/*
* auth_delkeys - delete non-autokey untrusted keys, and clear all info
* except the trusted bit of non-autokey trusted keys, in
* preparation for rereading the keys file.
*/
void
auth_delkeys(void)
{
symkey * sk;
ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
if (sk->keyid > NTP_MAXKEY) { /* autokey */
continue;
}
/*
* Don't lose info as to which keys are trusted. Make
* sure there are no dangling pointers!
*/
if (KEY_TRUSTED & sk->flags) {
if (sk->secret != NULL) {
memset(sk->secret, 0, sk->secretsize);
free(sk->secret);
sk->secret = NULL; /* TALOS-CAN-0054 */
}
sk->secretsize = 0;
sk->lifetime = 0;
} else {
freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]);
}
ITER_DLIST_END()
}
/*
* auth_agekeys - delete keys whose lifetimes have expired
*/
void
auth_agekeys(void)
{
symkey * sk;
ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
if (sk->lifetime > 0 && current_time > sk->lifetime) {
freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]);
authkeyexpired++;
}
ITER_DLIST_END()
DPRINTF(1, ("auth_agekeys: at %lu keys %lu expired %lu\n",
current_time, authnumkeys, authkeyexpired));
}
static void
free_auth_mem(void)
{
symkey * sk;
symkey_alloc * alloc;
symkey_alloc * next_alloc;
while (NULL != (sk = HEAD_DLIST(key_listhead, llink))) {
freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]);
}
free(key_hash);
key_hash = NULL;
cache_keyid = 0;
cache_flags = 0;
for (alloc = authallocs; alloc != NULL; alloc = next_alloc) {
next_alloc = alloc->link;
free(alloc->mem);
}
authfreekeys = NULL;
authnumfreekeys = 0;
}
/*
* auth_delkeys - delete untrusted keys, and clear all info
* except the trusted bit of trusted keys, in
* preparation for rereading the keys file.
*/
void
auth_delkeys(void)
{
symkey * sk;
ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey)
/*
* Don't lose info as to which keys are trusted.
*/
if (KEY_TRUSTED & sk->flags) {
if (sk->secret != NULL) {
memset(sk->secret, '\0', sk->secretsize);
free(sk->secret);
sk->secret = NULL;
}
sk->secretsize = 0;
sk->lifetime = 0;
} else {
freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]);
}
ITER_DLIST_END()
}
/*
* authtrust - declare a key to be trusted/untrusted
*/
void
authtrust(
keyid_t id,
u_long trust
)
{
symkey ** bucket;
symkey * sk;
u_long lifetime;
/*
* Search bin for key; if it does not exist and is untrusted,
* forget it.
*/
bucket = &key_hash[KEYHASH(id)];
for (sk = *bucket; sk != NULL; sk = sk->hlink) {
if (id == sk->keyid)
break;
}
if (!trust && NULL == sk)
return;
/*
* There are two conditions remaining. Either it does not
* exist and is to be trusted or it does exist and is or is
* not to be trusted.
*/
if (sk != NULL) {
if (cache_keyid == id) {
cache_flags = 0;
cache_keyid = 0;
}
/*
* Key exists. If it is to be trusted, say so and
* update its lifetime.
*/
if (trust > 0) {
sk->flags |= KEY_TRUSTED;
if (trust > 1)
sk->lifetime = current_time + trust;
else
sk->lifetime = 0;
return;
}
/* No longer trusted, return it to the free list. */
freesymkey(sk, bucket);
return;
}
/*
* keyid is not present, but the is to be trusted. We allocate
* a new key, but do not specify a key type or secret.
*/
if (trust > 1) {
lifetime = current_time + trust;
} else {
lifetime = 0;
}
allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL);
}
