From 0b29a945301807718a2aebe6c1ae69d842ef7e64 Mon Sep 17 00:00:00 2001
From: Bill Paul <wpaul@FreeBSD.org>
Date: Wed, 28 May 1997 16:01:17 +0000
Subject: [PATCH] Import the last Secure RPC utility: keylogout.

This program is used to remove your secret key from the local
keyserv daemon.
---
 usr.bin/keylogout/Makefile    | 10 ++++++
 usr.bin/keylogout/keylogout.1 | 44 +++++++++++++++++++++++
 usr.bin/keylogout/keylogout.c | 68 +++++++++++++++++++++++++++++++++++
 3 files changed, 122 insertions(+)
 create mode 100644 usr.bin/keylogout/Makefile
 create mode 100644 usr.bin/keylogout/keylogout.1
 create mode 100644 usr.bin/keylogout/keylogout.c

diff --git a/usr.bin/keylogout/Makefile b/usr.bin/keylogout/Makefile
new file mode 100644
index 000000000000..c5bd6f524cf9
--- /dev/null
+++ b/usr.bin/keylogout/Makefile
@@ -0,0 +1,10 @@
+#	@(#)Makefile	8.1 (Berkeley) 6/6/93
+
+PROG=	keylogout
+SRCS=	keylogout.c
+
+MAN1=	keylogout.1
+
+LDADD+= -lrpcsvc
+
+.include <bsd.prog.mk>
diff --git a/usr.bin/keylogout/keylogout.1 b/usr.bin/keylogout/keylogout.1
new file mode 100644
index 000000000000..cbc561349818
--- /dev/null
+++ b/usr.bin/keylogout/keylogout.1
@@ -0,0 +1,44 @@
+.\" @(#)keylogout.1 1.4 91/03/11 TIRPC 1.0; from 1.3 89/07/26 SMI;
+.TH KEYLOGOUT 1 "15 April 1989"
+.SH NAME
+keylogout \- delete stored secret key
+.SH SYNOPSIS
+.B keylogout
+[
+.B \-f
+]
+.SH DESCRIPTION
+.IX "keylogout command" "" "\fLkeylogout\fR command"
+.LP
+.B keylogout
+deletes the key stored by the key server process
+.BR keyserv (8C)
+to be used by any secure network services, such as
+.SM NFS\s0.
+Further access to the key is revoked,
+however current session keys may remain valid till they expire,
+or are refreshed.
+This option will cause any background jobs that need secure
+.SM RPC
+services to fail, and any scheduled
+.B at
+jobs that need the key to fail.
+Also since only one copy is kept on a machine of the key,
+it is a bad idea to place this in your
+.B .logout
+file since it will affect other sessions on the same machine.
+.SH OPTIONS
+.TP
+.B \-f
+Forget the rootkey.
+This will break secure
+.SM NFS\s0
+if it is done on a server.
+.LP
+.SH "SEE ALSO"
+.BR chkey (1),
+.BR login (1),
+.BR keylogin (1),
+.BR publickey (5),
+.BR keyserv (8C),
+.BR newkey (8)
diff --git a/usr.bin/keylogout/keylogout.c b/usr.bin/keylogout/keylogout.c
new file mode 100644
index 000000000000..51c03b1fd133
--- /dev/null
+++ b/usr.bin/keylogout/keylogout.c
@@ -0,0 +1,68 @@
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user or with the express written consent of
+ * Sun Microsystems, Inc.
+ *
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ *
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ *
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ *
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+ * or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ *
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Copyright (C) 1986, Sun Microsystems, Inc.
+ */
+
+/*
+ * unset the secret key on local machine
+ */
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <rpc/rpc.h>
+#include <rpc/key_prot.h>
+
+int
+main(argc,argv)
+	int argc;
+	char *argv[];
+{
+	static char secret[HEXKEYBYTES + 1];
+
+	if (geteuid() == 0) {
+		if ((argc != 2 ) || (strcmp(argv[1], "-f") != 0)) {
+			fprintf(stderr,
+"keylogout by root would break all servers that use secure rpc!\n");
+			fprintf(stderr,
+"root may use keylogout -f to do this (at your own risk)!\n");
+			exit(-1);
+		}
+	}
+
+	if (key_setsecret(secret) < 0) {
+		fprintf(stderr, "Could not unset your secret key.\n");
+		fprintf(stderr, "Maybe the keyserver is down?\n");
+		exit(1);
+	}
+	exit(0);
+	/* NOTREACHED */
+}