/*ARGSUSED*/
static bool_t
authdes_refresh(AUTH *auth, void *dummy)
{
/* LINTED pointer alignment */
struct ad_private *ad = AUTH_PRIVATE(auth);
struct authdes_cred *cred = &ad->ad_cred;
int ok;
netobj pkey;
if (ad->ad_dosync) {
ok = __rpc_get_time_offset(&ad->ad_timediff, ad->ad_nis_srvr,
ad->ad_timehost, &(ad->ad_uaddr),
&(ad->ad_netid));
if (! ok) {
/*
* Hope the clocks are synced!
*/
ad->ad_dosync = 0;
syslog(LOG_DEBUG,
"authdes_refresh: unable to synchronize clock");
}
}
ad->ad_xkey = auth->ah_key;
pkey.n_bytes = (char *)(ad->ad_pkey);
pkey.n_len = (u_int)strlen((char *)ad->ad_pkey) + 1;
if (key_encryptsession_pk(ad->ad_servername, &pkey, &ad->ad_xkey) < 0) {
syslog(LOG_INFO,
"authdes_refresh: keyserv(1m) is unable to encrypt session key");
return (FALSE);
}
cred->adc_fullname.key = ad->ad_xkey;
cred->adc_namekind = ADN_FULLNAME;
cred->adc_fullname.name = ad->ad_fullname;
return (TRUE);
}
/*
* 4. Refresh
*/
static bool_t
authdes_refresh (AUTH *auth)
{
netobj pkey;
struct ad_private *ad = AUTH_PRIVATE (auth);
struct authdes_cred *cred = &ad->ad_cred;
if (ad->ad_dosync && !synchronize (&ad->ad_syncaddr, &ad->ad_timediff))
{
/*
* Hope the clocks are synced!
*/
ad->ad_timediff.tv_sec = ad->ad_timediff.tv_usec = 0;
debug ("authdes_refresh: unable to synchronize with server");
}
ad->ad_xkey = auth->ah_key;
pkey.n_bytes = (char *) (ad->ad_pkey);
pkey.n_len = strlen ((char *) ad->ad_pkey) + 1;
if (key_encryptsession_pk (ad->ad_servername, &pkey, &ad->ad_xkey) < 0)
{
debug ("authdes_create: unable to encrypt conversation key");
return FALSE;
}
cred->adc_fullname.key = ad->ad_xkey;
cred->adc_namekind = ADN_FULLNAME;
cred->adc_fullname.name = ad->ad_fullname;
return TRUE;
}
int
key_encryptsession_pk_g(
const char *remotename,
const char *remotekey,
keylen_t remotekeylen,
algtype_t algtype,
des_block deskey[],
keynum_t keynum
)
{
cryptkeyarg3 arg;
cryptkeyres3 res;
if (CLASSIC_PK_DH(remotekeylen, algtype)) {
int i;
netobj npk;
npk.n_len = remotekeylen/4 + 1;
npk.n_bytes = (char *)remotekey;
for (i = 0; i < keynum; i++) {
if (key_encryptsession_pk(remotename, &npk, &deskey[i]))
return (-1);
}
return (0);
}
arg.remotename = (char *)remotename;
arg.remotekey.keybuf3_len = remotekeylen/4 + 1;
arg.remotekey.keybuf3_val = (char *)remotekey;
arg.keylen = remotekeylen;
arg.algtype = algtype;
arg.deskey.deskeyarray_len = keynum;
arg.deskey.deskeyarray_val = deskey;
(void) memset(&res, 0, sizeof (res));
res.cryptkeyres3_u.deskey.deskeyarray_val = deskey;
if (!key_call((rpcproc_t)KEY_ENCRYPT_PK_3,
xdr_cryptkeyarg3, (char *)&arg,
xdr_cryptkeyres3, (char *)&res))
return (-1);
if (res.status != KEY_SUCCESS) {
debug("encrypt3 status is nonzero");
return (-1);
}
if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) {
debug("number of keys don't match");
return (-1);
}
return (0);
}
