Whine if single-DES keys are in use

If we are using single-DES keys in our KeyFile, yell at the
administrator, so they have a chance at realizing that they should
migrate to stronger crypto.

Reviewed-on: http://gerrit.openafs.org/10273
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit 4212c7e604bebcb8f20b67c60323263231611bfb)

Change-Id: I00b47889e7e79819a3c5d347349686e5d2da30e8
Reviewed-on: http://gerrit.openafs.org/10274
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Tested-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>

diff --git a/src/ptserver/ptserver.c b/src/ptserver/ptserver.c
index 4c30eb912097299ad78ecf2ab42ad2eade39824b..6772e1d0bf070b1e8a4d4280a43ec211eca72763 100644 (file)
--- a/src/ptserver/ptserver.c
+++ b/src/ptserver/ptserver.c
@@ -550,6 +550,9 @@ main(int argc, char **argv)
                   "1.0",
 #endif
                   "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(prdir, NULL, NULL) == 0) {
+       LogDesWarning();
+    }
 
     rx_StartServer(1);
     osi_audit(PTS_FinishEvent, -1, AUD_END);

diff --git a/src/util/afsutil_prototypes.h b/src/util/afsutil_prototypes.h
index 191a6657a991f060af11bc1d6ef6c9a6e289d1c3..78473130a6e1c07c2d4bbd8ff08dfefa1300545f 100644 (file)
--- a/src/util/afsutil_prototypes.h
+++ b/src/util/afsutil_prototypes.h
@@ -178,6 +178,7 @@ extern int LogThreadNum(void);
 extern void LogCommandLine(int argc, char **argv, const char *progname,
                           const char *version, const char *logstring,
                           void (*log) (const char *format, ...));
+extern void LogDesWarning(void);
 
 /* snprintf.c */
 

diff --git a/src/util/serverLog.c b/src/util/serverLog.c
index 7730807853105d1d783cdff0223338bbf56bf788..4cf81febc75e75ed47042ec2ff1f6b81a639ba01 100644 (file)
--- a/src/util/serverLog.c
+++ b/src/util/serverLog.c
@@ -197,6 +197,19 @@ LogCommandLine(int argc, char **argv, const char *progname,
     }
 }
 
+void
+LogDesWarning(void)
+{
+    /* The blank newlines help this stand out a bit more in the log. */
+    ViceLog(0, ("\n"));
+    ViceLog(0, ("WARNING: You are using single-DES keys in a KeyFile. Using single-DES\n"));
+    ViceLog(0, ("WARNING: long-term keys is considered insecure, and it is strongly\n"));
+    ViceLog(0, ("WARNING: recommended that you migrate to stronger encryption. See\n"));
+    ViceLog(0, ("WARNING: OPENAFS-SA-2013-003 on http://www.openafs.org/security/\n"));
+    ViceLog(0, ("WARNING: for details.\n"));
+    ViceLog(0, ("\n"));
+}
+
 static void*
 DebugOn(void *param)
 {

diff --git a/src/viced/viced.c b/src/viced/viced.c
index fca939312126516273e9e19ee228b02eae59ff73..24ecfa201cd39ccf7fefb3d38b747e75ca83ffc1 100644 (file)
--- a/src/viced/viced.c
+++ b/src/viced/viced.c
@@ -2028,6 +2028,9 @@ main(int argc, char *argv[])
        exit(-1);
     }
     LogCommandLine(argc, argv, "starting", "", "File server", FSLog);
+    if (afsconf_GetLatestKey(confDir, NULL, NULL) == 0) {
+       LogDesWarning();
+    }
 
 #if defined(AFS_PTHREAD_ENV) && !defined(AFS_NT40_ENV)
     /* initialize the pthread soft signal handler thread */

diff --git a/src/vlserver/vlserver.c b/src/vlserver/vlserver.c
index 3ef7f06aafb7b9c1e8001d423275d9d519f62d71..d484ea30943999eb6200c7d1c4414feab192405c 100644 (file)
--- a/src/vlserver/vlserver.c
+++ b/src/vlserver/vlserver.c
@@ -400,6 +400,9 @@ main(int argc, char **argv)
     rx_SetMaxProcs(tservice, 4);
 
     LogCommandLine(argc, argv, "vlserver", VldbVersion, "Starting AFS", FSLog);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+       LogDesWarning();
+    }
     printf("%s\n", cml_version_number);        /* Goes to the log */
 
     /* allow super users to manage RX statistics */

diff --git a/src/volser/volmain.c b/src/volser/volmain.c
index 2230666c12c460a92378731b211975347e0c85ea..3dc516ee188e897cdc9dbcfb1008a217451aec5a 100644 (file)
--- a/src/volser/volmain.c
+++ b/src/volser/volmain.c
@@ -564,6 +564,9 @@ main(int argc, char **argv)
 
     LogCommandLine(argc, argv, "Volserver", VolserVersion, "Starting AFS",
                   Log);
+    if (afsconf_GetLatestKey(tdir, NULL, NULL) == 0) {
+       LogDesWarning();
+    }
     if (TTsleep) {
        Log("Will sleep %d second%s every %d second%s\n", TTsleep,
            (TTsleep > 1) ? "s" : "", TTrun + TTsleep,