/* * auth_delkeys - delete non-autokey untrusted keys, and clear all info * except the trusted bit of non-autokey trusted keys, in * preparation for rereading the keys file. */ void auth_delkeys(void) { symkey * sk; ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey) if (sk->keyid > NTP_MAXKEY) { /* autokey */ continue; } /* * Don't lose info as to which keys are trusted. Make * sure there are no dangling pointers! */ if (KEY_TRUSTED & sk->flags) { if (sk->secret != NULL) { memset(sk->secret, 0, sk->secretsize); free(sk->secret); sk->secret = NULL; /* TALOS-CAN-0054 */ } sk->secretsize = 0; sk->lifetime = 0; } else { freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]); } ITER_DLIST_END() }
/* * auth_agekeys - delete keys whose lifetimes have expired */ void auth_agekeys(void) { symkey * sk; ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey) if (sk->lifetime > 0 && current_time > sk->lifetime) { freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]); authkeyexpired++; } ITER_DLIST_END() DPRINTF(1, ("auth_agekeys: at %lu keys %lu expired %lu\n", current_time, authnumkeys, authkeyexpired)); }
static void free_auth_mem(void) { symkey * sk; symkey_alloc * alloc; symkey_alloc * next_alloc; while (NULL != (sk = HEAD_DLIST(key_listhead, llink))) { freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]); } free(key_hash); key_hash = NULL; cache_keyid = 0; cache_flags = 0; for (alloc = authallocs; alloc != NULL; alloc = next_alloc) { next_alloc = alloc->link; free(alloc->mem); } authfreekeys = NULL; authnumfreekeys = 0; }
/* * auth_delkeys - delete untrusted keys, and clear all info * except the trusted bit of trusted keys, in * preparation for rereading the keys file. */ void auth_delkeys(void) { symkey * sk; ITER_DLIST_BEGIN(key_listhead, sk, llink, symkey) /* * Don't lose info as to which keys are trusted. */ if (KEY_TRUSTED & sk->flags) { if (sk->secret != NULL) { memset(sk->secret, '\0', sk->secretsize); free(sk->secret); sk->secret = NULL; } sk->secretsize = 0; sk->lifetime = 0; } else { freesymkey(sk, &key_hash[KEYHASH(sk->keyid)]); } ITER_DLIST_END() }
/* * authtrust - declare a key to be trusted/untrusted */ void authtrust( keyid_t id, u_long trust ) { symkey ** bucket; symkey * sk; u_long lifetime; /* * Search bin for key; if it does not exist and is untrusted, * forget it. */ bucket = &key_hash[KEYHASH(id)]; for (sk = *bucket; sk != NULL; sk = sk->hlink) { if (id == sk->keyid) break; } if (!trust && NULL == sk) return; /* * There are two conditions remaining. Either it does not * exist and is to be trusted or it does exist and is or is * not to be trusted. */ if (sk != NULL) { if (cache_keyid == id) { cache_flags = 0; cache_keyid = 0; } /* * Key exists. If it is to be trusted, say so and * update its lifetime. */ if (trust > 0) { sk->flags |= KEY_TRUSTED; if (trust > 1) sk->lifetime = current_time + trust; else sk->lifetime = 0; return; } /* No longer trusted, return it to the free list. */ freesymkey(sk, bucket); return; } /* * keyid is not present, but the is to be trusted. We allocate * a new key, but do not specify a key type or secret. */ if (trust > 1) { lifetime = current_time + trust; } else { lifetime = 0; } allocsymkey(bucket, id, KEY_TRUSTED, 0, lifetime, 0, NULL); }