\fBcattach\fP to read from stdin.
`. LP
`
`Virtual directories should be removed with the \fBcdetach\fP(l)
`
`command when no longer in use.
`. SH EXAMPLES
`
`. TP
`
`cattach /u/mab/secrets mab
`
`associates encrypted directory "/u/mab/secrets" with the
`
`cleartext name "mab". Creates virtual directory "/crypt/mab".
`. TP
`
`cattach /u/mab/secrets .123xyzzy
`
`associates encrypted directory "/u/mab/secrets" with the cleartext
`name ".l23xyzzy".
`The cleartext name will not appear in a listing of
`
`/crypt.
`. TP
`
`cattach —l secrets mab
`
`associates the encrypted directory "secrets" in the current directory
`
`with the cleartext name "mab".
`
`Identical files will encrypt to the
`
`same ciphertext.
`. SH FILES
`
`. TP
`
`/crypt/*
`
`currently attached cleartext instances
`. SH SEE ALSO
`
`cfsd(8), cdetach(l), cmkdir(l), ssh(l)
`. SH BUGS
`
`Really, really slow machines can time out on the RPC before cfsd is
`
`finished processing the attach command, especially when 3—DES is used.
`
`Such machines should probably be considered too slow to be running an
`
`encrypted file system anyway.
`. LP
`
`You can't attach an already encrypted directory,
`
`lest the
`
`single—threaded cfsd find itself in a deadlock.
`. LP
`
`There really should be a better security mechanism than the UID to
`
`protect against spoofing currently attached directories.
`
`The .name
`
`hack is an ugly kludge.
`
`In particular, it would be better to limit
`
`access to the process group of the user who issued the cattach
`
`command. Unfortunately,
`. LP
`
`that information is not passed to cfsd.
`
`The timeout isn't perfect, and may occur a minute or two later than
`
`expected.
`. SH AUTHOR
`
`Matt Blaze; for information on cfs, email to cfs@research.att.com.
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 37
`
`

`
`cattach.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 38
`
`

`
`.TH CATTACH l ""
`
`.SH NAME
`
`cattach — attach encrypted directory to CFS
`.SH SYNOPSIS
`
`.B cattach
`
`[
`
`\—\fBl\fP ]
`
`[ \-\fB-\fP ]
`
`[ \-\fBt\fP \fIminutes\fP]
`
`[ \-\fBi\fP \fIminutes\fP]
`
`\fIdirectory\fP
`\fIname\fP
`.SH DESCRIPTION
`
`\fBcattach\fP associates the encrypted \fIdirectory\fP (previously
`
`created with \fBcmkdir(l)\fP) with the specified \fIname\fP.
`
`\fBcattach\fP prompts for a passphrase, which is used to generate
`
`cryptographic keys sent to the cfs daemon \fBcfsd\fP(8) and used to
`transparently encrypt and decrypt the files as needed.
`If the correct
`
`passphrase is given (as verified by a known—plaintext hash file in the
`
`encrypted directory),
`
`the user may thereafter access the cleartext of
`
`the files in a virtual directory called \fIname\fP under the CFS mount
`
`point
`
`(usually /crypt). Otherwise, no virtual directory is created.
`
`The underlying \fIdirectory\fP may be specified either as an absolute
`
`path or relative to the current directory.
`.LP
`
`The smartcard version of the command is similar in operation, but also
`
`requires a CFS smartcard be present in the smartcard reader.
`.LP
`
`If the \fB—l\fP ("lower security mode") option is given, newly created
`identical files will encrypt to identical ciphertexts. Otherwise,
`the
`
`creation time plus the inode number of the encrypted file is used to
`
`perturb each file, frustrating certain cryptanalytic attacks. Under
`
`highly concurrent operation with multiple instances of the same
`
`encrypted directory, however,
`
`lower security mode may be required to
`
`avoid some race conditions. This mode also makes recovery (from
`
`backups) of individual encrypted files a bit simpler.
`.LP
`
`Note that attached virtual directories may be used only by users whose
`UID is the same as the issuer of the \fBcattach\fP command.
`.LP
`
`Ordinarily,
`
`the names of all currently attached directories can be
`
`obtained by listing the contents of /crypt (e.g., with \fBls\fP(1)).
`
`If the specified \fIname\fP begins with a '.'
`
`(dot), however, cfsd
`
`will not
`
`include the name in directory listings.
`
`By using a
`
`this mechanism can be used to provide some
`hard—to-guess \fIname\fP,
`protection against attackers who can spoof the UID on the client
`
`machine.
`.LP
`
`See the \fBssh\fP(l) command for an example of this usage.
`
`The \fB—t\fP option causes the attach to automatically go away after
`
`the specified number of minutes.
`
`The \fB—i\fP option deletes the
`
`attach after a specified number of minutes of inactivity. Note that
`
`these options, if used, should be chosen with some care;
`
`too short
`
`timeouts may actually increase the risk of compromise of frequently
`re—typed passphrases.
`.LP
`
`\fBcattach\fP will normally attempt to read the passphraseF,gfifi>81né:rh6raC|e_App|e_Exhibit1010_Page39
`1
`
`EXNbflD
`
`

`
`tty device (/dev/tty) and will not echo.
`\fBcattach\fP to read from stdin.
`. LP
`
`The \fB——\fP options forces
`
`Virtual directories should be removed with the \fBcdetach\fP(l)
`
`command when no longer in use.
`. SH EXAMPLES
`
`. TP
`
`cattach /u/mab/secrets mab
`
`associates encrypted directory "/u/mab/secrets" with the
`
`cleartext name "mab". Creates virtual directory "/crypt/mab".
`. TP
`
`cattach /u/mab/secrets .l23xyzzy
`
`associates encrypted directory "/u/mab/secrets" with the cleartext
`
`name ".l23xyzzy".
`
`The cleartext name will not appear in a listing of
`
`/crypt.
`. TP
`
`cattach —l secrets mab
`
`associates the encrypted directory "secrets" in the current directory
`
`with the cleartext name "mab".
`
`Identical files will encrypt to the
`
`same ciphertext.
`. SH FILES
`
`. TP
`
`/crypt/*
`
`currently attached cleartext instances
`. SH SEE ALSO
`
`cfsd(8), cdetach(l), cmkdir(l), ssh(l)
`. SH BUGS
`
`Really, really slow machines can time out on the RPC before cfsd is
`
`finished processing the attach command, especially when 3—DES is used.
`
`Such machines should probably be considered too slow to be running an
`
`encrypted file system anyway.
`. LP
`
`You can't attach an already encrypted directory,
`
`lest the
`
`single—threaded cfsd find itself in a deadlock.
`. LP
`
`There really should be a better security mechanism than the UID to
`
`protect against spoofing currently attached directories.
`
`The .name
`
`hack is an ugly kludge.
`
`In particular, it would be better to limit
`
`access to the process group of the user who issued the cattach
`
`command. Unfortunately,
`. LP
`
`that information is not passed to cfsd.
`
`The timeout isn't perfect, and may occur a minute or two later than
`
`expected.
`. SH AUTHOR
`
`Matt Blaze; for information on cfs, email to cfs@research.att.com.
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 40
`
`

`
`ccat. 8
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 41
`
`

`
`.TH CCAT 8 ""
`
`.SH NAME
`
`ccat
`
`.SH SYNOPSIS
`
`.B ccat
`
`[
`
`\—\fB3ms\fP ]
`
`\fIfi1e\fP
`[
`... ]
`.SH DESCRIPTION
`
`\fBccat\fP prompts for a passphrase and decrypts (onto standard
`
`output)
`
`the specified CFS encrypted files.
`
`If a corresponding CFS IV
`
`file (.pvect_*) file exists in the same directory, it is used to
`perturb the file accordingly.
`By default, files are decrypted using
`
`standard 2-key hybrid mode single—DES.
`
`The \—\fB3\fP option specifies
`
`2-key hybrid mode triple DES.
`
`The \-\fBm\fP option specifies l-key
`
`hybrid mode MacGuffin, and \—\fBs\fP specifies SAFER—SKl28.
`.LP
`
`\fBccat\fP is intended to assist in emergency access to CFS
`
`directories when no machine running a CFS daemon is available.
`
`It is
`
`ordinarily used in conjunction with cname(8).
`.SH SEE ALSO
`
`cname(8)
`.SH BUGS
`
`Does not work with new format
`.LP
`
`(1.3 and later) directories.
`
`This program is just blindingly slow. There's no way to tell if an
`
`incorrect passphrase was entered, except that the program will produce
`
`garbage output.
`.SH AUTHOR
`
`Matt Blaze; for information on cfs, email to cfs@research.att.com.
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 42
`
`

`
`ccat. C
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 43
`
`

`
`* The author of this software is Matt Blaze.
`
`*
`
`Copyright
`
`(c) 1992, 1994 by AT&T.
`
`* Permission to use, Copy, and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* WARRANTY.
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`* cfs ccat
`
`— 1.3
`
`*/
`#include <stdio.h>
`
`#include <rpc/rpc.h>
`
`#include <sys/time.h>
`
`#include <sys/file.h>
`
`#include <sys/stat.h>
`#ifdef SOLARIS2X
`
`#include <string.h>
`#define rindex strrchr
`
`#else
`
`#include <strings.h>
`#endif
`
`#include "nfsproto.h"
`
`#include "admproto.h"
`#include "cfs.h"
`
`/* following are never used — just so i can re—use the library */
`int validhost;
`
`char zerovect[]={o,o,o,o,o,o,o,o,o};
`int cursecs=O;
`
`main(argc,argv)
`
`int argc;
`
`char **argv;
`
`char *pw;
`
`char pword[256];
`
`char *getpassword();
`
`cfs_admkey k;
`cfskey kt;
`
`char *flg;
`
`char *p;
`char iVfile[lO24];
`
`char base[1024];
`
`char iV[l6];
`
`int fd;
`
`int len;
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 44
`
`

`
`int siz;
`
`int offset;
`
`int i;
`
`char *buf[8l92];
`
`int ciph=CFS_THREE_DES;
`
`fprintf(stderr,"WARNING: ccat works only on old format CFS fi1es\n");
`
`while (--argc && (**++argv == '—'))
`for (f1g= ++*argv; *f1g; ++f1g)
`
`{
`
`switch (*f1g)
`case '1':
`
`{
`
`#ifdef NOTDEF
`
`#endif
`
`Ciph=CFS_STD_DES;
`break;
`case '3':
`
`Ciph=CFS_THREE_DES;
`break;
`
`case 'b':
`
`C iph=CFS_BLOWFI SH ;
`break;
`
`case 'm':
`
`ciph=CFS_MACGUFFIN;
`break;
`case 's':
`
`Ciph=CFS_SAFER_SKl28;
`break;
`default:
`
`fprintf(stderr,"usage: ccat
`exit(l);
`
`[—l3bms] fi1e...\n");
`
`} i
`
`} i
`
`{
`f (argc<1)
`fprintf(stderr,"Usage: ccat
`exit(l);
`
`[—3bms] fi1e...\n");
`
`{
`f ((pw=getpassword("Key:"))==NULL)
`fprintf(stderr,"Can't get key\n");
`exit(l);
`
`} s
`
`trcpy(pword,pw);
`
`k.cipher=ciph;
`
`{
`if (o1d_pwcrunch(pw,&k)!=O)
`fprintf(stderr,"InVa1id key\n");
`exit(l);
`
`} c
`
`opykey(&k,&kt);
`kt.smsize=LARGESMSIZE;
`
`if (((kt.primask=(char*) ma11oc(kt.smsize)) == NULL)
`
`((kt.secmask=(char*) ma11oc(kt.smsize)) == NULL))
`||
`fprintf(stderr,"No memory\n");
`eXit(2);
`
`{
`
`PetitionerOrac|e-App|e-Exhibit1010-Page45
`
`} g
`
`enmasks(&kt);
`
`i<ar9C’ 1*” {
`f°"” ‘i=0’
`strcpy(ivfi1e,argv[i]);
`EXMDHD
`
`

`
`if ((p=rindex(ivfi1e.'/'))==NULL)
`
`sprintf(iVfi1e,".pvect_%s".argv[i]);
`
`else {
`*p='\0';
`strcpy(base,++p);
`
`sprintf(ivfi1e,"%s/.pvect_%s",ivfi1e,base);
`
`} i
`
`f (readlink(iVfi1e,iV,8)
`
`!= 8)
`
`bcopy(zerovect,iv,8);
`
`fprintf(stderr,"%s %s\n",ivfi1e,iv);
`
`if ((fd=open(argV[i],O_RDONLY,O))<O)
`perror(argv[i]);
`continue;
`
`{
`
`} 1
`
`en=f1en(fd);
`
`fprintf(stderr,"%s %d\n",argv[i],1en);
`
`for (offset=O; offset<1en;){
`siz=1en—offset;
`
`if (siz>8l92)
`
`SiZ=8l92;
`
`siz=readb1ock(buf,fd,offset,siz,&kt,iv);
`
`write(l,buf,siz);
`
`offset+=siz;
`
`f1en(fd)
`
`int fd;
`
`struct stat sb;
`
`if (fstat(fd,&sb)<O)
`return -1;
`
`return dtov(sb.st_size);
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 46
`
`

`
`cdetach. 1
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 47
`
`

`
`.TH CDETACH l ""
`
`.SH NAME
`
`cdetach — detach encrypted directory from CFS
`.SH SYNOPSIS
`
`.B cdetach
`
`\fIname\fP
`.SH DESCRIPTION
`
`\fBcdettach\fP removes the instance called \fIname\fP of an encrypted
`
`directory (created with \fBcattach\fP(l)) from /crypt.
`
`The underlying
`
`encrypted version of the directory remains, of course, and may be
`
`attached again when needed with \fBcattach\fP(l).
`.SH EXAMPLE
`
`.TP
`
`cdetach mab
`
`deletes /crypt/mab
`.SH SEE ALSO
`
`cfsd(8), cattach(l)
`.SH BUGS
`
`Anyone can cdetach anything, even directories attached by other users.
`
`This can lead to irritating denial—of—service attacks.
`.SH AUTHOR
`
`Matt Blaze; for information on cfs, email to
`cfs@research.att.com
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 48
`
`

`
`cdetach.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 49
`
`

`
`* The author of this software is Matt Blaze.
`
`*
`
`Copyright
`
`(c) 1992, 1993, 1994 by AT&T.
`
`* Permission to use, Copy, and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* WARRANTY.
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`* client side detach
`
`*/
`#include <stdio.h>
`
`#include <rpc/rpc.h>
`
`#include "nfsproto.h"
`
`#include "admproto.h"
`#include "cfs.h"
`
`main(argc,argv)
`
`int argc;
`char **argv;
`
`cfs_detachargs ap;
`char *pw;
`int status;
`
`cfsstat ret;
`
`{
`if (argc!=2)
`fprintf(stderr,"Usage: cdetach name\n");
`exit(1);
`
`} a
`
`p.name=argv[1];
`
`ap.uid=getuid();
`
`if ((status
`
`callrpc("localhost",ADM_PROGRAM,ADM_VERSION,
`
`ADMPROC_DETACH,xdr_cfs_detachargs,&ap,
`
`xdr_cfsstat,&ret))
`clnt_perrno(status);
`exit(1);
`
`!=O)
`
`{
`
`} i
`
`f (ret!=CFS_OK)
`fprintf(stderr,"cdetach: %s\n",admmsg(ret));
`exit(ret);
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 50
`
`

`
`cfs.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 51
`
`

`
`* The author of this software is Matt Blaze.
`
`Copyright
`COPY.
`* Permission to use,
`
`(C)
`
`1992, 1993, 1994 by AT&T.
`and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* WARRANTY.
`
`* THIS SOFTWARE IS BEING PROVIDED
`
`HAS Isl! I WITHOUT ANY EXPRESS OR IMPLIED
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`* Crypto file system
`1.3
`* main
`* mab —
`
`11/30/92
`
`* mab —
`
`* mab —
`
`01/11/94
`
`11/10/94
`
`#include
`
`<stdio.h>
`
`#include
`
`#include
`
`<sys/types.h>
`
`<sys/file.h>
`
`#include
`
`<sys/socket.h>
`/* #include <netinet/in.h> */
`
`/* #include <arpa/inet.h> */
`<netdb.h>
`#include
`
`#include
`
`<rpc/rpc.h>
`
`#include
`
`<sys/time.h>
`#ifndef NORLIMITS
`
`#include
`
`#endif
`
`#include
`
`#include
`
`#include
`
`#include
`
`<sys/resource.h>
`
`<signal.h>
`
`"nfsproto.h"
`
`"admproto.h"
`"cfs.h"
`
`struct in_addr validhost;
`
`#if defined(SOLARIS2X)
`
`|| defined(__NetBSD__)
`
`Void nfs_program_2();
`
`void adm_program_2();
`#include
`<string.h>
`
`#else
`
`int nfs_program_2();
`
`int adm_program_2();
`#endif
`
`#ifdef _NetBsD
`
`int _rpcsvcdirty;
`#endif
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 52
`
`

`
`void grimreap();
`
`char zerovect[]={0,0,0,0,0,0,0,0,0};
`int cursecs;
`
`main(argc,argv)
`
`int argc;
`
`char **argv;
`
`int port=CFS_PORT;
`
`struct timeval tv;
`
`struct hostent *hp;
`
`struct sockaddr_in sin;
`int svrsock;
`
`SVCXPRT *tp ;
`
`int pid;
`#ifdef SOLARISZX
`
`struct netconfig *nc;
`
`struct t_bind tbind, *tres;
`
`struct t_info tinfo;
`#endif
`
`/* create the right kind of socket */
`
`{
`if (argc > 2)
`fprintf(stderr,"Usage: cfsd [port]\n");
`exit(1);
`
`} i
`
`} i
`
`f (argc==2)
`
`{
`
`{
`if ((port=atoi(argv[l]))<=O)
`fprintf(stderr,"Usage: cfsd [port]\n");
`exit(1);
`
`{
`f ((hp=gethostbyname("localhost"))==NULL)
`fprintf(stderr,"Can't deal with 1oca1host\n");
`exit(1);
`
`} b
`
`zero((char *)&sin,sizeof(sin));
`
`sin.sin_fami1y=AF_INET;
`
`bcopy((char *)hp->h_addr,(char *)&sin.sin_addr,hp->h_1ength);
`
`/* sin.sin_addr = inet_makeaddr(INADDR_ANY,np);*/
`
`validhost.s_addr=sin.sin_addr.s_addr;
`
`sin.sin_port = htons(port);
`
`#ifdef SOLARISZX
`
`if ((nc = getnetconfigent("udp")) == NULL)
`nc_perror("udp");
`eXit(l);
`
`{
`
`if ((svrsock = t_open(nc->nc_device, O_RDWR, &tinfo))
`t_error("Can't t_open UDP device");
`exit(1);
`
`< 0)
`
`{
`
`}
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 53
`
`

`
`if ((tres = (struct t_bind *)t_alloc(svrsock, T_BIND, T_ADDR)) == NULL){
`t_error("Can't t_alloc buffer");
`exit(l);
`
`tbind.qlen = O;
`tbind.addr.buf =
`
`(char *)&sin;
`
`tbind.addr.len = tbind.addr.maxlen = tinfo.addr;
`
`if (t_bind(svrsock, &tbind,
`t_error("t_bind");
`exit(1);
`
`tres)
`
`!= O)
`
`{
`
`if (tbind.addr.len != tres—>addr.len ||
`
`tres->addr.len)
`tres->addr.buf,
`memcmp(tbind.addr.buf,
`/* bound address does not match requested one */
`
`!= O)
`
`{
`
`fprintf(stderr,
`
`"t_bind did not bind to requested address (is another cfsd running?)\n");
`exit(1);
`
`}
`
`{
`if ((tp = svc_dg_create(svrsock, O, 0)) == NULL)
`fprintf(stderr,"Can't create UDP RPC Service\n");
`exit(1);
`
`/* Assign the local bind address and type of service */
`
`tp->xp_ltaddr = tres—>addr;
`
`tp->xp_type = tinfo.servtype;
`
`tp->xp_rtaddr.len = O;
`
`tp->xp_rtaddr.maxlen = tres—>addr.maxlen;
`
`tp->xp_netid = strdup(nc—>nc_netid);
`
`tp->xp_tp = strdup(nc—>nc_device);
`
`if ((tp->xp_rtaddr.buf = malloc(tp—>xp_rtaddr.maxlen)) == NULL)
`fprintf(stderr, "Can't malloc buffer space\n");
`exit(1);
`
`{
`
`/* now register w/
`
`the local dispatcher */
`
`/* don't register nfs w/ portmaper,
`
`tho */
`
`if (!sVc_reg(tp, NFS_PROGRAM, NFS_VERSION, nfs_program_2,
`
`{
`(port==2049? nc : NULL)))
`fprintf(stderr,"Can't register CFS NFS\n");
`exit(l);
`
`} i
`
`} i
`
`{
`f (!rpcb_unset(ADM_PROGRAM, ADM_VERSION, nc))
`fprintf(stderr, "Can't init CFS ADM rpcbind mapping\n");
`exit(l);
`
`f (!sVc_reg(tp, ADM_PROGRAM, ADM_VERSION, adm_program_2, nc))
`fprintf(stderr,"Can't register CFS ADM\n");
`exit(l);
`
`{
`
`# 1
`
`e se
`
`}
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 54
`
`

`
`if ((sVrsock=socket(AF_INET,SOCK_DGRAM,O))
`perror("socket");
`exit(1);
`
`< O)
`
`{
`
`if (bind(svrsock,(struct sockaddr *)&sin,sizeof(sin))
`perror("bind");
`exit(1);
`
`!= 0)
`
`{
`
`}
`
`{
`if ((tp = svcudp_create(svrsock)) == NULL)
`fprintf(stderr,"Can't create UDP RPC Service\n");
`exit(1);
`
`the local dispatcher */
`
`} /
`
`* now register w/
`
`/* don't register nfs w/ portmaper,
`
`tho */
`
`if (!sVc_register(tp,NFS_PROGRAM,NFS_VERSION,nfs_program_2,
`
`{
`(port==2049?IPPROTO_UDP:O)))
`fprintf(stderr,"Can't register CFS NFS\n");
`exit(l);
`
`} p
`
`map_unset(ADM_PROGRAM,ADM_VERSION);
`
`if (!svc_register(tp,ADM_PROGRAM,ADM_VERSION,adm_program_2,
`
`{
`IPPROTO_UDP))
`fprintf(stderr,"Can't register CFS ADM\n");
`exit(l);
`
`}
`#endif
`
`#ifndef DEBUG
`
`if ((pid=fork())!=O)
`
`{
`
`{
`if (pid<O)
`perror("cfsd: fork\n");
`exit(l);
`
`} p
`
`rintf("cfs ready [%d]\n",pid);
`exit(O);
`
`}
`#else
`
`printf("cfs running DEBUG (%d)\n", getpid());
`#endif
`
`initstuff();
`
`/* and lauch the timeout handler (which we have to do in child) */
`
`gettimeofday(&tv,NULL);
`
`cursecs=tv.tv_sec;
`signal(SIGALRM,grimreap);
`
`alarm(60);
`
`/* every 60 secs */
`
`/* do it */
`svc_run();
`fprintf(stderr,"Huh?? Where the hell am I?\n");
`exit(l);
`
`initstuff()
`{
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 55
`
`

`
`int i;
`
`static instance ina,inb;
`#ifndef NORLIMITS
`
`struct rlimit rl;
`#endif
`
`/* first set uid to 0, if we can */
`
`/* now we can go back and forth easily */
`setuid(O);
`
`umask(O);
`
`#if defined(__NetBSD__)
`#ifndef DEBUG
`
`/* detach from terminal */
`daemon(0,0);
`
`#endif /* DEBUG */
`
`#endif /* __NetBSD__ */
`
`#ifndef NORLIMITS
`
`/* make sure we don't spill a corefile */
`
`rl.rlim_cur=O;
`
`rl.rlim_max=O;
`
`setrlimit(RLIMIT_CORE,&rl);
`#else
`
`/* set signal handlers */
`
`/* for things that can dump core */
`
`signal(SIGQUIT,SIG_IGN)7
`
`signal (SIGILL. SIG_IGN) ;
`
`signal (SIGTRAP. SIG_IGN) ;
`
`signal (SIGABRT. SIG_IGN) ;
`
`signal (SIGEMT. SIG_IGN) ;
`
`signal (SIGFPE. SIG_IGN) ;
`
`signa1(SIGBUS.SIG_IGN);
`
`signal(SIGSEGV.SIG_IGN);
`
`signal(SIGSYS.SIG_IGN);
`#ifdef SIGLOST
`
`signal(SIGLOST.SIG_IGN);
`#endif
`
`#endif
`
`/* clear out the instances table */
`for (i=0;
`i<NINSTANCES;
`i++)
`
`instances[i]=NULL;
`
`/* look for instances to kill */
`
`void grimreap()
`
`{
`
`struct timeval tv;
`
`int i;
`
`gettimeofday(&tv,NULL);
`
`cursecs=tv.tv_sec;
`#ifdef DEBUG
`
`fprintf(stderr,"grimly reaping\n");
`#endif
`
`i<NINSTANCES;
`for (i=0;
`EXNbflD
`
`i++)
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 56
`
`

`
`{
`!= NULL)
`if (instances[i]
`if (instances[i]->dead > 4)
`
`freeinstance(i);
`
`else if ((instances[i]—>timeout)
`
`&& (instances[i]->timeout < cursecs))
`
`instances[i]—>dead++;
`
`else if ((instances[i]—>id1e)
`
`&& ((instances[i]->access + instances[i]->id1e)
`
`< cursecs))
`
`instances[i]—>dead++;
`
`}
`signa1(SIGALRM,grimreap);
`a1arm(60);
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 57
`
`

`
`cfs.h
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 58
`
`

`
`The author of this software is Matt Blaze.
`
`(C) 1992, 1993, 1994 by AT&T.
`Copyright
`copy, and modify this software without fee
`Permission to use,
`is hereby granted, provided that this entire notice is included in
`
`all copies of any software which is or includes a copy or
`
`modification of this software and in all copies of the supporting
`documentation for such software.
`
`This software is subject to United States export controls.
`
`WARRANTY.
`
`THIS SOFTWARE IS BEING PROVIDED
`
`HAS Isl! I WITHOUT ANY EXPRESS OR IMPLIED
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`/* include files specific to cipher modules go here */
`*/
`/* (i don't normally like nested includes)
`
`#include "mcg.h"
`"safer.h"
`#include
`
`#define
`
`#define
`
`#define
`
`H_REG 0
`
`H_ATTACH O
`
`/* same as regular */
`
`H_ROOT 1
`
`#define
`H_INVALID 9
`def SHORTLINKS
`
`#if
`
`#define H_SLNK 5
`#endif
`
`#ifndef CFS_PORT
`
`#define CFS_PORT 3049
`#endif
`
`#ifndef NINSTANCES
`
`#define NINSTANCES 64
`
`#endif
`
`#define CFSBLOCK 8
`
`/* granularity of DES encryption */
`
`/* writing is a bit tricky — if not 8 byte boundry,
`8 byte boundry first, make the change in place,
`
`read in prev & next
`back the whole
`and write
`
`thing */
`
`#define STD_DES O
`
`/* 2 key hybrid single DES */
`
`#define THREE_DES 1 /* 2 key hybrid 3DES */
`#define IDEA 2
`/* 2 key hybrid IDEA (n/a) */
`
`#define BLOWFISH 3
`
`/* 2 key hybrid BLOWFISH (n/a) */
`
`#define SKIPJACK 4
`
`/* 2 key hybrid SKIPJACK (PCMCIA)
`
`(n/a)
`
`*/
`
`#define MCG 5
`
`/* 1 key hybrid MacGuffin */
`
`#define SAFER_SKl28 6
`
`/* 1 key hybrid SAFER-SKl28 */
`
`#define TRUE_THREE_DES 7 /* 3 key hybrid 3DES */
`
`typedef struct fhdata {
`u_char magic[8];/* OxO123456789abcdef */
`u_short htype;
`
`l=attachpt, 2=root(but notusggl
`/* O=reg,
`/* which attach */
`u_short instance;
`EXNbflD
`
`iti<§r{er Oracle-Apple - Exhibit 1010 - Page 59
`
`

`
`u_long fileid;
`
`/* inode # */
`
`u_char check[8];/* we just encrypt the date and copy it here */
`#ifdef SHORTLINKS
`
`u_long linkid;
`
`/* To uniquify short links */
`
`u_char pad[4];
`#else
`
`u_char pad[8];
`#endif
`
`} fhdata;
`
`/* empty */
`
`/* empty */
`
`typedef union fh_u {
`u_char opaque[NFS_FHSIZE];
`struct fhdata fh;
`
`} fh_u;
`
`typedef struct cfs_fileid {
`int fileid; /* inode */
`
`/* hash table entry */
`
`int key;
`
`/* key id, for future use */
`
`char vect[9];
`
`/* pertubation vector */
`
`char vectname[l024];
`
`/* name of symlink w/ pert vect */
`
`char *name;
`
`/* encrypted path, w/r/t cfs root */
`
`/* the name should be changed to a list of names, and we should make
`
`sure we have the right one open.
`remove and rmdir delete names. */
`
`Lookup (not link) adds names,
`
`struct fdcache *fd;
`
`/* fd, if already open, or NULL (reg files only)*/
`
`/* dir only;
`int parent;
`#ifdef SHORTLINKS
`
`-1 for instance root
`
`(send back self)*/
`
`/* dir only; for shortlinks. */
`int link_count;
`int linkid;
`/* short links only */
`#endif
`
`struct cfs_fileid *next;
`struct instance *ins;
`
`} cfs_fileid;
`
`/* this is redundnat, but helps */
`
`typedef struct fdcache {
`/* fh with the file open */
`cfs_fileid *file;
`int fd;
`/* currently open fd */
`int mode;
`/* O=RO, else RDWR */
`
`struct filecache *next;
`
`/* fwd and back ptrs */
`
`struct filecache *prev;
`
`/* frontmost is mru */
`
`} fdcache;
`
`#define HSIZE 1024
`
`#define HMASK Ox3ff /* change these together, please */
`
`#define LARGESMSIZE (32768*CFSBLOCK)
`
`#define SMALLSMSIZE (5l2*CFSBLOCK)
`
`typedef struct cfskey {
`int cipher;
`
`union {
`
`/* now holds expanded keys for DES also */
`
`/* DES */
`struct {
`u_char primary[l28];
`
`u_char secondary[128];
`
`} des;
`
`struct {
`EXNbflD
`
`/* two-key 3DES */
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 60
`
`

`
`u_char primaryl[l28];
`
`u_char primary2[l28];
`
`u_char secondary1[128];
`
`u_char secondary2[128];
`
`} des3;
`
`/* three—key 3DES */
`struct {
`u_char primaryl[l28];
`
`u_char primary2[l28];
`
`u_char primary3[l28];
`
`u_char secondary1[128];
`
`u_char secondary2[128];
`
`u_char secondary3[128];
`
`} dest3;
`
`/* MacGuffin */
`struct {
`mcg_key primary;
`
`mcg_key secondary;
`
`} mcg;
`#ifdef NOTDEF
`
`/* Blowfish */
`struct {
`bfkey primary;
`bfkey secondary;
`
`} bf;
`
`#endif
`
`/* SAFER */
`struct {
`safer_key_t primary;
`
`safer_key_t secondary;
`
`} safer;
`
`} Var;
`int smsize;
`
`/* right now either LARGESMSIZE or SMALLSMSIZE */
`
`char *primask;
`char *secmask;
`
`} cfskey;
`
`typedef struct instance {
`cfs_fileid *file[HMASK+l];
`
`char path[NFS_MAXPATHLEN+l];
`
`/* path to get to files w/r/t root */
`
`char name[NFS_MAXNAMLEN+l];
`cfskey key;
`
`/* name of the attach point */
`
`u_char check[8];/* we just encrypt the date and copy it here */
`int uid;
`/* authorized uid */
`
`/* we need a better credential mechanism */
`
`int id;
`
`/* same as its position in instances[] */
`
`int highsec;
`
`/* use perturbation vectors */
`
`int anon;
`int timeout;
`
`/* invisability */
`/* absolute timeout
`
`(O is infinite) */
`
`int idle;
`
`/* idle timer (0 is infinite) */
`
`int access;
`int dead;
`
`/* last access time (for use by idle timer) */
`/* to be killed */
`
`}
`
`instance;
`
`extern int cfserrno;
`
`extern int errno;
`
`extern int cursecs;
`
`extern Char Zer°"eCt ” ’
`
`EXNbflD
`
`Petitioner Oracle-Apple — Exhibit 1010 — Page 61
`
`

`
`#define CFS_READ O_RDONLY
`
`#define CFS_WRITE (O_RDWR)
`
`extern char *admerrs[];
`
`char *admmsg();
`
`/* char *keyof(); */
`
`char *encryptname();
`
`char *decryptname();
`
`cfs_fileid *geth();
`
`extern instance *instances[];
`
`extern nfstime roottime;
`
`extern cfs_fileid rootnode;
`
`#ifdef hpux
`#define seteuid(x) setresuid(—l,x,—l)
`
`#define setegid(x) setresgid(—l,x,—l)
`#endif
`
`#ifdef AIX32OEUIDBUG
`
`/* AIX 3.2.0 uses ruid for file ownership on creat even though the docs
`
`say otherwise !!
`*
`* note that we can still switch back to root.
`
`* I bet this is fixed in later AIX releases,
`
`in which case this whole
`
`ifdef can be done away with
`
`*
`*/
`
`#include <sys/id.h>
`
`#include <sys/types.h>
`
`#define become(x)
`
`((x)==NULL?(setuidx(ID_EFFECTIVE |
`
`ID_REAL,O) | ISetgidx(ID_EFFECTIVE|ID_REAL,O))
`
`:\
`
`(setgidx(ID_EFFECTIVE|ID_REAL,rgid(x))
`
`|
`
`|
`
`setuidx(ID_EFFECTIVE|ID_REAL, ruid(x) ) ))
`
`#else
`
`#define become(x)
`
`((x)==NULL?(seteuid(O)||setegid(O))
`
`:\
`
`(setegid(rgid(x))
`
`|| seteuid(ruid(x))))
`
`#endif
`
`#define keyof(f)
`#define vectof(f)
`
`(&((f)—>ins->key))
`((f)—>vect)
`
`#ifdef irix
`
`#define d_fileno d_ino
`#endif
`
`#ifdef SOLARISZX
`
`#define d_fileno d_ino
`#define bzero(b,
`l)
`
`memset(b, O, 1)
`
`#define bcopy(s, d,
`#define index(s, c)
`
`l)
`
`memcpy(d, s, 1)
`strchr(s, c)
`
`#define bcmp(s, d,
`#endif
`
`l)
`
`(memcmp(s, d,
`
`l)? 1
`
`: 0)
`
`#ifdef BSD44
`
`/*
`
`#define d_off d_reclen
`
`#define d_fileno d_ino
`EXMDHD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 62
`
`

`
`*/
`#endif
`
`#inc1ude<std1ib.h>
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 63
`
`

`
`cfs_adm.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 64
`
`

`
`* The author of this software is Matt Blaze.
`
`*
`
`Copyright
`
`(c) 1992, 1993, 1994 by AT&T.
`
`* Permission to use, Copy, and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
`
`IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
`* WARRANTY.
`* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
`
`* OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.
`
`* server adm rpc handlers — ver 1.3.2
`*/
`
`#include <sys/types.h>
`#include <stdio.h>
`
`#include <rpc/rpc.h>
`
`#include <sys/time.h>
`#include <string.h>
`
`#include "admproto.h"
`
`#include "nfsproto.h"
`#include "cfs.h"
`
`typedef struct svc_req *SR;
`
`int topinstance = O;
`
`cfs_adm()
`
`{ } V
`
`oid *
`
`admproc_null_2()
`
`{ } c
`
`fsstat *
`
`admproc_attach_2(ap,rp)
`cfs_attachargs *ap;
`SR *rp;
`
`static cfsstat ret;
`
`int i;
`
`cfskey tk;
`instance *ins;
`
`#ifdef DEBUG
`
`printf("attach: %s %s %d\n",ap—>dirname, ap->name, ap->anon);
`
`#e“dif
`if (*ap->dirname != '/') {
`EXNbflD
`
`Petitioner Oracle-Apple — Exhibit 1010 — Page 65
`
`

`
`ret = CFSERR_BADNAME;
`return &ret;
`
`!= NULL)
`f (index(ap->name,'/')
`ret = CFSERR_BADNAME;
`return &ret;
`
`{
`
`f (a1ready(ap—>name))
`ret=CFSERR_EXIST;
`return &ret;
`
`{
`
`} i
`
`} i
`
`} b
`
`ecome(rp);
`
`copykey(&ap—>key,&tk);
`
`if ((ret=verify(ap—>dirname,&tk))
`become(NULL);
`return &ret;
`
`z= CFS_OK)
`
`{
`
`} b
`
`ecome(NULL);
`
`i<NINSTANCES;
`for (i=topinstance+l;
`if (instances[i] == NULL)
`break;
`
`i++)
`
`if (i==NINSTANCES) for (i=1;
`if (instances[i] == NULL)
`
`i<topinstance;
`
`i++)
`
`break;
`
`{
`if (i==topinstance)
`ret=CFSERR_IFULL;
`return &ret;
`
`} i
`
`f ((ins:(instance*)ma11oc(sizeof(instance)))==NULL)
`ret=CFSERR_IFULL;
`return &ret;
`
`{
`
`} t
`
`opinstance=i;
`instances[i]=ins;
`
`ins—>id=i;
`
`for (i=0;
`
`i<HSIZE;
`
`i++)
`
`ins—>fi1e[i]=NULL;
`
`ins->key.smsize = ap->smsize;
`
`{
`
`{
`
`if ((ins—>key.primask=(char*) ma11oc(ins—>key.smsize)) == NULL)
`free(ins);
`
`ret = CFSERR_IFULL;
`return &ret;
`
`} i
`
`f ((ins->key.secmask=(char*) ma11oc(ins—>key.smsize)) == NULL)
`free(ins->key.primask);
`free(ins);
`
`Petitioner Oracle-Apple — Exhibit 1010 — Page 66
`
`ret = CFSERR_IFULL;
`return &ret;
`
`} 1
`
`ns->anon=ap->anon;
`
`sprintf(ins—>path,"%s/.",ap—>dirname);
`
`strcpy(ins—>name,ap—>name);
`
`copykey(&ap—>key,&ins—>key);
`
`genmasks(&ins->key);
`
`i“S‘>uid=aP'>uid’
`ins->highsec=ap—>highsec;
`EXNDHD
`
`

`
`gettimeofday((struct timeval *)&roottime,NULL);
`
`if (ap->expire !=O)
`ins->timeout
`
`else
`
`roottime.seconds +
`
`(ap->expire*60);
`
`ins->timeout
`
`07
`
`ins->access=roottime.seconds;
`
`ins—>id1e=ap—>id1e * 60;
`ins->dead=O;
`
`bzero((char *)ins->check,8);
`
`bcopy((char *)&roottime,(char *)ins->check,sizeof(roottime));
`
`cipher(&ins—>key,ins—>check,O);
`
`ret=CFS_OK;
`return &ret;
`
`a1ready(s)
`char *s;
`
`int i;
`
`for (i=1;
`
`i<NINSTANCES;
`
`i++)
`
`if ((instances[i
`return 1;
`
`return 0;
`
`!=NULL) && !strcmp(instances[i]->name,s))
`
`genmasks(k)
`
`cfskey *k;
`
`unsigned int i;
`char start[9];
`
`FILE *fp;
`
`i+=CFSBLOCK)
`i < k—>smsize;
`for (i=0;
`sprintf(start,"O%O7x",i/CFSBLOCK);
`
`{
`
`bcopy(start,&k—>primask[i],CFSBLOCK);
`
`mask_cipher(k,&k—>primask[i],0);
`sprintf(start,"l%O7x",i/CFSBLOCK);
`
`bcopy(start,&k->secmask[i],CFSBLOCK);
`
`mask_cipher(k,&k—>secmask[i],0);
`
`cfsstat *
`
`admproc_detach_2(ap,rp)
`
`cfs_detachargs *ap;
`SR *rp;
`
`static cfsstat ret;
`
`int i;
`
`if (strncmp(ap—>name,".ANON_",6) ==
`i = atoi(&ap->name[6]);
`if ((i>O) && (i<NINSTANCES) && (instances[i]!=NULL))
`
`0)
`
`{
`
`goto found;
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 67
`
`

`
`for (i=1;
`
`i<NINSTANCES;
`
`i++)
`
`if ((instances[i]!=NULL)&&!strcmp(instances[i]->name,ap->name))
`break;
`
`{
`if (i==NINSTANCES)
`ret=CFSERR_NOINS;
`return &ret;
`
`}
`found:
`
`freeinstance(i);
`
`ret=CFS_OK;
`return &ret;
`
`/* freeinstance is also called by geth if expired */
`freeinstance(i)
`
`int i;
`
`int j;
`
`{
`j++)
`j<HSIZE;
`for (j=0;
`free1ist(instances[i]—>fi1e[j]);
`
`instances[i]->fi1e[j]=NULL;
`
`} b
`
`zero((char *)instances[i]->key.primask,instances[i]->key.smsize);
`
`free(instances[i]—>key.primask);
`
`bzero((char *)instances[i]->key.secmask,instances[i]—>key.smsize);
`
`free(instances[i]—>key.secmask);
`bzero((char *)instances[i],sizeof(instance));
`
`free(instances[i]);
`
`instances[i]=NULL;
`
`gettimeofday((struct timeval *)&roottime,NULL);
`c1osea11();
`
`free1ist(f)
`
`cfs_fi1eid *f;
`
`if (f==N'ULL)
`return;
`
`free1ist(f—>next);
`
`free(f->name);
`
`free(f);
`
`verify(path,k)
`
`char *path;
`
`cfs_admkey *k;
`
`FILE *fp;
`char fn[lO24];
`
`char buf[9];
`
`sprintf(fn,"%s/...",path);
`
`if ((fp=fopen(fn,"r"))==NULL)
`
`return CFSERR_NODIR;
`
`if (fread(buf.8.l.fp)!=1) {
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 68
`
`

`
`fclose (fp);
`
`return CFSERR_NODIR;
`
`} f
`
`close (fp);
`
`cipher(k,buf,1);
`
`/* note order here */
`
`mask_cipher(k,buf,O);
`cipher(k,buf,1);
`/* note order here */
`
`if (bcmp(buf,"qua!",4)!=O)
`
`return CFSERR_BADKEY;
`
`return CFS_OK;
`
`EXNbflD
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 69
`
`

`
`cfs_cipher.c
`
`Exhibit D
`
`Petitioner Oracle-Apple - Exhibit 1010 - Page 70
`
`

`
`* The a
`
`uthor of this software is Matt Blaze.
`
`* Permi
`
`Copyright
`(c) 1994 by AT&T.
`COPY.
`ssion to use,
`
`and modify this software without fee
`
`* is hereby granted, provided that this entire notice is included in
`
`* all copies of any software which is or includes a copy or
`
`* modification of this software and in all copies of the supporting
`* documentation for such software.
`
`* This software is subject to United States export controls.
`
`* THIS
`
`SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IM