Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.1
1.1 ! provos 1: /*
! 2: * Transparent Cryptographic File System (TCFS) for NetBSD
! 3: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
! 4: *
! 5: * references: http://tcfs.dia.unisa.it
! 6: * tcfs-bsd@tcfs.unisa.it
! 7: */
! 8:
! 9: /*
! 10: * Base utility set v0.1
! 11: */
! 12:
! 13: #include <ctype.h>
! 14: #include <pwd.h>
! 15: #include <unistd.h>
! 16: #include <sys/types.h>
! 17: #include <sys/param.h>
! 18: #include <sys/mount.h>
! 19: #include <sys/ucred.h>
! 20: #include <des.h>
! 21: #include <miscfs/tcfs/tcfs.h>
! 22: #include <miscfs/tcfs/tcfs_cmd.h>
! 23:
! 24: #include "tcfsdefines.h"
! 25: #include "uuencode.h"
! 26:
! 27: int
! 28: tcfs_verify_fs(char *fs)
! 29: {
! 30: int ret;
! 31: struct statfs buf;
! 32:
! 33: ret = statfs(fs, &buf);
! 34:
! 35: if (ret)
! 36: return 0;
! 37:
! 38: if (!strcmp("tcfs", buf.f_fstypename))
! 39: return (1);
! 40: else
! 41: return (0);
! 42: }
! 43:
! 44: int
! 45: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
! 46: {
! 47: int i;
! 48: if (tcfs_verify_fs(filesystem))
! 49: i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg);
! 50: else
! 51: i = -1;
! 52:
! 53: return (i);
! 54: }
! 55:
! 56: int
! 57: tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
! 58: unsigned int flag)
! 59: {
! 60: int i = 0;
! 61: char pass[_PASSWORD_LEN], *cypher;
! 62: char tcfskey[KEYSIZE + 2];
! 63: des_key_schedule ks;
! 64: int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
! 65:
! 66: if (!tk)
! 67: return 0;
! 68:
! 69: strcpy (pass, pwd);
! 70:
! 71: if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1)
! 72: return 0;
! 73:
! 74: while (strlen (pass) < 8) {
! 75: char tmp[_PASSWORD_LEN];
! 76: strcpy (tmp, pass);
! 77: strcat (tmp, pass);
! 78: strcat (pass, tmp);
! 79: }
! 80:
! 81: while ((i*8) < keysize) {
! 82: des_set_key ((des_cblock *) pass, ks);
! 83:
! 84: des_ecb_encrypt ((des_cblock *) (tcfskey+i*8),
! 85: (des_cblock *) (tcfskey+i*8), ks, DES_DECRYPT);
! 86: i++;
! 87: }
! 88: memset (pass, 0, strlen (pass));
! 89:
! 90: memcpy (tk, tcfskey, keysize);
! 91: return 1;
! 92: }
! 93:
! 94: int
! 95: tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
! 96: unsigned int flag)
! 97: {
! 98: int i = 0;
! 99: char pass[_PASSWORD_LEN];
! 100: des_key_schedule ks;
! 101: int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE;
! 102:
! 103: if (!ek)
! 104: return 0;
! 105:
! 106: strcpy (pass, pw);
! 107:
! 108: while (strlen(pass) < 8) {
! 109: char tmp[_PASSWORD_LEN];
! 110:
! 111: strcpy (tmp, pass);
! 112: strcat (tmp, pass);
! 113: strcat (pass, tmp);
! 114: }
! 115:
! 116: while ((i*8) < keysize) {
! 117: des_set_key((des_cblock *) pass, ks);
! 118: des_ecb_encrypt((des_cblock *) (key + i * 8),
! 119: (des_cblock *) (key + i * 8), ks, DES_ENCRYPT);
! 120: i++;
! 121: }
! 122:
! 123: uuencode (key, keysize, ek, UUKEYSIZE);
! 124:
! 125: return 1;
! 126: }
! 127:
! 128: int tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
! 129: {
! 130: struct tcfs_args a;
! 131: a.user = user;
! 132: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
! 133: a.cmd = TCFS_PUT_UIDKEY;
! 134: return tcfs_callfunction(filesystem,&a);
! 135: }
! 136:
! 137: int tcfs_user_disable(char *filesystem, uid_t user)
! 138: {
! 139: struct tcfs_args a;
! 140: a.user = user;
! 141: a.cmd = TCFS_RM_UIDKEY;
! 142: return tcfs_callfunction(filesystem, &a);
! 143: }
! 144:
! 145: int tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
! 146: {
! 147: struct tcfs_args a;
! 148: a.user = user;
! 149: a.cmd = TCFS_PUT_PIDKEY;
! 150: a.proc = pid;
! 151: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
! 152: return tcfs_callfunction(filesystem, &a);
! 153: }
! 154:
! 155: int tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
! 156: {
! 157: struct tcfs_args a;
! 158: a.user = user;
! 159: a.cmd = TCFS_RM_PIDKEY;
! 160: a.proc = pid;
! 161: return tcfs_callfunction(filesystem, &a);
! 162: }
! 163:
! 164: int tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
! 165: int tre, char *key)
! 166: {
! 167: struct tcfs_args a;
! 168: a.cmd = TCFS_PUT_GIDKEY;
! 169: a.user = uid;
! 170: a.group = gid;
! 171: a.treshold = tre;
! 172: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
! 173: return tcfs_callfunction(filesystem,&a);
! 174: }
! 175:
! 176: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
! 177: {
! 178: struct tcfs_args a;
! 179: a.cmd = TCFS_RM_GIDKEY;
! 180: a.user = uid;
! 181: a.group = gid;
! 182: return tcfs_callfunction(filesystem,&a);
! 183: }
! 184:
! 185: