From nobody Tue Aug 12 10:41:37 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1Sjf2Jn7z64TN0; Tue, 12 Aug 2025 10:41:42 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c1Sjd4ZjVz3yf2; Tue, 12 Aug 2025 10:41:41 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754995301; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=APvPS43yn+CgBv6nu0bSPSObT8o5p2nLlhEgwW9J+js=; b=GAz8sHl/nplrg/zuhJUMwPveMf45aKUtAtkqETBQ3Cb0ZMXHP0cWVZCt7BBPCr5xrk0kJs LU790jqXXZCMKWPUG8vjf+HPSzCHU9rtHZnfgAiX86CG5ACMNRjHREWSWs/O2crS09/LOl JbiXpRBZEIwXBIotHuFJwYvOIcZyZ+qoX/3svoHpJ5yrUaGV+by/cl2LdUQOFfsRGLCNGU HEE/jA0uYBKv8eHkqziOaclPtdC3+wnA0XoFD+yAcfS7IIrxOYwCpY26p735nwRPXhl9rz Ip3jz3jvy9od2rpsaitH0lZZrG84WkA5HYLbQRcx7qw4O/NHNzi4k5DpevvLmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754995301; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=APvPS43yn+CgBv6nu0bSPSObT8o5p2nLlhEgwW9J+js=; b=hyGIHpM9HO/Y49cf5OXOB8CyFhprqeQ+K8uSrCLtruLx1zKT3jIGrKcRzRiRPZjja0wNQE LMmq5nJ9jy+Rkes9SYHQDyw4p2uzTSCbvK67qpIKm4RrgyduJo2+CleGmvplN7VV/C2kHp hIL5k1dLl9K1SDVS6Rw+mjceHq4xy2XN42P7ZBZu4ZPLvq2e31C+kCGZPF4JL/Szkne9Lq EGxpFJ1W2yiT1qfzY4uyPYpFUN4OmL7HgzDfk6Yvom45hPBSJKeypBw5bWKg+29gdf8iUZ Mr2a7VkyULHvnSTBwEl1MTa1sQHx1RCLuf9cTMzSgH+e2VGxP8GmKsNxIFQbBA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754995301; a=rsa-sha256; cv=none; b=shLWZtpDGctCP+FXic5+EBFUpEqB7yGd4xzPIDkMKa/1qCwF0k5F+1DR6u3udKQeNyaqmd 98TRC0ZrRcQ/80YJmLTMyS1Z8wpe5a2PbP0gSzIqnWDEl+eJhqOFYaOxUXgi+YIxBlyLoP UHI4u4dVY/+qffP4hN1UFeyAsRiU+Xppt6H6MhVJQdrXEda+LwLhJETLohI0bBNWqNUvYi tCCJwDjdrbUyuoVH3UFprD6NNHg6yX2da7FCMpyJztUak9MZ6f1SAAPg3XENc5nMZaKWQr 7J5vCtBu8dcUOadjVcz1Ko+cqvVm1reL8RVPiRaQMzVgnyRFu03qSBLvz6VJWw== Received: from [100.109.252.209] (unknown [176.15.166.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: fluffy) by smtp.freebsd.org (Postfix) with ESMTPSA id 4c1Sjc01cTzNbk; Tue, 12 Aug 2025 10:41:39 +0000 (UTC) (envelope-from fluffy@FreeBSD.org) Date: Tue, 12 Aug 2025 13:41:37 +0300 From: Dima Panov To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org, Lexi Winter Message-ID: <851c968c-923a-4809-83d4-b0600e70867b@Canary> In-Reply-To: <202508101537.57AFbHrI067216@gitrepo.freebsd.org> References: <202508101537.57AFbHrI067216@gitrepo.freebsd.org> Subject: git: 7ac276298b72 - main - Remove Secure RPC DES authentication X-Canary-Draft: 3 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="689b1a61_60709938_50e" --689b1a61_60709938_50e Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello=21 This commit breaks x11-server/xwayland =46AILED: os/liblibxserver=5Fos.a.p/rpcauth.c.o cc -Ios/liblibxserver=5Fo= s.a.p -Ios -I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I.= ./composite -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor = -Imi -I../mi -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/syn= c -Idbe -I../dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include -= Ipresent -I../present -Irandr -I../randr -Irender -I../render -Ixfixes -I= ../xfixes -I/usr/local/include -I/usr/local/include/pixman-1 -I/usr/local= /include/freetype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dne= ver -D=5F=46ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99= -DHAVE=5FDIX=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden -= Wall -Wpointer-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-prototy= pes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-style= -definition -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissin= g-format-attribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnull= -Werror=3Dinit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Dse= quence-point -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-bo= unds -Werror=3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-c= ast -Werror=3Dpointer-to-int-cast -O2 -pipe -fstack-protector-strong -fno= -strict-aliasing -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5F= BSD=5FSOURCE -DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD = -MQ os/liblibxserver=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p= /rpcauth.c.o.d -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.= c ../os/rpcauth.c:110:52: error: incomplete definition of type 'struct au= thdes=5Fcred' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)= ->adc=5Ffullname.name); =7C =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=5E= ../os/rpcauth.c:110:22: note: forward declaration of 'struct authdes=5Fc= red' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ff= ullname.name); =7C =5E 1 error generated. -- Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team (fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD) > On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5, = =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter wrote: > The branch main has been updated by ivy: > > URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298b72982189ac= 1a5b17461936dc00163e > > commit 7ac276298b72982189ac1a5b17461936dc00163e > Author: Lexi Winter > AuthorDate: 2025-08-10 12:57:36 +0000 > Commit: Lexi Winter > CommitDate: 2025-08-10 15:36:40 +0000 > > Remove Secure RPC DES authentication > > =46ollowing the earlier removal of keyserv, none of this functionality > works since it requires keyserv. > > Remove the relevant symbols from libc's Symbol.map. Leave compatibility= > symbols for existing applications, but since the functions don't work > without keyserv, stub them out to return an error. > > Remove some private symbols that were only used by keyserv; these don't= > get compatibility symbols. > > Remove the documentation for the old functions. > > Remove rpc.ypupdated since it requires DES authentication. > > Reviewed by: manu, des, emaste > Differential Revision: https://reviews.freebsd.org/D50442 > --- > Obsolete=46iles.inc =7C 4 + > include/rpc/auth=5Fdes.h =7C 79 +---- > lib/libc/rpc/Symbol.map =7C 19 -- > lib/libc/rpc/auth=5Fdes.c =7C 455 +---------------------------- > lib/libc/rpc/authdes=5Fprot.c =7C 44 +-- > lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------ > lib/libc/rpc/publickey.5 =7C 40 --- > lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +----------- > lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +- > lib/libc/rpc/rpc=5Fsoc.c =7C 31 +- > lib/libc/rpc/svc=5Fauth.c =7C 8 - > lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +----------------------------- > lib/librpcsvc/Makefile =7C 2 +- > lib/librpcsvc/yp=5Fupdate.c =7C 199 ------------- > libexec/rc/rc.conf =7C 1 - > libexec/rc/rc.d/Makefile =7C 1 - > libexec/rc/rc.d/ypupdated =7C 35 --- > share/man/man5/rc.conf.5 =7C 9 +- > sys/rpc/auth.h =7C 26 -- > tools/build/mk/OptionalObsolete=46iles.inc =7C 2 - > usr.sbin/Makefile =7C 1 - > usr.sbin/rpc.ypupdated/Makefile =7C 32 --- > usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 -- > usr.sbin/rpc.ypupdated/update.c =7C 328 --------------------- > usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 ----- > usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C 147 ---------- > usr.sbin/rpc.ypupdated/ypupdate =7C 32 --- > usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 --- > usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 ------------------- > usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 --------------- > 30 files changed, 83 insertions(+), 3118 deletions(-) > > diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc > index ec324e82f86d..a6662d31829f 100644 > --- a/Obsolete=46iles.inc > +++ b/Obsolete=46iles.inc > =40=40 -51,6 +51,10 =40=40 > =23 xargs -n1 =7C sort =7C uniq -d; > =23 done > > +=23 20250810: Removal of remaining Secure RPC (DES) bits > +OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated > +OLD=5F=46ILES+=3Detc/rc.d/ypupdated > + > =23 20250808: nvmfd removed from base install > OLD=5F=46ILES+=3Dusr/sbin/nvmfd > OLD=5F=46ILES+=3Dusr/share/man/man8/nvmfd.8.gz > diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fdes.h > index 0ff43c13139b..1b4943a74b8b 100644 > --- a/include/rpc/auth=5Fdes.h > +++ b/include/rpc/auth=5Fdes.h > =40=40 -33,91 +33,14 =40=40 > * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. > */ > > -/* > - * auth=5Fdes.h, Protocol for DES style authentication for RPC > - */ > +/* Note, RPC DES authentication was removed in =46reeBSD 15.0. */ > > =23ifndef =5FAUTH=5FDES=5F > =23define =5FAUTH=5FDES=5F > > -/* > - * There are two kinds of =22names=22: fullnames and nicknames > - */ > -enum authdes=5Fnamekind =7B > - ADN=5F=46ULLNAME, > - ADN=5FNICKNAME > -=7D; > - > -/* > - * A fullname contains the network name of the client, > - * a conversation key and the window > - */ > -struct authdes=5Ffullname =7B > - char *name; /* network name of client, up to MAXNETNAMELEN */ > - des=5Fblock key; /* conversation key */ > - u=5Flong window; /* associated window */ > -=7D; > - > - > -/* > - * A credential > - */ > -struct authdes=5Fcred =7B > - enum authdes=5Fnamekind adc=5Fnamekind; > - struct authdes=5Ffullname adc=5Ffullname; > - u=5Flong adc=5Fnickname; > -=7D; > - > - > - > -/* > - * A des authentication verifier > - */ > -struct authdes=5Fverf =7B > - union =7B > - struct timeval adv=5Fctime; /* clear time */ > - des=5Fblock adv=5Fxtime; /* crypt time */ > - =7D adv=5Ftime=5Fu; > - u=5Flong adv=5Fint=5Fu; > -=7D; > - > -/* > - * des authentication verifier: client variety > - * > - * adv=5Ftimestamp is the current time. > - * adv=5Fwinverf is the credential window + 1. > - * Both are encrypted using the conversation key. > - */ > -=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime > -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime > -=23define adv=5Fwinverf adv=5Fint=5Fu > - > -/* > - * des authentication verifier: server variety > - * > - * adv=5Ftimeverf is the client's timestamp + client's window > - * adv=5Fnickname is the server's nickname for the client. > - * adv=5Ftimeverf is encrypted using the conversation key. > - */ > -=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime > -=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime > -=23define adv=5Fnickname adv=5Fint=5Fu > - > -/* > - * Map a des credential into a unix cred. > - * > - */ > -=5F=5FBEGIN=5FDECLS > -extern int authdes=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, gid= =5Ft *, int *, gid=5Ft * ); > -=5F=5FEND=5FDECLS > - > =5F=5FBEGIN=5FDECLS > -extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *); > -extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *); > extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *, > struct timeval *); > -extern void kgetnetname(char *); > -extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct rp= c=5Fmsg *); > =5F=5FEND=5FDECLS > > =23endif /* ndef =5FAUTH=5FDES=5F */ > diff --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map > index 105d6fb6b54e..61e8e084b1e0 100644 > --- a/lib/libc/rpc/Symbol.map > +++ b/lib/libc/rpc/Symbol.map > =40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B > xdr=5Fdesargs; > xdr=5Fdesresp; > > - authdes=5Fseccreate; > - authdes=5Fpk=5Fseccreate; > authnone=5Fcreate; > authunix=5Fcreate; > authunix=5Fcreate=5Fdefault; > - xdr=5Fauthdes=5Fcred; > - xdr=5Fauthdes=5Fverf; > xdr=5Fauthunix=5Fparms; > bindresvport; > bindresvport=5Fsa; > =40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B > endrpcent; > getrpcent; > getrpcport; > - key=5Fsetsecret; > - key=5Fsecretkey=5Fis=5Fset; > - key=5Fencryptsession=5Fpk; > - key=5Fdecryptsession=5Fpk; > - key=5Fencryptsession; > - key=5Fdecryptsession; > - key=5Fgendes; > - key=5Fsetnet; > - key=5Fget=5Fconv; > xdr=5Fkeystatus; > xdr=5Fkeybuf; > xdr=5Fnetnamestr; > =40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B > callrpc; > registerrpc; > clnt=5Fbroadcast; > - authdes=5Fcreate; > clntunix=5Fcreate; > svcunix=5Fcreate; > svcunixfd=5Fcreate; > =40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B > =5Fauthenticate; > =5Fsvcauth=5Fnull; > svc=5Fauth=5Freg; > - =5Fsvcauth=5Fdes; > - authdes=5Fgetucred; > =5Fsvcauth=5Funix; > =5Fsvcauth=5Fshort; > svc=5Fdg=5Fcreate; > =40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B > > =46BSDprivate=5F1.0 =7B > =5F=5Fdes=5Fcrypt=5FLOCAL; > - =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL; > - =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL; > - =5F=5Fkey=5Fgendes=5FLOCAL; > =5F=5Fsvc=5Fclean=5Fidle; > =5F=5Frpc=5Fgss=5Funwrap; > =5F=5Frpc=5Fgss=5Funwrap=5Fstub; > diff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c > index c9b20de25cda..754d55cbed3e 100644 > --- a/lib/libc/rpc/auth=5Fdes.c > +++ b/lib/libc/rpc/auth=5Fdes.c > =40=40 -30,463 +30,34 =40=40 > /* > * Copyright (c) 1988 by Sun Microsystems, Inc. > */ > + > /* > - * auth=5Fdes.c, client-side implementation of DES authentication > + * Secure RPC DES authentication was removed in =46reeBSD 15.0. > + * These symbols are provided for backward compatibility, but provide = no > + * functionality and will always return an error. > */ > > =23include =22namespace.h=22 > =23include =22reentrant.h=22 > -=23include > -=23include > -=23include > -=23include > -=23include > -=23include > -=23include > =23include > =23include > =23include > -=23include > -=23include > -=23include > -=23undef NIS > =23include > =23include =22un-namespace.h=22 > -=23include =22mt=5Fmisc.h=22 > - > -=23define USEC=5FPER=5FSEC 1000000 > -=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */ > - > -=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5Fpriv= ate > -=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc(sizeof(ob= ject=5Ftype)) > -=23define =46REE(ptr, size) mem=5Ffree((char *)(ptr), (int) size) > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > - > -extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *);= > -extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *);= > -extern int key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *);= > - > -extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, nis=5F= server *, char *, > - char **, char **); > > -/* > - * DES authenticator operations vector > - */ > -static void authdes=5Fnextverf(AUTH *); > -static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *); > -static bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *); > -static bool=5Ft authdes=5Frefresh(AUTH *, void *); > -static void authdes=5Fdestroy(AUTH *); > - > -static struct auth=5Fops *authdes=5Fops(void); > - > -/* > - * This struct is pointed to by the ah=5Fprivate field of an =22AUTH *= =22 > - */ > -struct ad=5Fprivate =7B > - char *ad=5Ffullname; /* client's full name */ > - u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */ > - char *ad=5Fservername; /* server's full name */ > - u=5Fint ad=5Fservernamelen; /* length of name, rounded up */ > - u=5Fint ad=5Fwindow; /* client specified window */ > - bool=5Ft ad=5Fdosync; /* synchronize=3F */ > - struct netbuf ad=5Fsyncaddr; /* remote host to synch with */ > - char *ad=5Ftimehost; /* remote host to synch with */ > - struct timeval ad=5Ftimediff; /* server's time - client's time */ > - u=5Fint ad=5Fnickname; /* server's nickname for client */ > - struct authdes=5Fcred ad=5Fcred; /* storage for credential */ > - struct authdes=5Fverf ad=5Fverf; /* storage for verifier */ > - struct timeval ad=5Ftimestamp; /* timestamp sent */ > - des=5Fblock ad=5Fxkey; /* encrypted conversation key */ > - u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public key */ > - char *ad=5Fnetid; /* Timehost netid */ > - char *ad=5Fuaddr; /* Timehost uaddr */ > - nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ server struct */ > -=7D; > - > -AUTH *authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, const = char *, > - const des=5Fblock *, nis=5Fserver *); > - > -/* > - * documented version of authdes=5Fseccreate > - */ > -/* > - servername: network name of server > - win: time to live > - timehost: optional hostname to sync with > - ckey: optional conversation key to use > -*/ > - > -AUTH * > -authdes=5Fseccreate(const char *servername, const u=5Fint win, > +static AUTH * > +=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win, > const char *timehost, const des=5Fblock *ckey) > =7B > - u=5Fchar pkey=5Fdata=5B1024=5D; > - netobj pkey; > - AUTH *dummy; > - > - if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B > - syslog(LOG=5FERR, > - =22authdes=5Fseccreate: no public key found for %s=22, > - servername); > - return (NULL); > - =7D > - > - pkey.n=5Fbytes =3D (char *) pkey=5Fdata; > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1; > - dummy =3D authdes=5Fpk=5Fseccreate(servername, &pkey, win, timehost, > - ckey, NULL); > - return (dummy); > -=7D > - > -/* > - * Slightly modified version of authdessec=5Fcreate which takes the pu= blic key > - * of the server principal as an argument. This spares us a call to > - * getpublickey() which in the nameserver context can cause a deadlock= . > - */ > -AUTH * > -authdes=5Fpk=5Fseccreate(const char *servername, netobj *pkey, u=5Fint= window, > - const char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr) > -=7B > - AUTH *auth; > - struct ad=5Fprivate *ad; > - char namebuf=5BMAXNETNAMELEN+1=5D; > - > - /* > - * Allocate everything now > - */ > - auth =3D ALLOC(AUTH); > - if (auth =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > - return (NULL); > - =7D > - ad =3D ALLOC(struct ad=5Fprivate); > - if (ad =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - ad->ad=5Ffullname =3D ad->ad=5Fservername =3D NULL; /* Sanity reasons= */ > - ad->ad=5Ftimehost =3D NULL; > - ad->ad=5Fnetid =3D NULL; > - ad->ad=5Fuaddr =3D NULL; > - ad->ad=5Fnis=5Fsrvr =3D NULL; > - ad->ad=5Ftimediff.tv=5Fsec =3D 0; > - ad->ad=5Ftimediff.tv=5Fusec =3D 0; > - memcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen); > - if (=21getnetname(namebuf)) > - goto failed; > - ad->ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf)); > - ad->ad=5Ffullname =3D (char *)mem=5Falloc(ad->ad=5Ffullnamelen + 1); > - ad->ad=5Fservernamelen =3D strlen(servername); > - ad->ad=5Fservername =3D (char *)mem=5Falloc(ad->ad=5Fservernamelen + = 1); > - > - if (ad->ad=5Ffullname =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D N= ULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - if (timehost =21=3D NULL) =7B > - ad->ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timehost) + 1); > - if (ad->ad=5Ftimehost =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - memcpy(ad->ad=5Ftimehost, timehost, strlen(timehost) + 1); > - ad->ad=5Fdosync =3D TRUE; > - =7D else if (srvr =21=3D NULL) =7B > - ad->ad=5Fnis=5Fsrvr =3D srvr; /* transient */ > - ad->ad=5Fdosync =3D TRUE; > - =7D else =7B > - ad->ad=5Fdosync =3D =46ALSE; > - =7D > - memcpy(ad->ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1); > - memcpy(ad->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1); > - ad->ad=5Fwindow =3D window; > - if (ckey =3D=3D NULL) =7B > - if (key=5Fgendes(&auth->ah=5Fkey) < 0) =7B > - syslog(LOG=5FERR, > - =22authdes=5Fseccreate: keyserv(1m) is unable to generate session key= =22); > - goto failed; > - =7D > - =7D else =7B > - auth->ah=5Fkey =3D *ckey; > - =7D > - > - /* > - * Set up auth handle > - */ > - auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES; > - auth->ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES; > - auth->ah=5Fops =3D authdes=5Fops(); > - auth->ah=5Fprivate =3D (caddr=5Ft)ad; > - > - if (=21authdes=5Frefresh(auth, NULL)) =7B > - goto failed; > - =7D > - ad->ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */ > - return (auth); > - > -failed: > - if (auth) > - =46REE(auth, sizeof (AUTH)); > - if (ad) =7B > - if (ad->ad=5Ffullname) > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > - if (ad->ad=5Fservername) > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > - if (ad->ad=5Ftimehost) > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > - if (ad->ad=5Fnetid) > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > - if (ad->ad=5Fuaddr) > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > - =46REE(ad, sizeof (struct ad=5Fprivate)); > - =7D > return (NULL); > =7D > +=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46= BSD=5F1.0); > > -/* > - * Implement the five authentication operations > - */ > - > - > -/* > - * 1. Next Verifier > - */ > -/*ARGSUSED*/ > -static void > -authdes=5Fnextverf(AUTH *auth =5F=5Funused) > +static AUTH * > +=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused, ne= tobj *pkey =5F=5Funused, > + u=5Fint window =5F=5Funused, const char *timehost =5F=5Funused, > + const des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funused= ) > =7B > - /* what the heck am I supposed to do=3F=3F=3F */ > -=7D > - > - > -/* > - * 2. Marshal > - */ > -static bool=5Ft > -authdes=5Fmarshal(AUTH *auth, XDR *xdrs) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > - struct authdes=5Fverf *verf =3D &ad->ad=5Fverf; > - des=5Fblock cryptbuf=5B2=5D; > - des=5Fblock ivec; > - int status; > - int len; > - rpc=5Finline=5Ft *ixdr; > - > - /* > - * =46igure out the =22time=22, accounting for any time difference > - * with the server if necessary. > - */ > - (void)gettimeofday(&ad->ad=5Ftimestamp, NULL); > - ad->ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec; > - ad->ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec; > - while (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B > - ad->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC; > - ad->ad=5Ftimestamp.tv=5Fsec++; > - =7D > - > - /* > - * XDR the timestamp and possibly some other things, then > - * encrypt them. > - */ > - ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fsec); > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fusec); > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow); > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1); > - ivec.key.high =3D ivec.key.low =3D 0; > - status =3D cbc=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > - (u=5Fint) 2 * sizeof (des=5Fblock), > - DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec); > - =7D else =7B > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > - (u=5Fint) sizeof (des=5Fblock), > - DES=5FENCRYPT =7C DES=5FHW); > - =7D > - if (DES=5F=46AILED(status)) =7B > - syslog(LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22); > - return (=46ALSE); > - =7D > - ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D; > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.key.high; > - ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.low; > - =7D else =7B > - ad->ad=5Fcred.adc=5Fnickname =3D ad->ad=5Fnickname; > - ad->ad=5Fverf.adv=5Fwinverf =3D 0; > - =7D > - > - /* > - * Serialize the credential and verifier into opaque > - * authentication data. > - */ > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad->ad=5Ffullname= len); > - =7D else =7B > - len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > - =7D > - > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > - IXDR=5FPUT=5FINT32(ixdr, len); > - =7D else =7B > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Fflavor)); > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > - =7D > - ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred)); > - > - len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > - IXDR=5FPUT=5FINT32(ixdr, len); > - =7D else =7B > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor)); > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > - =7D > - ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf)); > - return (TRUE); > -=7D > - > - > -/* > - * 3. Validate > - */ > -static bool=5Ft > -authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fverf verf; > - int status; > - uint32=5Ft *ixdr; > - des=5Fblock buf; > - > - if (rverf->oa=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B= > - return (=46ALSE); > - =7D > -/* LINTED pointer alignment */ > - ixdr =3D (uint32=5Ft *)rverf->oa=5Fbase; > - buf.key.high =3D (uint32=5Ft)*ixdr++; > - buf.key.low =3D (uint32=5Ft)*ixdr++; > - verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++; > - > - /* > - * Decrypt the timestamp > - */ > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)&buf, > - (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW); > - > - if (DES=5F=46AILED(status)) =7B > - syslog(LOG=5FERR, =22authdes=5Fvalidate: DES decryption failure=22); > - return (=46ALSE); > - =7D > - > - /* > - * xdr the decrypted timestamp > - */ > -/* LINTED pointer alignment */ > - ixdr =3D (uint32=5Ft *)buf.c; > - verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1; > - verf.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr); > - > - /* > - * validate > - */ > - if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5Ftimestamp, > - sizeof(struct timeval)) =21=3D 0) =7B > - syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatch=22); > - return (=46ALSE); > - =7D > - > - /* > - * We have a nickname now, let's use it > - */ > - ad->ad=5Fnickname =3D verf.adv=5Fnickname; > - ad->ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME; > - return (TRUE); > -=7D > - > -/* > - * 4. Refresh > - */ > -/*ARGSUSED*/ > -static bool=5Ft > -authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > - int ok; > - netobj pkey; > - > - if (ad->ad=5Fdosync) =7B > - ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->ad=5Ftimediff, ad->ad=5Fn= is=5Fsrvr, > - ad->ad=5Ftimehost, &(ad->ad=5Fuaddr), > - &(ad->ad=5Fnetid)); > - if (=21 ok) =7B > - /* > - * Hope the clocks are synced=21 > - */ > - ad->ad=5Fdosync =3D 0; > - syslog(LOG=5FDEBUG, > - =22authdes=5Frefresh: unable to synchronize clock=22); > - =7D > - =7D > - ad->ad=5Fxkey =3D auth->ah=5Fkey; > - pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey); > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1; > - if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &ad->ad=5Fx= key) < 0) =7B > - syslog(LOG=5FIN=46O, > - =22authdes=5Frefresh: keyserv(1m) is unable to encrypt session key=22= ); > - return (=46ALSE); > - =7D > - cred->adc=5Ffullname.key =3D ad->ad=5Fxkey; > - cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME; > - cred->adc=5Ffullname.name =3D ad->ad=5Ffullname; > - return (TRUE); > -=7D > - > - > -/* > - * 5. Destroy > - */ > -static void > -authdes=5Fdestroy(AUTH *auth) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > - if (ad->ad=5Ftimehost) > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > - if (ad->ad=5Fnetid) > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > - if (ad->ad=5Fuaddr) > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > - =46REE(ad, sizeof (struct ad=5Fprivate)); > - =46REE(auth, sizeof(AUTH)); > -=7D > - > -static struct auth=5Fops * > -authdes=5Fops(void) > -=7B > - static struct auth=5Fops ops; > - > - /* VARIABLES PROTECTED BY ops=5Flock: ops */ > - > - mutex=5Flock(&authdes=5Fops=5Flock); > - if (ops.ah=5Fnextverf =3D=3D NULL) =7B > - ops.ah=5Fnextverf =3D authdes=5Fnextverf; > - ops.ah=5Fmarshal =3D authdes=5Fmarshal; > - ops.ah=5Fvalidate =3D authdes=5Fvalidate; > - ops.ah=5Frefresh =3D authdes=5Frefresh; > - ops.ah=5Fdestroy =3D authdes=5Fdestroy; > - =7D > - mutex=5Funlock(&authdes=5Fops=5Flock); > - return (&ops); > + return (NULL); > =7D > +=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fsecc= reate, =46BSD=5F1.0); > diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fpro= t.c > index 79a0e5baa084..56b44daafe41 100644 > --- a/lib/libc/rpc/authdes=5Fprot.c > +++ b/lib/libc/rpc/authdes=5Fprot.c > =40=40 -42,44 +42,16 =40=40 > =23include > =23include =22un-namespace.h=22 > > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > - > -bool=5Ft > -xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred) > +static bool=5Ft > +=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cred) > =7B > - enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred->adc=5Fnamekind; > - /* > - * Unrolled xdr > - */ > - ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind)); > - switch (cred->adc=5Fnamekind) =7B > - case ADN=5F=46ULLNAME: > - ATTEMPT(xdr=5Fstring(xdrs, &cred->adc=5Ffullname.name, > - MAXNETNAMELEN)); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key, > - sizeof(des=5Fblock))); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.window, > - sizeof(cred->adc=5Ffullname.window))); > - return (TRUE); > - case ADN=5FNICKNAME: > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname, > - sizeof(cred->adc=5Fnickname))); > - return (TRUE); > - default: > - return (=46ALSE); > - =7D > + return (=46ALSE); > =7D > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred, =46= BSD=5F1.0); > > - > -bool=5Ft > -xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf) > +static bool=5Ft > +=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf) > =7B > - /* > - * Unrolled xdr > - */ > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp, > - sizeof(des=5Fblock))); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fint=5Fu, > - sizeof(verf->adv=5Fint=5Fu))); > - return (TRUE); > + return (=46ALSE); > =7D > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf, =46= BSD=5F1.0); > diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c > index 5c87881c815c..eb274fcfff36 100644 > --- a/lib/libc/rpc/key=5Fcall.c > +++ b/lib/libc/rpc/key=5Fcall.c > =40=40 -32,426 +32,78 =40=40 > */ > > /* > - * key=5Fcall.c, Interface to keyserver > - * > - * setsecretkey(key) - set your secret key > - * encryptsessionkey(agent, deskey) - encrypt a session key to talk to= agent > - * decryptsessionkey(agent, deskey) - decrypt ditto > - * gendeskey(deskey) - generate a secure des key > + * Secure RPC keyserver support was removed in =46reeBSD 15.0. > + * These symbols are provided for backward compatibility, but provide = no > + * functionality and will always return an error. > */ > > =23include =22namespace.h=22 > =23include =22reentrant.h=22 > -=23include > -=23include > -=23include > -=23include > =23include > -=23include > -=23include > =23include > -=23include > -=23include > -=23include > -=23include > -=23include > -=23include > -=23include > +=23include > =23include =22un-namespace.h=22 > =23include =22mt=5Fmisc.h=22 > > - > -=23define KEY=5FTIMEOUT 5 /* per-try timeout in seconds */ > -=23define KEY=5FNRETRY 12 /* number of retries */ > - > -=23ifdef DEBUG > -=23define debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg); > -=23else > -=23define debug(msg) > -=23endif /* DEBUG */ > - > -/* > - * Hack to allow the keyserver to use AUTH=5FDES (for authenticated > - * NIS+ calls, for example). The only functions that get called > - * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key=5F= gendes. > - * > - * The approach is to have the keyserver fill in pointers to local > - * implementations of these functions, and to call those in key=5Fcall= (). > - */ > - > -cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, void = *arg) =3D 0; > -cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, void = *arg) =3D 0; > -des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0; > - > -static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, voi= d *); > - > -int > -key=5Fsetsecret(const char *secretkey) > -=7B > - keystatus status; > - > - if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf, > - (void *)secretkey, > - (xdrproc=5Ft)xdr=5Fkeystatus, &status)) =7B > - return (-1); > - =7D > - if (status =21=3D KEY=5FSUCCESS) =7B > - debug(=22set status is nonzero=22); > - return (-1); > - =7D > - return (0); > -=7D > - > - > -/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the keyserver has a secre= t key > - * stored for the caller's effective uid; it returns 0 otherwise > - * > - * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications sh= ouldn't > - * be using it, because it allows them to get the user's secret key. > - */ > - > -int > -key=5Fsecretkey=5Fis=5Fset(void) > -=7B > - struct key=5Fnetstres kres; > - > - memset((void*)&kres, 0, sizeof (kres)); > - if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid, N= ULL, > - (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &kres) && > - (kres.status =3D=3D KEY=5FSUCCESS) && > - (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B > - /* avoid leaving secret key in memory */ > - memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES);= > - return (1); > - =7D > - return (0); > -=7D > - > -int > -key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fb= lock *deskey) > -=7B > - cryptkeyarg2 arg; > - cryptkeyres res; > - > - arg.remotename =3D remotename; > - arg.remotekey =3D *remotekey; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcr= yptkeyarg2, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22encrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > -=7D > - > -int > -key=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fb= lock *deskey) > -=7B > - cryptkeyarg2 arg; > - cryptkeyres res; > - > - arg.remotename =3D remotename; > - arg.remotekey =3D *remotekey; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcr= yptkeyarg2, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22decrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > -=7D > - > -int > -key=5Fencryptsession(const char *remotename, des=5Fblock *deskey) > +static int > +=5F=5Fkey=5Fsetsecret(const char *secretkey) > =7B > - cryptkeyarg arg; > - cryptkeyres res; > - > - arg.remotename =3D (char *) remotename; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22encrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > + return (-1); > =7D > +=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F1.= 0); > > -int > -key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey) > +static int > +=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void) > =7B > - cryptkeyarg arg; > - cryptkeyres res; > - > - arg.remotename =3D (char *) remotename; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22decrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > return (0); > =7D > +=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey=5F= is=5Fset, =46BSD=5F1.0); > > -int > -key=5Fgendes(des=5Fblock *key) > +static int > +=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, d= es=5Fblock *deskey) > =7B > - if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NULL,= > - (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B > - return (-1); > - =7D > - return (0); > + return (-1); > =7D > +=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptsessi= on=5Fpk, =46BSD=5F1.0); > > -int > -key=5Fsetnet(struct key=5Fnetstarg *arg) > +static int > +=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, d= es=5Fblock *deskey) > =7B > *** 2726 LINES SKIPPED *** > --689b1a61_60709938_50e Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <= meta name=3D=22viewport=22 content=3D=22width=3Ddevice-width, initial-sca= le=3D1.0, user-scalable=3Dno=22>
Hello=21

This commit bre= aks x11-server/xwayland

=46AILED: os/liblibxserv= er=5Fos.a.p/rpcauth.c.o =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 cc -Ios/liblibxserver=5Fos.a.p -Ios -= I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I../composite = -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor -Imi -I../mi= -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/sync -Idbe -I..= /dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include -Ipresent -I.= ./present -Irandr -I../randr -Irender -I../render -Ixfixes -I../xfixes -I= /usr/local/include -I/usr/local/include/pixman-1 -I/usr/local/include/fre= etype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dnever -D=5F=46= ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99 -DHAVE=5FDI= X=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden -Wall -Wpoint= er-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-prototypes -Wmissin= g-prototypes -Wnested-externs -Wbad-function-cast -Wold-style-definition = -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissing-format-att= ribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnull -Werror=3Di= nit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Dsequence-point= -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-bounds -Werror= =3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-cast -Werror=3D= pointer-to-int-cast -O2 -pipe -fstack-protector-strong -fno-strict-aliasi= ng -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5FBSD=5FSOURCE -= DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD -MQ os/liblibx= server=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p/rpcauth.c.o.d= -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.c =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ../os/rpcauth.c:110:52: error:= incomplete definition of type 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0110 =7C =C2=A0 =C2=A0 return (((struct authdes=5Fcred *) r.rq=5F= clntcred)->adc=5Ffullname.name); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=5E =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0../os/rpcauth.= c:110:22: note: forward declaration of 'struct authdes=5Fcred' =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110 =7C =C2=A0 =C2=A0 re= turn (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ffullname.name= ); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=7C =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=5E =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01 error generated.


=
--
Dima. (desktop, kde, x11, office, ports-secte= am)=40=46reeBSD team
(fluffy=40=46reeBSD.org, https://t.me/=46l= uffyBSD)

On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5, =D0= =B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter <ivy=40=46reeBSD.org> wrote:
The branch main has been updated by ivy:

URL: https://cgit.=46r= eeBSD.org/src/commit/=3Fid=3D7ac276298b72982189ac1a5b17461936dc00163e
commit 7ac276298b72982189ac1a5b17461936dc00163e
Author: Lexi Wi= nter <ivy=40=46reeBSD.org>
AuthorDate: 2025-08-10 12:57:36 +000= 0
Commit: Lexi Winter <ivy=40=46reeBSD.org>
CommitDate: 202= 5-08-10 15:36:40 +0000

Remove Secure RPC DES authentication
=46ollowing the earlier removal of keyserv, none of this functiona= lity
works since it requires keyserv.

Remove the relevant = symbols from libc's Symbol.map. Leave compatibility
symbols for exis= ting applications, but since the functions don't work
without keyser= v, stub them out to return an error.

Remove some private symbol= s that were only used by keyserv; these don't
get compatibility symb= ols.

Remove the documentation for the old functions.

= Remove rpc.ypupdated since it requires DES authentication.

Revi= ewed by: manu, des, emaste
Differential Revision: https://reviews.fr= eebsd.org/D50442
---
Obsolete=46iles.inc =7C 4 +
include/rp= c/auth=5Fdes.h =7C 79 +----
lib/libc/rpc/Symbol.map =7C 19 --
l= ib/libc/rpc/auth=5Fdes.c =7C 455 +----------------------------
lib/l= ibc/rpc/authdes=5Fprot.c =7C 44 +--
lib/libc/rpc/key=5Fcall.c =7C 42= 4 +++------------------------
lib/libc/rpc/publickey.5 =7C 40 --- lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +-----------
lib/libc/rpc/rpc= =5Fsoc.3 =7C 13 +-
lib/libc/rpc/rpc=5Fsoc.c =7C 31 +-
lib/libc/= rpc/svc=5Fauth.c =7C 8 -
lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +--= ---------------------------
lib/librpcsvc/Makefile =7C 2 +-
lib= /librpcsvc/yp=5Fupdate.c =7C 199 -------------
libexec/rc/rc.conf =7C= 1 -
libexec/rc/rc.d/Makefile =7C 1 -
libexec/rc/rc.d/ypupdated= =7C 35 ---
share/man/man5/rc.conf.5 =7C 9 +-
sys/rpc/auth.h =7C= 26 --
tools/build/mk/OptionalObsolete=46iles.inc =7C 2 -
usr.s= bin/Makefile =7C 1 -
usr.sbin/rpc.ypupdated/Makefile =7C 32 ---
= usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 --
usr.sbin/rpc.ypupd= ated/update.c =7C 328 ---------------------
usr.sbin/rpc.ypupdated/y= p=5Fdbdelete.c =7C 68 -----
usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C= 147 ----------
usr.sbin/rpc.ypupdated/ypupdate =7C 32 ---
usr.= sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 ---
usr.sbin/rpc.ypup= dated/ypupdated=5Fmain.c =7C 287 -------------------
usr.sbin/rpc.yp= updated/ypupdated=5Fserver.c =7C 227 ---------------
30 files change= d, 83 insertions(+), 3118 deletions(-)

diff --git a/Obsolete=46i= les.inc b/Obsolete=46iles.inc
index ec324e82f86d..a6662d31829f 100644=
--- a/Obsolete=46iles.inc
+++ b/Obsolete=46iles.inc
=40=40 -= 51,6 +51,10 =40=40
=23 xargs -n1 =7C sort =7C uniq -d;
=23 done=

+=23 20250810: Removal of remaining Secure RPC (DES) bits
+= OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated
+OLD=5F=46ILES+=3Detc/rc.d/yp= updated
+
=23 20250808: nvmfd removed from base install
OLD= =5F=46ILES+=3Dusr/sbin/nvmfd
OLD=5F=46ILES+=3Dusr/share/man/man8/nvm= fd.8.gz
diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fde= s.h
index 0ff43c13139b..1b4943a74b8b 100644
--- a/include/rpc/aut= h=5Fdes.h
+++ b/include/rpc/auth=5Fdes.h
=40=40 -33,91 +33,14 =40= =40
* Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
*/
-/*
- * auth=5Fdes.h, Protocol for DES style authentication fo= r RPC
- */
+/* Note, RPC DES authentication was removed in =46ree= BSD 15.0. */

=23ifndef =5FAUTH=5FDES=5F
=23define =5FAUTH=5F= DES=5F

-/*
- * There are two kinds of =22names=22: fullnames= and nicknames
- */
-enum authdes=5Fnamekind =7B
- ADN=5F=46U= LLNAME,
- ADN=5FNICKNAME
-=7D;
-
-/*
- * A fullname c= ontains the network name of the client,
- * a conversation key and th= e window
- */
-struct authdes=5Ffullname =7B
- char *name; /*= network name of client, up to MAXNETNAMELEN */
- des=5Fblock key; /*= conversation key */
- u=5Flong window; /* associated window */
-= =7D;
-
-
-/*
- * A credential
- */
-struct authde= s=5Fcred =7B
- enum authdes=5Fnamekind adc=5Fnamekind;
- struct a= uthdes=5Ffullname adc=5Ffullname;
- u=5Flong adc=5Fnickname;
-=7D= ;
-
-
-
-/*
- * A des authentication verifier
- *= /
-struct authdes=5Fverf =7B
- union =7B
- struct timeval adv= =5Fctime; /* clear time */
- des=5Fblock adv=5Fxtime; /* crypt time *= /
- =7D adv=5Ftime=5Fu;
- u=5Flong adv=5Fint=5Fu;
-=7D;
-=
-/*
- * des authentication verifier: client variety
- *
= - * adv=5Ftimestamp is the current time.
- * adv=5Fwinverf is the cre= dential window + 1.
- * Both are encrypted using the conversation key= .
- */
-=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime
= -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime
-=23define adv= =5Fwinverf adv=5Fint=5Fu
-
-/*
- * des authentication verifie= r: server variety
- *
- * adv=5Ftimeverf is the client's timestam= p + client's window
- * adv=5Fnickname is the server's nickname for t= he client.
- * adv=5Ftimeverf is encrypted using the conversation key= .
- */
-=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime
-= =23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime
-=23define adv=5F= nickname adv=5Fint=5Fu
-
-/*
- * Map a des credential into a = unix cred.
- *
- */
-=5F=5FBEGIN=5FDECLS
-extern int auth= des=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, gid=5Ft *, int *, gid= =5Ft * );
-=5F=5FEND=5FDECLS
-
=5F=5FBEGIN=5FDECLS
-exte= rn bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *);
-ex= tern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *);
= extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *,
st= ruct timeval *);
-extern void kgetnetname(char *);
-extern enum a= uth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct rpc=5Fmsg *);
= =5F=5FEND=5FDECLS

=23endif /* ndef =5FAUTH=5FDES=5F */
dif= f --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map
index 105= d6fb6b54e..61e8e084b1e0 100644
--- a/lib/libc/rpc/Symbol.map
+++ = b/lib/libc/rpc/Symbol.map
=40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B <= br> xdr=5Fdesargs;
xdr=5Fdesresp;

- authdes=5Fseccreate; - authdes=5Fpk=5Fseccreate;
authnone=5Fcreate;
authunix=5Fcre= ate;
authunix=5Fcreate=5Fdefault;
- xdr=5Fauthdes=5Fcred;
- = xdr=5Fauthdes=5Fverf;
xdr=5Fauthunix=5Fparms;
bindresvport; bindresvport=5Fsa;
=40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B
= endrpcent;
getrpcent;
getrpcport;
- key=5Fsetsecret;
-= key=5Fsecretkey=5Fis=5Fset;
- key=5Fencryptsession=5Fpk;
- key=5F= decryptsession=5Fpk;
- key=5Fencryptsession;
- key=5Fdecryptsessi= on;
- key=5Fgendes;
- key=5Fsetnet;
- key=5Fget=5Fconv;
= xdr=5Fkeystatus;
xdr=5Fkeybuf;
xdr=5Fnetnamestr;
=40=40 -13= 0,7 +117,6 =40=40 =46BSD=5F1.0 =7B
callrpc;
registerrpc;
c= lnt=5Fbroadcast;
- authdes=5Fcreate;
clntunix=5Fcreate;
svc= unix=5Fcreate;
svcunixfd=5Fcreate;
=40=40 -180,8 +166,6 =40=40 =46= BSD=5F1.0 =7B
=5Fauthenticate;
=5Fsvcauth=5Fnull;
svc=5Fau= th=5Freg;
- =5Fsvcauth=5Fdes;
- authdes=5Fgetucred;
=5Fsvcau= th=5Funix;
=5Fsvcauth=5Fshort;
svc=5Fdg=5Fcreate;
=40=40 -2= 05,9 +189,6 =40=40 =46BSD=5F1.8 =7B

=46BSDprivate=5F1.0 =7B =5F=5Fdes=5Fcrypt=5FLOCAL;
- =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCA= L;
- =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL;
- =5F=5Fkey=5Fgende= s=5FLOCAL;
=5F=5Fsvc=5Fclean=5Fidle;
=5F=5Frpc=5Fgss=5Funwrap; =
=5F=5Frpc=5Fgss=5Funwrap=5Fstub;
diff --git a/lib/libc/rpc/auth=5F= des.c b/lib/libc/rpc/auth=5Fdes.c
index c9b20de25cda..754d55cbed3e 10= 0644
--- a/lib/libc/rpc/auth=5Fdes.c
+++ b/lib/libc/rpc/auth=5Fde= s.c
=40=40 -30,463 +30,34 =40=40
/*
* Copyright (c) 1988 by= Sun Microsystems, Inc.
*/
+
/*
- * auth=5Fdes.c, clien= t-side implementation of DES authentication
+ * Secure RPC DES authen= tication was removed in =46reeBSD 15.0.
+ * These symbols are provide= d for backward compatibility, but provide no
+ * functionality and wi= ll always return an error.
*/

=23include =22namespace.h=22=
=23include =22reentrant.h=22
-=23include <err.h>
-=23= include <errno.h>
-=23include <string.h>
-=23include = <stdlib.h>
-=23include <unistd.h>
-=23include <rpc= /des=5Fcrypt.h>
-=23include <syslog.h>
=23include <r= pc/types.h>
=23include <rpc/auth.h>
=23include <rpc= /auth=5Fdes.h>
-=23include <rpc/clnt.h>
-=23include <= rpc/xdr.h>
-=23include <sys/socket.h>
-=23undef NIS
= =23include <rpcsvc/nis.h>
=23include =22un-namespace.h=22 -=23include =22mt=5Fmisc.h=22
-
-=23define USEC=5FPER=5FSEC 1000= 000
-=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */
-=
-=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5F= private
-=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc= (sizeof(object=5Ftype))
-=23define =46REE(ptr, size) mem=5Ffree((char= *)(ptr), (int) size)
-=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop))= return (=46ALSE)
-
-extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *,= struct authdes=5Fcred *);
-extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR= *, struct authdes=5Fverf *);
-extern int key=5Fencryptsession=5Fpk(c= har *, netobj *, des=5Fblock *);
-
-extern bool=5Ft =5F=5Frpc=5Fg= et=5Ftime=5Foffset(struct timeval *, nis=5Fserver *, char *,
- char *= *, char **);

-/*
- * DES authenticator operations vector - */
-static void authdes=5Fnextverf(AUTH *);
-static bool=5Ft a= uthdes=5Fmarshal(AUTH *, XDR *);
-static bool=5Ft authdes=5Fvalidate(= AUTH *, struct opaque=5Fauth *);
-static bool=5Ft authdes=5Frefresh(A= UTH *, void *);
-static void authdes=5Fdestroy(AUTH *);
-
-st= atic struct auth=5Fops *authdes=5Fops(void);
-
-/*
- * This s= truct is pointed to by the ah=5Fprivate field of an =22AUTH *=22
- */=
-struct ad=5Fprivate =7B
- char *ad=5Ffullname; /* client's full= name */
- u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */=
- char *ad=5Fservername; /* server's full name */
- u=5Fint ad=5F= servernamelen; /* length of name, rounded up */
- u=5Fint ad=5Fwindow= ; /* client specified window */
- bool=5Ft ad=5Fdosync; /* synchroniz= e=3F */
- struct netbuf ad=5Fsyncaddr; /* remote host to synch with *= /
- char *ad=5Ftimehost; /* remote host to synch with */
- struct= timeval ad=5Ftimediff; /* server's time - client's time */
- u=5Fint= ad=5Fnickname; /* server's nickname for client */
- struct authdes=5F= cred ad=5Fcred; /* storage for credential */
- struct authdes=5Fverf = ad=5Fverf; /* storage for verifier */
- struct timeval ad=5Ftimestamp= ; /* timestamp sent */
- des=5Fblock ad=5Fxkey; /* encrypted conversa= tion key */
- u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public= key */
- char *ad=5Fnetid; /* Timehost netid */
- char *ad=5Fuad= dr; /* Timehost uaddr */
- nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ ser= ver struct */
-=7D;
-
-AUTH *authdes=5Fpk=5Fseccreate(const c= har *, netobj *, u=5Fint, const char *,
- const des=5Fblock *, nis=5F= server *);
-
-/*
- * documented version of authdes=5Fseccreat= e
- */
-/*
- servername: network name of server
- win: ti= me to live
- timehost: optional hostname to sync with
- ckey: opt= ional conversation key to use
-*/
-
-AUTH *
-authdes=5Fse= ccreate(const char *servername, const u=5Fint win,
+static AUTH * +=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win, const char *timehost, const des=5Fblock *ckey)
=7B
- u=5Fchar= pkey=5Fdata=5B1024=5D;
- netobj pkey;
- AUTH *dummy;
-
-= if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B
- syslog= (LOG=5FERR,
- =22authdes=5Fseccreate: no public key found for %s=22, =
- servername);
- return (NULL);
- =7D
-
- pkey.n=5Fby= tes =3D (char *) pkey=5Fdata;
- pkey.n=5Flen =3D (u=5Fint)strlen((cha= r *)pkey=5Fdata) + 1;
- dummy =3D authdes=5Fpk=5Fseccreate(servername= , &pkey, win, timehost,
- ckey, NULL);
- return (dummy);
= -=7D
-
-/*
- * Slightly modified version of authdessec=5Fcrea= te which takes the public key
- * of the server principal as an argum= ent. This spares us a call to
- * getpublickey() which in the nameser= ver context can cause a deadlock.
- */
-AUTH *
-authdes=5Fpk=5F= seccreate(const char *servername, netobj *pkey, u=5Fint window,
- con= st char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr)
-=7B =
- AUTH *auth;
- struct ad=5Fprivate *ad;
- char namebuf=5BMAX= NETNAMELEN+1=5D;
-
- /*
- * Allocate everything now
- */ =
- auth =3D ALLOC(AUTH);
- if (auth =3D=3D NULL) =7B
- syslog(= LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22);
- return (= NULL);
- =7D
- ad =3D ALLOC(struct ad=5Fprivate);
- if (ad =3D= =3D NULL) =7B
- syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of= memory=22);
- goto failed;
- =7D
- ad->ad=5Ffullname =3D = ad->ad=5Fservername =3D NULL; /* Sanity reasons */
- ad->ad=5Ft= imehost =3D NULL;
- ad->ad=5Fnetid =3D NULL;
- ad->ad=5Fuad= dr =3D NULL;
- ad->ad=5Fnis=5Fsrvr =3D NULL;
- ad->ad=5Ftim= ediff.tv=5Fsec =3D 0;
- ad->ad=5Ftimediff.tv=5Fusec =3D 0;
- m= emcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen);
- if (= =21getnetname(namebuf))
- goto failed;
- ad->ad=5Ffullnamelen = =3D RNDUP((u=5Fint) strlen(namebuf));
- ad->ad=5Ffullname =3D (cha= r *)mem=5Falloc(ad->ad=5Ffullnamelen + 1);
- ad->ad=5Fservernam= elen =3D strlen(servername);
- ad->ad=5Fservername =3D (char *)mem= =5Falloc(ad->ad=5Fservernamelen + 1);
-
- if (ad->ad=5Ffull= name =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D NULL) =7B
- sys= log(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22);
- goto fail= ed;
- =7D
- if (timehost =21=3D NULL) =7B
- ad->ad=5Ftimeh= ost =3D (char *)mem=5Falloc(strlen(timehost) + 1);
- if (ad->ad=5F= timehost =3D=3D NULL) =7B
- syslog(LOG=5FERR, =22authdes=5Fseccreate:= out of memory=22);
- goto failed;
- =7D
- memcpy(ad->ad=5F= timehost, timehost, strlen(timehost) + 1);
- ad->ad=5Fdosync =3D T= RUE;
- =7D else if (srvr =21=3D NULL) =7B
- ad->ad=5Fnis=5Fsrv= r =3D srvr; /* transient */
- ad->ad=5Fdosync =3D TRUE;
- =7D = else =7B
- ad->ad=5Fdosync =3D =46ALSE;
- =7D
- memcpy(ad-= >ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1);
- memcpy(ad= ->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1);
- a= d->ad=5Fwindow =3D window;
- if (ckey =3D=3D NULL) =7B
- if (k= ey=5Fgendes(&auth->ah=5Fkey) < 0) =7B
- syslog(LOG=5FERR, <= br>- =22authdes=5Fseccreate: keyserv(1m) is unable to generate session ke= y=22);
- goto failed;
- =7D
- =7D else =7B
- auth->ah=5F= key =3D *ckey;
- =7D
-
- /*
- * Set up auth handle
- = */
- auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES;
- auth->ah= =5Fverf.oa=5Fflavor =3D AUTH=5FDES;
- auth->ah=5Fops =3D authdes=5F= ops();
- auth->ah=5Fprivate =3D (caddr=5Ft)ad;
-
- if (=21= authdes=5Frefresh(auth, NULL)) =7B
- goto failed;
- =7D
- ad-= >ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */
- return (a= uth);
-
-failed:
- if (auth)
- =46REE(auth, sizeof (AUTH)= );
- if (ad) =7B
- if (ad->ad=5Ffullname)
- =46REE(ad->= ad=5Ffullname, ad->ad=5Ffullnamelen + 1);
- if (ad->ad=5Fserver= name)
- =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1)= ;
- if (ad->ad=5Ftimehost)
- =46REE(ad->ad=5Ftimehost, strl= en(ad->ad=5Ftimehost) + 1);
- if (ad->ad=5Fnetid)
- =46REE(= ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1);
- if (ad->ad=5F= uaddr)
- =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); - =46REE(ad, sizeof (struct ad=5Fprivate));
- =7D
return (NULL= );
=7D
+=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5F= seccreate, =46BSD=5F1.0);

-/*
- * Implement the five authent= ication operations
- */
-
-
-/*
- * 1. Next Verifier =
- */
-/*ARGSUSED*/
-static void
-authdes=5Fnextverf(AUTH = *auth =5F=5Funused)
+static AUTH *
+=5F=5Fauthdes=5Fpk=5Fseccreat= e(const char *servername =5F=5Funused, netobj *pkey =5F=5Funused,
+ u= =5Fint window =5F=5Funused, const char *timehost =5F=5Funused,
+ cons= t des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funused)
=7B=
- /* what the heck am I supposed to do=3F=3F=3F */
-=7D
- -
-/*
- * 2. Marshal
- */
-static bool=5Ft
-authdes= =5Fmarshal(AUTH *auth, XDR *xdrs)
-=7B
-/* LINTED pointer alignme= nt */
- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
- struc= t authdes=5Fcred *cred =3D &ad->ad=5Fcred;
- struct authdes=5F= verf *verf =3D &ad->ad=5Fverf;
- des=5Fblock cryptbuf=5B2=5D; =
- des=5Fblock ivec;
- int status;
- int len;
- rpc=5Finli= ne=5Ft *ixdr;
-
- /*
- * =46igure out the =22time=22, account= ing for any time difference
- * with the server if necessary.
- *= /
- (void)gettimeofday(&ad->ad=5Ftimestamp, NULL);
- ad-&g= t;ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec;
- ad-&g= t;ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec;
- whi= le (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B
- a= d->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC;
- ad->ad=5Ft= imestamp.tv=5Fsec++;
- =7D
-
- /*
- * XDR the timestamp a= nd possibly some other things, then
- * encrypt them.
- */
- = ixdr =3D (rpc=5Finline=5Ft *)cryptbuf;
- IXDR=5FPUT=5FINT32(ixdr, ad-= >ad=5Ftimestamp.tv=5Fsec);
- IXDR=5FPUT=5FINT32(ixdr, ad->ad=5F= timestamp.tv=5Fusec);
- if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D AD= N=5F=46ULLNAME) =7B
- IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow= );
- IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1);
- ivec= .key.high =3D ivec.key.low =3D 0;
- status =3D cbc=5Fcrypt((char *)&a= mp;auth->ah=5Fkey, (char *)cryptbuf,
- (u=5Fint) 2 * sizeof (des=5F= block),
- DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec);
- =7D e= lse =7B
- status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (cha= r *)cryptbuf,
- (u=5Fint) sizeof (des=5Fblock),
- DES=5FENCRYPT =7C= DES=5FHW);
- =7D
- if (DES=5F=46AILED(status)) =7B
- syslog(= LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22);
- return= (=46ALSE);
- =7D
- ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbu= f=5B0=5D;
- if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNA= ME) =7B
- ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.= key.high;
- ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.lo= w;
- =7D else =7B
- ad->ad=5Fcred.adc=5Fnickname =3D ad->ad= =5Fnickname;
- ad->ad=5Fverf.adv=5Fwinverf =3D 0;
- =7D
- =
- /*
- * Serialize the credential and verifier into opaque
- = * authentication data.
- */
- if (ad->ad=5Fcred.adc=5Fnamekind= =3D=3D ADN=5F=46ULLNAME) =7B
- len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5F= XDR=5FUNIT + ad->ad=5Ffullnamelen);
- =7D else =7B
- len =3D (= 1 + 1)*BYTES=5FPER=5FXDR=5FUNIT;
- =7D
-
- if ((ixdr =3D xdr=5F= inline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B
- IXDR=5FPUT=5FINT32(i= xdr, AUTH=5FDES);
- IXDR=5FPUT=5FINT32(ixdr, len);
- =7D else =7B=
- ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Ff= lavor));
- ATTEMPT(xdr=5Fputint32(xdrs, &len));
- =7D
- A= TTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred));
-
- len =3D (2 + 1)*BYT= ES=5FPER=5FXDR=5FUNIT;
- if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FP= ER=5FXDR=5FUNIT))) =7B
- IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES);
- = IXDR=5FPUT=5FINT32(ixdr, len);
- =7D else =7B
- ATTEMPT(xdr=5Fput= int32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor));
- ATTEMPT(x= dr=5Fputint32(xdrs, &len));
- =7D
- ATTEMPT(xdr=5Fauthdes=5Fv= erf(xdrs, verf));
- return (TRUE);
-=7D
-
-
-/*
-= * 3. Validate
- */
-static bool=5Ft
-authdes=5Fvalidate(AUTH= *auth, struct opaque=5Fauth *rverf)
-=7B
-/* LINTED pointer alig= nment */
- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
- st= ruct authdes=5Fverf verf;
- int status;
- uint32=5Ft *ixdr;
-= des=5Fblock buf;
-
- if (rverf->oa=5Flength =21=3D (2 + 1) * = BYTES=5FPER=5FXDR=5FUNIT) =7B
- return (=46ALSE);
- =7D
-/* L= INTED pointer alignment */
- ixdr =3D (uint32=5Ft *)rverf->oa=5Fba= se;
- buf.key.high =3D (uint32=5Ft)*ixdr++;
- buf.key.low =3D (ui= nt32=5Ft)*ixdr++;
- verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++;
-=
- /*
- * Decrypt the timestamp
- */
- status =3D ecb=5Fc= rypt((char *)&auth->ah=5Fkey, (char *)&buf,
- (u=5Fint)siz= eof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW);
-
- if (DES=5F=46= AILED(status)) =7B
- syslog(LOG=5FERR, =22authdes=5Fvalidate: DES dec= ryption failure=22);
- return (=46ALSE);
- =7D
-
- /* - * xdr the decrypted timestamp
- */
-/* LINTED pointer alignmen= t */
- ixdr =3D (uint32=5Ft *)buf.c;
- verf.adv=5Ftimestamp.tv=5F= sec =3D IXDR=5FGET=5FINT32(ixdr) + 1;
- verf.adv=5Ftimestamp.tv=5Fuse= c =3D IXDR=5FGET=5FINT32(ixdr);
-
- /*
- * validate
- */ =
- if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5F= timestamp,
- sizeof(struct timeval)) =21=3D 0) =7B
- syslog(LOG=5F= DEBUG, =22authdes=5Fvalidate: verifier mismatch=22);
- return (=46ALS= E);
- =7D
-
- /*
- * We have a nickname now, let's use it=
- */
- ad->ad=5Fnickname =3D verf.adv=5Fnickname;
- ad-&g= t;ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME;
- return (TRUE);
-= =7D
-
-/*
- * 4. Refresh
- */
-/*ARGSUSED*/
-stat= ic bool=5Ft
-authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused) =
-=7B
-/* LINTED pointer alignment */
- struct ad=5Fprivate *a= d =3D AUTH=5FPRIVATE(auth);
- struct authdes=5Fcred *cred =3D &ad= ->ad=5Fcred;
- int ok;
- netobj pkey;
-
- if (ad->a= d=5Fdosync) =7B
- ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->= ad=5Ftimediff, ad->ad=5Fnis=5Fsrvr,
- ad->ad=5Ftimehost, &(= ad->ad=5Fuaddr),
- &(ad->ad=5Fnetid));
- if (=21 ok) =7B=
- /*
- * Hope the clocks are synced=21
- */
- ad->ad=5F= dosync =3D 0;
- syslog(LOG=5FDEBUG,
- =22authdes=5Frefresh: unabl= e to synchronize clock=22);
- =7D
- =7D
- ad->ad=5Fxkey =3D= auth->ah=5Fkey;
- pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey); =
- pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1; - if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &= ad->ad=5Fxkey) < 0) =7B
- syslog(LOG=5FIN=46O,
- =22authdes= =5Frefresh: keyserv(1m) is unable to encrypt session key=22);
- retur= n (=46ALSE);
- =7D
- cred->adc=5Ffullname.key =3D ad->ad=5F= xkey;
- cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME;
- cred->= adc=5Ffullname.name =3D ad->ad=5Ffullname;
- return (TRUE);
-=7D=
-
-
-/*
- * 5. Destroy
- */
-static void
-au= thdes=5Fdestroy(AUTH *auth)
-=7B
-/* LINTED pointer alignment */ =
- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
-
- =46RE= E(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1);
- =46REE(ad->= ;ad=5Fservername, ad->ad=5Fservernamelen + 1);
- if (ad->ad=5Ft= imehost)
- =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) = + 1);
- if (ad->ad=5Fnetid)
- =46REE(ad->ad=5Fnetid, strlen= (ad->ad=5Fnetid) + 1);
- if (ad->ad=5Fuaddr)
- =46REE(ad-&g= t;ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1);
- =46REE(ad, sizeof (st= ruct ad=5Fprivate));
- =46REE(auth, sizeof(AUTH));
-=7D
- -static struct auth=5Fops *
-authdes=5Fops(void)
-=7B
- stat= ic struct auth=5Fops ops;
-
- /* VARIABLES PROTECTED BY ops=5Floc= k: ops */
-
- mutex=5Flock(&authdes=5Fops=5Flock);
- if (= ops.ah=5Fnextverf =3D=3D NULL) =7B
- ops.ah=5Fnextverf =3D authdes=5F= nextverf;
- ops.ah=5Fmarshal =3D authdes=5Fmarshal;
- ops.ah=5Fva= lidate =3D authdes=5Fvalidate;
- ops.ah=5Frefresh =3D authdes=5Frefre= sh;
- ops.ah=5Fdestroy =3D authdes=5Fdestroy;
- =7D
- mutex=5F= unlock(&authdes=5Fops=5Flock);
- return (&ops);
+ return = (NULL);
=7D
+=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5F= authdes=5Fpk=5Fseccreate, =46BSD=5F1.0);
diff --git a/lib/libc/rpc/au= thdes=5Fprot.c b/lib/libc/rpc/authdes=5Fprot.c
index 79a0e5baa084..56= b44daafe41 100644
--- a/lib/libc/rpc/authdes=5Fprot.c
+++ b/lib/l= ibc/rpc/authdes=5Fprot.c
=40=40 -42,44 +42,16 =40=40
=23include = <rpc/auth=5Fdes.h>
=23include =22un-namespace.h=22

-=23= define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE)
-
-b= ool=5Ft
-xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred)=
+static bool=5Ft
+=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cr= ed)
=7B
- enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred= ->adc=5Fnamekind;
- /*
- * Unrolled xdr
- */
- ATTEMPT= (xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind));
- switch (cred->= adc=5Fnamekind) =7B
- case ADN=5F=46ULLNAME:
- ATTEMPT(xdr=5Fstri= ng(xdrs, &cred->adc=5Ffullname.name,
- MAXNETNAMELEN));
- = ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key, <= br>- sizeof(des=5Fblock)));
- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&= amp;cred->adc=5Ffullname.window,
- sizeof(cred->adc=5Ffullname.= window)));
- return (TRUE);
- case ADN=5FNICKNAME:
- ATTEMPT(= xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname,
- sizeof(= cred->adc=5Fnickname)));
- return (TRUE);
- default:
- ret= urn (=46ALSE);
- =7D
+ return (=46ALSE);
=7D
+=5F=5Fsym=5F= compat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred, =46BSD=5F1.0); <= br>
-
-bool=5Ft
-xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authd= es=5Fverf *verf)
+static bool=5Ft
+=5F=5Fxdr=5Fauthdes=5Fverf(XDR= *xdrs, void *verf)
=7B
- /*
- * Unrolled xdr
- */
-= ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp, - sizeof(des=5Fblock)));
- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&a= mp;verf->adv=5Fint=5Fu,
- sizeof(verf->adv=5Fint=5Fu)));
- = return (TRUE);
+ return (=46ALSE);
=7D
+=5F=5Fsym=5Fcompat(x= dr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf, =46BSD=5F1.0);
diff = --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c
index 5= c87881c815c..eb274fcfff36 100644
--- a/lib/libc/rpc/key=5Fcall.c
= +++ b/lib/libc/rpc/key=5Fcall.c
=40=40 -32,426 +32,78 =40=40
*/ =

/*
- * key=5Fcall.c, Interface to keyserver
- *
- *= setsecretkey(key) - set your secret key
- * encryptsessionkey(agent,= deskey) - encrypt a session key to talk to agent
- * decryptsessionk= ey(agent, deskey) - decrypt ditto
- * gendeskey(deskey) - generate a = secure des key
+ * Secure RPC keyserver support was removed in =46ree= BSD 15.0.
+ * These symbols are provided for backward compatibility, = but provide no
+ * functionality and will always return an error. */

=23include =22namespace.h=22
=23include =22reentrant.= h=22
-=23include <stdio.h>
-=23include <stdlib.h> -=23include <unistd.h>
-=23include <errno.h>
=23inc= lude <rpc/rpc.h>
-=23include <rpc/auth.h>
-=23include= <rpc/auth=5Funix.h>
=23include <rpc/key=5Fprot.h>
-= =23include <string.h>
-=23include <netconfig.h>
-=23i= nclude <sys/utsname.h>
-=23include <stdlib.h>
-=23inc= lude <signal.h>
-=23include <sys/wait.h>
-=23include = <sys/fcntl.h>
+=23include <rpc/auth.h>
=23include =22= un-namespace.h=22
=23include =22mt=5Fmisc.h=22

-
-=23de= fine KEY=5FTIMEOUT 5 /* per-try timeout in seconds */
-=23define KEY=5F= NRETRY 12 /* number of retries */
-
-=23ifdef DEBUG
-=23defin= e debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg);
-=23else
= -=23define debug(msg)
-=23endif /* DEBUG */
-
-/*
- * Hac= k to allow the keyserver to use AUTH=5FDES (for authenticated
- * NIS= + calls, for example). The only functions that get called
- * are key= =5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key=5Fgendes.
= - *
- * The approach is to have the keyserver fill in pointers to loc= al
- * implementations of these functions, and to call those in key=5F= call().
- */
-
-cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fp= k=5FLOCAL)(uid=5Ft, void *arg) =3D 0;
-cryptkeyres *(*=5F=5Fkey=5Fdec= ryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *arg) =3D 0;
-des=5Fblock *(*= =5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0;
-
-static int= key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, void *);
- <= br>-int
-key=5Fsetsecret(const char *secretkey)
-=7B
- keysta= tus status;
-
- if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5F= t)xdr=5Fkeybuf,
- (void *)secretkey,
- (xdrproc=5Ft)xdr=5Fkeystat= us, &status)) =7B
- return (-1);
- =7D
- if (status =21=3D= KEY=5FSUCCESS) =7B
- debug(=22set status is nonzero=22);
- retur= n (-1);
- =7D
- return (0);
-=7D
-
-
-/* key=5Fse= cretkey=5Fis=5Fset() returns 1 if the keyserver has a secret key
- * = stored for the caller's effective uid; it returns 0 otherwise
- * - * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications sho= uldn't
- * be using it, because it allows them to get the user's secr= et key.
- */
-
-int
-key=5Fsecretkey=5Fis=5Fset(void) -=7B
- struct key=5Fnetstres kres;
-
- memset((void*)&kr= es, 0, sizeof (kres));
- if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (= xdrproc=5Ft)xdr=5Fvoid, NULL,
- (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &a= mp;kres) &&
- (kres.status =3D=3D KEY=5FSUCCESS) && <= br>- (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B =
- /* avoid leaving secret key in memory */
- memset(kres.key=5Fne= tstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES);
- return (1);
-= =7D
- return (0);
-=7D
-
-int
-key=5Fencryptsession=5F= pk(char *remotename, netobj *remotekey, des=5Fblock *deskey)
-=7B - cryptkeyarg2 arg;
- cryptkeyres res;
-
- arg.remotename =3D= remotename;
- arg.remotekey =3D *remotekey;
- arg.deskey =3D *de= skey;
- if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)= xdr=5Fcryptkeyarg2, &arg,
- (xdrproc=5Ft)xdr=5Fcryptkeyres, &= res)) =7B
- return (-1);
- =7D
- if (res.status =21=3D KEY=5F= SUCCESS) =7B
- debug(=22encrypt status is nonzero=22);
- return (= -1);
- =7D
- *deskey =3D res.cryptkeyres=5Fu.deskey;
- return= (0);
-=7D
-
-int
-key=5Fdecryptsession=5Fpk(char *remote= name, netobj *remotekey, des=5Fblock *deskey)
-=7B
- cryptkeyarg2= arg;
- cryptkeyres res;
-
- arg.remotename =3D remotename; <= br>- arg.remotekey =3D *remotekey;
- arg.deskey =3D *deskey;
- if= (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcryptkey= arg2, &arg,
- (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
= - return (-1);
- =7D
- if (res.status =21=3D KEY=5FSUCCESS) =7B <= br>- debug(=22decrypt status is nonzero=22);
- return (-1);
- =7D=
- *deskey =3D res.cryptkeyres=5Fu.deskey;
- return (0);
-=7D=
-
-int
-key=5Fencryptsession(const char *remotename, des=5Fb= lock *deskey)
+static int
+=5F=5Fkey=5Fsetsecret(const char *secr= etkey)
=7B
- cryptkeyarg arg;
- cryptkeyres res;
-
-= arg.remotename =3D (char *) remotename;
- arg.deskey =3D *deskey; - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg,
- (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
= - return (-1);
- =7D
- if (res.status =21=3D KEY=5FSUCCESS) =7B <= br>- debug(=22encrypt status is nonzero=22);
- return (-1);
- =7D=
- *deskey =3D res.cryptkeyres=5Fu.deskey;
- return (0);
+ re= turn (-1);
=7D
+=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5F= setsecret, =46BSD=5F1.0);

-int
-key=5Fdecryptsession(const c= har *remotename, des=5Fblock *deskey)
+static int
+=5F=5Fkey=5Fse= cretkey=5Fis=5Fset(void)
=7B
- cryptkeyarg arg;
- cryptkeyre= s res;
-
- arg.remotename =3D (char *) remotename;
- arg.desk= ey =3D *deskey;
- if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc= =5Ft)xdr=5Fcryptkeyarg, &arg,
- (xdrproc=5Ft)xdr=5Fcryptkeyres, &= amp;res)) =7B
- return (-1);
- =7D
- if (res.status =21=3D KE= Y=5FSUCCESS) =7B
- debug(=22decrypt status is nonzero=22);
- retu= rn (-1);
- =7D
- *deskey =3D res.cryptkeyres=5Fu.deskey;
ret= urn (0);
=7D
+=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F= =5Fkey=5Fsecretkey=5Fis=5Fset, =46BSD=5F1.0);

-int
-key=5Fge= ndes(des=5Fblock *key)
+static int
+=5F=5Fkey=5Fencryptsession=5F= pk(char *remotename, netobj *remotekey, des=5Fblock *deskey)
=7B - if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NULL, =
- (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B
- return (-1);
- = =7D
- return (0);
+ return (-1);
=7D
+=5F=5Fsym=5Fcompat= (key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptsession=5Fpk, =46BSD=5F1.0= );

-int
-key=5Fsetnet(struct key=5Fnetstarg *arg)
+stati= c int
+=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remo= tekey, des=5Fblock *deskey)
=7B
*** 2726 LINES SKIPPED ***
=
--689b1a61_60709938_50e--