des_dir des_dir;
+#ifdef __cplusplus
+extern "C" bool_t xdr_des_dir(XDR *, des_dir*);
+#elif __STDC__
+extern bool_t xdr_des_dir(XDR *, des_dir*);
+#else /* Old Style C */
+bool_t xdr_des_dir();
+#endif /* Old Style C */
+
+
+enum des_mode {
+ CBC_DES = 0,
+ ECB_DES = 1,
+};
+typedef enum des_mode des_mode;
+#ifdef __cplusplus
+extern "C" bool_t xdr_des_mode(XDR *, des_mode*);
+#elif __STDC__
+extern bool_t xdr_des_mode(XDR *, des_mode*);
+#else /* Old Style C */
+bool_t xdr_des_mode();
+#endif /* Old Style C */
+
+
+struct desargs {
+ u_char des_key[8];
+ des_dir des_dir;
+ des_mode des_mode;
+ u_char des_ivec[8];
+ struct {
+ u_int desbuf_len;
+ char *desbuf_val;
+ } desbuf;
+};
+typedef struct desargs desargs;
+#ifdef __cplusplus
+extern "C" bool_t xdr_desargs(XDR *, desargs*);
+#elif __STDC__
+extern bool_t xdr_desargs(XDR *, desargs*);
+#else /* Old Style C */
+bool_t xdr_desargs();
+#endif /* Old Style C */
+
+
+struct desresp {
+ struct {
+ u_int desbuf_len;
+ char *desbuf_val;
+ } desbuf;
+ u_char des_ivec[8];
+ int stat;
+};
+typedef struct desresp desresp;
+#ifdef __cplusplus
+extern "C" bool_t xdr_desresp(XDR *, desresp*);
+#elif __STDC__
+extern bool_t xdr_desresp(XDR *, desresp*);
+#else /* Old Style C */
+bool_t xdr_desresp();
+#endif /* Old Style C */
+
+
+#define CRYPT_PROG ((u_int32_t)600100029)
+#define CRYPT_VERS ((u_int32_t)1)
+
+#ifdef __cplusplus
+#define DES_CRYPT ((u_int32_t)1)
+extern "C" desresp * des_crypt_1(desargs *, CLIENT *);
+extern "C" desresp * des_crypt_1_svc(desargs *, struct svc_req *);
+
+#elif __STDC__
+#define DES_CRYPT ((u_int32_t)1)
+extern desresp * des_crypt_1(desargs *, CLIENT *);
+extern desresp * des_crypt_1_svc(desargs *, struct svc_req *);
+
+#else /* Old Style C */
+#define DES_CRYPT ((u_int32_t)1)
+extern desresp * des_crypt_1();
+extern desresp * des_crypt_1_svc();
+#endif /* Old Style C */
+
+#endif /* !_CRYPT_H_RPCGEN */
diff --git a/tirpc/rpcsvc/crypt.x b/tirpc/rpcsvc/crypt.x
new file mode 100644
index 0000000..b50cf8d
--- /dev/null
+++ b/tirpc/rpcsvc/crypt.x
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 1996
+ * Bill Paul <wpaul@ctr.columbia.edu>. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any co-contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL Bill Paul OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef RPC_HDR
+%#include <sys/cdefs.h>
+%__FBSDID("$FreeBSD: src/include/rpcsvc/crypt.x,v 1.5 2003/05/04 02:51:42 obrien Exp $");
+#endif
+
+/*
+ * This protocol definition exists because of the U.S. government and
+ * its stupid export laws. We can't export DES code from the United
+ * States to other countries (even though the code already exists
+ * outside the U.S. -- go figure that one out) but we need to make
+ * Secure RPC work. The normal way around this is to break the DES
+ * code out into a shared library; we can then provide a dummy lib
+ * in the base OS and provide the real lib in the secure dist, which
+ * the user can install later. But we need Secure RPC for NIS+, and
+ * there are several system programs that use NIS+ which are statically
+ * linked. We would have to provide replacements for these programs
+ * in the secure dist, but there are a lot, and this is a pain. The
+ * shared lib trick won't work for these programs, and we can't change
+ * them once they're compiled.
+ *
+ * One solution for this problem is to do the DES encryption as a system
+ * call; no programs need to be changed and we can even supply the DES
+ * support as an LKM. But this bloats the kernel. Maybe if we have
+ * Secure NFS one day this will be worth it, but for now we should keep
+ * this mess in user space.
+ *
+ * So we have this second solution: we provide a server that does the
+ * DES encryption for us. In this case, the server is keyserv (we need
+ * it to make Secure RPC work anyway) and we use this protocol to ship
+ * the data back and forth between keyserv and the application.
+ */
+
+enum des_dir { ENCRYPT_DES, DECRYPT_DES };
+enum des_mode { CBC_DES, ECB_DES };
+
+struct desargs {
+ u_char des_key[8]; /* key (with low bit parity) */
+ des_dir des_dir; /* direction */
+ des_mode des_mode; /* mode */
+ u_char des_ivec[8]; /* input vector */
+ opaque desbuf<>;
+};
+
+struct desresp {
+ opaque desbuf<>;
+ u_char des_ivec[8];
+ int stat;
+};
+
+program CRYPT_PROG {
+ version CRYPT_VERS {
+ desresp
+ DES_CRYPT(desargs) = 1;
+ } = 1;
+} = 600100029;
diff --git a/tirpc/rpcsvc/key_prot.x b/tirpc/rpcsvc/key_prot.x
new file mode 100644
index 0000000..9baf943
--- /dev/null
+++ b/tirpc/rpcsvc/key_prot.x
@@ -0,0 +1,283 @@
+/*
+ * Key server protocol definition
+ * Copyright (c) 2010, Oracle America, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following
+ * disclaimer in the documentation and/or other materials
+ * provided with the distribution.
+ * * Neither the name of the "Oracle America, Inc." nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The keyserver is a public key storage/encryption/decryption service
+ * The encryption method used is based on the Diffie-Hellman exponential
+ * key exchange technology.
+ *
+ * The key server is local to each machine, akin to the portmapper.
+ * Under TI-RPC, communication with the keyserver is through the
+ * loopback transport.
+ *
+ * NOTE: This .x file generates the USER level headers for the keyserver.
+ * the KERNEL level headers are created by hand as they kernel has special
+ * requirements.
+ */
+
+%#if 0
+%#pragma ident "@(#)key_prot.x 1.7 94/04/29 SMI"
+%#endif
+%
+%/* Copyright (c) 1990, 1991 Sun Microsystems, Inc. */
+%
+%/*
+% * Compiled from key_prot.x using rpcgen.
+% * DO NOT EDIT THIS FILE!
+% * This is NOT source code!
+% */
+
+/*
+ * PROOT and MODULUS define the way the Diffie-Hellman key is generated.
+ *
+ * MODULUS should be chosen as a prime of the form: MODULUS == 2*p + 1,
+ * where p is also prime.
+ *
+ * PROOT satisfies the following two conditions:
+ * (1) (PROOT ** 2) % MODULUS != 1
+ * (2) (PROOT ** p) % MODULUS != 1
+ *
+ */
+
+const PROOT = 3;
+const HEXMODULUS = "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b";
+
+const HEXKEYBYTES = 48; /* HEXKEYBYTES == strlen(HEXMODULUS) */
+const KEYSIZE = 192; /* KEYSIZE == bit length of key */
+const KEYBYTES = 24; /* byte length of key */
+
+/*
+ * The first 16 hex digits of the encrypted secret key are used as
+ * a checksum in the database.
+ */
+const KEYCHECKSUMSIZE = 16;
+
+/*
+ * status of operation
+ */
+enum keystatus {
+ KEY_SUCCESS, /* no problems */
+ KEY_NOSECRET, /* no secret key stored */
+ KEY_UNKNOWN, /* unknown netname */
+ KEY_SYSTEMERR /* system error (out of memory, encryption failure) */
+};
+
+typedef opaque keybuf[HEXKEYBYTES]; /* store key in hex */
+
+typedef string netnamestr<MAXNETNAMELEN>;
+
+/*
+ * Argument to ENCRYPT or DECRYPT
+ */
+struct cryptkeyarg {
+ netnamestr remotename;
+ des_block deskey;
+};
+
+/*
+ * Argument to ENCRYPT_PK or DECRYPT_PK
+ */
+struct cryptkeyarg2 {
+ netnamestr remotename;
+ netobj remotekey; /* Contains a length up to 1024 bytes */
+ des_block deskey;
+};
+
+
+/*
+ * Result of ENCRYPT, DECRYPT, ENCRYPT_PK, and DECRYPT_PK
+ */
+union cryptkeyres switch (keystatus status) {
+case KEY_SUCCESS:
+ des_block deskey;
+default:
+ void;
+};
+
+const MAXGIDS = 16; /* max number of gids in gid list */
+
+/*
+ * Unix credential
+ */
+struct unixcred {
+ u_int uid;
+ u_int gid;
+ u_int gids<MAXGIDS>;
+};
+
+/*
+ * Result returned from GETCRED
+ */
+union getcredres switch (keystatus status) {
+case KEY_SUCCESS:
+ unixcred cred;
+default:
+ void;
+};
+/*
+ * key_netstarg;
+ */
+
+struct key_netstarg {
+ keybuf st_priv_key;
+ keybuf st_pub_key;
+ netnamestr st_netname;
+};
+
+union key_netstres switch (keystatus status){
+case KEY_SUCCESS:
+ key_netstarg knet;
+default:
+ void;
+};
+
+#ifdef RPC_HDR
+%
+%#ifndef opaque
+%#define opaque char
+%#endif
+%
+#endif
+program KEY_PROG {
+ version KEY_VERS {
+
+ /*
+ * This is my secret key.
+ * Store it for me.
+ */
+ keystatus
+ KEY_SET(keybuf) = 1;
+
+ /*
+ * I want to talk to X.
+ * Encrypt a conversation key for me.
+ */
+ cryptkeyres
+ KEY_ENCRYPT(cryptkeyarg) = 2;
+
+ /*
+ * X just sent me a message.
+ * Decrypt the conversation key for me.
+ */
+ cryptkeyres
+ KEY_DECRYPT(cryptkeyarg) = 3;
+
+ /*
+ * Generate a secure conversation key for me
+ */
+ des_block
+ KEY_GEN(void) = 4;
+
+ /*
+ * Get me the uid, gid and group-access-list associated
+ * with this netname (for kernel which cannot use NIS)
+ */
+ getcredres
+ KEY_GETCRED(netnamestr) = 5;
+ } = 1;
+ version KEY_VERS2 {
+
+ /*
+ * #######
+ * Procedures 1-5 are identical to version 1
+ * #######
+ */
+
+ /*
+ * This is my secret key.
+ * Store it for me.
+ */
+ keystatus
+ KEY_SET(keybuf) = 1;
+
+ /*
+ * I want to talk to X.
+ * Encrypt a conversation key for me.
+ */
+ cryptkeyres
+ KEY_ENCRYPT(cryptkeyarg) = 2;
+
+ /*
+ * X just sent me a message.
+ * Decrypt the conversation key for me.
+ */
+ cryptkeyres
+ KEY_DECRYPT(cryptkeyarg) = 3;
+
+ /*
+ * Generate a secure conversation key for me
+ */
+ des_block
+ KEY_GEN(void) = 4;
+
+ /*
+ * Get me the uid, gid and group-access-list associated
+ * with this netname (for kernel which cannot use NIS)
+ */
+ getcredres
+ KEY_GETCRED(netnamestr) = 5;
+
+ /*
+ * I want to talk to X. and I know X's public key
+ * Encrypt a conversation key for me.
+ */
+ cryptkeyres
+ KEY_ENCRYPT_PK(cryptkeyarg2) = 6;
+
+ /*
+ * X just sent me a message. and I know X's public key
+ * Decrypt the conversation key for me.
+ */
+ cryptkeyres
+ KEY_DECRYPT_PK(cryptkeyarg2) = 7;
+
+ /*
+ * Store my public key, netname and private key.
+ */
+ keystatus
+ KEY_NET_PUT(key_netstarg) = 8;
+
+ /*
+ * Retrieve my public key, netname and private key.
+ */
+ key_netstres
+ KEY_NET_GET(void) = 9;
+
+ /*
+ * Return me the conversation key that is constructed
+ * from my secret key and this publickey.
+ */
+
+ cryptkeyres
+ KEY_GET_CONV(keybuf) = 10;
+
+
+ } = 2;
+} = 100029;