From ecdf56e7d9b4d90b09bd0f72ab02cd7893495127 Mon Sep 17 00:00:00 2001 From: Philippe Charnier Date: Tue, 23 Sep 1997 06:36:27 +0000 Subject: [PATCH] Use err(3). Put includes in alphabetical order. Rewrote man page in mdoc format. Document -v and -p flags. --- usr.sbin/keyserv/crypt_server.c | 15 +++-- usr.sbin/keyserv/keyserv.8 | 102 ++++++++++++++++--------------- usr.sbin/keyserv/keyserv.c | 105 ++++++++++++-------------------- usr.sbin/keyserv/keyserv_uid.c | 11 ++-- usr.sbin/keyserv/setkey.c | 12 +++- 5 files changed, 113 insertions(+), 132 deletions(-) diff --git a/usr.sbin/keyserv/crypt_server.c b/usr.sbin/keyserv/crypt_server.c index 620ceaa4e66f..ff3f46098338 100644 --- a/usr.sbin/keyserv/crypt_server.c +++ b/usr.sbin/keyserv/crypt_server.c @@ -28,25 +28,24 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id: crypt_server.c,v 1.1.1.1 1997/05/28 15:44:22 wpaul Exp $ */ -#include #include #include -#include #include +#include #include +#include +#include +#include #include #include -#include -#include #include "crypt.h" #ifndef lint -static const char rcsid[] = "$Id: crypt_server.c,v 1.1.1.1 1997/05/28 15:44:22 wpaul Exp $"; -#endif +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ /* * The U.S. government stupidly believes that a) it can keep strong diff --git a/usr.sbin/keyserv/keyserv.8 b/usr.sbin/keyserv/keyserv.8 index 0ae24c4a0a5c..48eac9b4fab6 100644 --- a/usr.sbin/keyserv/keyserv.8 +++ b/usr.sbin/keyserv/keyserv.8 @@ -1,77 +1,79 @@ .\" @(#)keyserv.1m 1.21 93/07/14 SMI; from SVr4 -'\"macro stdmacro +.\"macro stdmacro .\" Copyright 1989 AT&T .\" @(#)keyserv.8c 1.8 89/03/29 SMI; .\".TH KEYSERV 8C "9 September 1987" -.nr X -.TH keyserv 1M "14 Sep 1992" -.SH NAME -keyserv \- server for storing private encryption keys -.SH SYNOPSIS -.B keyserv -[ -.B \-d -] [ -.B \-D -] [ -.B \-n -] -.SH AVAILABILITY -.LP +.Dd September 14, 1992 +.Dt KEYSERV 8 +.Os +.Sh NAME +.Nm keyserv +.Nd server for storing private encryption keys +.Sh SYNOPSIS +.Nm keyserv +.Op Fl d +.Op Fl D +.Op Fl n +.Op Fl p Ar path +.Op Fl v +.Sh AVAILABILITY SUNWcsu -.SH DESCRIPTION -.IX "keyserv" "" "\fLkeyserv\fP \(em server for storing private encryption keys" -.IX "NFS security" "server for storing private encryption keys" "" "server for storing private encryption keys \(em \fLkeyserv\fP" -.IX "encryption keys" "server for storing private keys" "" "server for storing private keys \(em \fLkeyserv\fP" -.LP -.B keyserv +.Sh DESCRIPTION +.Nm Keyserv is a daemon that is used for storing the private encryption keys of each user logged into the system. These encryption keys are used for accessing secure network services such as secure NFS. -.P +.Pp Normally, root's key is read from the file -.B /etc/.rootkey +.Pa /etc/.rootkey when the daemon is started. This is useful during power-fail reboots when no one is around to type a password. -.P +.Pp If a client with no secret key calls -.BR keyserv , +.Nm keyserv , then the key of user -.B nobody +.Em nobody is used instead as the default key. -.SH OPTIONS -.TP 10 -.B \-d +.Pp +The following options are available: +.Bl -tag -width indent +.It Fl d Disable the use of default keys for -.BR nobody . -.TP -.B \-D +.Em nobody . +.It Fl D Run in debugging mode and log all requests to -.BR keyserv . -.TP -.B \-n +.Nm keyserv . +.It Fl n Root's secret key is not read from -.BR /etc/.rootkey . +.Pa /etc/.rootkey . Instead, -.B keyserv +.Nm prompts the user for the password to decrypt root's key stored in the -.B /etc/publickey +.Pa /etc/publickey database and then stores the decrypted key in -.B /etc/.rootkey +.Pa /etc/.rootkey for future use. This option is useful if the -.B /etc/.rootkey +.Pa /etc/.rootkey file ever gets out of date or corrupted. -.SH FILES -.PD 0 -.TP 20 -.B /etc/.rootkey -.PD -.SH "SEE ALSO" -.BR keylogin (1), -.BR keylogout (1), -.BR publickey (5) +.It Fl p Ar path +Specify where to search for +.Pa libdes.so.3 . +Default is +.Pa /usr/lib . +.It Fl v +Display status of DES support (enabled/disabled). +.El +.Sh FILES +.Bl -tag -width /usr/lib/libdes.so.3. -compact +.It Pa /etc/.rootkey +.It Pa /usr/lib/libdes.so.3. +.El +.Sh "SEE ALSO" +.Xr keylogin 1 , +.Xr keylogout 1 , +.Xr publickey 5 diff --git a/usr.sbin/keyserv/keyserv.c b/usr.sbin/keyserv/keyserv.c index fcf709018a23..e49dded7280c 100644 --- a/usr.sbin/keyserv/keyserv.c +++ b/usr.sbin/keyserv/keyserv.c @@ -27,7 +27,13 @@ * Mountain View, California 94043 */ -#pragma ident "@(#)keyserv.c 1.15 94/04/25 SMI" +#ifndef lint +#if 0 +static char sccsid[] = "@(#)keyserv.c 1.15 94/04/25 SMI"; +#endif +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ /* * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. @@ -41,18 +47,18 @@ * process on the local transport only */ +#include +#include #include #include -#include -#include #include +#include #include #include #include #include #include #include -#include #include #include #include @@ -107,8 +113,6 @@ main(argc, argv) char *argv[]; { int nflag = 0; - extern char *optarg; - extern int optind; int c; register SVCXPRT *transp; int sock = RPC_ANYSOCK; @@ -142,10 +146,8 @@ main(argc, argv) load_des(warn, path); __des_crypt_LOCAL = _my_crypt; - if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1) { - fprintf(stderr, "failed to register AUTH_DES authenticator\n"); - exit(1); - } + if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1) + errx(1, "failed to register AUTH_DES authenticator"); if (optind != argc) { usage(); @@ -155,10 +157,8 @@ main(argc, argv) * Initialize */ (void) umask(066); /* paranoia */ - if (geteuid() != 0) { - (void) fprintf(stderr, "%s must be run as root\n", argv[0]); - exit(1); - } + if (geteuid() != 0) + errx(1, "keyserv must be run as root"); setmodulus(HEXMODULUS); getrootkey(&masterkey, nflag); @@ -170,51 +170,31 @@ main(argc, argv) unlink(KEYSERVSOCK); transp = svcudp_create(RPC_ANYSOCK); - if (transp == NULL) { - fprintf(stderr, "cannot create udp service."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, IPPROTO_UDP)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS, udp)."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, IPPROTO_UDP)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS2, udp)."); - exit(1); - } + if (transp == NULL) + errx(1, "cannot create udp service"); + if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, IPPROTO_UDP)) + errx(1, "unable to register (KEY_PROG, KEY_VERS, udp)"); + if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, IPPROTO_UDP)) + errx(1, "unable to register (KEY_PROG, KEY_VERS2, udp)"); transp = svctcp_create(RPC_ANYSOCK, 0, 0); - if (transp == NULL) { - fprintf(stderr, "cannot create tcp service."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, IPPROTO_TCP)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS, tcp)."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, IPPROTO_TCP)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS2, tcp)."); - exit(1); - } + if (transp == NULL) + errx(1, "cannot create tcp service"); + if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, IPPROTO_TCP)) + errx(1, "unable to register (KEY_PROG, KEY_VERS, tcp)"); + if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, IPPROTO_TCP)) + errx(1, "unable to register (KEY_PROG, KEY_VERS2, tcp)"); transp = svcunix_create(sock, 0, 0, KEYSERVSOCK); chmod(KEYSERVSOCK, 0666); - if (transp == NULL) { - fprintf(stderr, "cannot create AF_UNIX service."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, 0)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS, unix)."); - exit(1); - } - if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, 0)) { - fprintf(stderr, "unable to register (KEY_PROG, KEY_VERS2, unix)."); - exit(1); - } - if (!svc_register(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, 0)) { - fprintf(stderr, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)."); - exit(1); - } + if (transp == NULL) + errx(1, "cannot create AF_UNIX service"); + if (!svc_register(transp, KEY_PROG, KEY_VERS, keyprogram, 0)) + errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)"); + if (!svc_register(transp, KEY_PROG, KEY_VERS2, keyprogram, 0)) + errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)"); + if (!svc_register(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, 0)) + errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)"); if (!debugging) { daemon(0,0); @@ -286,24 +266,21 @@ getrootkey(master, prompt) return (0); } if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) { - (void) fprintf(stderr, - "keyserv: the key read from %s was too short.\n", - ROOTKEY); + warnx("the key read from %s was too short", ROOTKEY); (void) close(fd); return (0); } (void) close(fd); if (!getnetname(name)) { - (void) fprintf(stderr, "keyserv: \ -failed to generate host's netname when establishing root's key.\n"); + warnx( + "failed to generate host's netname when establishing root's key"); return (0); } memcpy(netstore.st_priv_key, secret, HEXKEYBYTES); memset(netstore.st_pub_key, 0, HEXKEYBYTES); netstore.st_netname = name; if (pk_netput(0, &netstore) != KEY_SUCCESS) { - (void) fprintf(stderr, - "keyserv: could not set root's key and netname.\n"); + warnx("could not set root's key and netname"); return (0); } return (1); @@ -315,13 +292,11 @@ failed to generate host's netname when establishing root's key.\n"); passwd2des(passwd, (char *)master); getnetname(name); if (!getsecretkey(name, secret, passwd)) { - (void) fprintf(stderr, - "Can't find %s's secret key\n", name); + warnx("can't find %s's secret key", name); return (0); } if (secret[0] == 0) { - (void) fprintf(stderr, - "Password does not decrypt secret key for %s\n", name); + warnx("password does not decrypt secret key for %s", name); return (0); } (void) pk_setkey(0, secret); diff --git a/usr.sbin/keyserv/keyserv_uid.c b/usr.sbin/keyserv/keyserv_uid.c index f38e3b075995..add3d33bc831 100644 --- a/usr.sbin/keyserv/keyserv_uid.c +++ b/usr.sbin/keyserv/keyserv_uid.c @@ -28,24 +28,23 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $Id: keyserv_uid.c,v 1.13 1997/01/19 20:23:05 wpaul Exp $ */ +#include #include -#include #include +#include +#include #include #include -#include #include #include -#include #include "keyserv.h" #ifndef lint -static const char rcsid[] = "$Id: keyserv_uid.c,v 1.13 1997/01/19 20:23:05 wpaul Exp $"; +static const char rcsid[] = + "$Id$"; #endif /* diff --git a/usr.sbin/keyserv/setkey.c b/usr.sbin/keyserv/setkey.c index bdafae9ba4d8..8403913c5f69 100644 --- a/usr.sbin/keyserv/setkey.c +++ b/usr.sbin/keyserv/setkey.c @@ -27,7 +27,13 @@ * Mountain View, California 94043 */ -#pragma ident "@(#)setkey.c 1.11 94/04/25 SMI" +#ifndef lint +#if 0 +static char sccsid[] = "@(#)setkey.c 1.11 94/04/25 SMI"; +#endif +static const char rcsid[] = + "$Id$"; +#endif /* not lint */ /* * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. @@ -39,17 +45,17 @@ * and use them to decrypt and encrypt DES keys. * Cache the common keys, so the expensive computation is avoided. */ +#include #include #include +#include #include #include -#include #include #include #include #include #include -#include #include "keyserv.h" static MINT *MODULUS;