1/*
2 * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
3 * unrestricted use provided that this legend is included on all tape
4 * media and as a part of the software program in whole or part.  Users
5 * may copy or modify Sun RPC without charge, but are not authorized
6 * to license or distribute it to anyone else except as part of a product or
7 * program developed by the user.
8 *
9 * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
10 * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
11 * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
12 *
13 * Sun RPC is provided with no support and without any obligation on the
14 * part of Sun Microsystems, Inc. to assist in its use, correction,
15 * modification or enhancement.
16 *
17 * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
18 * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
19 * OR ANY PART THEREOF.
20 *
21 * In no event will Sun Microsystems, Inc. be liable for any lost revenue
22 * or profits or other special, indirect and consequential damages, even if
23 * Sun has been advised of the possibility of such damages.
24 *
25 * Sun Microsystems, Inc.
26 * 2550 Garcia Avenue
27 * Mountain View, California  94043
28 */
29
30/*
31 * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
32 */
33
34/*
35 * Keyserver
36 * Store secret keys per uid. Do public key encryption and decryption
37 * operations. Generate "random" keys.
38 * Do not talk to anything but a local root
39 * process on the local transport only
40 */
41
42#include <err.h>
43#include <pwd.h>
44#include <stdio.h>
45#include <stdlib.h>
46#include <string.h>
47#include <unistd.h>
48#include <sys/stat.h>
49#include <sys/types.h>
50#include <rpc/rpc.h>
51#include <sys/param.h>
52#include <sys/file.h>
53#include <rpc/des_crypt.h>
54#include <rpc/des.h>
55#include <rpc/key_prot.h>
56#include <rpcsvc/crypt.h>
57#include "keyserv.h"
58
59#ifndef NGROUPS
60#define	NGROUPS 16
61#endif
62
63#ifndef KEYSERVSOCK
64#define KEYSERVSOCK "/var/run/keyservsock"
65#endif
66
67static void randomize( des_block * );
68static void usage( void );
69static int getrootkey( des_block *, int );
70static int root_auth( SVCXPRT *, struct svc_req * );
71
72#ifdef DEBUG
73static int debugging = 1;
74#else
75static int debugging = 0;
76#endif
77
78static void keyprogram(struct svc_req *rqstp, SVCXPRT *transp);
79static des_block masterkey;
80static char ROOTKEY[] = "/etc/.rootkey";
81
82/*
83 * Hack to allow the keyserver to use AUTH_DES (for authenticated
84 * NIS+ calls, for example).  The only functions that get called
85 * are key_encryptsession_pk, key_decryptsession_pk, and key_gendes.
86 *
87 * The approach is to have the keyserver fill in pointers to local
88 * implementations of these functions, and to call those in key_call().
89 */
90
91extern cryptkeyres *(*__key_encryptsession_pk_LOCAL)();
92extern cryptkeyres *(*__key_decryptsession_pk_LOCAL)();
93extern des_block *(*__key_gendes_LOCAL)();
94extern int (*__des_crypt_LOCAL)();
95
96cryptkeyres *key_encrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
97cryptkeyres *key_decrypt_pk_2_svc_prog( uid_t, cryptkeyarg2 * );
98des_block *key_gen_1_svc_prog( void *, struct svc_req * );
99
100int
101main(int argc, char *argv[])
102{
103	int nflag = 0;
104	int c;
105	int warn = 0;
106	char *path = NULL;
107	void *localhandle;
108	register SVCXPRT *transp;
109	struct netconfig *nconf = NULL;
110
111	__key_encryptsession_pk_LOCAL = &key_encrypt_pk_2_svc_prog;
112	__key_decryptsession_pk_LOCAL = &key_decrypt_pk_2_svc_prog;
113	__key_gendes_LOCAL = &key_gen_1_svc_prog;
114
115	while ((c = getopt(argc, argv, "ndDvp:")) != -1)
116		switch (c) {
117		case 'n':
118			nflag++;
119			break;
120		case 'd':
121			pk_nodefaultkeys();
122			break;
123		case 'D':
124			debugging = 1;
125			break;
126		case 'v':
127			warn = 1;
128			break;
129		case 'p':
130			path = optarg;
131			break;
132		default:
133			usage();
134		}
135
136	load_des(warn, path);
137	__des_crypt_LOCAL = _my_crypt;
138	if (svc_auth_reg(AUTH_DES, _svcauth_des) == -1)
139		errx(1, "failed to register AUTH_DES authenticator");
140
141	if (optind != argc) {
142		usage();
143	}
144
145	/*
146	 * Initialize
147	 */
148	(void) umask(S_IXUSR|S_IXGRP|S_IXOTH);
149	if (geteuid() != 0)
150		errx(1, "keyserv must be run as root");
151	setmodulus(HEXMODULUS);
152	getrootkey(&masterkey, nflag);
153
154	rpcb_unset(KEY_PROG, KEY_VERS, NULL);
155	rpcb_unset(KEY_PROG, KEY_VERS2, NULL);
156
157	if (svc_create(keyprogram, KEY_PROG, KEY_VERS,
158		"netpath") == 0) {
159		(void) fprintf(stderr,
160			"%s: unable to create service\n", argv[0]);
161		exit(1);
162	}
163
164	if (svc_create(keyprogram, KEY_PROG, KEY_VERS2,
165	"netpath") == 0) {
166		(void) fprintf(stderr,
167			"%s: unable to create service\n", argv[0]);
168		exit(1);
169	}
170
171	localhandle = setnetconfig();
172	while ((nconf = getnetconfig(localhandle)) != NULL) {
173		if (nconf->nc_protofmly != NULL &&
174		    strcmp(nconf->nc_protofmly, NC_LOOPBACK) == 0)
175			break;
176	}
177
178	if (nconf == NULL)
179		errx(1, "getnetconfig: %s", nc_sperror());
180
181	unlink(KEYSERVSOCK);
182	rpcb_unset(CRYPT_PROG, CRYPT_VERS, nconf);
183	transp = svcunix_create(RPC_ANYSOCK, 0, 0, KEYSERVSOCK);
184	if (transp == NULL)
185		errx(1, "cannot create AF_LOCAL service");
186	if (!svc_reg(transp, KEY_PROG, KEY_VERS, keyprogram, nconf))
187		errx(1, "unable to register (KEY_PROG, KEY_VERS, unix)");
188	if (!svc_reg(transp, KEY_PROG, KEY_VERS2, keyprogram, nconf))
189		errx(1, "unable to register (KEY_PROG, KEY_VERS2, unix)");
190	if (!svc_reg(transp, CRYPT_PROG, CRYPT_VERS, crypt_prog_1, nconf))
191		errx(1, "unable to register (CRYPT_PROG, CRYPT_VERS, unix)");
192
193	endnetconfig(localhandle);
194
195	(void) umask(066);	/* paranoia */
196
197	if (!debugging) {
198		daemon(0,0);
199	}
200
201	signal(SIGPIPE, SIG_IGN);
202
203	svc_run();
204	abort();
205	/* NOTREACHED */
206}
207
208/*
209 * In the event that we don't get a root password, we try to
210 * randomize the master key the best we can
211 */
212static void
213randomize(des_block *master)
214{
215	master->key.low = arc4random();
216	master->key.high = arc4random();
217}
218
219/*
220 * Try to get root's secret key, by prompting if terminal is a tty, else trying
221 * from standard input.
222 * Returns 1 on success.
223 */
224static int
225getrootkey(des_block *master, int prompt)
226{
227	char *passwd;
228	char name[MAXNETNAMELEN + 1];
229	char secret[HEXKEYBYTES];
230	key_netstarg netstore;
231	int fd;
232
233	if (!prompt) {
234		/*
235		 * Read secret key out of ROOTKEY
236		 */
237		fd = open(ROOTKEY, O_RDONLY, 0);
238		if (fd < 0) {
239			randomize(master);
240			return (0);
241		}
242		if (read(fd, secret, HEXKEYBYTES) < HEXKEYBYTES) {
243			warnx("the key read from %s was too short", ROOTKEY);
244			(void) close(fd);
245			return (0);
246		}
247		(void) close(fd);
248		if (!getnetname(name)) {
249		    warnx(
250	"failed to generate host's netname when establishing root's key");
251		    return (0);
252		}
253		memcpy(netstore.st_priv_key, secret, HEXKEYBYTES);
254		memset(netstore.st_pub_key, 0, HEXKEYBYTES);
255		netstore.st_netname = name;
256		if (pk_netput(0, &netstore) != KEY_SUCCESS) {
257		    warnx("could not set root's key and netname");
258		    return (0);
259		}
260		return (1);
261	}
262	/*
263	 * Decrypt yellow pages publickey entry to get secret key
264	 */
265	passwd = getpass("root password:");
266	passwd2des(passwd, (char *)master);
267	getnetname(name);
268	if (!getsecretkey(name, secret, passwd)) {
269		warnx("can't find %s's secret key", name);
270		return (0);
271	}
272	if (secret[0] == 0) {
273		warnx("password does not decrypt secret key for %s", name);
274		return (0);
275	}
276	(void) pk_setkey(0, secret);
277	/*
278	 * Store it for future use in $ROOTKEY, if possible
279	 */
280	fd = open(ROOTKEY, O_WRONLY|O_TRUNC|O_CREAT, 0);
281	if (fd > 0) {
282		char newline = '\n';
283
284		write(fd, secret, strlen(secret));
285		write(fd, &newline, sizeof (newline));
286		close(fd);
287	}
288	return (1);
289}
290
291/*
292 * Procedures to implement RPC service
293 */
294char *
295strstatus(keystatus status)
296{
297	switch (status) {
298	case KEY_SUCCESS:
299		return ("KEY_SUCCESS");
300	case KEY_NOSECRET:
301		return ("KEY_NOSECRET");
302	case KEY_UNKNOWN:
303		return ("KEY_UNKNOWN");
304	case KEY_SYSTEMERR:
305		return ("KEY_SYSTEMERR");
306	default:
307		return ("(bad result code)");
308	}
309}
310
311keystatus *
312key_set_1_svc_prog(uid_t uid, keybuf key)
313{
314	static keystatus status;
315
316	if (debugging) {
317		(void) fprintf(stderr, "set(%u, %.*s) = ", uid,
318				(int) sizeof (keybuf), key);
319	}
320	status = pk_setkey(uid, key);
321	if (debugging) {
322		(void) fprintf(stderr, "%s\n", strstatus(status));
323		(void) fflush(stderr);
324	}
325	return (&status);
326}
327
328cryptkeyres *
329key_encrypt_pk_2_svc_prog(uid_t uid, cryptkeyarg2 *arg)
330{
331	static cryptkeyres res;
332
333	if (debugging) {
334		(void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid,
335				arg->remotename, arg->deskey.key.high,
336				arg->deskey.key.low);
337	}
338	res.cryptkeyres_u.deskey = arg->deskey;
339	res.status = pk_encrypt(uid, arg->remotename, &(arg->remotekey),
340				&res.cryptkeyres_u.deskey);
341	if (debugging) {
342		if (res.status == KEY_SUCCESS) {
343			(void) fprintf(stderr, "%08x%08x\n",
344					res.cryptkeyres_u.deskey.key.high,
345					res.cryptkeyres_u.deskey.key.low);
346		} else {
347			(void) fprintf(stderr, "%s\n", strstatus(res.status));
348		}
349		(void) fflush(stderr);
350	}
351	return (&res);
352}
353
354cryptkeyres *
355key_decrypt_pk_2_svc_prog(uid_t uid, cryptkeyarg2 *arg)
356{
357	static cryptkeyres res;
358
359	if (debugging) {
360		(void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid,
361				arg->remotename, arg->deskey.key.high,
362				arg->deskey.key.low);
363	}
364	res.cryptkeyres_u.deskey = arg->deskey;
365	res.status = pk_decrypt(uid, arg->remotename, &(arg->remotekey),
366				&res.cryptkeyres_u.deskey);
367	if (debugging) {
368		if (res.status == KEY_SUCCESS) {
369			(void) fprintf(stderr, "%08x%08x\n",
370					res.cryptkeyres_u.deskey.key.high,
371					res.cryptkeyres_u.deskey.key.low);
372		} else {
373			(void) fprintf(stderr, "%s\n", strstatus(res.status));
374		}
375		(void) fflush(stderr);
376	}
377	return (&res);
378}
379
380keystatus *
381key_net_put_2_svc_prog(uid_t uid, key_netstarg *arg)
382{
383	static keystatus status;
384
385	if (debugging) {
386		(void) fprintf(stderr, "net_put(%s, %.*s, %.*s) = ",
387			arg->st_netname, (int)sizeof (arg->st_pub_key),
388			arg->st_pub_key, (int)sizeof (arg->st_priv_key),
389			arg->st_priv_key);
390	}
391
392	status = pk_netput(uid, arg);
393
394	if (debugging) {
395		(void) fprintf(stderr, "%s\n", strstatus(status));
396		(void) fflush(stderr);
397	}
398
399	return (&status);
400}
401
402key_netstres *
403key_net_get_2_svc_prog(uid_t uid, void *arg)
404{
405	static key_netstres keynetname;
406
407	if (debugging)
408		(void) fprintf(stderr, "net_get(%u) = ", uid);
409
410	keynetname.status = pk_netget(uid, &keynetname.key_netstres_u.knet);
411	if (debugging) {
412		if (keynetname.status == KEY_SUCCESS) {
413			fprintf(stderr, "<%s, %.*s, %.*s>\n",
414			keynetname.key_netstres_u.knet.st_netname,
415			(int)sizeof (keynetname.key_netstres_u.knet.st_pub_key),
416			keynetname.key_netstres_u.knet.st_pub_key,
417			(int)sizeof (keynetname.key_netstres_u.knet.st_priv_key),
418			keynetname.key_netstres_u.knet.st_priv_key);
419		} else {
420			(void) fprintf(stderr, "NOT FOUND\n");
421		}
422		(void) fflush(stderr);
423	}
424
425	return (&keynetname);
426
427}
428
429cryptkeyres *
430key_get_conv_2_svc_prog(uid_t uid, keybuf arg)
431{
432	static cryptkeyres  res;
433
434	if (debugging)
435		(void) fprintf(stderr, "get_conv(%u, %.*s) = ", uid,
436			(int)sizeof (keybuf), arg);
437
438
439	res.status = pk_get_conv_key(uid, arg, &res);
440
441	if (debugging) {
442		if (res.status == KEY_SUCCESS) {
443			(void) fprintf(stderr, "%08x%08x\n",
444				res.cryptkeyres_u.deskey.key.high,
445				res.cryptkeyres_u.deskey.key.low);
446		} else {
447			(void) fprintf(stderr, "%s\n", strstatus(res.status));
448		}
449		(void) fflush(stderr);
450	}
451	return (&res);
452}
453
454
455cryptkeyres *
456key_encrypt_1_svc_prog(uid_t uid, cryptkeyarg *arg)
457{
458	static cryptkeyres res;
459
460	if (debugging) {
461		(void) fprintf(stderr, "encrypt(%u, %s, %08x%08x) = ", uid,
462				arg->remotename, arg->deskey.key.high,
463				arg->deskey.key.low);
464	}
465	res.cryptkeyres_u.deskey = arg->deskey;
466	res.status = pk_encrypt(uid, arg->remotename, NULL,
467				&res.cryptkeyres_u.deskey);
468	if (debugging) {
469		if (res.status == KEY_SUCCESS) {
470			(void) fprintf(stderr, "%08x%08x\n",
471					res.cryptkeyres_u.deskey.key.high,
472					res.cryptkeyres_u.deskey.key.low);
473		} else {
474			(void) fprintf(stderr, "%s\n", strstatus(res.status));
475		}
476		(void) fflush(stderr);
477	}
478	return (&res);
479}
480
481cryptkeyres *
482key_decrypt_1_svc_prog(uid_t uid, cryptkeyarg *arg)
483{
484	static cryptkeyres res;
485
486	if (debugging) {
487		(void) fprintf(stderr, "decrypt(%u, %s, %08x%08x) = ", uid,
488				arg->remotename, arg->deskey.key.high,
489				arg->deskey.key.low);
490	}
491	res.cryptkeyres_u.deskey = arg->deskey;
492	res.status = pk_decrypt(uid, arg->remotename, NULL,
493				&res.cryptkeyres_u.deskey);
494	if (debugging) {
495		if (res.status == KEY_SUCCESS) {
496			(void) fprintf(stderr, "%08x%08x\n",
497					res.cryptkeyres_u.deskey.key.high,
498					res.cryptkeyres_u.deskey.key.low);
499		} else {
500			(void) fprintf(stderr, "%s\n", strstatus(res.status));
501		}
502		(void) fflush(stderr);
503	}
504	return (&res);
505}
506
507/* ARGSUSED */
508des_block *
509key_gen_1_svc_prog(void *v, struct svc_req *s)
510{
511	struct timeval time;
512	static des_block keygen;
513	static des_block key;
514
515	(void)gettimeofday(&time, NULL);
516	keygen.key.high += (time.tv_sec ^ time.tv_usec);
517	keygen.key.low += (time.tv_sec ^ time.tv_usec);
518	ecb_crypt((char *)&masterkey, (char *)&keygen, sizeof (keygen),
519		DES_ENCRYPT | DES_HW);
520	key = keygen;
521	des_setparity((char *)&key);
522	if (debugging) {
523		(void) fprintf(stderr, "gen() = %08x%08x\n", key.key.high,
524					key.key.low);
525		(void) fflush(stderr);
526	}
527	return (&key);
528}
529
530getcredres *
531key_getcred_1_svc_prog(uid_t uid, netnamestr *name)
532{
533	static getcredres res;
534	static u_int gids[NGROUPS];
535	struct unixcred *cred;
536
537	cred = &res.getcredres_u.cred;
538	cred->gids.gids_val = gids;
539	if (!netname2user(*name, (uid_t *) &cred->uid, (gid_t *) &cred->gid,
540			(int *)&cred->gids.gids_len, (gid_t *)gids)) {
541		res.status = KEY_UNKNOWN;
542	} else {
543		res.status = KEY_SUCCESS;
544	}
545	if (debugging) {
546		(void) fprintf(stderr, "getcred(%s) = ", *name);
547		if (res.status == KEY_SUCCESS) {
548			(void) fprintf(stderr, "uid=%d, gid=%d, grouplen=%d\n",
549				cred->uid, cred->gid, cred->gids.gids_len);
550		} else {
551			(void) fprintf(stderr, "%s\n", strstatus(res.status));
552		}
553		(void) fflush(stderr);
554	}
555	return (&res);
556}
557
558/*
559 * RPC boilerplate
560 */
561static void
562keyprogram(struct svc_req *rqstp, SVCXPRT *transp)
563{
564	union {
565		keybuf key_set_1_arg;
566		cryptkeyarg key_encrypt_1_arg;
567		cryptkeyarg key_decrypt_1_arg;
568		netnamestr key_getcred_1_arg;
569		cryptkeyarg key_encrypt_2_arg;
570		cryptkeyarg key_decrypt_2_arg;
571		netnamestr key_getcred_2_arg;
572		cryptkeyarg2 key_encrypt_pk_2_arg;
573		cryptkeyarg2 key_decrypt_pk_2_arg;
574		key_netstarg key_net_put_2_arg;
575		netobj  key_get_conv_2_arg;
576	} argument;
577	char *result;
578	xdrproc_t xdr_argument, xdr_result;
579	typedef void *(svc_cb)(uid_t uid, void *arg);
580	svc_cb *local;
581	uid_t uid = -1;
582	int check_auth;
583
584	switch (rqstp->rq_proc) {
585	case NULLPROC:
586		svc_sendreply(transp, (xdrproc_t)xdr_void, NULL);
587		return;
588
589	case KEY_SET:
590		xdr_argument = (xdrproc_t)xdr_keybuf;
591		xdr_result = (xdrproc_t)xdr_int;
592		local = (svc_cb *)key_set_1_svc_prog;
593		check_auth = 1;
594		break;
595
596	case KEY_ENCRYPT:
597		xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
598		xdr_result = (xdrproc_t)xdr_cryptkeyres;
599		local = (svc_cb *)key_encrypt_1_svc_prog;
600		check_auth = 1;
601		break;
602
603	case KEY_DECRYPT:
604		xdr_argument = (xdrproc_t)xdr_cryptkeyarg;
605		xdr_result = (xdrproc_t)xdr_cryptkeyres;
606		local = (svc_cb *)key_decrypt_1_svc_prog;
607		check_auth = 1;
608		break;
609
610	case KEY_GEN:
611		xdr_argument = (xdrproc_t)xdr_void;
612		xdr_result = (xdrproc_t)xdr_des_block;
613		local = (svc_cb *)key_gen_1_svc_prog;
614		check_auth = 0;
615		break;
616
617	case KEY_GETCRED:
618		xdr_argument = (xdrproc_t)xdr_netnamestr;
619		xdr_result = (xdrproc_t)xdr_getcredres;
620		local = (svc_cb *)key_getcred_1_svc_prog;
621		check_auth = 0;
622		break;
623
624	case KEY_ENCRYPT_PK:
625		xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
626		xdr_result = (xdrproc_t)xdr_cryptkeyres;
627		local = (svc_cb *)key_encrypt_pk_2_svc_prog;
628		check_auth = 1;
629		break;
630
631	case KEY_DECRYPT_PK:
632		xdr_argument = (xdrproc_t)xdr_cryptkeyarg2;
633		xdr_result = (xdrproc_t)xdr_cryptkeyres;
634		local = (svc_cb *)key_decrypt_pk_2_svc_prog;
635		check_auth = 1;
636		break;
637
638
639	case KEY_NET_PUT:
640		xdr_argument = (xdrproc_t)xdr_key_netstarg;
641		xdr_result = (xdrproc_t)xdr_keystatus;
642		local = (svc_cb *)key_net_put_2_svc_prog;
643		check_auth = 1;
644		break;
645
646	case KEY_NET_GET:
647		xdr_argument = (xdrproc_t) xdr_void;
648		xdr_result = (xdrproc_t)xdr_key_netstres;
649		local = (svc_cb *)key_net_get_2_svc_prog;
650		check_auth = 1;
651		break;
652
653	case KEY_GET_CONV:
654		xdr_argument = (xdrproc_t) xdr_keybuf;
655		xdr_result = (xdrproc_t)xdr_cryptkeyres;
656		local = (svc_cb *)key_get_conv_2_svc_prog;
657		check_auth = 1;
658		break;
659
660	default:
661		svcerr_noproc(transp);
662		return;
663	}
664	if (check_auth) {
665		if (root_auth(transp, rqstp) == 0) {
666			if (debugging) {
667				(void) fprintf(stderr,
668				"not local privileged process\n");
669			}
670			svcerr_weakauth(transp);
671			return;
672		}
673		if (rqstp->rq_cred.oa_flavor != AUTH_SYS) {
674			if (debugging) {
675				(void) fprintf(stderr,
676				"not unix authentication\n");
677			}
678			svcerr_weakauth(transp);
679			return;
680		}
681		uid = ((struct authsys_parms *)rqstp->rq_clntcred)->aup_uid;
682	}
683
684	memset(&argument, 0, sizeof (argument));
685	if (!svc_getargs(transp, xdr_argument, &argument)) {
686		svcerr_decode(transp);
687		return;
688	}
689	result = (*local) (uid, &argument);
690	if (!svc_sendreply(transp, xdr_result, result)) {
691		if (debugging)
692			(void) fprintf(stderr, "unable to reply\n");
693		svcerr_systemerr(transp);
694	}
695	if (!svc_freeargs(transp, xdr_argument, &argument)) {
696		if (debugging)
697			(void) fprintf(stderr,
698			"unable to free arguments\n");
699		exit(1);
700	}
701}
702
703static int
704root_auth(SVCXPRT *trans, struct svc_req *rqstp)
705{
706	uid_t uid;
707	struct sockaddr *remote;
708
709	remote = svc_getrpccaller(trans)->buf;
710	if (remote->sa_family != AF_UNIX) {
711		if (debugging)
712			fprintf(stderr, "client didn't use AF_UNIX\n");
713		return (0);
714	}
715
716	if (__rpc_get_local_uid(trans, &uid) < 0) {
717		if (debugging)
718			fprintf(stderr, "__rpc_get_local_uid failed\n");
719		return (0);
720	}
721
722	if (debugging)
723		fprintf(stderr, "local_uid  %u\n", uid);
724	if (uid == 0)
725		return (1);
726	if (rqstp->rq_cred.oa_flavor == AUTH_SYS) {
727		if (((uid_t) ((struct authunix_parms *)
728			rqstp->rq_clntcred)->aup_uid)
729			== uid) {
730			return (1);
731		} else {
732			if (debugging)
733				fprintf(stderr,
734			"local_uid  %u mismatches auth %u\n", uid,
735((uid_t) ((struct authunix_parms *)rqstp->rq_clntcred)->aup_uid));
736			return (0);
737		}
738	} else {
739		if (debugging)
740			fprintf(stderr, "Not auth sys\n");
741		return (0);
742	}
743}
744
745static void
746usage(void)
747{
748	(void) fprintf(stderr,
749			"usage: keyserv [-n] [-D] [-d] [-v] [-p path]\n");
750	(void) fprintf(stderr, "-d disables the use of default keys\n");
751	exit(1);
752}
753