/*ARGSUSED*/ static bool_t authdes_refresh(AUTH *auth, void *dummy) { /* LINTED pointer alignment */ struct ad_private *ad = AUTH_PRIVATE(auth); struct authdes_cred *cred = &ad->ad_cred; int ok; netobj pkey; if (ad->ad_dosync) { ok = __rpc_get_time_offset(&ad->ad_timediff, ad->ad_nis_srvr, ad->ad_timehost, &(ad->ad_uaddr), &(ad->ad_netid)); if (! ok) { /* * Hope the clocks are synced! */ ad->ad_dosync = 0; syslog(LOG_DEBUG, "authdes_refresh: unable to synchronize clock"); } } ad->ad_xkey = auth->ah_key; pkey.n_bytes = (char *)(ad->ad_pkey); pkey.n_len = (u_int)strlen((char *)ad->ad_pkey) + 1; if (key_encryptsession_pk(ad->ad_servername, &pkey, &ad->ad_xkey) < 0) { syslog(LOG_INFO, "authdes_refresh: keyserv(1m) is unable to encrypt session key"); return (FALSE); } cred->adc_fullname.key = ad->ad_xkey; cred->adc_namekind = ADN_FULLNAME; cred->adc_fullname.name = ad->ad_fullname; return (TRUE); }
/* * 4. Refresh */ static bool_t authdes_refresh (AUTH *auth) { netobj pkey; struct ad_private *ad = AUTH_PRIVATE (auth); struct authdes_cred *cred = &ad->ad_cred; if (ad->ad_dosync && !synchronize (&ad->ad_syncaddr, &ad->ad_timediff)) { /* * Hope the clocks are synced! */ ad->ad_timediff.tv_sec = ad->ad_timediff.tv_usec = 0; debug ("authdes_refresh: unable to synchronize with server"); } ad->ad_xkey = auth->ah_key; pkey.n_bytes = (char *) (ad->ad_pkey); pkey.n_len = strlen ((char *) ad->ad_pkey) + 1; if (key_encryptsession_pk (ad->ad_servername, &pkey, &ad->ad_xkey) < 0) { debug ("authdes_create: unable to encrypt conversation key"); return FALSE; } cred->adc_fullname.key = ad->ad_xkey; cred->adc_namekind = ADN_FULLNAME; cred->adc_fullname.name = ad->ad_fullname; return TRUE; }
int key_encryptsession_pk_g( const char *remotename, const char *remotekey, keylen_t remotekeylen, algtype_t algtype, des_block deskey[], keynum_t keynum ) { cryptkeyarg3 arg; cryptkeyres3 res; if (CLASSIC_PK_DH(remotekeylen, algtype)) { int i; netobj npk; npk.n_len = remotekeylen/4 + 1; npk.n_bytes = (char *)remotekey; for (i = 0; i < keynum; i++) { if (key_encryptsession_pk(remotename, &npk, &deskey[i])) return (-1); } return (0); } arg.remotename = (char *)remotename; arg.remotekey.keybuf3_len = remotekeylen/4 + 1; arg.remotekey.keybuf3_val = (char *)remotekey; arg.keylen = remotekeylen; arg.algtype = algtype; arg.deskey.deskeyarray_len = keynum; arg.deskey.deskeyarray_val = deskey; (void) memset(&res, 0, sizeof (res)); res.cryptkeyres3_u.deskey.deskeyarray_val = deskey; if (!key_call((rpcproc_t)KEY_ENCRYPT_PK_3, xdr_cryptkeyarg3, (char *)&arg, xdr_cryptkeyres3, (char *)&res)) return (-1); if (res.status != KEY_SUCCESS) { debug("encrypt3 status is nonzero"); return (-1); } if (res.cryptkeyres3_u.deskey.deskeyarray_len != keynum) { debug("number of keys don't match"); return (-1); } return (0); }