Annotation of src/usr.bin/tcfs/tcfs_keymaint.c, Revision 1.8
1.8 ! aaron 1: /* $OpenBSD: tcfs_keymaint.c,v 1.7 2000/06/19 20:35:47 fgsch Exp $ */
1.7 fgsch 2:
1.1 provos 3: /*
4: * Transparent Cryptographic File System (TCFS) for NetBSD
5: * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it]
6: *
7: * references: http://tcfs.dia.unisa.it
8: * tcfs-bsd@tcfs.unisa.it
9: */
10:
11: /*
12: * Base utility set v0.1
13: */
14:
15: #include <sys/types.h>
16: #include <sys/param.h>
17: #include <sys/mount.h>
18: #include <sys/ucred.h>
1.3 provos 19: #include <blf.h>
1.6 fgsch 20: #include <ctype.h>
21: #include <pwd.h>
22: #include <string.h>
23: #include <unistd.h>
1.3 provos 24:
1.1 provos 25: #include <miscfs/tcfs/tcfs.h>
26: #include <miscfs/tcfs/tcfs_cmd.h>
27:
28: #include "tcfsdefines.h"
29: #include "uuencode.h"
30:
31: int
32: tcfs_verify_fs(char *fs)
33: {
34: int ret;
35: struct statfs buf;
36:
37: ret = statfs(fs, &buf);
38:
39: if (ret)
1.8 ! aaron 40: return (0);
1.1 provos 41:
42: if (!strcmp("tcfs", buf.f_fstypename))
43: return (1);
44: else
45: return (0);
46: }
47:
48: int
49: tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
50: {
51: int i;
1.8 ! aaron 52:
1.1 provos 53: if (tcfs_verify_fs(filesystem))
1.8 ! aaron 54: i = mount("tcfs", filesystem, MNT_UPDATE, (void*)arg);
1.1 provos 55: else
56: i = -1;
57:
58: return (i);
59: }
60:
61: int
1.8 ! aaron 62: tcfs_decrypt_key(char *pwd, u_char *t, u_char *tk, int tklen)
1.1 provos 63: {
1.6 fgsch 64: char pass[_PASSWORD_LEN];
1.3 provos 65: char tcfskey[2*KEYSIZE], iv[8];
66: blf_ctx ctx;
1.6 fgsch 67: int len;
1.1 provos 68:
69: if (!tk)
1.8 ! aaron 70: return (0);
1.1 provos 71:
1.8 ! aaron 72: strlcpy(pass, pwd, sizeof(pass));
1.1 provos 73:
1.8 ! aaron 74: len = uudecode((char *)t, tcfskey, sizeof(tcfskey));
1.5 provos 75: if (len == -1) {
1.2 provos 76: fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
1.8 ! aaron 77: return (0);
1.5 provos 78: } else if (len != tklen) {
79: fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n");
1.8 ! aaron 80: return (0);
1.2 provos 81: }
1.1 provos 82:
83: while (strlen (pass) < 8) {
84: char tmp[_PASSWORD_LEN];
1.8 ! aaron 85:
! 86: strcpy(tmp, pass);
! 87: strcat(tmp, pass);
! 88: strcat(pass, tmp);
1.1 provos 89: }
90:
1.3 provos 91: blf_key(&ctx, pass, strlen(pass));
92: memset(iv, 0, sizeof(iv));
1.5 provos 93: blf_cbc_decrypt(&ctx, iv, tcfskey, tklen);
1.1 provos 94:
1.8 ! aaron 95: memset(pass, 0, strlen(pass));
! 96: memset(&ctx, 0, sizeof(ctx));
1.1 provos 97:
1.8 ! aaron 98: memcpy(tk, tcfskey, tklen);
! 99: return (1);
1.1 provos 100: }
101:
102: int
1.8 ! aaron 103: tcfs_encrypt_key(char *pw, u_char *key, int klen, u_char *ek, int eklen)
1.1 provos 104: {
1.3 provos 105: char pass[_PASSWORD_LEN], iv[8];
106: blf_ctx ctx;
1.2 provos 107: int res;
1.1 provos 108:
109: if (!ek)
1.8 ! aaron 110: return (0);
1.1 provos 111:
1.8 ! aaron 112: strlcpy(pass, pw, sizeof(pass));
1.1 provos 113:
114: while (strlen(pass) < 8) {
115: char tmp[_PASSWORD_LEN];
116:
1.8 ! aaron 117: strcpy(tmp, pass);
! 118: strcat(tmp, pass);
! 119: strcat(pass, tmp);
1.1 provos 120: }
1.3 provos 121:
122: blf_key(&ctx, pass, strlen(pass));
1.4 provos 123: memset(iv, 0, sizeof(iv));
1.5 provos 124: blf_cbc_encrypt(&ctx, iv, key, klen);
1.1 provos 125:
1.3 provos 126: memset(&ctx, 0, sizeof(ctx));
1.1 provos 127:
1.8 ! aaron 128: res = uuencode(key, klen, ek, eklen);
1.5 provos 129: if (res != eklen - 1) {
1.2 provos 130: fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
131: return (0);
132: }
1.1 provos 133:
1.8 ! aaron 134: return (1);
1.1 provos 135: }
136:
1.2 provos 137: int
138: tcfs_user_enable(char *filesystem, uid_t user, u_char *key)
1.1 provos 139: {
140: struct tcfs_args a;
141: a.user = user;
142: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
143: a.cmd = TCFS_PUT_UIDKEY;
1.8 ! aaron 144:
! 145: return (tcfs_callfunction(filesystem, &a));
1.1 provos 146: }
147:
1.2 provos 148: int
149: tcfs_user_disable(char *filesystem, uid_t user)
1.1 provos 150: {
151: struct tcfs_args a;
152: a.user = user;
153: a.cmd = TCFS_RM_UIDKEY;
1.8 ! aaron 154:
! 155: return (tcfs_callfunction(filesystem, &a));
1.1 provos 156: }
157:
1.2 provos 158: int
159: tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key)
1.1 provos 160: {
161: struct tcfs_args a;
162: a.user = user;
163: a.cmd = TCFS_PUT_PIDKEY;
164: a.proc = pid;
165: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
1.8 ! aaron 166:
! 167: return (tcfs_callfunction(filesystem, &a));
1.1 provos 168: }
169:
1.2 provos 170: int
171: tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid)
1.1 provos 172: {
173: struct tcfs_args a;
174: a.user = user;
175: a.cmd = TCFS_RM_PIDKEY;
176: a.proc = pid;
1.8 ! aaron 177:
! 178: return (tcfs_callfunction(filesystem, &a));
1.1 provos 179: }
180:
1.2 provos 181: int
182: tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid,
183: int tre, char *key)
1.1 provos 184: {
185: struct tcfs_args a;
186: a.cmd = TCFS_PUT_GIDKEY;
187: a.user = uid;
188: a.group = gid;
189: a.treshold = tre;
190: memcpy(a.tcfs_key, key, sizeof(a.tcfs_key));
1.8 ! aaron 191:
! 192: return (tcfs_callfunction(filesystem, &a));
1.1 provos 193: }
194:
195: int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid)
196: {
197: struct tcfs_args a;
198: a.cmd = TCFS_RM_GIDKEY;
199: a.user = uid;
200: a.group = gid;
1.8 ! aaron 201:
! 202: return (tcfs_callfunction(filesystem, &a));
1.1 provos 203: }
204:
205: