From: Andrew Deason Date: Wed, 25 Sep 2013 05:25:48 +0000 (-0500) Subject: Whine if single-DES keys are in use X-Git-Tag: openafs-stable-1_8_0pre1~995 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=4212c7e604bebcb8f20b67c60323263231611bfb Whine if single-DES keys are in use If we are using single-DES keys in our KeyFile, yell at the administrator, so they have a chance at realizing that they should migrate to stronger crypto. Change-Id: Ic37d9e1cea7ee7e12594be0dec02000f11efc896 Reviewed-on: http://gerrit.openafs.org/10273 Tested-by: BuildBot Reviewed-by: Jeffrey Altman --- diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c index 3459dfb..9db47a2 100644 --- a/src/ptserver/ptserver.c +++ b/src/ptserver/ptserver.c @@ -568,6 +568,9 @@ main(int argc, char **argv) "1.0", #endif "Starting AFS", FSLog); + if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) { + LogDesWarning(); + } rx_StartServer(1); osi_audit(PTS_FinishEvent, -1, AUD_END); diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h index 71afc3f..f794197 100644 --- a/src/util/afsutil_prototypes.h +++ b/src/util/afsutil_prototypes.h @@ -135,6 +135,7 @@ extern int LogThreadNum(void); extern void LogCommandLine(int argc, char **argv, const char *progname, const char *version, const char *logstring, void (*log) (const char *format, ...)); +extern void LogDesWarning(void); /* snprintf.c */ diff --git a/src/util/liboafs_util.la.sym b/src/util/liboafs_util.la.sym index 3fb184a..730281e 100644 --- a/src/util/liboafs_util.la.sym +++ b/src/util/liboafs_util.la.sym @@ -5,6 +5,7 @@ BufioOpen FSLog Int32To_ktimeRelDate LogCommandLine +LogDesWarning LogLevel LogThreadNum OpenLog diff --git a/src/util/serverLog.c b/src/util/serverLog.c index 8d89d95..d51c352 100644 --- a/src/util/serverLog.c +++ b/src/util/serverLog.c @@ -180,6 +180,19 @@ LogCommandLine(int argc, char **argv, const char *progname, } } +void +LogDesWarning(void) +{ + /* The blank newlines help this stand out a bit more in the log. */ + ViceLog(0, ("\n")); + ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n")); + ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n")); + ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n")); + ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n")); + ViceLog(0, ("WARNING: for details.\n")); + ViceLog(0, ("\n")); +} + static void* DebugOn(void *param) { diff --git a/src/viced/viced.c b/src/viced/viced.c index 10bd61d..0129d39 100644 --- a/src/viced/viced.c +++ b/src/viced/viced.c @@ -1891,6 +1891,9 @@ main(int argc, char *argv[]) SetupLogSignals(); LogCommandLine(argc, argv, "starting", "", "File server", FSLog); + if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) { + LogDesWarning(); + } #if !defined(AFS_NT40_ENV) /* initialize the pthread soft signal handler thread */ diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c index f337eeb..2569e7a 100644 --- a/src/vlserver/vlserver.c +++ b/src/vlserver/vlserver.c @@ -469,6 +469,9 @@ main(int argc, char **argv) rx_SetMaxProcs(tservice, 4); LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog); + if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { + LogDesWarning(); + } VLog(0, ("%s\n", cml_version_number)); /* allow super users to manage RX statistics */ diff --git a/src/volser/volmain.c b/src/volser/volmain.c index 9a6c111..0a42b36 100644 --- a/src/volser/volmain.c +++ b/src/volser/volmain.c @@ -593,6 +593,9 @@ main(int argc, char **argv) LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS", Log); + if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) { + LogDesWarning(); + } if (TTsleep) { Log("Will sleep %d second%s every %d second%s\n", TTsleep, (TTsleep > 1) ? "s" : "", TTrun + TTsleep,