diff options
Diffstat (limited to 'usr.bin')
31 files changed, 2918 insertions, 0 deletions
diff --git a/usr.bin/tcfs/Makefile b/usr.bin/tcfs/Makefile new file mode 100644 index 00000000000..815138797ef --- /dev/null +++ b/usr.bin/tcfs/Makefile @@ -0,0 +1,7 @@ +# $OpenBSD: Makefile,v 1.1 2000/06/18 22:07:24 provos Exp $ + +.include <bsd.own.mk> + +SUBDIR= lib tcfsmng tcfsuse + +.include <bsd.subdir.mk> diff --git a/usr.bin/tcfs/Makefile.inc b/usr.bin/tcfs/Makefile.inc new file mode 100644 index 00000000000..bc62c39a36d --- /dev/null +++ b/usr.bin/tcfs/Makefile.inc @@ -0,0 +1,11 @@ +CFLAGS+= -I${.CURDIR}/.. + +.include <bsd.obj.mk> + +.if exists(${.CURDIR}/../lib/${__objdir}) +LDADD+= -L${.CURDIR}/../lib/${__objdir} -ltcfs +DPADD+= ${.CURDIR}/../lib/${__objdir}/libtcfs.a +.else +LDADD+= -L${.CURDIR}/../lib -ltcfs +DPADD+= ${.CURDIR}/../lib/libtcfs.a +.endif diff --git a/usr.bin/tcfs/gentcfskey.c b/usr.bin/tcfs/gentcfskey.c new file mode 100644 index 00000000000..ffc45b9f3c7 --- /dev/null +++ b/usr.bin/tcfs/gentcfskey.c @@ -0,0 +1,51 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <sys/time.h> +#include <termios.h> +#include <unistd.h> +#include <stdlib.h> +#include <fcntl.h> +#include <err.h> +#include <md5.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfsdefines.h" + +u_char * +gentcfskey (void) +{ + u_char *buff; + MD5_CTX ctx, ctx2; + u_int32_t tmp[KEYSIZE]; + u_char digest[16]; + int i; + + buff = (u_char *)calloc(KEYSIZE + 1, sizeof(char)); + + /* Generate random key */ + for (i = 0; i < KEYSIZE; i ++) + tmp[i] = arc4random(); + + MD5Init(&ctx); + for (i = 0; i < KEYSIZE; i += 16) { + MD5Update(&ctx, (u_char *)tmp, sizeof(tmp)); + ctx2 = ctx; + MD5Final(digest, &ctx2); + memcpy(buff + i, digest, KEYSIZE - i > 16 ? 16 : KEYSIZE - i); + } + buff[KEYSIZE] = '\0'; + memset(&ctx, 0, sizeof(ctx)); + + return (buff); +} diff --git a/usr.bin/tcfs/lib/Makefile b/usr.bin/tcfs/lib/Makefile new file mode 100644 index 00000000000..0c07691b8e7 --- /dev/null +++ b/usr.bin/tcfs/lib/Makefile @@ -0,0 +1,15 @@ +.PATH: ${.CURDIR}/.. + +LIB= tcfs + +SRCS= tcfs_dbmaint.c gentcfskey.c tcfs_keymaint.c tcfserrors.c \ + unix_auth.c tcfs_getfspath.c tcfs_getstatus.c tcfs_flags.c + +NOPROFILE= yes +NOPIC= yes + +install: + @echo -n + +.include <bsd.own.mk> +.include <bsd.lib.mk> diff --git a/usr.bin/tcfs/tcfs_dbmaint.c b/usr.bin/tcfs/tcfs_dbmaint.c new file mode 100644 index 00000000000..3d4f30db5af --- /dev/null +++ b/usr.bin/tcfs/tcfs_dbmaint.c @@ -0,0 +1,486 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <stdarg.h> +#include <string.h> +#include <db.h> +#include <syslog.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfspwdb.h" + +#define PERM_SECURE (S_IRUSR|S_IWUSR) + +int +tcfspwdbr_new (tcfspwdb **new) +{ + *new = (tcfspwdb *)calloc(1, sizeof(tcfspwdb)); + + if (!*new) + return (0); + + return (1); +} + +int +tcfsgpwdbr_new (tcfsgpwdb **new) +{ + *new = (tcfsgpwdb *)calloc(1, sizeof(tcfsgpwdb)); + + if (!*new) + return (0); + + return (1); +} + +int +tcfspwdbr_edit (tcfspwdb **tmp, int flags,...) +{ + va_list argv; + char *d; + + if (!*tmp) + if (!tcfspwdbr_new (tmp)) + return 0; + + va_start (argv, flags); + + if (flags & F_USR) { + d = va_arg (argv, char *); + strcpy ((*tmp)->user, d); + } + + if (flags & F_PWD) { + d = va_arg (argv, char *); + strcpy ((*tmp)->upw, d); + } + + va_end (argv); + return 1; +} + +int +tcfsgpwdbr_edit (tcfsgpwdb **tmp, int flags,...) +{ + va_list argv; + char *d; + + if (!*tmp) + if (!tcfsgpwdbr_new (tmp)) + return 0; + + va_start (argv, flags); + + if (flags & F_USR) { + d = va_arg (argv, char *); + strcpy ((*tmp)->user, d); + } + + if (flags & F_GKEY) { + d = va_arg (argv, char *); + strcpy ((*tmp)->gkey, d); + } + + if (flags & F_GID) { + gid_t d; + d = va_arg (argv, gid_t); + (*tmp)->gid = d; + } + + if (flags & F_MEMBERS) { + int d; + d = va_arg (argv, int); + (*tmp)->n = d; + } + + if (flags & F_THRESHOLD) { + int d; + d = va_arg (argv, int); + (*tmp)->soglia = d; + } + + va_end (argv); + return (1); +} + +int +tcfspwdbr_read (tcfspwdb *t, int flags,...) +{ + va_list argv; + int r; + char *d; + + va_start (argv, flags); + + if (flags & F_USR) { + d = va_arg (argv, char *); + memset (d, 0, UserLen); + strcpy (d, t->user); + } + + if (flags & F_PWD) { + d = va_arg (argv, char *); + memset (d, 0, PassLen); + strcpy (d, t->upw); + } + + va_end (argv); + return 0; +} + +int +tcfsgpwdbr_read (tcfsgpwdb *t, int flags,...) +{ + va_list argv; + int r; + char *d; + + va_start (argv, flags); + + if (flags & F_USR) { + d = va_arg (argv, char *); + strcpy (d, t->user); + } + + if (flags & F_GKEY) { + d = va_arg (argv, char *); + strcpy (d, t->gkey); + } + + if (flags & F_GID) { + gid_t *d; + + d = va_arg (argv, gid_t *); + memcpy (d, &t->gid, sizeof (gid_t)); + } + /* Incomplete... */ + + va_end (argv); + return 0; +} + +void +tcfspwdbr_dispose (tcfspwdb *t) +{ + free ((void *)t); +} + +void +tcfsgpwdbr_dispose (tcfsgpwdb *t) +{ + free ((void *)t); +} + +tcfspwdb * +tcfs_getpwnam (char *user, tcfspwdb **dest) +{ + DB *pdb; + DBT srchkey, r; + + if (!*dest) + if (!tcfspwdbr_new (dest)) + return NULL; + + pdb = dbopen (TCFSPWDB, O_RDONLY, 0, DB_HASH, NULL); + if (!pdb) + return NULL; + + srchkey.data = user; + srchkey.size = (int) strlen (user); + + if (pdb->get(pdb, &srchkey, &r, 0)) { + pdb->close(pdb); + return 0; + } + + if (r.size != sizeof(tcfspwdb)) { + fprintf(stderr, "db: incorrect record size: %d != %d\n", + r.size, sizeof(tcfspwdb)); + pdb->close(pdb); + return 0; + } + + memcpy (*dest, r.data, sizeof (tcfspwdb)); + + pdb->close (pdb); + free (r.data); + + return (tcfspwdb *)*dest; +} + +tcfsgpwdb * +tcfs_ggetpwnam (char *user, gid_t gid, tcfsgpwdb **dest) +{ + DB *pdb; + DBT srchkey, r; + char *key, *buf; + + if (!*dest) + if (!tcfsgpwdbr_new (dest)) + return NULL; + + pdb = dbopen (TCFSGPWDB, O_RDONLY, 0, DB_HASH, NULL); + if (!pdb) + return NULL; + + key = (char*)calloc(strlen(user)+4/*gid lenght*/+1/*null*/,sizeof(char)); + if (!key) + return NULL; + + sprintf (key, "%s\33%d\0", user, (int)gid); + srchkey.data=key; + srchkey.size=(int)strlen (key); + + if (pdb->get(pdb, &srchkey, &r, 0)) { + pdb->close (pdb); + return (NULL); + } + + memcpy (*dest, r.data, sizeof (tcfsgpwdb)); + + pdb->close (pdb); + free (key); + + return (*dest); +} + +int +tcfs_putpwnam (char *user, tcfspwdb *src, int flags) +{ + DB *pdb; + static DBT srchkey, d; + int open_flag=0, owf=0; + + open_flag = O_RDWR|O_EXCL; + if (access (TCFSPWDB, F_OK) < 0) + open_flag |= O_CREAT; + + pdb = dbopen (TCFSPWDB, open_flag, PERM_SECURE, DB_HASH, NULL); + if (!pdb) + return 0; + + srchkey.data = user; + srchkey.size=(int)strlen (user); + + if (flags != U_DEL) { + d.data = (char *)src; + d.size = (int)sizeof(tcfspwdb); + + if (pdb->put(pdb, &srchkey, &d, 0) == -1) { + fprintf(stderr, "db: put failed\n"); + pdb->close (pdb); + return 0; + } + } else if (pdb->del (pdb, &srchkey, 0)) { + fprintf(stderr, "db: del failed\n"); + pdb->close (pdb); + return 0; + } + + pdb->close (pdb); + return 1; +} + +int +tcfs_gputpwnam (char *user, tcfsgpwdb *src, int flags) +{ + DB *pdb; + static DBT srchkey, d; + int open_flag = 0, owf = 0; + char *key, *buf; + char *tmp; + + open_flag = O_RDWR|O_EXCL; + if (access (TCFSPWDB, F_OK) < 0) + open_flag |= O_CREAT; + + pdb = dbopen (TCFSPWDB, open_flag, PERM_SECURE, DB_HASH, NULL); + if (!pdb) + return 0; + + key = (char *) calloc (strlen(src->user) + 4 + 1, sizeof(char)); + sprintf (key, "%s\33%d\0", src->user, src->gid); + + srchkey.data = key; + srchkey.size = strlen (key); + + if (flags != U_DEL) { + d.data = (char *)src; + d.size = sizeof(tcfsgpwdb); + + if (pdb->put (pdb, &srchkey, &d, 0) == -1) { + fprintf(stderr, "db: put failed\n"); + pdb->close (pdb); + return 0; + } + } else if (pdb->del (pdb, &srchkey, 0)) { + fprintf(stderr, "db: del failed\n"); + pdb->close (pdb); + return 0; + } + + pdb->close (pdb); + return 1; +} + +int +tcfs_rmgroup (gid_t gid) +{ + DB *gdb; + DBT dbkey; + + gdb = dbopen(TCFSGPWDB, O_RDWR|O_EXCL, PERM_SECURE, DB_HASH, NULL); + if (!gdb) + return 0; + + if (gdb->seq(gdb, &dbkey, NULL, R_FIRST)) + dbkey.data = NULL; + + while (dbkey.data) { + char *tmp; + + tmp = (char*)calloc(1024, sizeof(char)); + + sprintf(tmp, "\33%d\0", gid); + if (strstr (dbkey.data, tmp)) { + if (gdb->del(gdb, &dbkey, 0)) { + gdb->close (gdb); + + free (tmp); + return 0; + } + } + free (tmp); + + if (gdb->seq(gdb, &dbkey, NULL, R_NEXT)) { + gdb->close(gdb); + return (0); + } + } + + gdb->close (gdb); + return (1); +} + + +int +tcfs_group_chgpwd (char *user, gid_t gid, char *old, char *new) +{ + tcfsgpwdb *group_info; + unsigned char *key; + + key=(unsigned char *)calloc(UUKEYSIZE, sizeof (char)); + if (!key) + return 0; + + if (!tcfs_decrypt_key (user, old, (unsigned char*)group_info->gkey, key, GROUPKEY)) + return 0; + + if (!tcfs_encrypt_key (user, new, key, (unsigned char *)group_info->gkey, GROUPKEY)) + return 0; + + if (!tcfs_gputpwnam (user, group_info, U_CHG)) + return 0; + + free (group_info); + free (key); + + return 1; +} + +int +tcfs_chgpwd (char *user, char *old, char *new) +{ + tcfspwdb *user_info=NULL; + unsigned char *key; + + key = (unsigned char*)calloc(UUKEYSIZE, sizeof(char)); + + if (!tcfs_getpwnam (user, &user_info)) + return 0; + + if (!tcfs_decrypt_key (user, old, (unsigned char *)user_info->upw, key, USERKEY)) + return 0; + + if (!tcfs_encrypt_key (user, new, key, (unsigned char *)user_info->upw, USERKEY)) + return 0; + + if (!tcfs_putpwnam (user, user_info, U_CHG)) + return 0; + + free (user_info); + free (key); + + return 1; +} + +int +tcfs_chgpassword (char *user, char *old, char *new) +{ + int error1=0, error2=0; + DB *gpdb; + DBT found, key; + unsigned char *ckey; + + ckey = (unsigned char*)calloc(UUKEYSIZE, sizeof(char)); + if (!ckey) + return 0; + + gpdb = dbopen (TCFSGPWDB, O_RDWR|O_EXCL, PERM_SECURE, DB_HASH, NULL); + if (!gpdb) + return 0; + + error1 = tcfs_chgpwd (user, old, new); + if (!error1) + return 0; + + /* Reencrypt group shares */ + if (gpdb->seq(gpdb, &key, NULL, R_FIRST)) + key.data = NULL; + + while (key.data) { + if (strncmp (user, key.data, strlen(user))) { + if (gpdb->seq(gpdb, &key, NULL, R_NEXT)) + key.data = NULL; + continue; + } + + gpdb->get(gpdb, &key, &found, 0); + + if (!tcfs_decrypt_key (user, old, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, ckey, USERKEY)) + return 0; + + if (!tcfs_encrypt_key (user, new, ckey, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, USERKEY)) + return 0; + + if (gpdb->put (gpdb, &key, &found, 0)) { + free (ckey); + + gpdb->close (gpdb); + return (0); + } + + free (ckey); + + if (gpdb->seq(gpdb, &key, NULL, R_NEXT)) + key.data = NULL; + } + + return 1; +} diff --git a/usr.bin/tcfs/tcfs_flags.c b/usr.bin/tcfs/tcfs_flags.c new file mode 100644 index 00000000000..3a3bb94f49b --- /dev/null +++ b/usr.bin/tcfs/tcfs_flags.c @@ -0,0 +1,63 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <errno.h> +#include <fcntl.h> +#include <sys/types.h> +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include <sys/stat.h> + +#include <miscfs/tcfs/tcfs.h> +#include <miscfs/tcfs/tcfs_fileinfo.h> +#include "tcfsdefines.h" + +#include <des.h> + +tcfs_flags +tcfs_getflags(int fd) +{ + tcfs_flags r; + struct stat s; + + if (fstat(fd,&s) < 0) { + r.flag = -1; + } else + r.flag = s.st_flags; + return r; +} + + +tcfs_flags +tcfs_setflags(int fd, tcfs_flags x) +{ + tcfs_flags r,n; + r = tcfs_getflags(fd); + + if (r.flag == -1) { + r.flag = -1; + return r; + } + + n = x; + FI_SET_SP(&n,FI_SPURE(&r)); + + if (fchflags(fd, n.flag)) + r.flag = -1; + + return r; +} diff --git a/usr.bin/tcfs/tcfs_getfspath.c b/usr.bin/tcfs/tcfs_getfspath.c new file mode 100644 index 00000000000..0774fa95adb --- /dev/null +++ b/usr.bin/tcfs/tcfs_getfspath.c @@ -0,0 +1,101 @@ +/* $OpenBSD: tcfs_getfspath.c,v 1.1 2000/06/18 22:07:24 provos Exp $ */ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <strings.h> +#include <stdlib.h> +#include <fstab.h> + +#define WHITESPACE " \t\r\n" + +int +tcfs_label_getcipher (char *label) +{ + int ciphernum; + + if (tcfs_get_label (label, NULL, &ciphernum)) + return ciphernum; + + return (-1); +} + +int +tcfs_getfspath (char *label2search, char *path) +{ + return tcfs_get_label (label2search, path, NULL); +} + +int +tcfs_get_label(char *label2search, char *path, int *ciphernumber) +{ + FILE *fp; + char *label, *line, *p, *tag, *mountpoint, *cipherfield; + int found = 0; + + if ((fp = fopen(_PATH_FSTAB,"r")) == NULL) + return (0); + + if ((line = calloc(1024, sizeof(char))) == NULL) + goto out; + + while (!feof(fp) && !found) { + p = line; + fgets (p, 1024, fp); + p = p + strspn(p, WHITESPACE); + while (!found) { + strsep(&p, WHITESPACE); /* device */ + if (p == NULL) + break; + p = p + strspn(p, WHITESPACE); + mountpoint = strsep(&p, WHITESPACE); /* mount point */ + if (p == NULL) + break; + tag = strsep(&p, WHITESPACE); /* file system */ + if (p == NULL || strcmp(tag, "tcfs")) + break; + + /* find the correct label */ + label = strstr(p, "label="); + cipherfield = strstr(p, "cipher="); + if (label == NULL) + break; + p = label + 6; + label = strsep(&p, WHITESPACE ","); + if (!strlen(label) || strcmp(label, label2search)) + break; + + if (path) { + strcpy(path, mountpoint); + found = 1; + } + + if (ciphernumber) { + if (cipherfield == NULL) + break; + p = cipherfield + 7; + cipherfield = strsep(&p, WHITESPACE ","); + if (!strlen(cipherfield)) + break; + + *ciphernumber = strtol(cipherfield, &p, 0); + if (cipherfield != p) + found = 1; + } + } + } + free(line); + out: + fclose (fp); + + return found; +} diff --git a/usr.bin/tcfs/tcfs_getstatus.c b/usr.bin/tcfs/tcfs_getstatus.c new file mode 100644 index 00000000000..3cc02bad0d5 --- /dev/null +++ b/usr.bin/tcfs/tcfs_getstatus.c @@ -0,0 +1,39 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <des.h> +#include <miscfs/tcfs/tcfs.h> +#include <miscfs/tcfs/tcfs_cmd.h> +#include "tcfsdefines.h" +#include <sys/ucred.h> + + +int +tcfs_getstatus(char *filesystem, struct tcfs_status *st) +{ + int i; + struct tcfs_args x; + + if (!tcfs_verify_fs(filesystem)) + return (-1); + + x.cmd = TCFS_GET_STATUS; + i = tcfs_callfunction(filesystem,&x); + *st = x.st; + return (i); +} diff --git a/usr.bin/tcfs/tcfs_keymaint.c b/usr.bin/tcfs/tcfs_keymaint.c new file mode 100644 index 00000000000..486804ee979 --- /dev/null +++ b/usr.bin/tcfs/tcfs_keymaint.c @@ -0,0 +1,185 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/ucred.h> +#include <des.h> +#include <miscfs/tcfs/tcfs.h> +#include <miscfs/tcfs/tcfs_cmd.h> + +#include "tcfsdefines.h" +#include "uuencode.h" + +int +tcfs_verify_fs(char *fs) +{ + int ret; + struct statfs buf; + + ret = statfs(fs, &buf); + + if (ret) + return 0; + + if (!strcmp("tcfs", buf.f_fstypename)) + return (1); + else + return (0); +} + +int +tcfs_callfunction(char *filesystem, struct tcfs_args *arg) +{ + int i; + if (tcfs_verify_fs(filesystem)) + i = mount("tcfs",filesystem,MNT_UPDATE,(void*)arg); + else + i = -1; + + return (i); +} + +int +tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, + unsigned int flag) +{ + int i = 0; + char pass[_PASSWORD_LEN], *cypher; + char tcfskey[KEYSIZE + 2]; + des_key_schedule ks; + int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE; + + if (!tk) + return 0; + + strcpy (pass, pwd); + + if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1) + return 0; + + while (strlen (pass) < 8) { + char tmp[_PASSWORD_LEN]; + strcpy (tmp, pass); + strcat (tmp, pass); + strcat (pass, tmp); + } + + while ((i*8) < keysize) { + des_set_key ((des_cblock *) pass, ks); + + des_ecb_encrypt ((des_cblock *) (tcfskey+i*8), + (des_cblock *) (tcfskey+i*8), ks, DES_DECRYPT); + i++; + } + memset (pass, 0, strlen (pass)); + + memcpy (tk, tcfskey, keysize); + return 1; +} + +int +tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, + unsigned int flag) +{ + int i = 0; + char pass[_PASSWORD_LEN]; + des_key_schedule ks; + int keysize = (flag == GROUPKEY) ? KEYSIZE + KEYSIZE/8 : KEYSIZE; + + if (!ek) + return 0; + + strcpy (pass, pw); + + while (strlen(pass) < 8) { + char tmp[_PASSWORD_LEN]; + + strcpy (tmp, pass); + strcat (tmp, pass); + strcat (pass, tmp); + } + + while ((i*8) < keysize) { + des_set_key((des_cblock *) pass, ks); + des_ecb_encrypt((des_cblock *) (key + i * 8), + (des_cblock *) (key + i * 8), ks, DES_ENCRYPT); + i++; + } + + uuencode (key, keysize, ek, UUKEYSIZE); + + return 1; +} + +int tcfs_user_enable(char *filesystem, uid_t user, u_char *key) +{ + struct tcfs_args a; + a.user = user; + memcpy(a.tcfs_key, key, sizeof(a.tcfs_key)); + a.cmd = TCFS_PUT_UIDKEY; + return tcfs_callfunction(filesystem,&a); +} + +int tcfs_user_disable(char *filesystem, uid_t user) +{ + struct tcfs_args a; + a.user = user; + a.cmd = TCFS_RM_UIDKEY; + return tcfs_callfunction(filesystem, &a); +} + +int tcfs_proc_enable(char *filesystem, uid_t user, pid_t pid, char *key) +{ + struct tcfs_args a; + a.user = user; + a.cmd = TCFS_PUT_PIDKEY; + a.proc = pid; + memcpy(a.tcfs_key, key, sizeof(a.tcfs_key)); + return tcfs_callfunction(filesystem, &a); +} + +int tcfs_proc_disable(char *filesystem, uid_t user, pid_t pid) +{ + struct tcfs_args a; + a.user = user; + a.cmd = TCFS_RM_PIDKEY; + a.proc = pid; + return tcfs_callfunction(filesystem, &a); +} + +int tcfs_group_enable(char *filesystem, uid_t uid, gid_t gid, + int tre, char *key) +{ + struct tcfs_args a; + a.cmd = TCFS_PUT_GIDKEY; + a.user = uid; + a.group = gid; + a.treshold = tre; + memcpy(a.tcfs_key, key, sizeof(a.tcfs_key)); + return tcfs_callfunction(filesystem,&a); +} + +int tcfs_group_disable(char *filesystem, uid_t uid, gid_t gid) +{ + struct tcfs_args a; + a.cmd = TCFS_RM_GIDKEY; + a.user = uid; + a.group = gid; + return tcfs_callfunction(filesystem,&a); +} + + diff --git a/usr.bin/tcfs/tcfsaddgroup.c b/usr.bin/tcfs/tcfsaddgroup.c new file mode 100644 index 00000000000..d9e850b08ab --- /dev/null +++ b/usr.bin/tcfs/tcfsaddgroup.c @@ -0,0 +1,432 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <sys/types.h> +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <pwd.h> +#include <grp.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" + +char *addgroup_usage="Usage: %s [OPTION] +Add a TCFS group to the TCFS group database. + + -g <group> Group id [or name] of the TCFS group + -m <members> Number of members of the group + -t <threshold> Threshold of the group + -v Makes the output a little more verbose + -h Shows this help\n"; + +int threshold; +unsigned char coeff[KEYSIZE][256]; +unsigned char *S=NULL; /* Pointer to a 64-bit TCFS group key */ + +union bobbit +{ + unsigned char byte; + struct + { + unsigned char b1:1; + unsigned char b2:1; + unsigned char b3:1; + unsigned char b4:1; + unsigned char b5:1; + unsigned char b6:1; + unsigned char b7:1; + unsigned char b8:1; + } bf; +}; + +int +tcfsgetuid (char *login) +{ + struct passwd *entry; + + setpwent(); + + while ((entry = getpwent()) != NULL) { + if (strcmp (login, entry->pw_name) == 0) + return entry->pw_uid; + } + + endpwent(); + free(entry); + + return -1; +} + +void +gencoeff (void) +{ + int i, j; + + for (i = 0; i < KEYSIZE; i++){ + for (j = 1; j < threshold; j++){ + coeff[j][i] = arc4random(); + } + } +} + +unsigned char * +gengrpkey (char *login) +{ + int l, x1, i, j, k=0; + unsigned int x; + + unsigned char *res = NULL; + unsigned int tmp; + union bobbit obits; + + res = (unsigned char*)calloc(KEYSIZE + KEYSIZE/8, sizeof(char)); + if (!res) + tcfs_error (ER_MEM, NULL); + + x1 = tcfsgetuid(login); + x = (x1 % 257); + +#ifdef DEBUG_TCFS + printf ("La chiave utente di %u e':\n", x); +#endif + + for (i = 0; i < KEYSIZE; i++) { + tmp = 0; + for (j = 1; j < threshold; j++) { + tmp += (eleva(x1,j,257)*coeff[j][i]) % 257; +#ifdef DEBUG_TCFS + printf ("x1= %u\tj=%d\tcoeff[%d][%d]=%u\ttmp=%u\tchiave: ", x1, j, j, i, coeff[j][i], tmp); +#endif + } + tmp += (unsigned int)S[i]; + tmp %= 257; + + memcpy (res+k++, &tmp, 1); +#ifdef DEBUG_TCFS + printf ("%u\n", *(res+k-1)); +#endif + switch (i % 8){ + case 0: + obits.bf.b1=tmp>>8; + break; + case 1: + obits.bf.b2=tmp>>8; + break; + case 2: + obits.bf.b3=tmp>>8; + break; + case 3: + obits.bf.b4=tmp>>8; + break; + case 4: + obits.bf.b5=tmp>>8; + break; + case 5: + obits.bf.b6=tmp>>8; + break; + case 6: + obits.bf.b7=tmp>>8; + break; + case 7: + obits.bf.b8=tmp>>8; + break; + } + + if ((i%8) == 7) { + res[k] = obits.byte; + k++; + +#ifdef DEBUG_TCFS + printf ("%u\n", res[k-1]); +#endif + + obits.byte=0; + } + } + + /* + res[KEYSIZE]=obits.byte; + */ + return res; +} + +int +addgroup_main (int argn, char *argv[]) +{ + int index, val; + gid_t gid; + int have_gid = FALSE, have_members = FALSE, have_threshold = FALSE; + int be_verbose = FALSE; + int temp_members, members; + tcfsgpwdb **group_info; + + /* + * Going to check the arguments + */ + while ((val = getopt (argn, argv, "vg:m:t:h")) != EOF) + switch (val) { + case 'm': + members = atoi(optarg); + have_members = TRUE; + break; + case 'g': + gid = (gid_t)atoi(optarg); + if (!gid && optarg[0] != '0') { /* group name given */ + struct group *group_id; + + group_id = getgrnam(optarg); + if (!group_id) + tcfs_error (ER_CUSTOM, "Nonexistent group."); + + gid=group_id->gr_gid; + } + + have_gid = TRUE; + break; + case 't': + threshold = atoi(optarg); + have_threshold = TRUE; + break; + case 'h': + show_usage (addgroup_usage, argv[0]); + exit (OK); + case 'v': + be_verbose = TRUE; + break; + default: + fprintf (stderr, "Try %s --help for more information.\n", argv[0]); + exit (ER_UNKOPT); + } + + if (argn-optind) + tcfs_error (ER_UNKOPT, NULL); + + if (!have_gid) { + char *buff = NULL; + int len; + + buff = (char*)calloc(2048, sizeof(char)); + if (!buff) + tcfs_error (ER_MEM, NULL); + + printf ("Group id [or name] of the TCFS group to add to the database: "); + fgets (buff, 2048, stdin); + len = strlen(buff) - 2; + buff[len] = buff[len] == '\n' ? 0 : buff[len]; + gid = atoi(buff); + + if (!gid && buff[0] != '0') { /* group name given */ + struct group *group_id; + + group_id = getgrnam(buff); + if (!group_id) + tcfs_error (ER_CUSTOM, "Nonexistent group."); + + gid=group_id->gr_gid; + } + + if (gid <= 0) + tcfs_error (ER_CUSTOM, "A positive ID please!"); + + free (buff); + } + + if (!have_members) { + char *buff = NULL; + int len; + + buff=(char*)calloc(2048, sizeof(char)); + if (!buff) + tcfs_error (ER_MEM, NULL); + + printf ("Number of members for the TCFS group ID #%d: ", gid); + fgets (buff, 2048, stdin); + len = strlen(buff) - 2; + buff[len] = buff[len] == '\n' ? 0 : buff[len]; + members = atoi(buff); + + free(buff); + } + + if (!have_threshold) { + char *buff = NULL; + int len; + + buff = (char*)calloc(2048, sizeof(char)); + if (!buff) + tcfs_error (ER_MEM, NULL); + + printf ("Threshold for the TCFS group ID #%d: ", gid); + fgets (buff, 2048, stdin); + len = strlen(buff) - 2; + buff[len] = buff[len] == '\n' ? 0 : buff[len]; + threshold = atoi(buff); + + free (buff); + } + + if (members < 2) + tcfs_error (ER_CUSTOM, "At least two members!"); + + if (threshold > members || threshold <= 0) + tcfs_error (ER_CUSTOM, "The threshold must be no greater than the number of members and greater than zero!"); + + S = gentcfskey(); +#ifdef DEBUG_TCFS + { + int i; + + printf ("La chiave segreta e':\n"); + + for (i=0;i<KEYSIZE;i++) + printf ("%u:", S[i]); + + printf ("\n"); + } +#endif + + gencoeff(); + + temp_members = members; + + group_info = (tcfsgpwdb **)calloc(members, sizeof(tcfsgpwdb *)); + + /* + * Creating user entry + */ + while (members) { + char *user = NULL, *passwd = NULL; + unsigned char *newkey = NULL, *cryptedkey = NULL; + tcfsgpwdb *tmp = NULL; + int tmpmemb = temp_members, cont=0; + + group_info[members-1] = (tcfsgpwdb *)calloc(1, sizeof(tcfsgpwdb)); + + group_info[members-1]->gid = gid; + group_info[members-1]->n = members; + group_info[members-1]->soglia = threshold; + + if (!unix_auth (&user, &passwd, FALSE)) { + fprintf (stderr, "Invalid password or the user does not exist.\n"); + continue; + } + + if (tcfs_ggetpwnam (user, gid, &tmp)) + tcfs_error(ER_CUSTOM, "Group already exists."); + + while (tmpmemb > members) { + if (!strcmp (user, group_info[tmpmemb-1]->user)) { + fprintf (stderr, "User already present into the group.\n"); + cont = 1; + break; + } + tmpmemb--; + } + + if (cont) + continue; + + strcpy (group_info[members-1]->user, user); + + newkey = (unsigned char*)calloc(KEYSIZE*2, sizeof (char)); + if (!newkey) + tcfs_error (ER_MEM, NULL); + + cryptedkey = (unsigned char*)calloc(UUKEYSIZE, sizeof(char)); + if (!cryptedkey) + tcfs_error (ER_MEM, NULL); + + memcpy (newkey, gengrpkey (user), KEYSIZE + KEYSIZE/8); + newkey[KEYSIZE + KEYSIZE/8] = '\0'; +#ifdef DEBUG_TCFS + { + int i; + + printf ("%s newkey: ", user); + for (i = 0;i <= KEYSIZE; i++) + printf ("%u:", newkey[i]); + printf ("\n"); + } +#endif + + /* + * Encrypt the just generated key with the user password + */ + if (!tcfs_encrypt_key (user, passwd, newkey, cryptedkey, GROUPKEY)) + tcfs_error (ER_MEM, NULL); + +#ifdef DEBUG_TCFS + { + unsigned char *key; + int i; + + key=(unsigned char *)calloc(UUKEYSIZE, sizeof(char)); + if (!tcfs_decrypt_key (user, passwd, cryptedkey, key, GROUPKEY)) + exit (0); + + printf ("%s key: ", user); + for (i=0;i<=KEYSIZE;i++) + printf ("%u:", key[i]); + printf ("\n"); + + free (key); + } +#endif + + free (newkey); + + strcpy (group_info[members-1]->gkey, cryptedkey); + free (cryptedkey); + + members--; + } + + members=temp_members; + + while (members) { + if (be_verbose) + printf ("Creating a new entry for user %s in the TCFS database...\n", group_info[members-1]->user); + + if (!tcfs_gputpwnam (group_info[members-1]->user, group_info[members-1], U_NEW)) { + /* TODO: Remove the group entries saved before */ + tcfs_error (ER_CUSTOM, "Error: cannot add a user to the group."); + } + + if (be_verbose) + printf ("TCFS group entry for user %s created.\n", group_info[members-1]->user); + + members--; + } + + tcfs_error (ER_CUSTOM, "\nAll group keys generated."); + + return 0; +} + + +int +eleva(int x, int y, int z) +{ + int mask = 0x80000000; + int res = 1,i; + + for (i = 0; i < 32; i++) { + res = (res*res)%z; + if (y & mask) + res = (x*res)%z; + mask = mask >> 1; + } + + return res; +} diff --git a/usr.bin/tcfs/tcfsadduser.c b/usr.bin/tcfs/tcfsadduser.c new file mode 100644 index 00000000000..84d0429cda7 --- /dev/null +++ b/usr.bin/tcfs/tcfsadduser.c @@ -0,0 +1,95 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <unistd.h> +#include <limits.h> + +#include <miscfs/tcfs/tcfs.h> + +#include "tcfslib.h" +#include "tcfserrors.h" + + +char *adduser_usage="Usage: %s [OPTION]... +Add an user entry to the TCFS database. + + -l <user> Username to add to the TCFS database + -h Shows this help + -v Makes the output a little more verbose\n"; + +int +adduser_main (int argn, char *argv[]) +{ + char val; + int have_user = FALSE, be_verbose = FALSE; + char user[LOGIN_NAME_MAX + 1]; + tcfspwdb *user_info; + + /* + * Going to check the arguments + */ + while ((val = getopt(argn, argv, "g:l:hv"))!=EOF) + switch (val) { + case 'l': + strlcpy (user, optarg, sizeof(user)); + have_user = 1; + break; + case 'h': + show_usage (adduser_usage, argv[0]); + exit (OK); + break; + case 'v': + be_verbose = TRUE; + break; + default: + fprintf (stderr, + "Try %s --help for more information.\n", + argv[0]); + exit (ER_UNKOPT); + break; + } + + if (argn-optind) + tcfs_error (ER_UNKOPT, NULL); + + /* + * Here we don't have to drop root privileges because only root + * should run us. + * However we can do better. Maybe in next versions. + */ + if (!have_user) { + printf ("Username to add to TCFS database: "); + fgets (user, sizeof(user), stdin); + user[strlen(user)-1] = '\0'; + } + + if (be_verbose) + printf ("Creating a new entry for user %s in the TCFS database...\n", user); + + /* + * Creating a new entry into the key database + */ + if (!tcfspwdbr_new (&user_info)) + tcfs_error (ER_MEM, NULL); + + if (!tcfspwdbr_edit (&user_info, F_USR, user)) + tcfs_error (ER_MEM, NULL); + + if (!tcfs_putpwnam (user, user_info, U_NEW)) + tcfs_error (ER_CUSTOM, "Error: cannot add user."); + + if (be_verbose) + printf ("User entry created with success.\n"); + + tcfs_error (OK, NULL); +} diff --git a/usr.bin/tcfs/tcfsdefines.h b/usr.bin/tcfs/tcfsdefines.h new file mode 100644 index 00000000000..1841bd5a2de --- /dev/null +++ b/usr.bin/tcfs/tcfsdefines.h @@ -0,0 +1,34 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#ifndef _TCFSDEFINES_H_ +#define _TCFSDEFINES_H_ + +#define UUKEYSIZE ((KEYSIZE / 3 + (KEYSIZE % 3 ? 1 : 0)) * 4) +#define TRUE 1 +#define FALSE 0 +#define ONE 1 /* decrement key counter by 1 */ +#define ALL 0 /* decrement key counter to 0 */ +#define SET 1 /* set permanent flag */ +#define UNSET 0 /* unset permanent flag */ +#define NONE 2 /* no one of the previous */ + +#define USERKEY 0 +#define GROUPKEY 1 + +typedef struct { + u_int32_t flag; +} tcfs_flags; + +#endif /* _TCFSDEFINES_H_ */ + + diff --git a/usr.bin/tcfs/tcfserrors.c b/usr.bin/tcfs/tcfserrors.c new file mode 100644 index 00000000000..122128dd6e5 --- /dev/null +++ b/usr.bin/tcfs/tcfserrors.c @@ -0,0 +1,68 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + * + * $Source: /cvs/OpenBSD/src/usr.bin/tcfs/Attic/tcfserrors.c,v $ + * $State: Exp $ + * $Revision: 1.1 $ + * $Author: provos $ + * $Date: 2000/06/18 22:07:24 $ + * + */ + +static const char *RCSid="$id: $"; + +/* RCS_HEADER_ENDS_HERE */ + + + +#include <stdio.h> +#include <unistd.h> +#include "tcfserrors.h" + +void tcfs_error (int error_type, char *custom_message) +{ + if (error_type!=ER_CUSTOM && error_type!=OK) + fprintf (stderr, "Error: "); + + switch (error_type) + { + case ER_AUTH: + case ER_MEM: + case ER_TCFS: + case ER_PERM: + case ER_ENABLE: + case ER_DISABLE: + case ER_COUNT: + case ER_USER: + case OK: + fprintf (stderr, "%s\n", tcfs_errors_strings[error_type]); + exit (error_type); + case ER_CUSTOM: + fprintf (stderr, "%s\n", custom_message); + exit (1); + case ER_UNKOPT: + if (custom_message) + fprintf (stderr, "%s: %s\n", tcfs_errors_strings[error_type], custom_message); + else + fprintf (stderr, "%s\n", tcfs_errors_strings[error_type]); + + exit (error_type); + break; /* Useless code */ + default: + fprintf (stderr, "internal error.\n"); + exit (1); + } +} + +void show_usage (char *fmt, char *arg) +{ + printf (fmt, arg); +} diff --git a/usr.bin/tcfs/tcfserrors.h b/usr.bin/tcfs/tcfserrors.h new file mode 100644 index 00000000000..71118933006 --- /dev/null +++ b/usr.bin/tcfs/tcfserrors.h @@ -0,0 +1,62 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + * + * $Source: /cvs/OpenBSD/src/usr.bin/tcfs/Attic/tcfserrors.h,v $ + * $State: Exp $ + * $Revision: 1.1 $ + * $Author: provos $ + * $Date: 2000/06/18 22:07:24 $ + * + */ + +/* RCS_HEADER_ENDS_HERE */ + + + + +#ifndef _ERRORS_H +#define _ERRORS_H + +enum +{ + OK=0, /* Ok, no error */ + ER_CUSTOM, /* Custom error message */ + ER_UNKOPT, /* Unknown command line option */ + ER_AUTH, /* User authentication error */ + ER_MEM, /* Out of memory error */ + ER_TCFS, /* User is not allowed to use TCFS */ + ER_USER, /* User error */ + ER_PERM, /* Error calling TCFS_IOC_PERMANENT ioctl */ + ER_ENABLE, /* Error calling TCFS_IOC_LOGIN ioctl */ + ER_DISABLE, /* Error calling TCFS_IOC_DISABLE ioctl */ + ER_COUNT /* Error calling TCFS_IOC_COUNT ioctl */ +}; + +static char *tcfs_errors_strings[]= +{ + "Ok", + NULL, + "unknow option.", + "authentication error.", + "out of memory.", + "you do not have a TCFS key.", + "Who are you?!", + "ioctl error while setting permanent flag.", + "ioctl error while sending.", + "ioctl error while removing key.", + "ioctl error while getting key counter." +}; + +void tcfs_error (int error_type, char *arg); + +#endif + +/* End of errors.h */ diff --git a/usr.bin/tcfs/tcfsflag.c b/usr.bin/tcfs/tcfsflag.c new file mode 100644 index 00000000000..6b8dd73782e --- /dev/null +++ b/usr.bin/tcfs/tcfsflag.c @@ -0,0 +1,78 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <errno.h> +#include <fcntl.h> +#include <sys/types.h> +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include <des.h> + +#include <miscfs/tcfs/tcfs.h> +#include <miscfs/tcfs/tcfs_fileinfo.h> +#include "tcfsdefines.h" + +tcfs_flags tcfs_getflags(int); +tcfs_flags tcfs_setflags(int,tcfs_flags); + +int +flags_main(int argc, char *argv[]) +{ + int fd; + tcfs_flags i; + + if (argc < 3) { + fprintf (stderr, "tcfsflags {r,x,g} file\n\n"); + exit(1); + } + + fd = open(argv[2],O_RDONLY); + if (!fd) { + fprintf(stderr, "open failed\n"); + exit(1); + } + + i = tcfs_getflags(fd); + if (i.flag == -1) { + fprintf(stderr,"getflags error\n"); + close(fd); + exit(1); + } + + switch(*argv[1]) { + case 'r': + printf("%s x:%d g:%d\n",argv[2], + FI_CFLAG(&i),FI_GSHAR(&i)); + exit(0); + case 'x': + FI_SET_CF(&i,~(FI_CFLAG(&i))); + break; + case 'g': + FI_SET_GS(&i,~(FI_GSHAR(&i))); + break; + } + + i = tcfs_setflags(fd,i); + if (i.flag == -1) { + fprintf(stderr,"setflags error\n"); + exit(1); + } + close(fd); + + exit(0); +} + diff --git a/usr.bin/tcfs/tcfsgenkey.c b/usr.bin/tcfs/tcfsgenkey.c new file mode 100644 index 00000000000..815221fa951 --- /dev/null +++ b/usr.bin/tcfs/tcfsgenkey.c @@ -0,0 +1,111 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <strings.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" + +char *genkey_usage="Usage: %s [OPTION] +Generate a TCFS key adding it to the user entry into the TCFS database. + + -h Shows this help\n"; + +int +genkey_main (int argn, char *argv[]) +{ + int val; + char *user, *passwd; + tcfspwdb *userinfo; + unsigned char *newkey, *cryptedkey; + tcfspwdb *user_info = NULL; + + /* + * Going to check arguments + */ + while ((val = getopt(argn, argv, "h")) != EOF) + switch (val) { + case 'h': + show_usage(genkey_usage, argv[0]); + exit (OK); + break; /* Useless code */ + default: + fprintf (stderr, "Try %s --help for more information.\n", argv[0]); + exit (ER_UNKOPT); + break; + } + + if (argn - optind) + tcfs_error (ER_UNKOPT, NULL); + + /* + * Must be root to do all this stuff + */ + if (geteuid()) + tcfs_error (ER_CUSTOM, "I don't have root privileges!"); + + /* + * Authenticate user + */ + if (!unix_auth (&user, &passwd, TRUE)) + tcfs_error (ER_CUSTOM, "Who are you?!"); + + if (!tcfs_getpwnam (user, &user_info)) + tcfs_error (ER_CUSTOM, "You do not have an entry in the TCFS key database."); + + if (strlen(user_info->upw)) + tcfs_error (ER_CUSTOM,"You already have a TCFS key."); + + /* + * Generate a new key for the user. + */ + newkey = gentcfskey (); + { + int i; + printf("gentcfskey: key ="); + for (i = 0; i < KEYSIZE; i++) + printf(" %02x", newkey[i]); + printf("\n"); + } + + /* + * Encrypt the generated key with user password + */ + cryptedkey = (char*)calloc(UUKEYSIZE, sizeof(char)); + if (!cryptedkey) + tcfs_error (ER_MEM, NULL); + + + if (!tcfs_encrypt_key (user, passwd, newkey, cryptedkey, USERKEY)) + tcfs_error (ER_MEM, NULL); + + /* + * Update TCFS key database + */ + if (!tcfspwdbr_new (&userinfo)) + tcfs_error (ER_MEM, NULL); + + if (!tcfspwdbr_edit (&userinfo, F_USR|F_PWD, user, cryptedkey)) + tcfs_error (ER_MEM, NULL); + + /* TODO: + if (!change && tcfs_getpwnam (user, &userinfo)) + tcfs_error (ER_CUSTOM, "Use -c to change the key."); + */ + + if (!tcfs_putpwnam (user, userinfo, U_CHG)) + tcfs_error (ER_CUSTOM, "Error: cannot generate key."); + + tcfs_error (ER_CUSTOM, "\nKey succesfully generated."); +} diff --git a/usr.bin/tcfs/tcfslib.h b/usr.bin/tcfs/tcfslib.h new file mode 100644 index 00000000000..a94cf5216e0 --- /dev/null +++ b/usr.bin/tcfs/tcfslib.h @@ -0,0 +1,45 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + * + * $Source: /cvs/OpenBSD/src/usr.bin/tcfs/Attic/tcfslib.h,v $ + * $State: Exp $ + * $Revision: 1.1 $ + * $Author: provos $ + * $Date: 2000/06/18 22:07:24 $ + * + */ + +/* RCS_HEADER_ENDS_HERE */ + + + +#include <unistd.h> +#include "tcfsdefines.h" +#include "tcfspwdb.h" + +extern int tcfspwdbr_new (tcfspwdb **p); +extern int tcfspwdbr_edit (tcfspwdb **p, int i, ...); +extern int tcfspwdbr_read (tcfspwdb *p, int i, ...); +extern void tcfspwdbr_dispose (tcfspwdb *p); +extern int tcfsgpwdbr_new (tcfsgpwdb **p); +extern int tcfsgpwdbr_edit (tcfsgpwdb **p, int i, ...); +extern int tcfsgpwdbr_read (tcfsgpwdb *p, int i, ...); +extern void tcfsgpwdbr_dispose (tcfsgpwdb *p); +extern int tcfs_chgpwd (char *u, char *o, char *p); +extern int tcfs_group_chgpwd (char *u, gid_t gid, char *o, char *p); +extern int tcfs_chgpassword (char *u, char *o, char *p); +extern int tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, unsigned int flag); +extern int tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, unsigned int flag); +extern char *tcfs_decode (char *t, int *l); +extern char *tcfs_encode (char *t, int l); +extern char *gentcfskey (void); + + diff --git a/usr.bin/tcfs/tcfsmng.c b/usr.bin/tcfs/tcfsmng.c new file mode 100644 index 00000000000..02f3d47e175 --- /dev/null +++ b/usr.bin/tcfs/tcfsmng.c @@ -0,0 +1,79 @@ +/* + * Copyright 2000 Niels Provos <provos@citi.umich.edu> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> + +extern int adduser_main(int argc, char **argv); +extern int rmuser_main(int argc, char **argv); +extern int addgroup_main(int argc, char **argv); +extern int rmgroup_main(int argc, char **argv); + +struct subprg { + char *name; + int (*function)(int, char **); +}; + +struct subprg subcmds[] = { + {"adduser", adduser_main}, + {"rmuser", rmuser_main}, + {"addgroup", addgroup_main}, + {"rmgroup", rmgroup_main} +}; + +void +usage(char *name) +{ + int i; + fprintf(stderr, "Usage: %s <subcmd> [arguments]\n", name); + + fprintf(stderr, "Possible sub commands:"); + for (i = sizeof(subcmds)/sizeof(struct subprg) - 1; i >= 0; i--) + fprintf(stderr, " %s", subcmds[i].name); + fprintf(stderr, "\n"); +} + + +int +main (int argc, char **argv) +{ + int i; + + if (argc < 2) { + usage(argv[0]); + exit(1); + } + + for (i = sizeof(subcmds)/sizeof(struct subprg) - 1; i >= 0; i--) { + if (!strcmp(argv[1], subcmds[i].name)) + return (*subcmds[i].function)(argc - 1, argv + 1); + } + + fprintf(stderr, "%s: unknown command %s\n\n", argv[0], argv[1]); + usage(argv[0]); + exit (1); +} diff --git a/usr.bin/tcfs/tcfsmng/Makefile b/usr.bin/tcfs/tcfsmng/Makefile new file mode 100644 index 00000000000..d7b456c037b --- /dev/null +++ b/usr.bin/tcfs/tcfsmng/Makefile @@ -0,0 +1,15 @@ +.PATH: ${.CURDIR}/.. + +PROG= tcfsmng +BINOWN= root + +BINDIR= /usr/bin +NOMAN= +#MAN= tcfsmng.1 + +SRCS= tcfsmng.c tcfsadduser.c tcfsrmuser.c tcfsaddgroup.c tcfsrmgroup.c + +.include <bsd.prog.mk> + +LDADD+= -lutil -ldes +DPADD+= ${LIBUTIL} ${LIBDES} diff --git a/usr.bin/tcfs/tcfsputkey.c b/usr.bin/tcfs/tcfsputkey.c new file mode 100644 index 00000000000..362355ee3d0 --- /dev/null +++ b/usr.bin/tcfs/tcfsputkey.c @@ -0,0 +1,180 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + * + * $Source: /cvs/OpenBSD/src/usr.bin/tcfs/Attic/tcfsputkey.c,v $ + * $State: Exp $ + * $Revision: 1.1 $ + * $Author: provos $ + * $Date: 2000/06/18 22:07:24 $ + * + */ + +static const char *RCSid="$id: $"; + +/* RCS_HEADER_ENDS_HERE */ + + + +#include <stdio.h> +#include <sys/types.h> +#include <sys/param.h> +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <des.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" +#include <grp.h> + +extern char *optarg; +extern int optind; +char *putkey_usage= +"usage: tcfsputkey [-k][-f fliesystem-label][-g group][-p mount-point]\n"; + +int +putkey_main(int argc, char *argv[]) +{ + u_char *key,*fs,*user,*password,*tcfskey; + uid_t uid; + gid_t gid; + int es, treshold; + char x; + tcfspwdb *info; + tcfsgpwdb *ginfo; + char fslabel[MAXPATHLEN], fspath[MAXPATHLEN]; + int def = TRUE, havempname = FALSE, havefsname = FALSE; + int isgroupkey = FALSE; + int havefs = FALSE; + int havename = FALSE, havefspath = FALSE, havekey = FALSE; + + while ((x = getopt(argc,argv,"kf:p:g:")) != EOF) { + switch(x) { + case 'k': + def = FALSE; + break; + case 'p': + havempname = TRUE; + strlcpy(fspath, optarg, sizeof(fspath)); + break; + case 'f': + havefsname = TRUE; + strlcpy(fslabel, optarg, sizeof(fslabel)); + break; + case 'g': + isgroupkey = TRUE; + def = TRUE; + gid = atoi(optarg); + if (!gid && optarg[0] != 0) { + struct group *grp; + grp = (struct group *)getgrnam(optarg); + if (!grp) + tcfs_error(ER_CUSTOM, "Nonexistant group\n"); + gid = grp->gr_gid; + } + break; + default: + tcfs_error(ER_CUSTOM, putkey_usage); + exit(ER_UNKOPT); + } + } + if (argc - optind) + tcfs_error(ER_UNKOPT,NULL); + + if (havefsname && havempname) { + tcfs_error(ER_CUSTOM, putkey_usage); + exit(1); + } + + if (havefsname) { + es=tcfs_getfspath(fslabel,fspath); + havename = TRUE; + } + + if (havefspath) + havename = TRUE; + + if (!havename) + es=tcfs_getfspath("default",fspath); + + if (!es) { + tcfs_error(ER_CUSTOM,"fs-label not found!\n"); + exit(1); + } + + uid = getuid(); + + if (isgroupkey) { + if (!unix_auth(&user,&password,TRUE)) + tcfs_error(ER_AUTH,user); + + if (!tcfsgpwdbr_new(&ginfo)) + tcfs_error(ER_MEM,NULL); + + if (!tcfs_ggetpwnam(user,gid,&ginfo)) + tcfs_error(ER_CUSTOM,"Default key non found"); + + if (!strlen(ginfo->gkey)) + tcfs_error(ER_CUSTOM,"Invalid default key"); + + tcfskey = (char*)malloc(UUKEYSIZE); + if (!tcfskey) + tcfs_error(ER_MEM,NULL); + + treshold = ginfo->soglia; + + tcfs_decrypt_key(user, password, ginfo->gkey, tcfskey, + GROUPKEY); + + es = tcfs_group_enable(fspath,uid,gid,treshold,tcfskey); + + if(es == -1) { + tcfs_error(ER_CUSTOM,"problems updating filesystem"); + } + + exit(0); + } + + + if(!def) { + tcfskey = getpass("Insert tcfs-key:"); + havekey = TRUE; + } else { + if(!unix_auth(&user,&password,TRUE)) + tcfs_error(ER_AUTH,user); + + if(!tcfspwdbr_new(&info)) + tcfs_error(ER_MEM,NULL); + + if(!tcfs_getpwnam(user,&info)) + tcfs_error(ER_CUSTOM,"Default key non found"); + + if(!strlen(info->upw)) + tcfs_error(ER_CUSTOM,"Invalid default key"); + + tcfskey = (char*)malloc(UUKEYSIZE); + if(!tcfskey) + tcfs_error(ER_MEM,NULL); + + tcfs_decrypt_key (user, password, info->upw, tcfskey, USERKEY); + havekey = TRUE; + } + + es = tcfs_user_enable(fspath, uid, tcfskey); + + if(es == -1) + tcfs_error(ER_CUSTOM,"problems updating filesystem"); + + exit(0); +} diff --git a/usr.bin/tcfs/tcfspwdb.h b/usr.bin/tcfs/tcfspwdb.h new file mode 100644 index 00000000000..899b37ebf22 --- /dev/null +++ b/usr.bin/tcfs/tcfspwdb.h @@ -0,0 +1,64 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#ifndef _TCFSPWDB_H_ +#define _TCFSPWDB_H_ + +#include <sys/param.h> +#include <unistd.h> +#include <limits.h> +#include "tcfsdefines.h" + +#define UserLen LOGIN_NAME_MAX +#define PassLen UUKEYSIZE +#define MaxLineLen 100 +#define MaxUserLen LOGIN_NAME_MAX +#define NumOfField 2 + +typedef struct tcfspwdb_r +{ + char user[UserLen]; + char upw[PassLen]; +} tcfspwdb; + +typedef struct tcfsgpwdb_r +{ + char user[UserLen]; + char gkey[PassLen]; + gid_t gid; + int n; + int soglia; +} tcfsgpwdb; + +#define U_DEL 0 +#define U_NEW 1 +#define U_CHG 2 +#define U_CKL 3 + +#define F_USR 0x80 +#define F_PWD 0x40 +#define F_GID 0x20 +#define F_GKEY 0x10 +#define F_MEMBERS 0x08 +#define F_THRESHOLD 0x04 + +#define TCFSPWDBSIZ 1024 + +#define TCFSPWDB "/etc/tcfs/tcfspwdb" +#define TCFSPWDFILE "/etc/tcfs/tcfspwdb" +#define TCFSPWDOLD "/etc/tcfs/tcfspwdb.old" +#define TCFSPWDLOCK "/etc/tcfs/tcfspwdb.lock" +#define TCFSPWDTMP "/etc/tcfs/tcfstmp" + +#define TCFSGPWDB "/etc/tcfs/tcfsgpwdb" + +#endif /* _TCFSPWDB_H_ */ diff --git a/usr.bin/tcfs/tcfsrmgroup.c b/usr.bin/tcfs/tcfsrmgroup.c new file mode 100644 index 00000000000..a41b983d183 --- /dev/null +++ b/usr.bin/tcfs/tcfsrmgroup.c @@ -0,0 +1,97 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <grp.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" + +char *rmgroup_usage="Usage: %s [OPTION]... +Remove a TCFS group from the TCFS group database. + + -g <group> Specifies the TCFS group to be removed + -h Shows this help + -v Makes the output a little more verbose\n"; + +int +rmgroup_main (int argn, char *argv[]) +{ + int index, val; + gid_t gid; + int have_gid = FALSE, be_verbose = FALSE; + + /* + * Going to check the arguments + */ + while ((val = getopt(argn, argv, "hg:v")) != EOF) + switch (val) { + case 'g': + gid = (gid_t)atoi(optarg); + if (!gid && optarg[0] != '0') { /* group name given */ + struct group *group_id; + + group_id=getgrnam(optarg); + if (!group_id) + tcfs_error (ER_CUSTOM, "Nonexistent group."); + gid=group_id->gr_gid; + } + + have_gid=TRUE; + break; + case 'h': + show_usage (rmgroup_usage, argv[0]); + exit (OK); + case 'v': + be_verbose=TRUE; + break; + default: + fprintf (stderr, "Try %s --help for more informations.\n", argv[0]); + exit (ER_UNKOPT); + } + + if (argn-optind) + tcfs_error (ER_UNKOPT, NULL); + + if (!have_gid) { + char *buff = NULL; + int len; + + buff = (char*)calloc(2048, sizeof(char)); + if (!buff) + tcfs_error (ER_MEM, NULL); + + printf ("Group id of the TCFS group to remove from the database: "); + fgets (buff,2048,stdin); + len = strlen(buff) - 2; + buff[len] = buff[len] == '\n' ? 0 : buff[len]; + gid=(gid_t)atoi(buff); + + if (!gid && optarg[0] != '0') { /* group name given */ + struct group *group_id; + + group_id = getgrnam(optarg); + if (!group_id) + tcfs_error (ER_CUSTOM, "Nonexistent group."); + gid=group_id->gr_gid; + } + + if (gid <=0 ) + tcfs_error (ER_CUSTOM, "A positive ID please!"); + + free (buff); + } + + if (!tcfs_rmgroup (gid)) + tcfs_error (ER_CUSTOM, "Wrong ID or an error as occurred.\n"); +} diff --git a/usr.bin/tcfs/tcfsrmkey.c b/usr.bin/tcfs/tcfsrmkey.c new file mode 100644 index 00000000000..a8349e7a5b9 --- /dev/null +++ b/usr.bin/tcfs/tcfsrmkey.c @@ -0,0 +1,111 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <sys/types.h> +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <des.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" +#include <grp.h> + +extern char *optarg; +extern int optind; +char *rmkey_usage= +"usage: tcfsrmkey [-f fliesystem-label][-g group][-p mount-point]\n"; + +int +rmkey_main(int argc, char *argv[]) +{ + char *fs; + uid_t uid; + gid_t gid; + int es; + char x; + char fslabel[MAXPATHLEN], fspath[MAXPATHLEN]; + int havempname = FALSE, havefsname = FALSE, isgroupkey = FALSE; + int havefs = FALSE; + int havename = FALSE, havefspath = FALSE; + + while ((x = getopt(argc,argv,"f:p:g:")) != EOF) { + switch(x) { + case 'p': + havempname = TRUE; + strlcpy(fspath, optarg, sizeof(fspath)); + break; + case 'f': + havefsname = TRUE; + strlcpy(fslabel, optarg, sizeof(fslabel)); + break; + case 'g': + isgroupkey = TRUE; + gid = atoi(optarg); + if (!gid && optarg[0] != 0) { + struct group *grp; + grp = (struct group *)getgrnam(optarg); + if (!grp) + tcfs_error(ER_CUSTOM, + "Nonexistant group\n"); + gid = grp->gr_gid; + } + break; + default: + tcfs_error(ER_CUSTOM, rmkey_usage); + exit(ER_UNKOPT); + } + } + if (argc-optind) + tcfs_error(ER_UNKOPT,NULL); + + if (havefsname && havempname) { + tcfs_error(ER_CUSTOM, rmkey_usage); + exit(1); + } + + if (havefsname) { + es = tcfs_getfspath(fslabel, fspath); + havename = TRUE; + } + + if (havefspath) + havename = TRUE; + + if (!havename) + es = tcfs_getfspath("default",fspath); + + if(!es) { + tcfs_error(ER_CUSTOM,"fs-label not found!\n"); + exit(1); + } + + uid = getuid(); + + if (isgroupkey) { + es = tcfs_group_disable(fspath,uid,gid); + if(es == -1) + tcfs_error(ER_CUSTOM, "problems updating filesystem"); + exit(0); + } + + es = tcfs_user_disable(fspath,uid); + + if (es == -1) + tcfs_error(ER_CUSTOM,"problems updating filesystem"); + + exit(0); +} diff --git a/usr.bin/tcfs/tcfsrmuser.c b/usr.bin/tcfs/tcfsrmuser.c new file mode 100644 index 00000000000..a85606bcf90 --- /dev/null +++ b/usr.bin/tcfs/tcfsrmuser.c @@ -0,0 +1,100 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + + +#include <stdio.h> +#include <unistd.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" + +char *rmuser_usage="Usage: %s [OPTION]... +Remove an user entry from the TCFS dabatase. + + -l <user> Username to remove from the TCFS database + -h Shows this help + -v Makes the output a little more verbose\n"; + +int +rmuser_main (int argn, char *argv[]) +{ + int have_user=FALSE; + int be_verbose=FALSE; + char *user, *passwd; + tcfspwdb *user_info; + int val; + + /* + * Going to check the arguments + */ + + user=(char *) malloc(20); + + while ((val=getopt (argn, argv, "l:hv"))!=EOF) + switch (val) + { + case 'l': + strncpy (user, optarg, 9); + have_user=TRUE; + break; + + case 'h': + show_usage (rmuser_usage, argv[0]); + exit (OK); + break; + + case 'v': + be_verbose=TRUE; + break; + + default: + fprintf (stderr, "Try %s --help for more information.\n", argv[0]); + exit (ER_UNKOPT); + break; + } + + if (argn-optind) + tcfs_error (ER_UNKOPT, NULL); + + /* + * Here we don't have to drop root privileges because only root + * should run us. + * However we can do better. Maybe in next versions. + */ + if (!have_user) + { + printf ("Username to remove from TCFS database: "); + fgets (user,9,stdin); + user[strlen(user)-1]='\0'; + } + + if (be_verbose) + printf ("Deleting the entry for user %s from the TCFS database...\n", user); + + /* + * Deleting an entry from the key database + */ + if (!tcfspwdbr_new (&user_info)) + tcfs_error (ER_MEM, NULL); + + if (!tcfspwdbr_edit (&user_info, F_USR, user)) + tcfs_error (ER_MEM, NULL); + + if (!tcfs_putpwnam (user, user_info, U_DEL)) + tcfs_error (ER_CUSTOM, "Error: cannot remove user."); + + if (be_verbose) + printf ("User entry removed with success.\n"); + + tcfs_error (OK, NULL); +} diff --git a/usr.bin/tcfs/tcfsrun.c b/usr.bin/tcfs/tcfsrun.c new file mode 100644 index 00000000000..0010561f9ba --- /dev/null +++ b/usr.bin/tcfs/tcfsrun.c @@ -0,0 +1,96 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <sys/types.h> +#include <ctype.h> +#include <pwd.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include <des.h> + +#include <miscfs/tcfs/tcfs.h> + +char *cmd_def="/bin/sh"; +char *run_usage = "usage: tcfsrun [-p mount-point | -f fs-label] [cmd] [args...]"; + +int +run_main(int argc, char *argv[], char *envp[]) +{ + char *key, *fs, *cmd, x; + char *args, fspath[MAXPATHLEN], cmdname[MAXPATHLEN]; + uid_t uid; + pid_t pid; + int es,i = 1; + int havefspath = 0,havecmd = 0; + + uid = getuid(); + + while ((x = getopt(argc,argv,"p:f:")) != EOF) { + switch(x) { + case 'p': + strlcpy(fspath, optarg, sizeof(fspath)); + havefspath = 1; + break; + case 'f': + es = tcfs_getfspath(optarg,fspath); + if (!es) { + fprintf(stderr, + "filesystem label not found!\n"); + exit(1); + } + havefspath=1; + break; + } + } + + if (argc - optind) { + strlcpy(cmdname, argv[optind], sizeof(cmdname)); + havecmd = 1; + cmd = cmdname; + } + + if (!havefspath) { + es = tcfs_getfspath("default",fspath); + if (!es) + exit(1); + } + + if (!havecmd) + cmd = cmd_def; + + key = getpass("tcfs key:"); + + pid = fork(); + if (!pid) { + pid = getpid(); + if (tcfs_proc_enable(fspath, uid, pid, key) != -1) { + setuid(uid); + execve(cmd,argv + optind, envp); + } + + fprintf(stderr, "Operation failed\n"); + exit(1); + } + + wait(0); + + if (tcfs_proc_disable(fspath,uid,pid) == -1) { + fprintf (stderr, "Problems removing process key\n"); + exit(1); + } + exit(0); +} + + diff --git a/usr.bin/tcfs/tcfstat.c b/usr.bin/tcfs/tcfstat.c new file mode 100644 index 00000000000..39557ff6db6 --- /dev/null +++ b/usr.bin/tcfs/tcfstat.c @@ -0,0 +1,62 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <sys/types.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include <des.h> + +#include <miscfs/tcfs/tcfs.h> + +char *stat_usage= "usage: tcfstat [-p mount-point | fs-label]"; + +int +stat_main(int argc, char *argv[], char *envp[]) +{ + struct tcfs_status st; + int e,es,ok=0; + char filesystem[MAXPATHLEN]; + + if (argc==3 && !strcmp("-p",argv[1])) { + strlcpy(filesystem, argv[2], sizeof(filesystem)); + ok=1; + } + + if (argc == 2) { + if (!(es = tcfs_getfspath(argv[1],filesystem))) { + fprintf(stderr,"filesystem label not found!\n"); + exit(1); + } + ok = 1; + } + + if (ok == 0 || argc < 2 || argc > 3) { + fprintf(stderr, "%s\n", stat_usage); + exit(1); + } + + + e = tcfs_getstatus(filesystem, &st); + if (e == -1) { + fprintf(stderr,"filesystem %s not mounted\n",filesystem); + exit(1); + } + + printf("Status: %d; user keys: %d, group keys: %d\n",st.status, st.n_ukey, st.n_gkey); + printf("TCFS version: %d, Cipher: %s, keysize: %d, cipher version: %d\n",st.tcfs_version, st.cipher_desc, st.cipher_keysize, st.cipher_version); + + exit(0); +} + diff --git a/usr.bin/tcfs/tcfstatold.c b/usr.bin/tcfs/tcfstatold.c new file mode 100644 index 00000000000..38a377cc766 --- /dev/null +++ b/usr.bin/tcfs/tcfstatold.c @@ -0,0 +1,59 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + * + * $Source: /cvs/OpenBSD/src/usr.bin/tcfs/Attic/tcfstatold.c,v $ + * $State: Exp $ + * $Revision: 1.1 $ + * $Author: provos $ + * $Date: 2000/06/18 22:07:24 $ + * + */ + +static const char *RCSid="$id: $"; + +/* RCS_HEADER_ENDS_HERE */ + + + +#include <stdio.h> +#include <sys/types.h> +#include <unistd.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/wait.h> +#include <des.h> +#include "tcfs.h" + +void main(int argc, char *argv[], char *envp[]) +{ + struct tcfs_status st; + int e; + + if(argc <2) + { + fprintf(stderr,"usage: tcfstat <filesystem>\n"); + exit(1); + } + + e=tcfs_getstatus(argv[1],&st); + if(e==-1) + { + fprintf(stderr,"filesystem %s not mounted\n",argv[0]); + exit(1); + } + + printf("Status: %d; user keys: %d, group keys: %d\n",st.status, st.n_ukey, st.n_gkey); + printf("TCFS version: %d, Cipher: %s, keysize: %d, cipher version: %d\n",st.tcfs_version, st.cipher_desc, st.cipher_keysize, st.cipher_version); + + +} + + diff --git a/usr.bin/tcfs/tcfsuse.c b/usr.bin/tcfs/tcfsuse.c new file mode 100644 index 00000000000..cf67437ec93 --- /dev/null +++ b/usr.bin/tcfs/tcfsuse.c @@ -0,0 +1,83 @@ +/* + * Copyright 2000 Niels Provos <provos@citi.umich.edu> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include <stdio.h> +#include <stdlib.h> + +extern int putkey_main(int argc, char **argv); +extern int run_main(int argc, char **argv); +extern int rmkey_main(int argc, char **argv); +extern int genkey_main(int argc, char **argv); +extern int stat_main(int argc, char **argv); +extern int flags_main(int argc, char **argv); + +struct subprg { + char *name; + int (*function)(int, char **); +}; + +struct subprg subcmds[] = { + {"putkey", putkey_main}, + {"run", run_main}, + {"rmkey", rmkey_main}, + {"genkey", genkey_main}, + {"stat", stat_main}, + {"flags", flags_main} +}; + +void +usage(char *name) +{ + int i; + fprintf(stderr, "Usage: %s <subcmd> [arguments]\n", name); + + fprintf(stderr, "Possible sub commands:"); + for (i = sizeof(subcmds)/sizeof(struct subprg) - 1; i >= 0; i--) + fprintf(stderr, " %s", subcmds[i].name); + fprintf(stderr, "\n"); +} + + +int +main (int argc, char **argv) +{ + int i; + + if (argc < 2) { + usage(argv[0]); + exit(1); + } + + for (i = sizeof(subcmds)/sizeof(struct subprg) - 1; i >= 0; i--) { + if (!strcmp(argv[1], subcmds[i].name)) + return (*subcmds[i].function)(argc - 1, argv + 1); + } + + fprintf(stderr, "%s: unknown command %s\n\n", argv[0], argv[1]); + usage(argv[0]); + exit (1); +} diff --git a/usr.bin/tcfs/tcfsuse/Makefile b/usr.bin/tcfs/tcfsuse/Makefile new file mode 100644 index 00000000000..5f93cc3a552 --- /dev/null +++ b/usr.bin/tcfs/tcfsuse/Makefile @@ -0,0 +1,18 @@ +.PATH: ${.CURDIR}/.. + +PROG= tcfsuse +BINOWN= root +#BINMODE?=4555 +BINMODE?=555 + +BINDIR= /usr/bin +NOMAN= +#MAN= tcfsuse.1 + +SRCS= tcfsuse.c tcfsputkey.c tcfsrun.c tcfsrmkey.c tcfsgenkey.c tcfstat.c \ + tcfsflag.c + +.include <bsd.prog.mk> + +LDADD+= -lutil -ldes +DPADD+= ${LIBUTIL} ${LIBDES} diff --git a/usr.bin/tcfs/unix_auth.c b/usr.bin/tcfs/unix_auth.c new file mode 100644 index 00000000000..9b9a6215b21 --- /dev/null +++ b/usr.bin/tcfs/unix_auth.c @@ -0,0 +1,60 @@ +/* + * Transparent Cryptographic File System (TCFS) for NetBSD + * Author and mantainer: Luigi Catuogno [luicat@tcfs.unisa.it] + * + * references: http://tcfs.dia.unisa.it + * tcfs-bsd@tcfs.unisa.it + */ + +/* + * Base utility set v0.1 + */ + +#include <stdio.h> +#include <unistd.h> +#include <sys/param.h> +#include <limits.h> +#include <string.h> +#include <pwd.h> + +#include <miscfs/tcfs/tcfs.h> +#include "tcfslib.h" +#include "tcfserrors.h" + +int +unix_auth (char **user, char **password, int flag) +{ + char *luser, *passwd; + struct passwd *passentry; + + luser = (char*)calloc (LOGIN_NAME_MAX, sizeof(char)); + passwd = (char*)calloc (_PASSWORD_LEN, sizeof(char)); + + if (!luser || !passwd) + tcfs_error (ER_MEM, NULL); + + if (flag) { + passentry = getpwuid(getuid()); + strlcpy(luser, passentry->pw_name, LOGIN_NAME_MAX); + } else { + printf ("Enter user: "); + fgets(luser, LOGIN_NAME_MAX, stdin); + luser[strlen(luser)-1] = '\0'; + passentry = getpwnam(luser); + } + + passwd = getpass("Password:"); + + if (passentry == NULL) { + bzero (passwd, strlen(passwd)); + return 0; + } + + if (strcmp(crypt(passwd, passentry->pw_passwd), passentry->pw_passwd)) + return (0); + + *user = luser; + *password = passwd; + + return (1); +} diff --git a/usr.bin/tcfs/uuencode.h b/usr.bin/tcfs/uuencode.h new file mode 100644 index 00000000000..74fcf64ff99 --- /dev/null +++ b/usr.bin/tcfs/uuencode.h @@ -0,0 +1,11 @@ +#ifndef UUENCODE_H +#define UUENCODE_H +#include <sys/types.h> +#include <netinet/in.h> +#include <resolv.h> + +#define uuencode(src, srclength, target,targsize) \ + __b64_ntop(src, srclength, target, targsize) +#define uudecode(src, target, targsize) \ + __b64_pton(src, target, targsize) +#endif |