Whine if single-DES keys are in use

If we are using single-DES keys in our KeyFile, yell at the administrator, so they have a chance at realizing that they should migrate to stronger crypto. Reviewed-on: http://gerrit.openafs.org/10273 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> (cherry picked from commit 4212c7e604bebcb8f20b67c60323263231611bfb) Change-Id: I00b47889e7e79819a3c5d347349686e5d2da30e8 Reviewed-on: http://gerrit.openafs.org/10274 Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net> Tested-by: Michael Meffie <mmeffie@sinenomine.net> Reviewed-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com> Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
2025-01-31 05:27:44 +00:00 · 2013-09-25 00:25:48 -05:00 · 2013-09-25 00:25:48 -05:00 · 8e39eaa93a
commit 8e39eaa93a
parent ea4018f9ee
6 changed files with 26 additions and 0 deletions
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@ -550,6 +550,9 @@ main(int argc, char **argv)
 		   "1.0",
 #endif
 		   "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }

    rx_StartServer(1);
    osi_audit(PTS_FinishEvent, -1, AUD_END);
--- a/src/util/afsutil_prototypes.h
+++ b/src/util/afsutil_prototypes.h
@ -178,6 +178,7 @@ extern int LogThreadNum(void);
 extern void LogCommandLine(int argc, char **argv, const char *progname,
 			   const char *version, const char *logstring,
 			   void (*log) (const char *format, ...));
+extern void LogDesWarning(void);

 /* snprintf.c */

--- a/src/util/serverLog.c
+++ b/src/util/serverLog.c
@ -197,6 +197,19 @@ LogCommandLine(int argc, char **argv, const char *progname,
    }
 }

+void
+LogDesWarning(void)
+{
+    /* The blank newlines help this stand out a bit more in the log. */
+    ViceLog(0, ("\n"));
+    ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n"));
+    ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n"));
+    ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n"));
+    ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n"));
+    ViceLog(0, ("WARNING: for details.\n"));
+    ViceLog(0, ("\n"));
+}
+
 static void*
 DebugOn(void *param)
 {
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@ -2028,6 +2028,9 @@ main(int argc, char *argv[])
 	exit(-1);
    }
    LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
+    if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }

 #if defined(AFS_PTHREAD_ENV) && !defined(AFS_NT40_ENV)
    /* initialize the pthread soft signal handler thread */
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@ -400,6 +400,9 @@ main(int argc, char **argv)
    rx_SetMaxProcs(tservice, 4);

    LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
    printf("%s\n", cml_version_number);	/* Goes to the log */

    /* allow super users to manage RX statistics */
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@ -564,6 +564,9 @@ main(int argc, char **argv)

    LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
 		   Log);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+	LogDesWarning();
+    }
    if (TTsleep) {
 	Log("Will sleep %d second%s every %d second%s\n", TTsleep,
 	    (TTsleep > 1) ? "s" : "", TTrun + TTsleep,