URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [librpc/] [src/] [rpc/] [key_call.c] - Blame information for rev 593

Go to most recent revision | Details | Compare with Previous | View Log


/*
 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
 * unrestricted use provided that this legend is included on all tape
 * media and as a part of the software program in whole or part.  Users
 * may copy or modify Sun RPC without charge, but are not authorized
 * to license or distribute it to anyone else except as part of a product or
 * program developed by the user.
 *
 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
 *
 * Sun RPC is provided with no support and without any obligation on the
 * part of Sun Microsystems, Inc. to assist in its use, correction,
 * modification or enhancement.
 *
 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
 * OR ANY PART THEREOF.
 *
 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
 * or profits or other special, indirect and consequential damages, even if
 * Sun has been advised of the possibility of such damages.
 *
 * Sun Microsystems, Inc.
 * 2550 Garcia Avenue
 * Mountain View, California  94043
 */
/*
 * Copyright (c) 1986-1991 by Sun Microsystems Inc.
 *
 * $FreeBSD: src/lib/libc/rpc/key_call.c,v 1.3 2000/01/27 23:06:39 jasone Exp $
 */
 
#ident  "@(#)key_call.c 1.25    94/04/24 SMI"
 
/*
 * key_call.c, Interface to keyserver
 *
 * setsecretkey(key) - set your secret key
 * encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent
 * decryptsessionkey(agent, deskey) - decrypt ditto
 * gendeskey(deskey) - generate a secure des key
 */
 
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <rpc/rpc.h>
#include <rpc/auth.h>
#include <rpc/auth_unix.h>
#include <rpc/key_prot.h>
#include <string.h>
#include <sys/utsname.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/wait.h>
#include <sys/fcntl.h>
 
 
#define KEY_TIMEOUT     5       /* per-try timeout in seconds */
#define KEY_NRETRY      12      /* number of retries */
 
#ifdef DEBUG
#define debug(msg)      (void) fprintf(stderr, "%s\n", msg);
#else
#define debug(msg)
#endif /* DEBUG */
 
/*
 * Hack to allow the keyserver to use AUTH_DES (for authenticated
 * NIS+ calls, for example).  The only functions that get called
 * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
 *
 * The approach is to have the keyserver fill in pointers to local
 * implementations of these functions, and to call those in key_call().
 */
 
cryptkeyres *(*__key_encryptsession_pk_LOCAL)() = 0;
cryptkeyres *(*__key_decryptsession_pk_LOCAL)() = 0;
des_block *(*__key_gendes_LOCAL)() = 0;
 
static int key_call __P(( u_long, xdrproc_t, char *, xdrproc_t, char * ));
 
int
key_setsecret(secretkey)
        const char *secretkey;
{
        keystatus status;
 
        if (!key_call((u_long) KEY_SET, xdr_keybuf, (char *) secretkey,
                        xdr_keystatus, (char *)&status)) {
                return (-1);
        }
        if (status != KEY_SUCCESS) {
                debug("set status is nonzero");
                return (-1);
        }
        return (0);
}
 
 
/* key_secretkey_is_set() returns 1 if the keyserver has a secret key
 * stored for the caller's effective uid; it returns 0 otherwise
 *
 * N.B.:  The KEY_NET_GET key call is undocumented.  Applications shouldn't
 * be using it, because it allows them to get the user's secret key.
 */
 
int
key_secretkey_is_set(void)
{
        struct key_netstres     kres;
 
        memset((void*)&kres, 0, sizeof (kres));
        if (key_call((u_long) KEY_NET_GET, xdr_void, (char *)NULL,
                        xdr_key_netstres, (char *) &kres) &&
            (kres.status == KEY_SUCCESS) &&
            (kres.key_netstres_u.knet.st_priv_key[0] != 0)) {
                /* avoid leaving secret key in memory */
                memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);
                return (1);
        }
        return (0);
}
 
int
key_encryptsession_pk(remotename, remotekey, deskey)
        char *remotename;
        netobj *remotekey;
        des_block *deskey;
{
        cryptkeyarg2 arg;
        cryptkeyres res;
 
        arg.remotename = remotename;
        arg.remotekey = *remotekey;
        arg.deskey = *deskey;
        if (!key_call((u_long)KEY_ENCRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,
                        xdr_cryptkeyres, (char *)&res)) {
                return (-1);
        }
        if (res.status != KEY_SUCCESS) {
                debug("encrypt status is nonzero");
                return (-1);
        }
        *deskey = res.cryptkeyres_u.deskey;
        return (0);
}
 
int
key_decryptsession_pk(remotename, remotekey, deskey)
        char *remotename;
        netobj *remotekey;
        des_block *deskey;
{
        cryptkeyarg2 arg;
        cryptkeyres res;
 
        arg.remotename = remotename;
        arg.remotekey = *remotekey;
        arg.deskey = *deskey;
        if (!key_call((u_long)KEY_DECRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,
                        xdr_cryptkeyres, (char *)&res)) {
                return (-1);
        }
        if (res.status != KEY_SUCCESS) {
                debug("decrypt status is nonzero");
                return (-1);
        }
        *deskey = res.cryptkeyres_u.deskey;
        return (0);
}
 
int
key_encryptsession(remotename, deskey)
        const char *remotename;
        des_block *deskey;
{
        cryptkeyarg arg;
        cryptkeyres res;
 
        arg.remotename = (char *) remotename;
        arg.deskey = *deskey;
        if (!key_call((u_long)KEY_ENCRYPT, xdr_cryptkeyarg, (char *)&arg,
                        xdr_cryptkeyres, (char *)&res)) {
                return (-1);
        }
        if (res.status != KEY_SUCCESS) {
                debug("encrypt status is nonzero");
                return (-1);
        }
        *deskey = res.cryptkeyres_u.deskey;
        return (0);
}
 
int
key_decryptsession(remotename, deskey)
        const char *remotename;
        des_block *deskey;
{
        cryptkeyarg arg;
        cryptkeyres res;
 
        arg.remotename = (char *) remotename;
        arg.deskey = *deskey;
        if (!key_call((u_long)KEY_DECRYPT, xdr_cryptkeyarg, (char *)&arg,
                        xdr_cryptkeyres, (char *)&res)) {
                return (-1);
        }
        if (res.status != KEY_SUCCESS) {
                debug("decrypt status is nonzero");
                return (-1);
        }
        *deskey = res.cryptkeyres_u.deskey;
        return (0);
}
 
int
key_gendes(key)
        des_block *key;
{
        if (!key_call((u_long)KEY_GEN, xdr_void, (char *)NULL,
                        xdr_des_block, (char *)key)) {
                return (-1);
        }
        return (0);
}
 
int
key_setnet(arg)
struct netstarg *arg;
{
        keystatus status;
 
 
        if (!key_call((u_long) KEY_NET_PUT, xdr_key_netstarg, (char *) arg,
                xdr_keystatus, (char *) &status)){
                return (-1);
        }
 
        if (status != KEY_SUCCESS) {
                debug("key_setnet status is nonzero");
                return (-1);
        }
        return (1);
}
 
 
int
key_get_conv(pkey, deskey)
        char *pkey;
        des_block *deskey;
{
        cryptkeyres res;
 
        if (!key_call((u_long) KEY_GET_CONV, xdr_keybuf, pkey,
                xdr_cryptkeyres, (char *)&res)) {
                return (-1);
        }
        if (res.status != KEY_SUCCESS) {
                debug("get_conv status is nonzero");
                return (-1);
        }
        *deskey = res.cryptkeyres_u.deskey;
        return (0);
}
 
struct  key_call_private {
        CLIENT  *client;        /* Client handle */
        pid_t   pid;            /* process-id at moment of creation */
        uid_t   uid;            /* user-id at last authorization */
};
static struct key_call_private *key_call_private_main = NULL;
 
#ifdef foo
static void
key_call_destroy(void *vp)
{
        register struct key_call_private *kcp = (struct key_call_private *)vp;
 
        if (kcp) {
                if (kcp->client)
                        clnt_destroy(kcp->client);
                free(kcp);
        }
}
#endif
 
/*
 * Keep the handle cached.  This call may be made quite often.
 */
static CLIENT *
getkeyserv_handle(vers)
int     vers;
{
        struct key_call_private *kcp = key_call_private_main;
        struct timeval wait_time;
        int fd;
        struct sockaddr_un name;
        int namelen = sizeof(struct sockaddr_un);
 
#define TOTAL_TIMEOUT   30      /* total timeout talking to keyserver */
#define TOTAL_TRIES     5       /* Number of tries */
 
        if (kcp == (struct key_call_private *)NULL) {
                kcp = (struct key_call_private *)malloc(sizeof (*kcp));
                if (kcp == (struct key_call_private *)NULL) {
                        return ((CLIENT *) NULL);
                }
                key_call_private_main = kcp;
                kcp->client = NULL;
        }
 
        /* if pid has changed, destroy client and rebuild */
        if (kcp->client != NULL && kcp->pid != getpid()) {
                clnt_destroy(kcp->client);
                kcp->client = NULL;
        }
 
        if (kcp->client != NULL) {
                /* if other side closed socket, build handle again */
                clnt_control(kcp->client, CLGET_FD, (char *)&fd);
                if (getpeername(fd,(struct sockaddr *)&name,&namelen) == -1) {
                        auth_destroy(kcp->client->cl_auth);
                        clnt_destroy(kcp->client);
                        kcp->client = NULL;
                }
        }
 
        if (kcp->client != NULL) {
                /* if uid has changed, build client handle again */
                if (kcp->uid != geteuid()) {
                        kcp->uid = geteuid();
                        auth_destroy(kcp->client->cl_auth);
                        kcp->client->cl_auth =
                                authsys_create("", kcp->uid, 0, 0, NULL);
                        if (kcp->client->cl_auth == NULL) {
                                clnt_destroy(kcp->client);
                                kcp->client = NULL;
                                return ((CLIENT *) NULL);
                        }
                }
                /* Change the version number to the new one */
                clnt_control(kcp->client, CLSET_VERS, (void *)&vers);
                return (kcp->client);
        }
 
        if ((kcp->client == (CLIENT *) NULL))
                /* Use the AF_UNIX transport */
                kcp->client = clnt_create("/var/run/keyservsock", KEY_PROG,
                                                        vers, "unix");
 
        if (kcp->client == (CLIENT *) NULL) {
                return ((CLIENT *) NULL);
        }
        kcp->uid = geteuid();
        kcp->pid = getpid();
        kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL);
        if (kcp->client->cl_auth == NULL) {
                clnt_destroy(kcp->client);
                kcp->client = NULL;
                return ((CLIENT *) NULL);
        }
 
        wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;
        wait_time.tv_usec = 0;
        (void) clnt_control(kcp->client, CLSET_RETRY_TIMEOUT,
                (char *)&wait_time);
        if (clnt_control(kcp->client, CLGET_FD, (char *)&fd))
                _fcntl(fd, F_SETFD, 1); /* make it "close on exec" */
 
        return (kcp->client);
}
 
/* returns  0 on failure, 1 on success */
 
static int
key_call(proc, xdr_arg, arg, xdr_rslt, rslt)
        u_long proc;
        xdrproc_t xdr_arg;
        char *arg;
        xdrproc_t xdr_rslt;
        char *rslt;
{
        CLIENT *clnt;
        struct timeval wait_time;
 
        if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) {
                cryptkeyres *res;
                res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg);
                *(cryptkeyres*)rslt = *res;
                return (1);
        } else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) {
                cryptkeyres *res;
                res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg);
                *(cryptkeyres*)rslt = *res;
                return (1);
        } else if (proc == KEY_GEN && __key_gendes_LOCAL) {
                des_block *res;
                res = (*__key_gendes_LOCAL)(geteuid(), 0);
                *(des_block*)rslt = *res;
                return (1);
        }
 
        if ((proc == KEY_ENCRYPT_PK) || (proc == KEY_DECRYPT_PK) ||
            (proc == KEY_NET_GET) || (proc == KEY_NET_PUT) ||
            (proc == KEY_GET_CONV))
                clnt = getkeyserv_handle(2); /* talk to version 2 */
        else
                clnt = getkeyserv_handle(1); /* talk to version 1 */
 
        if (clnt == NULL) {
                return (0);
        }
 
        wait_time.tv_sec = TOTAL_TIMEOUT;
        wait_time.tv_usec = 0;
 
        if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt,
                wait_time) == RPC_SUCCESS) {
                return (1);
        } else {
                return (0);
        }
}

Browse

Tools

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [rtos/] [rtems/] [c/] [src/] [librpc/] [src/] [rpc/] [key_call.c] - Blame information for rev 593

Line No.	Rev	Author	Line
1	30	unneback	`/*`
2			`* Sun RPC is a product of Sun Microsystems, Inc. and is provided for`
3			`* unrestricted use provided that this legend is included on all tape`
4			`* media and as a part of the software program in whole or part. Users`
5			`* may copy or modify Sun RPC without charge, but are not authorized`
6			`* to license or distribute it to anyone else except as part of a product or`
7			`* program developed by the user.`
8			`*`
9			`* SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE`
10			`* WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR`
11			`* PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.`
12			`*`
13			`* Sun RPC is provided with no support and without any obligation on the`
14			`* part of Sun Microsystems, Inc. to assist in its use, correction,`
15			`* modification or enhancement.`
16			`*`
17			`* SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE`
18			`* INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC`
19			`* OR ANY PART THEREOF.`
20			`*`
21			`* In no event will Sun Microsystems, Inc. be liable for any lost revenue`
22			`* or profits or other special, indirect and consequential damages, even if`
23			`* Sun has been advised of the possibility of such damages.`
24			`*`
25			`* Sun Microsystems, Inc.`
26			`* 2550 Garcia Avenue`
27			`* Mountain View, California 94043`
28			`*/`
29			`/*`
30			`* Copyright (c) 1986-1991 by Sun Microsystems Inc.`
31			`*`
32			`* $FreeBSD: src/lib/libc/rpc/key_call.c,v 1.3 2000/01/27 23:06:39 jasone Exp $`
33			`*/`
34
35			`#ident "@(#)key_call.c 1.25 94/04/24 SMI"`
36
37			`/*`
38			`* key_call.c, Interface to keyserver`
39			`*`
40			`* setsecretkey(key) - set your secret key`
41			`* encryptsessionkey(agent, deskey) - encrypt a session key to talk to agent`
42			`* decryptsessionkey(agent, deskey) - decrypt ditto`
43			`* gendeskey(deskey) - generate a secure des key`
44			`*/`
45
46			`#include <stdio.h>`
47			`#include <stdlib.h>`
48			`#include <unistd.h>`
49			`#include <errno.h>`
50			`#include <rpc/rpc.h>`
51			`#include <rpc/auth.h>`
52			`#include <rpc/auth_unix.h>`
53			`#include <rpc/key_prot.h>`
54			`#include <string.h>`
55			`#include <sys/utsname.h>`
56			`#include <stdlib.h>`
57			`#include <signal.h>`
58			`#include <sys/wait.h>`
59			`#include <sys/fcntl.h>`
60
61
62			`#define KEY_TIMEOUT 5 /* per-try timeout in seconds */`
63			`#define KEY_NRETRY 12 /* number of retries */`
64
65			`#ifdef DEBUG`
66			`#define debug(msg) (void) fprintf(stderr, "%s\n", msg);`
67			`#else`
68			`#define debug(msg)`
69			`#endif /* DEBUG */`
70
71			`/*`
72			`* Hack to allow the keyserver to use AUTH_DES (for authenticated`
73			`* NIS+ calls, for example). The only functions that get called`
74			`* are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.`
75			`*`
76			`* The approach is to have the keyserver fill in pointers to local`
77			`* implementations of these functions, and to call those in key_call().`
78			`*/`
79
80			`cryptkeyres (__key_encryptsession_pk_LOCAL)() = 0;`
81			`cryptkeyres (__key_decryptsession_pk_LOCAL)() = 0;`
82			`des_block (__key_gendes_LOCAL)() = 0;`
83
84			`static int key_call __P(( u_long, xdrproc_t, char , xdrproc_t, char ));`
85
86			`int`
87			`key_setsecret(secretkey)`
88			`const char *secretkey;`
89			`{`
90			`keystatus status;`
91
92			`if (!key_call((u_long) KEY_SET, xdr_keybuf, (char *) secretkey,`
93			`xdr_keystatus, (char *)&status)) {`
94			`return (-1);`
95			`}`
96			`if (status != KEY_SUCCESS) {`
97			`debug("set status is nonzero");`
98			`return (-1);`
99			`}`
100			`return (0);`
101			`}`
102
103
104			`/* key_secretkey_is_set() returns 1 if the keyserver has a secret key`
105			`* stored for the caller's effective uid; it returns 0 otherwise`
106			`*`
107			`* N.B.: The KEY_NET_GET key call is undocumented. Applications shouldn't`
108			`* be using it, because it allows them to get the user's secret key.`
109			`*/`
110
111			`int`
112			`key_secretkey_is_set(void)`
113			`{`
114			`struct key_netstres kres;`
115
116			`memset((void*)&kres, 0, sizeof (kres));`
117			`if (key_call((u_long) KEY_NET_GET, xdr_void, (char *)NULL,`
118			`xdr_key_netstres, (char *) &kres) &&`
119			`(kres.status == KEY_SUCCESS) &&`
120			`(kres.key_netstres_u.knet.st_priv_key[0] != 0)) {`
121			`/* avoid leaving secret key in memory */`
122			`memset(kres.key_netstres_u.knet.st_priv_key, 0, HEXKEYBYTES);`
123			`return (1);`
124			`}`
125			`return (0);`
126			`}`
127
128			`int`
129			`key_encryptsession_pk(remotename, remotekey, deskey)`
130			`char *remotename;`
131			`netobj *remotekey;`
132			`des_block *deskey;`
133			`{`
134			`cryptkeyarg2 arg;`
135			`cryptkeyres res;`
136
137			`arg.remotename = remotename;`
138			`arg.remotekey = *remotekey;`
139			`arg.deskey = *deskey;`
140			`if (!key_call((u_long)KEY_ENCRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,`
141			`xdr_cryptkeyres, (char *)&res)) {`
142			`return (-1);`
143			`}`
144			`if (res.status != KEY_SUCCESS) {`
145			`debug("encrypt status is nonzero");`
146			`return (-1);`
147			`}`
148			`*deskey = res.cryptkeyres_u.deskey;`
149			`return (0);`
150			`}`
151
152			`int`
153			`key_decryptsession_pk(remotename, remotekey, deskey)`
154			`char *remotename;`
155			`netobj *remotekey;`
156			`des_block *deskey;`
157			`{`
158			`cryptkeyarg2 arg;`
159			`cryptkeyres res;`
160
161			`arg.remotename = remotename;`
162			`arg.remotekey = *remotekey;`
163			`arg.deskey = *deskey;`
164			`if (!key_call((u_long)KEY_DECRYPT_PK, xdr_cryptkeyarg2, (char *)&arg,`
165			`xdr_cryptkeyres, (char *)&res)) {`
166			`return (-1);`
167			`}`
168			`if (res.status != KEY_SUCCESS) {`
169			`debug("decrypt status is nonzero");`
170			`return (-1);`
171			`}`
172			`*deskey = res.cryptkeyres_u.deskey;`
173			`return (0);`
174			`}`
175
176			`int`
177			`key_encryptsession(remotename, deskey)`
178			`const char *remotename;`
179			`des_block *deskey;`
180			`{`
181			`cryptkeyarg arg;`
182			`cryptkeyres res;`
183
184			`arg.remotename = (char *) remotename;`
185			`arg.deskey = *deskey;`
186			`if (!key_call((u_long)KEY_ENCRYPT, xdr_cryptkeyarg, (char *)&arg,`
187			`xdr_cryptkeyres, (char *)&res)) {`
188			`return (-1);`
189			`}`
190			`if (res.status != KEY_SUCCESS) {`
191			`debug("encrypt status is nonzero");`
192			`return (-1);`
193			`}`
194			`*deskey = res.cryptkeyres_u.deskey;`
195			`return (0);`
196			`}`
197
198			`int`
199			`key_decryptsession(remotename, deskey)`
200			`const char *remotename;`
201			`des_block *deskey;`
202			`{`
203			`cryptkeyarg arg;`
204			`cryptkeyres res;`
205
206			`arg.remotename = (char *) remotename;`
207			`arg.deskey = *deskey;`
208			`if (!key_call((u_long)KEY_DECRYPT, xdr_cryptkeyarg, (char *)&arg,`
209			`xdr_cryptkeyres, (char *)&res)) {`
210			`return (-1);`
211			`}`
212			`if (res.status != KEY_SUCCESS) {`
213			`debug("decrypt status is nonzero");`
214			`return (-1);`
215			`}`
216			`*deskey = res.cryptkeyres_u.deskey;`
217			`return (0);`
218			`}`
219
220			`int`
221			`key_gendes(key)`
222			`des_block *key;`
223			`{`
224			`if (!key_call((u_long)KEY_GEN, xdr_void, (char *)NULL,`
225			`xdr_des_block, (char *)key)) {`
226			`return (-1);`
227			`}`
228			`return (0);`
229			`}`
230
231			`int`
232			`key_setnet(arg)`
233			`struct netstarg *arg;`
234			`{`
235			`keystatus status;`
236
237
238			`if (!key_call((u_long) KEY_NET_PUT, xdr_key_netstarg, (char *) arg,`
239			`xdr_keystatus, (char *) &status)){`
240			`return (-1);`
241			`}`
242
243			`if (status != KEY_SUCCESS) {`
244			`debug("key_setnet status is nonzero");`
245			`return (-1);`
246			`}`
247			`return (1);`
248			`}`
249
250
251			`int`
252			`key_get_conv(pkey, deskey)`
253			`char *pkey;`
254			`des_block *deskey;`
255			`{`
256			`cryptkeyres res;`
257
258			`if (!key_call((u_long) KEY_GET_CONV, xdr_keybuf, pkey,`
259			`xdr_cryptkeyres, (char *)&res)) {`
260			`return (-1);`
261			`}`
262			`if (res.status != KEY_SUCCESS) {`
263			`debug("get_conv status is nonzero");`
264			`return (-1);`
265			`}`
266			`*deskey = res.cryptkeyres_u.deskey;`
267			`return (0);`
268			`}`
269
270			`struct key_call_private {`
271			`CLIENT client; / Client handle */`
272			`pid_t pid; /* process-id at moment of creation */`
273			`uid_t uid; /* user-id at last authorization */`
274			`};`
275			`static struct key_call_private *key_call_private_main = NULL;`
276
277			`#ifdef foo`
278			`static void`
279			`key_call_destroy(void *vp)`
280			`{`
281			`register struct key_call_private kcp = (struct key_call_private )vp;`
282
283			`if (kcp) {`
284			`if (kcp->client)`
285			`clnt_destroy(kcp->client);`
286			`free(kcp);`
287			`}`
288			`}`
289			`#endif`
290
291			`/*`
292			`* Keep the handle cached. This call may be made quite often.`
293			`*/`
294			`static CLIENT *`
295			`getkeyserv_handle(vers)`
296			`int vers;`
297			`{`
298			`struct key_call_private *kcp = key_call_private_main;`
299			`struct timeval wait_time;`
300			`int fd;`
301			`struct sockaddr_un name;`
302			`int namelen = sizeof(struct sockaddr_un);`
303
304			`#define TOTAL_TIMEOUT 30 /* total timeout talking to keyserver */`
305			`#define TOTAL_TRIES 5 /* Number of tries */`
306
307			`if (kcp == (struct key_call_private *)NULL) {`
308			`kcp = (struct key_call_private )malloc(sizeof (kcp));`
309			`if (kcp == (struct key_call_private *)NULL) {`
310			`return ((CLIENT *) NULL);`
311			`}`
312			`key_call_private_main = kcp;`
313			`kcp->client = NULL;`
314			`}`
315
316			`/* if pid has changed, destroy client and rebuild */`
317			`if (kcp->client != NULL && kcp->pid != getpid()) {`
318			`clnt_destroy(kcp->client);`
319			`kcp->client = NULL;`
320			`}`
321
322			`if (kcp->client != NULL) {`
323			`/* if other side closed socket, build handle again */`
324			`clnt_control(kcp->client, CLGET_FD, (char *)&fd);`
325			`if (getpeername(fd,(struct sockaddr *)&name,&namelen) == -1) {`
326			`auth_destroy(kcp->client->cl_auth);`
327			`clnt_destroy(kcp->client);`
328			`kcp->client = NULL;`
329			`}`
330			`}`
331
332			`if (kcp->client != NULL) {`
333			`/* if uid has changed, build client handle again */`
334			`if (kcp->uid != geteuid()) {`
335			`kcp->uid = geteuid();`
336			`auth_destroy(kcp->client->cl_auth);`
337			`kcp->client->cl_auth =`
338			`authsys_create("", kcp->uid, 0, 0, NULL);`
339			`if (kcp->client->cl_auth == NULL) {`
340			`clnt_destroy(kcp->client);`
341			`kcp->client = NULL;`
342			`return ((CLIENT *) NULL);`
343			`}`
344			`}`
345			`/* Change the version number to the new one */`
346			`clnt_control(kcp->client, CLSET_VERS, (void *)&vers);`
347			`return (kcp->client);`
348			`}`
349
350			`if ((kcp->client == (CLIENT *) NULL))`
351			`/* Use the AF_UNIX transport */`
352			`kcp->client = clnt_create("/var/run/keyservsock", KEY_PROG,`
353			`vers, "unix");`
354
355			`if (kcp->client == (CLIENT *) NULL) {`
356			`return ((CLIENT *) NULL);`
357			`}`
358			`kcp->uid = geteuid();`
359			`kcp->pid = getpid();`
360			`kcp->client->cl_auth = authsys_create("", kcp->uid, 0, 0, NULL);`
361			`if (kcp->client->cl_auth == NULL) {`
362			`clnt_destroy(kcp->client);`
363			`kcp->client = NULL;`
364			`return ((CLIENT *) NULL);`
365			`}`
366
367			`wait_time.tv_sec = TOTAL_TIMEOUT/TOTAL_TRIES;`
368			`wait_time.tv_usec = 0;`
369			`(void) clnt_control(kcp->client, CLSET_RETRY_TIMEOUT,`
370			`(char *)&wait_time);`
371			`if (clnt_control(kcp->client, CLGET_FD, (char *)&fd))`
372			`_fcntl(fd, F_SETFD, 1); /* make it "close on exec" */`
373
374			`return (kcp->client);`
375			`}`
376
377			`/* returns 0 on failure, 1 on success */`
378
379			`static int`
380			`key_call(proc, xdr_arg, arg, xdr_rslt, rslt)`
381			`u_long proc;`
382			`xdrproc_t xdr_arg;`
383			`char *arg;`
384			`xdrproc_t xdr_rslt;`
385			`char *rslt;`
386			`{`
387			`CLIENT *clnt;`
388			`struct timeval wait_time;`
389
390			`if (proc == KEY_ENCRYPT_PK && __key_encryptsession_pk_LOCAL) {`
391			`cryptkeyres *res;`
392			`res = (*__key_encryptsession_pk_LOCAL)(geteuid(), arg);`
393			`(cryptkeyres)rslt = *res;`
394			`return (1);`
395			`} else if (proc == KEY_DECRYPT_PK && __key_decryptsession_pk_LOCAL) {`
396			`cryptkeyres *res;`
397			`res = (*__key_decryptsession_pk_LOCAL)(geteuid(), arg);`
398			`(cryptkeyres)rslt = *res;`
399			`return (1);`
400			`} else if (proc == KEY_GEN && __key_gendes_LOCAL) {`
401			`des_block *res;`
402			`res = (*__key_gendes_LOCAL)(geteuid(), 0);`
403			`(des_block)rslt = *res;`
404			`return (1);`
405			`}`
406
407			`if ((proc == KEY_ENCRYPT_PK) \|\| (proc == KEY_DECRYPT_PK) \|\|`
408			`(proc == KEY_NET_GET) \|\| (proc == KEY_NET_PUT) \|\|`
409			`(proc == KEY_GET_CONV))`
410			`clnt = getkeyserv_handle(2); /* talk to version 2 */`
411			`else`
412			`clnt = getkeyserv_handle(1); /* talk to version 1 */`
413
414			`if (clnt == NULL) {`
415			`return (0);`
416			`}`
417
418			`wait_time.tv_sec = TOTAL_TIMEOUT;`
419			`wait_time.tv_usec = 0;`
420
421			`if (clnt_call(clnt, proc, xdr_arg, arg, xdr_rslt, rslt,`
422			`wait_time) == RPC_SUCCESS) {`
423			`return (1);`
424			`} else {`
425			`return (0);`
426			`}`
427			`}`