usr/src/cmd/keyserv/keylogout.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License, Version 1.0 only
   6  * (the "License").  You may not use this file except in compliance
   7  * with the License.
   8  *
   9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10  * or http://www.opensolaris.org/os/licensing.
  11  * See the License for the specific language governing permissions
  12  * and limitations under the License.
  13  *
  14  * When distributing Covered Code, include this CDDL HEADER in each
  15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16  * If applicable, add the following below this CDDL HEADER, with the
  17  * fields enclosed by brackets "[]" replaced with your own identifying
  18  * information: Portions Copyright [yyyy] [name of copyright owner]
  19  *
  20  * CDDL HEADER END
  21  */
  22 /*
  23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26
  27 /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
  28 /*        All Rights Reserved   */
  29
  30 /*
  31  * University Copyright- Copyright (c) 1982, 1986, 1988
  32  * The Regents of the University of California
  33  * All Rights Reserved
  34  *
  35  * University Acknowledgment- Portions of this document are derived from
  36  * software developed by the University of California, Berkeley, and its
  37  * contributors.
  38  */
  39
  40 #pragma ident   "%Z%%M% %I%     %E% SMI"
  41
  42 /*
  43  * unset the secret key on local machine
  44  */
  45 #include <stdio.h>
  46 #include <rpc/rpc.h>
  47 #include <rpc/key_prot.h>
  48 #include <nfs/nfs.h>
  49 #include <nfs/nfssys.h>
  50
  51 extern int key_removesecret_g();
  52
  53 /* for revoking kernel NFS credentials */
  54 struct nfs_revauth_args nra;
  55
  56 int
  57 main(int argc, char *argv[])
  58 {
  59         static char secret[HEXKEYBYTES + 1];
  60         int err = 0;
  61
  62         if (geteuid() == 0) {
  63                 if ((argc != 2) || (strcmp(argv[1], "-f") != 0)) {
  64                         fprintf(stderr,
  65 "keylogout by root would break the rpc services that");
  66                         fprintf(stderr, " use secure rpc on this host!\n");
  67                         fprintf(stderr,
  68 "root may use keylogout -f to do this (at your own risk)!\n");
  69                         exit(-1);
  70                 }
  71         }
  72
  73         if (key_removesecret_g() < 0) {
  74                         fprintf(stderr, "Could not unset your secret key.\n");
  75                         fprintf(stderr, "Maybe the keyserver is down?\n");
  76                         err = 1;
  77         }
  78         if (key_setsecret(secret) < 0) {
  79                 if (!err) {
  80                         fprintf(stderr, "Could not unset your secret key.\n");
  81                         fprintf(stderr, "Maybe the keyserver is down?\n");
  82                         err = 1;
  83                 }
  84         }
  85
  86         nra.authtype = AUTH_DES;        /* only revoke DES creds */
  87         nra.uid = getuid();             /* use the real uid */
  88         if (_nfssys(NFS_REVAUTH, &nra) < 0) {
  89                 perror("Warning: NFS credentials not destroyed");
  90                 err = 1;
  91         }
  92
  93         return (err);
  94 }