Whine if single-DES keys are in use

If we are using single-DES keys in our KeyFile, yell at the administrator, so they have a chance at realizing that they should migrate to stronger crypto. Change-Id: Ic37d9e1cea7ee7e12594be0dec02000f11efc896 Reviewed-on: http://gerrit.openafs.org/10273 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
2025-01-31 05:27:44 +00:00 · 2013-09-25 00:25:48 -05:00 · 2013-09-25 00:25:48 -05:00 · 4212c7e604
commit 4212c7e604
parent d83c1231cf
7 changed files with 27 additions and 0 deletions
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@ -568,6 +568,9 @@ main(int argc, char **argv)
 		   "1.0",
 #endif
 		   "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }

    rx_StartServer(1);
    osi_audit(PTS_FinishEvent, -1, AUD_END);
--- a/src/util/afsutil_prototypes.h
+++ b/src/util/afsutil_prototypes.h
@ -135,6 +135,7 @@ extern int LogThreadNum(void);
 extern void LogCommandLine(int argc, char **argv, const char *progname,
 			   const char *version, const char *logstring,
 			   void (*log) (const char *format, ...));
+extern void LogDesWarning(void);

 /* snprintf.c */

--- a/src/util/liboafs_util.la.sym
+++ b/src/util/liboafs_util.la.sym
@ -5,6 +5,7 @@ BufioOpen
 FSLog
 Int32To_ktimeRelDate
 LogCommandLine
+LogDesWarning
 LogLevel
 LogThreadNum
 OpenLog
--- a/src/util/serverLog.c
+++ b/src/util/serverLog.c
@ -180,6 +180,19 @@ LogCommandLine(int argc, char **argv, const char *progname,
    }
 }

+void
+LogDesWarning(void)
+{
+    /* The blank newlines help this stand out a bit more in the log. */
+    ViceLog(0, ("\n"));
+    ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n"));
+    ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n"));
+    ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n"));
+    ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n"));
+    ViceLog(0, ("WARNING: for details.\n"));
+    ViceLog(0, ("\n"));
+}
+
 static void*
 DebugOn(void *param)
 {
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@ -1891,6 +1891,9 @@ main(int argc, char *argv[])
    SetupLogSignals();

    LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
+    if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }

 #if !defined(AFS_NT40_ENV)
    /* initialize the pthread soft signal handler thread */
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@ -469,6 +469,9 @@ main(int argc, char **argv)
    rx_SetMaxProcs(tservice, 4);

    LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
    VLog(0, ("%s\n", cml_version_number));

    /* allow super users to manage RX statistics */
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@ -593,6 +593,9 @@ main(int argc, char **argv)

    LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
 		   Log);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
    if (TTsleep) {
 	Log("Will sleep %d second%s every %d second%s\n", TTsleep,
 	    (TTsleep > 1) ? "s" : "", TTrun + TTsleep,