From nobody Tue Aug 12 13:24:51 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1XL04wn1z64mF7;
	Tue, 12 Aug 2025 13:24:56 +0000 (UTC)
	(envelope-from fluffy@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4c1XL03xDnz3Q3b;
	Tue, 12 Aug 2025 13:24:56 +0000 (UTC)
	(envelope-from fluffy@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1755005096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=4Y9u87pt1iOOItT5b+FO047MnvguQh82Waxdy7/HcBU=;
	b=k69eJ1f7GlhWdMn3y2bBlZBkvH9u2InYqDRAUaL6HjR2m/YZcKWy1L+mkbTlFnRt4vPWZf
	34O1Fyd1ssEpgtNtwVOtwOfCk2qW/Mdza8rERw5sJnpuu0427MOJ+w0JNXTJhiyI4TuhUi
	0ZHgQipzRoaf3kbvmcCmr0uiGlQMVQM1ZhsvI0DHIgz+njnnoaThn7v+Y2UMI5e+YG0qer
	iFRMHVy7H0Fy79NBprVcZD5nJNNbKb3rK5ja+fKJAeebMIxdTNWhqFzTK00BAyrkgvG68P
	EHySl5ThqbMS+koeo77Iq8RMD+csJjXUDiWKjQURHTs39m793WybXPi72TLciQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1755005096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=4Y9u87pt1iOOItT5b+FO047MnvguQh82Waxdy7/HcBU=;
	b=bhlw2WCgQzOURJEJv8/kwarB1g52w7q4PrYJqlz1SZfGvNQEsB6Yfu/5R8Jv7hfnFdrKU1
	nfywstdkDe6qzTtHXnZUtkNKB+f32UOBI2JcSbTP+7YWkjK+7u8X317m4OvdXYS14MbmR8
	2mQ6XnU05aSlatzVHDebE9fw1EwAvD31l7WmpDxRqh0CKLTLQEBzBI3ZP29fXSXiMH9wUX
	hQiQTiSsVfDjxH4gs+/N1Yqmhoo7/lsM2SgNjTUaB2QUwhd13r0pctIcnfCC0PwO78Rtnx
	eaeJtrVsmT7mSI8wYzKHCcZsZl1QaUyh8ayZgfHRUfVtia5R5+L9joNVeXMfMg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755005096; a=rsa-sha256; cv=none;
	b=eZMvYYdQXZo7BpoxHt59D6tjOJDotT/6Lku4F9Aw9zak6pFVIEq3pk1/Bj0i+ql+4MqutM
	OvtEODKt9AZqsM/xX4TJ15mmaFP+6k5TtzCNcRABLJSJuQaZjAsVuIsG1LfBIkBFFe0wmy
	bCHgz6hfYHVextYIoNU329KOs1L/rqIS/FTPsmdSVdS1/G048s50fPU2LMPIEr+KJ6oiVl
	Q+w0SRxUTakQIZAOrb1O57FLnmNE4KAbjsrYsSAx/H3CAHZZVYeW+XSx1sbAQZ+QW7nnuK
	yQ2dBpMLfOabCYMUN9vk9RCBjOryzPTtZg/13+7jaPflF58mf3fGr9x7no+7jQ==
Received: from [100.109.252.209] (unknown [176.15.166.221])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	(Authenticated sender: fluffy)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4c1XKy35zczPWH;
	Tue, 12 Aug 2025 13:24:54 +0000 (UTC)
	(envelope-from fluffy@FreeBSD.org)
Date: Tue, 12 Aug 2025 16:24:51 +0300
From: Dima Panov <fluffy@FreeBSD.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, 
 dev-commits-src-main@FreeBSD.org, Lexi Winter <ivy@FreeBSD.org>
Message-ID: <8e7a9c07-5efd-4450-a590-a6aeaa59b402@Canary>
In-Reply-To: <851c968c-923a-4809-83d4-b0600e70867b@Canary>
References: <202508101537.57AFbHrI067216@gitrepo.freebsd.org>
 <851c968c-923a-4809-83d4-b0600e70867b@Canary>
Subject: git: 7ac276298b72 - main - Remove Secure RPC DES authentication
X-Canary-Draft: 2
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="689b40a3_2336c6b7_50e"

--689b40a3_2336c6b7_50e
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

All xservers are affected.

However, upstream already deal with it in commit https://gitlab.freedeskt=
op.org/xorg/xserver/-/commit/71b207a2ebc1465c7d9ad9262f60930f6a1d42ee

--
Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team
(fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)

> On =D0=B2=D1=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, =D0=B0=D0=B2=D0=B3. 12, =
2025 at 1:41 PM, Dima Panov <fluffy=40=46reeBSD.org (mailto:fluffy=40=46r=
eeBSD.org)> wrote:
> Hello=21
>
> This commit breaks x11-server/xwayland
>
> =46AILED: os/liblibxserver=5Fos.a.p/rpcauth.c.o cc -Ios/liblibxserver=5F=
os.a.p -Ios -I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I=
../composite -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor=
 -Imi -I../mi -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/sy=
nc -Idbe -I../dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include =
-Ipresent -I../present -Irandr -I../randr -Irender -I../render -Ixfixes -=
I../xfixes -I/usr/local/include -I/usr/local/include/pixman-1 -I/usr/loca=
l/include/freetype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dn=
ever -D=5F=46ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu9=
9 -DHAVE=5FDIX=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden =
-Wall -Wpointer-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-protot=
ypes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-styl=
e-definition -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissi=
ng-format-attribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnul=
l -Werror=3Dinit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Ds=
equence-point -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-b=
ounds -Werror=3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-=
cast -Werror=3Dpointer-to-int-cast -O2 -pipe -fstack-protector-strong -fn=
o-strict-aliasing -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5F=
BSD=5FSOURCE -DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD =
-MQ os/liblibxserver=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p=
/rpcauth.c.o.d -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.=
c ../os/rpcauth.c:110:52: error: incomplete definition of type 'struct au=
thdes=5Fcred' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)=
->adc=5Ffullname.name); =7C =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=
=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=5E=
 ../os/rpcauth.c:110:22: note: forward declaration of 'struct authdes=5Fc=
red' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ff=
ullname.name); =7C =5E 1 error generated.
>
>
> --
> Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team
> (fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)
>
>
>
> > On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5=
, =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter <ivy=40=46reeBSD.o=
rg (mailto:ivy=40=46reeBSD.org)> wrote:
> > The branch main has been updated by ivy:
> >
> > URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298b72982189=
ac1a5b17461936dc00163e
> >
> > commit 7ac276298b72982189ac1a5b17461936dc00163e
> > Author: Lexi Winter <ivy=40=46reeBSD.org>
> > AuthorDate: 2025-08-10 12:57:36 +0000
> > Commit: Lexi Winter <ivy=40=46reeBSD.org>
> > CommitDate: 2025-08-10 15:36:40 +0000
> >
> > Remove Secure RPC DES authentication
> >
> > =46ollowing the earlier removal of keyserv, none of this functionalit=
y
> > works since it requires keyserv.
> >
> > Remove the relevant symbols from libc's Symbol.map. Leave compatibili=
ty
> > symbols for existing applications, but since the functions don't work=

> > without keyserv, stub them out to return an error.
> >
> > Remove some private symbols that were only used by keyserv; these don=
't
> > get compatibility symbols.
> >
> > Remove the documentation for the old functions.
> >
> > Remove rpc.ypupdated since it requires DES authentication.
> >
> > Reviewed by: manu, des, emaste
> > Differential Revision: https://reviews.freebsd.org/D50442
> > ---
> > Obsolete=46iles.inc =7C 4 +
> > include/rpc/auth=5Fdes.h =7C 79 +----
> > lib/libc/rpc/Symbol.map =7C 19 --
> > lib/libc/rpc/auth=5Fdes.c =7C 455 +----------------------------
> > lib/libc/rpc/authdes=5Fprot.c =7C 44 +--
> > lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------
> > lib/libc/rpc/publickey.5 =7C 40 ---
> > lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +-----------
> > lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +-
> > lib/libc/rpc/rpc=5Fsoc.c =7C 31 +-
> > lib/libc/rpc/svc=5Fauth.c =7C 8 -
> > lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +----------------------------=
-
> > lib/librpcsvc/Makefile =7C 2 +-
> > lib/librpcsvc/yp=5Fupdate.c =7C 199 -------------
> > libexec/rc/rc.conf =7C 1 -
> > libexec/rc/rc.d/Makefile =7C 1 -
> > libexec/rc/rc.d/ypupdated =7C 35 ---
> > share/man/man5/rc.conf.5 =7C 9 +-
> > sys/rpc/auth.h =7C 26 --
> > tools/build/mk/OptionalObsolete=46iles.inc =7C 2 -
> > usr.sbin/Makefile =7C 1 -
> > usr.sbin/rpc.ypupdated/Makefile =7C 32 ---
> > usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 --
> > usr.sbin/rpc.ypupdated/update.c =7C 328 ---------------------
> > usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 -----
> > usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C 147 ----------
> > usr.sbin/rpc.ypupdated/ypupdate =7C 32 ---
> > usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 ---
> > usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 -------------------=

> > usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 ---------------
> > 30 files changed, 83 insertions(+), 3118 deletions(-)
> >
> > diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc
> > index ec324e82f86d..a6662d31829f 100644
> > --- a/Obsolete=46iles.inc
> > +++ b/Obsolete=46iles.inc
> > =40=40 -51,6 +51,10 =40=40
> > =23 xargs -n1 =7C sort =7C uniq -d;
> > =23 done
> >
> > +=23 20250810: Removal of remaining Secure RPC (DES) bits
> > +OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated
> > +OLD=5F=46ILES+=3Detc/rc.d/ypupdated
> > +
> > =23 20250808: nvmfd removed from base install
> > OLD=5F=46ILES+=3Dusr/sbin/nvmfd
> > OLD=5F=46ILES+=3Dusr/share/man/man8/nvmfd.8.gz
> > diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fdes.h
> > index 0ff43c13139b..1b4943a74b8b 100644
> > --- a/include/rpc/auth=5Fdes.h
> > +++ b/include/rpc/auth=5Fdes.h
> > =40=40 -33,91 +33,14 =40=40
> > * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc.
> > */
> >
> > -/*
> > - * auth=5Fdes.h, Protocol for DES style authentication for RPC
> > - */
> > +/* Note, RPC DES authentication was removed in =46reeBSD 15.0. */
> >
> > =23ifndef =5FAUTH=5FDES=5F
> > =23define =5FAUTH=5FDES=5F
> >
> > -/*
> > - * There are two kinds of =22names=22: fullnames and nicknames
> > - */
> > -enum authdes=5Fnamekind =7B
> > - ADN=5F=46ULLNAME,
> > - ADN=5FNICKNAME
> > -=7D;
> > -
> > -/*
> > - * A fullname contains the network name of the client,
> > - * a conversation key and the window
> > - */
> > -struct authdes=5Ffullname =7B
> > - char *name; /* network name of client, up to MAXNETNAMELEN */
> > - des=5Fblock key; /* conversation key */
> > - u=5Flong window; /* associated window */
> > -=7D;
> > -
> > -
> > -/*
> > - * A credential
> > - */
> > -struct authdes=5Fcred =7B
> > - enum authdes=5Fnamekind adc=5Fnamekind;
> > - struct authdes=5Ffullname adc=5Ffullname;
> > - u=5Flong adc=5Fnickname;
> > -=7D;
> > -
> > -
> > -
> > -/*
> > - * A des authentication verifier
> > - */
> > -struct authdes=5Fverf =7B
> > - union =7B
> > - struct timeval adv=5Fctime; /* clear time */
> > - des=5Fblock adv=5Fxtime; /* crypt time */
> > - =7D adv=5Ftime=5Fu;
> > - u=5Flong adv=5Fint=5Fu;
> > -=7D;
> > -
> > -/*
> > - * des authentication verifier: client variety
> > - *
> > - * adv=5Ftimestamp is the current time.
> > - * adv=5Fwinverf is the credential window + 1.
> > - * Both are encrypted using the conversation key.
> > - */
> > -=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime
> > -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime
> > -=23define adv=5Fwinverf adv=5Fint=5Fu
> > -
> > -/*
> > - * des authentication verifier: server variety
> > - *
> > - * adv=5Ftimeverf is the client's timestamp + client's window
> > - * adv=5Fnickname is the server's nickname for the client.
> > - * adv=5Ftimeverf is encrypted using the conversation key.
> > - */
> > -=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime
> > -=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime
> > -=23define adv=5Fnickname adv=5Fint=5Fu
> > -
> > -/*
> > - * Map a des credential into a unix cred.
> > - *
> > - */
> > -=5F=5FBEGIN=5FDECLS
> > -extern int authdes=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, g=
id=5Ft *, int *, gid=5Ft * );
> > -=5F=5FEND=5FDECLS
> > -
> > =5F=5FBEGIN=5FDECLS
> > -extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *)=
;
> > -extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *)=
;
> > extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *,
> > struct timeval *);
> > -extern void kgetnetname(char *);
> > -extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct =
rpc=5Fmsg *);
> > =5F=5FEND=5FDECLS
> >
> > =23endif /* ndef =5FAUTH=5FDES=5F */
> > diff --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map
> > index 105d6fb6b54e..61e8e084b1e0 100644
> > --- a/lib/libc/rpc/Symbol.map
> > +++ b/lib/libc/rpc/Symbol.map
> > =40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B
> > xdr=5Fdesargs;
> > xdr=5Fdesresp;
> >
> > - authdes=5Fseccreate;
> > - authdes=5Fpk=5Fseccreate;
> > authnone=5Fcreate;
> > authunix=5Fcreate;
> > authunix=5Fcreate=5Fdefault;
> > - xdr=5Fauthdes=5Fcred;
> > - xdr=5Fauthdes=5Fverf;
> > xdr=5Fauthunix=5Fparms;
> > bindresvport;
> > bindresvport=5Fsa;
> > =40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B
> > endrpcent;
> > getrpcent;
> > getrpcport;
> > - key=5Fsetsecret;
> > - key=5Fsecretkey=5Fis=5Fset;
> > - key=5Fencryptsession=5Fpk;
> > - key=5Fdecryptsession=5Fpk;
> > - key=5Fencryptsession;
> > - key=5Fdecryptsession;
> > - key=5Fgendes;
> > - key=5Fsetnet;
> > - key=5Fget=5Fconv;
> > xdr=5Fkeystatus;
> > xdr=5Fkeybuf;
> > xdr=5Fnetnamestr;
> > =40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B
> > callrpc;
> > registerrpc;
> > clnt=5Fbroadcast;
> > - authdes=5Fcreate;
> > clntunix=5Fcreate;
> > svcunix=5Fcreate;
> > svcunixfd=5Fcreate;
> > =40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B
> > =5Fauthenticate;
> > =5Fsvcauth=5Fnull;
> > svc=5Fauth=5Freg;
> > - =5Fsvcauth=5Fdes;
> > - authdes=5Fgetucred;
> > =5Fsvcauth=5Funix;
> > =5Fsvcauth=5Fshort;
> > svc=5Fdg=5Fcreate;
> > =40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B
> >
> > =46BSDprivate=5F1.0 =7B
> > =5F=5Fdes=5Fcrypt=5FLOCAL;
> > - =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL;
> > - =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL;
> > - =5F=5Fkey=5Fgendes=5FLOCAL;
> > =5F=5Fsvc=5Fclean=5Fidle;
> > =5F=5Frpc=5Fgss=5Funwrap;
> > =5F=5Frpc=5Fgss=5Funwrap=5Fstub;
> > diff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c
> > index c9b20de25cda..754d55cbed3e 100644
> > --- a/lib/libc/rpc/auth=5Fdes.c
> > +++ b/lib/libc/rpc/auth=5Fdes.c
> > =40=40 -30,463 +30,34 =40=40
> > /*
> > * Copyright (c) 1988 by Sun Microsystems, Inc.
> > */
> > +
> > /*
> > - * auth=5Fdes.c, client-side implementation of DES authentication
> > + * Secure RPC DES authentication was removed in =46reeBSD 15.0.
> > + * These symbols are provided for backward compatibility, but provid=
e no
> > + * functionality and will always return an error.
> > */
> >
> > =23include =22namespace.h=22
> > =23include =22reentrant.h=22
> > -=23include <err.h>
> > -=23include <errno.h>
> > -=23include <string.h>
> > -=23include <stdlib.h>
> > -=23include <unistd.h>
> > -=23include <rpc/des=5Fcrypt.h>
> > -=23include <syslog.h>
> > =23include <rpc/types.h>
> > =23include <rpc/auth.h>
> > =23include <rpc/auth=5Fdes.h>
> > -=23include <rpc/clnt.h>
> > -=23include <rpc/xdr.h>
> > -=23include <sys/socket.h>
> > -=23undef NIS
> > =23include <rpcsvc/nis.h>
> > =23include =22un-namespace.h=22
> > -=23include =22mt=5Fmisc.h=22
> > -
> > -=23define USEC=5FPER=5FSEC 1000000
> > -=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */
> > -
> > -=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5Fpr=
ivate
> > -=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc(sizeof(=
object=5Ftype))
> > -=23define =46REE(ptr, size) mem=5Ffree((char *)(ptr), (int) size)
> > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE)
> > -
> > -extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *=
);
> > -extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *=
);
> > -extern int key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *=
);
> > -
> > -extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, ni=
s=5Fserver *, char *,
> > - char **, char **);
> >
> > -/*
> > - * DES authenticator operations vector
> > - */
> > -static void authdes=5Fnextverf(AUTH *);
> > -static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *);
> > -static bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *);
> > -static bool=5Ft authdes=5Frefresh(AUTH *, void *);
> > -static void authdes=5Fdestroy(AUTH *);
> > -
> > -static struct auth=5Fops *authdes=5Fops(void);
> > -
> > -/*
> > - * This struct is pointed to by the ah=5Fprivate field of an =22AUTH=
 *=22
> > - */
> > -struct ad=5Fprivate =7B
> > - char *ad=5Ffullname; /* client's full name */
> > - u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */
> > - char *ad=5Fservername; /* server's full name */
> > - u=5Fint ad=5Fservernamelen; /* length of name, rounded up */
> > - u=5Fint ad=5Fwindow; /* client specified window */
> > - bool=5Ft ad=5Fdosync; /* synchronize=3F */
> > - struct netbuf ad=5Fsyncaddr; /* remote host to synch with */
> > - char *ad=5Ftimehost; /* remote host to synch with */
> > - struct timeval ad=5Ftimediff; /* server's time - client's time */
> > - u=5Fint ad=5Fnickname; /* server's nickname for client */
> > - struct authdes=5Fcred ad=5Fcred; /* storage for credential */
> > - struct authdes=5Fverf ad=5Fverf; /* storage for verifier */
> > - struct timeval ad=5Ftimestamp; /* timestamp sent */
> > - des=5Fblock ad=5Fxkey; /* encrypted conversation key */
> > - u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public key */
> > - char *ad=5Fnetid; /* Timehost netid */
> > - char *ad=5Fuaddr; /* Timehost uaddr */
> > - nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ server struct */
> > -=7D;
> > -
> > -AUTH *authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, cons=
t char *,
> > - const des=5Fblock *, nis=5Fserver *);
> > -
> > -/*
> > - * documented version of authdes=5Fseccreate
> > - */
> > -/*
> > - servername: network name of server
> > - win: time to live
> > - timehost: optional hostname to sync with
> > - ckey: optional conversation key to use
> > -*/
> > -
> > -AUTH *
> > -authdes=5Fseccreate(const char *servername, const u=5Fint win,
> > +static AUTH *
> > +=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win,=

> > const char *timehost, const des=5Fblock *ckey)
> > =7B
> > - u=5Fchar pkey=5Fdata=5B1024=5D;
> > - netobj pkey;
> > - AUTH *dummy;
> > -
> > - if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B
> > - syslog(LOG=5FERR,
> > - =22authdes=5Fseccreate: no public key found for %s=22,
> > - servername);
> > - return (NULL);
> > - =7D
> > -
> > - pkey.n=5Fbytes =3D (char *) pkey=5Fdata;
> > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1;
> > - dummy =3D authdes=5Fpk=5Fseccreate(servername, &pkey, win, timehost=
,
> > - ckey, NULL);
> > - return (dummy);
> > -=7D
> > -
> > -/*
> > - * Slightly modified version of authdessec=5Fcreate which takes the =
public key
> > - * of the server principal as an argument. This spares us a call to
> > - * getpublickey() which in the nameserver context can cause a deadlo=
ck.
> > - */
> > -AUTH *
> > -authdes=5Fpk=5Fseccreate(const char *servername, netobj *pkey, u=5Fi=
nt window,
> > - const char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr)
> > -=7B
> > - AUTH *auth;
> > - struct ad=5Fprivate *ad;
> > - char namebuf=5BMAXNETNAMELEN+1=5D;
> > -
> > - /*
> > - * Allocate everything now
> > - */
> > - auth =3D ALLOC(AUTH);
> > - if (auth =3D=3D NULL) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22);
> > - return (NULL);
> > - =7D
> > - ad =3D ALLOC(struct ad=5Fprivate);
> > - if (ad =3D=3D NULL) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22);
> > - goto failed;
> > - =7D
> > - ad->ad=5Ffullname =3D ad->ad=5Fservername =3D NULL; /* Sanity reaso=
ns */
> > - ad->ad=5Ftimehost =3D NULL;
> > - ad->ad=5Fnetid =3D NULL;
> > - ad->ad=5Fuaddr =3D NULL;
> > - ad->ad=5Fnis=5Fsrvr =3D NULL;
> > - ad->ad=5Ftimediff.tv=5Fsec =3D 0;
> > - ad->ad=5Ftimediff.tv=5Fusec =3D 0;
> > - memcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen);
> > - if (=21getnetname(namebuf))
> > - goto failed;
> > - ad->ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf));
> > - ad->ad=5Ffullname =3D (char *)mem=5Falloc(ad->ad=5Ffullnamelen + 1)=
;
> > - ad->ad=5Fservernamelen =3D strlen(servername);
> > - ad->ad=5Fservername =3D (char *)mem=5Falloc(ad->ad=5Fservernamelen =
+ 1);
> > -
> > - if (ad->ad=5Ffullname =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D=
 NULL) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22);
> > - goto failed;
> > - =7D
> > - if (timehost =21=3D NULL) =7B
> > - ad->ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timehost) + 1);
> > - if (ad->ad=5Ftimehost =3D=3D NULL) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22);
> > - goto failed;
> > - =7D
> > - memcpy(ad->ad=5Ftimehost, timehost, strlen(timehost) + 1);
> > - ad->ad=5Fdosync =3D TRUE;
> > - =7D else if (srvr =21=3D NULL) =7B
> > - ad->ad=5Fnis=5Fsrvr =3D srvr; /* transient */
> > - ad->ad=5Fdosync =3D TRUE;
> > - =7D else =7B
> > - ad->ad=5Fdosync =3D =46ALSE;
> > - =7D
> > - memcpy(ad->ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1);
> > - memcpy(ad->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1)=
;
> > - ad->ad=5Fwindow =3D window;
> > - if (ckey =3D=3D NULL) =7B
> > - if (key=5Fgendes(&auth->ah=5Fkey) < 0) =7B
> > - syslog(LOG=5FERR,
> > - =22authdes=5Fseccreate: keyserv(1m) is unable to generate session k=
ey=22);
> > - goto failed;
> > - =7D
> > - =7D else =7B
> > - auth->ah=5Fkey =3D *ckey;
> > - =7D
> > -
> > - /*
> > - * Set up auth handle
> > - */
> > - auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES;
> > - auth->ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES;
> > - auth->ah=5Fops =3D authdes=5Fops();
> > - auth->ah=5Fprivate =3D (caddr=5Ft)ad;
> > -
> > - if (=21authdes=5Frefresh(auth, NULL)) =7B
> > - goto failed;
> > - =7D
> > - ad->ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */
> > - return (auth);
> > -
> > -failed:
> > - if (auth)
> > - =46REE(auth, sizeof (AUTH));
> > - if (ad) =7B
> > - if (ad->ad=5Ffullname)
> > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1);
> > - if (ad->ad=5Fservername)
> > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1);
> > - if (ad->ad=5Ftimehost)
> > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1);
> > - if (ad->ad=5Fnetid)
> > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1);
> > - if (ad->ad=5Fuaddr)
> > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1);
> > - =46REE(ad, sizeof (struct ad=5Fprivate));
> > - =7D
> > return (NULL);
> > =7D
> > +=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46=
BSD=5F1.0);
> >
> > -/*
> > - * Implement the five authentication operations
> > - */
> > -
> > -
> > -/*
> > - * 1. Next Verifier
> > - */
> > -/*ARGSUSED*/
> > -static void
> > -authdes=5Fnextverf(AUTH *auth =5F=5Funused)
> > +static AUTH *
> > +=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused, =
netobj *pkey =5F=5Funused,
> > + u=5Fint window =5F=5Funused, const char *timehost =5F=5Funused,
> > + const des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funus=
ed)
> > =7B
> > - /* what the heck am I supposed to do=3F=3F=3F */
> > -=7D
> > -
> > -
> > -/*
> > - * 2. Marshal
> > - */
> > -static bool=5Ft
> > -authdes=5Fmarshal(AUTH *auth, XDR *xdrs)
> > -=7B
> > -/* LINTED pointer alignment */
> > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
> > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred;
> > - struct authdes=5Fverf *verf =3D &ad->ad=5Fverf;
> > - des=5Fblock cryptbuf=5B2=5D;
> > - des=5Fblock ivec;
> > - int status;
> > - int len;
> > - rpc=5Finline=5Ft *ixdr;
> > -
> > - /*
> > - * =46igure out the =22time=22, accounting for any time difference
> > - * with the server if necessary.
> > - */
> > - (void)gettimeofday(&ad->ad=5Ftimestamp, NULL);
> > - ad->ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec;
> > - ad->ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec;
> > - while (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B
> > - ad->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC;
> > - ad->ad=5Ftimestamp.tv=5Fsec++;
> > - =7D
> > -
> > - /*
> > - * XDR the timestamp and possibly some other things, then
> > - * encrypt them.
> > - */
> > - ixdr =3D (rpc=5Finline=5Ft *)cryptbuf;
> > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fsec);
> > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fusec);
> > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B
> > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow);
> > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1);
> > - ivec.key.high =3D ivec.key.low =3D 0;
> > - status =3D cbc=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf,
> > - (u=5Fint) 2 * sizeof (des=5Fblock),
> > - DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec);
> > - =7D else =7B
> > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf,
> > - (u=5Fint) sizeof (des=5Fblock),
> > - DES=5FENCRYPT =7C DES=5FHW);
> > - =7D
> > - if (DES=5F=46AILED(status)) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22);=

> > - return (=46ALSE);
> > - =7D
> > - ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D;
> > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B
> > - ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.key.high;
> > - ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.low;
> > - =7D else =7B
> > - ad->ad=5Fcred.adc=5Fnickname =3D ad->ad=5Fnickname;
> > - ad->ad=5Fverf.adv=5Fwinverf =3D 0;
> > - =7D
> > -
> > - /*
> > - * Serialize the credential and verifier into opaque
> > - * authentication data.
> > - */
> > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B
> > - len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad->ad=5Ffullna=
melen);
> > - =7D else =7B
> > - len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT;
> > - =7D
> > -
> > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B
> > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES);
> > - IXDR=5FPUT=5FINT32(ixdr, len);
> > - =7D else =7B
> > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Fflavor));=

> > - ATTEMPT(xdr=5Fputint32(xdrs, &len));
> > - =7D
> > - ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred));
> > -
> > - len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT;
> > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B
> > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES);
> > - IXDR=5FPUT=5FINT32(ixdr, len);
> > - =7D else =7B
> > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor));=

> > - ATTEMPT(xdr=5Fputint32(xdrs, &len));
> > - =7D
> > - ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf));
> > - return (TRUE);
> > -=7D
> > -
> > -
> > -/*
> > - * 3. Validate
> > - */
> > -static bool=5Ft
> > -authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf)
> > -=7B
> > -/* LINTED pointer alignment */
> > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
> > - struct authdes=5Fverf verf;
> > - int status;
> > - uint32=5Ft *ixdr;
> > - des=5Fblock buf;
> > -
> > - if (rverf->oa=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B=

> > - return (=46ALSE);
> > - =7D
> > -/* LINTED pointer alignment */
> > - ixdr =3D (uint32=5Ft *)rverf->oa=5Fbase;
> > - buf.key.high =3D (uint32=5Ft)*ixdr++;
> > - buf.key.low =3D (uint32=5Ft)*ixdr++;
> > - verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++;
> > -
> > - /*
> > - * Decrypt the timestamp
> > - */
> > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)&buf,
> > - (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW);
> > -
> > - if (DES=5F=46AILED(status)) =7B
> > - syslog(LOG=5FERR, =22authdes=5Fvalidate: DES decryption failure=22)=
;
> > - return (=46ALSE);
> > - =7D
> > -
> > - /*
> > - * xdr the decrypted timestamp
> > - */
> > -/* LINTED pointer alignment */
> > - ixdr =3D (uint32=5Ft *)buf.c;
> > - verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1;
> > - verf.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr);
> > -
> > - /*
> > - * validate
> > - */
> > - if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5Ftimestamp=
,
> > - sizeof(struct timeval)) =21=3D 0) =7B
> > - syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatch=22);
> > - return (=46ALSE);
> > - =7D
> > -
> > - /*
> > - * We have a nickname now, let's use it
> > - */
> > - ad->ad=5Fnickname =3D verf.adv=5Fnickname;
> > - ad->ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME;
> > - return (TRUE);
> > -=7D
> > -
> > -/*
> > - * 4. Refresh
> > - */
> > -/*ARGSUSED*/
> > -static bool=5Ft
> > -authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused)
> > -=7B
> > -/* LINTED pointer alignment */
> > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
> > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred;
> > - int ok;
> > - netobj pkey;
> > -
> > - if (ad->ad=5Fdosync) =7B
> > - ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->ad=5Ftimediff, ad->ad=5F=
nis=5Fsrvr,
> > - ad->ad=5Ftimehost, &(ad->ad=5Fuaddr),
> > - &(ad->ad=5Fnetid));
> > - if (=21 ok) =7B
> > - /*
> > - * Hope the clocks are synced=21
> > - */
> > - ad->ad=5Fdosync =3D 0;
> > - syslog(LOG=5FDEBUG,
> > - =22authdes=5Frefresh: unable to synchronize clock=22);
> > - =7D
> > - =7D
> > - ad->ad=5Fxkey =3D auth->ah=5Fkey;
> > - pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey);
> > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1;
> > - if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &ad->ad=5F=
xkey) < 0) =7B
> > - syslog(LOG=5FIN=46O,
> > - =22authdes=5Frefresh: keyserv(1m) is unable to encrypt session key=22=
);
> > - return (=46ALSE);
> > - =7D
> > - cred->adc=5Ffullname.key =3D ad->ad=5Fxkey;
> > - cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME;
> > - cred->adc=5Ffullname.name =3D ad->ad=5Ffullname;
> > - return (TRUE);
> > -=7D
> > -
> > -
> > -/*
> > - * 5. Destroy
> > - */
> > -static void
> > -authdes=5Fdestroy(AUTH *auth)
> > -=7B
> > -/* LINTED pointer alignment */
> > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth);
> > -
> > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1);
> > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1);
> > - if (ad->ad=5Ftimehost)
> > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1);
> > - if (ad->ad=5Fnetid)
> > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1);
> > - if (ad->ad=5Fuaddr)
> > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1);
> > - =46REE(ad, sizeof (struct ad=5Fprivate));
> > - =46REE(auth, sizeof(AUTH));
> > -=7D
> > -
> > -static struct auth=5Fops *
> > -authdes=5Fops(void)
> > -=7B
> > - static struct auth=5Fops ops;
> > -
> > - /* VARIABLES PROTECTED BY ops=5Flock: ops */
> > -
> > - mutex=5Flock(&authdes=5Fops=5Flock);
> > - if (ops.ah=5Fnextverf =3D=3D NULL) =7B
> > - ops.ah=5Fnextverf =3D authdes=5Fnextverf;
> > - ops.ah=5Fmarshal =3D authdes=5Fmarshal;
> > - ops.ah=5Fvalidate =3D authdes=5Fvalidate;
> > - ops.ah=5Frefresh =3D authdes=5Frefresh;
> > - ops.ah=5Fdestroy =3D authdes=5Fdestroy;
> > - =7D
> > - mutex=5Funlock(&authdes=5Fops=5Flock);
> > - return (&ops);
> > + return (NULL);
> > =7D
> > +=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fse=
ccreate, =46BSD=5F1.0);
> > diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fp=
rot.c
> > index 79a0e5baa084..56b44daafe41 100644
> > --- a/lib/libc/rpc/authdes=5Fprot.c
> > +++ b/lib/libc/rpc/authdes=5Fprot.c
> > =40=40 -42,44 +42,16 =40=40
> > =23include <rpc/auth=5Fdes.h>
> > =23include =22un-namespace.h=22
> >
> > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE)
> > -
> > -bool=5Ft
> > -xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred)
> > +static bool=5Ft
> > +=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cred)
> > =7B
> > - enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred->adc=5Fnamekind;=

> > - /*
> > - * Unrolled xdr
> > - */
> > - ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind));
> > - switch (cred->adc=5Fnamekind) =7B
> > - case ADN=5F=46ULLNAME:
> > - ATTEMPT(xdr=5Fstring(xdrs, &cred->adc=5Ffullname.name,
> > - MAXNETNAMELEN));
> > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key,
> > - sizeof(des=5Fblock)));
> > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.window,=

> > - sizeof(cred->adc=5Ffullname.window)));
> > - return (TRUE);
> > - case ADN=5FNICKNAME:
> > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname,
> > - sizeof(cred->adc=5Fnickname)));
> > - return (TRUE);
> > - default:
> > - return (=46ALSE);
> > - =7D
> > + return (=46ALSE);
> > =7D
> > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred,=
 =46BSD=5F1.0);
> >
> > -
> > -bool=5Ft
> > -xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf)
> > +static bool=5Ft
> > +=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf)
> > =7B
> > - /*
> > - * Unrolled xdr
> > - */
> > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp,
> > - sizeof(des=5Fblock)));
> > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fint=5Fu,
> > - sizeof(verf->adv=5Fint=5Fu)));
> > - return (TRUE);
> > + return (=46ALSE);
> > =7D
> > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf,=
 =46BSD=5F1.0);
> > diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c
> > index 5c87881c815c..eb274fcfff36 100644
> > --- a/lib/libc/rpc/key=5Fcall.c
> > +++ b/lib/libc/rpc/key=5Fcall.c
> > =40=40 -32,426 +32,78 =40=40
> > */
> >
> > /*
> > - * key=5Fcall.c, Interface to keyserver
> > - *
> > - * setsecretkey(key) - set your secret key
> > - * encryptsessionkey(agent, deskey) - encrypt a session key to talk =
to agent
> > - * decryptsessionkey(agent, deskey) - decrypt ditto
> > - * gendeskey(deskey) - generate a secure des key
> > + * Secure RPC keyserver support was removed in =46reeBSD 15.0.
> > + * These symbols are provided for backward compatibility, but provid=
e no
> > + * functionality and will always return an error.
> > */
> >
> > =23include =22namespace.h=22
> > =23include =22reentrant.h=22
> > -=23include <stdio.h>
> > -=23include <stdlib.h>
> > -=23include <unistd.h>
> > -=23include <errno.h>
> > =23include <rpc/rpc.h>
> > -=23include <rpc/auth.h>
> > -=23include <rpc/auth=5Funix.h>
> > =23include <rpc/key=5Fprot.h>
> > -=23include <string.h>
> > -=23include <netconfig.h>
> > -=23include <sys/utsname.h>
> > -=23include <stdlib.h>
> > -=23include <signal.h>
> > -=23include <sys/wait.h>
> > -=23include <sys/fcntl.h>
> > +=23include <rpc/auth.h>
> > =23include =22un-namespace.h=22
> > =23include =22mt=5Fmisc.h=22
> >
> > -
> > -=23define KEY=5FTIMEOUT 5 /* per-try timeout in seconds */
> > -=23define KEY=5FNRETRY 12 /* number of retries */
> > -
> > -=23ifdef DEBUG
> > -=23define debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg);
> > -=23else
> > -=23define debug(msg)
> > -=23endif /* DEBUG */
> > -
> > -/*
> > - * Hack to allow the keyserver to use AUTH=5FDES (for authenticated
> > - * NIS+ calls, for example). The only functions that get called
> > - * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key=
=5Fgendes.
> > - *
> > - * The approach is to have the keyserver fill in pointers to local
> > - * implementations of these functions, and to call those in key=5Fca=
ll().
> > - */
> > -
> > -cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, voi=
d *arg) =3D 0;
> > -cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, voi=
d *arg) =3D 0;
> > -des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0;
> > -
> > -static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, v=
oid *);
> > -
> > -int
> > -key=5Fsetsecret(const char *secretkey)
> > -=7B
> > - keystatus status;
> > -
> > - if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf,
> > - (void *)secretkey,
> > - (xdrproc=5Ft)xdr=5Fkeystatus, &status)) =7B
> > - return (-1);
> > - =7D
> > - if (status =21=3D KEY=5FSUCCESS) =7B
> > - debug(=22set status is nonzero=22);
> > - return (-1);
> > - =7D
> > - return (0);
> > -=7D
> > -
> > -
> > -/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the keyserver has a sec=
ret key
> > - * stored for the caller's effective uid; it returns 0 otherwise
> > - *
> > - * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications =
shouldn't
> > - * be using it, because it allows them to get the user's secret key.=

> > - */
> > -
> > -int
> > -key=5Fsecretkey=5Fis=5Fset(void)
> > -=7B
> > - struct key=5Fnetstres kres;
> > -
> > - memset((void*)&kres, 0, sizeof (kres));
> > - if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid,=
 NULL,
> > - (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &kres) &&
> > - (kres.status =3D=3D KEY=5FSUCCESS) &&
> > - (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B=

> > - /* avoid leaving secret key in memory */
> > - memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES=
);
> > - return (1);
> > - =7D
> > - return (0);
> > -=7D
> > -
> > -int
> > -key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, des=5F=
block *deskey)
> > -=7B
> > - cryptkeyarg2 arg;
> > - cryptkeyres res;
> > -
> > - arg.remotename =3D remotename;
> > - arg.remotekey =3D *remotekey;
> > - arg.deskey =3D *deskey;
> > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5F=
cryptkeyarg2, &arg,
> > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
> > - return (-1);
> > - =7D
> > - if (res.status =21=3D KEY=5FSUCCESS) =7B
> > - debug(=22encrypt status is nonzero=22);
> > - return (-1);
> > - =7D
> > - *deskey =3D res.cryptkeyres=5Fu.deskey;
> > - return (0);
> > -=7D
> > -
> > -int
> > -key=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, des=5F=
block *deskey)
> > -=7B
> > - cryptkeyarg2 arg;
> > - cryptkeyres res;
> > -
> > - arg.remotename =3D remotename;
> > - arg.remotekey =3D *remotekey;
> > - arg.deskey =3D *deskey;
> > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5F=
cryptkeyarg2, &arg,
> > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
> > - return (-1);
> > - =7D
> > - if (res.status =21=3D KEY=5FSUCCESS) =7B
> > - debug(=22decrypt status is nonzero=22);
> > - return (-1);
> > - =7D
> > - *deskey =3D res.cryptkeyres=5Fu.deskey;
> > - return (0);
> > -=7D
> > -
> > -int
> > -key=5Fencryptsession(const char *remotename, des=5Fblock *deskey)
> > +static int
> > +=5F=5Fkey=5Fsetsecret(const char *secretkey)
> > =7B
> > - cryptkeyarg arg;
> > - cryptkeyres res;
> > -
> > - arg.remotename =3D (char *) remotename;
> > - arg.deskey =3D *deskey;
> > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcrypt=
keyarg, &arg,
> > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
> > - return (-1);
> > - =7D
> > - if (res.status =21=3D KEY=5FSUCCESS) =7B
> > - debug(=22encrypt status is nonzero=22);
> > - return (-1);
> > - =7D
> > - *deskey =3D res.cryptkeyres=5Fu.deskey;
> > - return (0);
> > + return (-1);
> > =7D
> > +=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F=
1.0);
> >
> > -int
> > -key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey)
> > +static int
> > +=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void)
> > =7B
> > - cryptkeyarg arg;
> > - cryptkeyres res;
> > -
> > - arg.remotename =3D (char *) remotename;
> > - arg.deskey =3D *deskey;
> > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcrypt=
keyarg, &arg,
> > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B
> > - return (-1);
> > - =7D
> > - if (res.status =21=3D KEY=5FSUCCESS) =7B
> > - debug(=22decrypt status is nonzero=22);
> > - return (-1);
> > - =7D
> > - *deskey =3D res.cryptkeyres=5Fu.deskey;
> > return (0);
> > =7D
> > +=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey=
=5Fis=5Fset, =46BSD=5F1.0);
> >
> > -int
> > -key=5Fgendes(des=5Fblock *key)
> > +static int
> > +=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey,=
 des=5Fblock *deskey)
> > =7B
> > - if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NUL=
L,
> > - (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B
> > - return (-1);
> > - =7D
> > - return (0);
> > + return (-1);
> > =7D
> > +=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptses=
sion=5Fpk, =46BSD=5F1.0);
> >
> > -int
> > -key=5Fsetnet(struct key=5Fnetstarg *arg)
> > +static int
> > +=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey,=
 des=5Fblock *deskey)
> > =7B
> > *** 2726 LINES SKIPPED ***
> >

--689b40a3_2336c6b7_50e
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<html xmlns=3D=22http://www.w3.org/1999/xhtml=22><head> <title></title> <=
meta name=3D=22viewport=22 content=3D=22width=3Ddevice-width, initial-sca=
le=3D1.0, user-scalable=3Dno=22> </head> <body dir=3D=22auto=22><div id=3D=
=22CanaryBody=22> <div> All xservers are affected.=C2=A0</div><div><br></=
div><div>However, upstream already deal with it in commit=C2=A0<span styl=
e=3D=22font-family: system-ui; font-size: 12px;=22>https://gitlab.freedes=
ktop.org/xorg/xserver/-/commit/71b207a2ebc1465c7d9ad9262f60930f6a1d42ee</=
span></div> <div><br></div> </div> <div id=3D=22CanarySig=22> <div> <div =
style=3D=22font-family:Helvetica;=22><div style=3D=22font-family:Helvetic=
a;=22>--<br><div>Dima. (desktop, kde, x11, office, ports-secteam)=40=46re=
eBSD team</div><div>(fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)</d=
iv></div></div> <div><br></div> </div> </div> <div id=3D=22CanaryDropbox=22=
> </div> <blockquote id=3D=22CanaryBlockquote=22> <div> <div>On =D0=B2=D1=
=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, =D0=B0=D0=B2=D0=B3. 12, 2025 at 1:41 P=
M, Dima Panov &lt;<a href=3D=22mailto:fluffy=40=46reeBSD.org=22>fluffy=40=
=46reeBSD.org</a>&gt; wrote:<br></div> <div dir=3D=22auto=22><div id=3D=22=
=22> <div> Hello=21</div><div><br></div><div>This commit breaks x11-serve=
r/xwayland</div><div><br></div><div>=46AILED: os/liblibxserver=5Fos.a.p/r=
pcauth.c.o =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 cc -Ios/liblibxserver=5Fos.a.p -Ios -I../os -I. -I.=
. -IXext -I../Xext -IXi -I../Xi -Icomposite -I../composite -Idamageext -I=
../damageext -Ifb -I../fb -Iglamor -I../glamor -Imi -I../mi -Imiext/damag=
e -I../miext/damage -Imiext/sync -I../miext/sync -Idbe -I../dbe -Idix -I.=
./dix -Idri3 -I../dri3 -Iinclude -I../include -Ipresent -I../present -Ira=
ndr -I../randr -Irender -I../render -Ixfixes -I../xfixes -I/usr/local/inc=
lude -I/usr/local/include/pixman-1 -I/usr/local/include/freetype2 -I/usr/=
local/include/libpng16 -fdiagnostics-color=3Dnever -D=5F=46ILE=5FO=46=46S=
ET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99 -DHAVE=5FDIX=5FCON=46IG=5F=
H -fno-strict-aliasing -fvisibility=3Dhidden -Wall -Wpointer-arith -Wmiss=
ing-declarations -Wformat=3D2 -Wstrict-prototypes -Wmissing-prototypes -W=
nested-externs -Wbad-function-cast -Wold-style-definition -Wunused -Wunin=
itialized -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wredund=
ant-decls -Werror=3Dimplicit -Werror=3Dnonnull -Werror=3Dinit-self -Werro=
r=3Dmain -Werror=3Dmissing-braces -Werror=3Dsequence-point -Werror=3Dretu=
rn-type -Werror=3Dtrigraphs -Werror=3Darray-bounds -Werror=3Dwrite-string=
s -Werror=3Daddress -Werror=3Dint-to-pointer-cast -Werror=3Dpointer-to-in=
t-cast -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -fPIC -D=5F=
THREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5FBSD=5FSOURCE -DHAS=5F=46CHOW=
N -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD -MQ os/liblibxserver=5Fos.a.=
p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p/rpcauth.c.o.d -o os/liblibx=
server=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.c =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ../os/rpcauth.c:110:52: error: incomplete de=
finition of type 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110=
 =7C =C2=A0 =C2=A0 return (((struct authdes=5Fcred *) r.rq=5Fclntcred)-&g=
t;adc=5Ffullname.name); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =7E=7E=7E=7E=7E=7E=7E=7E=
=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=
=7E=7E=7E=7E=7E=7E=5E =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0../os/rpcauth.c:110:22: =
note: forward declaration of 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110 =7C =C2=A0 =C2=A0 return (((str=
uct authdes=5Fcred *) r.rq=5Fclntcred)-&gt;adc=5Ffullname.name); =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=5E =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01 error generated.<br></div><div><b=
r></div> <div><br></div> </div> <div id=3D=22=22> <div> <div style=3D=22f=
ont-family:Helvetica;=22><div style=3D=22font-family:Helvetica;=22>--<br>=
<div>Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team</d=
iv><div>(fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)</div></div></d=
iv> <div><br></div> </div> </div> <div id=3D=22CanaryDropbox=22> </div> <=
blockquote id=3D=22=22> <div> <div>On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=
=D1=81=D0=B5=D0=BD=D1=8C=D0=B5, =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, =
Lexi Winter &lt;<a href=3D=22mailto:ivy=40=46reeBSD.org=22>ivy=40=46reeBS=
D.org</a>&gt; wrote:<br></div> <div>The branch main has been updated by i=
vy: <br> <br>URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298=
b72982189ac1a5b17461936dc00163e <br> <br>commit 7ac276298b72982189ac1a5b1=
7461936dc00163e <br>Author: Lexi Winter &lt;ivy=40=46reeBSD.org&gt; <br>A=
uthorDate: 2025-08-10 12:57:36 +0000 <br>Commit: Lexi Winter &lt;ivy=40=46=
reeBSD.org&gt; <br>CommitDate: 2025-08-10 15:36:40 +0000 <br> <br> Remove=
 Secure RPC DES authentication <br> <br> =46ollowing the earlier removal =
of keyserv, none of this functionality <br> works since it requires keyse=
rv. <br> <br> Remove the relevant symbols from libc's Symbol.map. Leave c=
ompatibility <br> symbols for existing applications, but since the functi=
ons don't work <br> without keyserv, stub them out to return an error. <b=
r> <br> Remove some private symbols that were only used by keyserv; these=
 don't <br> get compatibility symbols. <br> <br> Remove the documentation=
 for the old functions. <br> <br> Remove rpc.ypupdated since it requires =
DES authentication. <br> <br> Reviewed by: manu, des, emaste <br> Differe=
ntial Revision: https://reviews.freebsd.org/D50442 <br>--- <br> Obsolete=46=
iles.inc =7C 4 + <br> include/rpc/auth=5Fdes.h =7C 79 +---- <br> lib/libc=
/rpc/Symbol.map =7C 19 -- <br> lib/libc/rpc/auth=5Fdes.c =7C 455 +-------=
--------------------- <br> lib/libc/rpc/authdes=5Fprot.c =7C 44 +-- <br> =
lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------ <br> lib/li=
bc/rpc/publickey.5 =7C 40 --- <br> lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +-=
---------- <br> lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +- <br> lib/libc/rpc/rpc=5F=
soc.c =7C 31 +- <br> lib/libc/rpc/svc=5Fauth.c =7C 8 - <br> lib/libc/rpc/=
svc=5Fauth=5Fdes.c =7C 460 +----------------------------- <br> lib/librpc=
svc/Makefile =7C 2 +- <br> lib/librpcsvc/yp=5Fupdate.c =7C 199 ----------=
--- <br> libexec/rc/rc.conf =7C 1 - <br> libexec/rc/rc.d/Makefile =7C 1 -=
 <br> libexec/rc/rc.d/ypupdated =7C 35 --- <br> share/man/man5/rc.conf.5 =
=7C 9 +- <br> sys/rpc/auth.h =7C 26 -- <br> tools/build/mk/OptionalObsole=
te=46iles.inc =7C 2 - <br> usr.sbin/Makefile =7C 1 - <br> usr.sbin/rpc.yp=
updated/Makefile =7C 32 --- <br> usr.sbin/rpc.ypupdated/Makefile.depend =7C=
 18 -- <br> usr.sbin/rpc.ypupdated/update.c =7C 328 ---------------------=
 <br> usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 ----- <br> usr.sbin/r=
pc.ypupdated/yp=5Fdbupdate.c =7C 147 ---------- <br> usr.sbin/rpc.ypupdat=
ed/ypupdate =7C 32 --- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C=
 32 --- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 ----------=
--------- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 ------=
--------- <br> 30 files changed, 83 insertions(+), 3118 deletions(-) <br>=
 <br>diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc <br>index ec3=
24e82f86d..a6662d31829f 100644 <br>--- a/Obsolete=46iles.inc <br>+++ b/Ob=
solete=46iles.inc <br>=40=40 -51,6 +51,10 =40=40 <br> =23 xargs -n1 =7C s=
ort =7C uniq -d; <br> =23 done <br> <br>+=23 20250810: Removal of remaini=
ng Secure RPC (DES) bits <br>+OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated <br=
>+OLD=5F=46ILES+=3Detc/rc.d/ypupdated <br>+ <br> =23 20250808: nvmfd remo=
ved from base install <br> OLD=5F=46ILES+=3Dusr/sbin/nvmfd <br> OLD=5F=46=
ILES+=3Dusr/share/man/man8/nvmfd.8.gz <br>diff --git a/include/rpc/auth=5F=
des.h b/include/rpc/auth=5Fdes.h <br>index 0ff43c13139b..1b4943a74b8b 100=
644 <br>--- a/include/rpc/auth=5Fdes.h <br>+++ b/include/rpc/auth=5Fdes.h=
 <br>=40=40 -33,91 +33,14 =40=40 <br> * Copyright (c) 1986 - 1991 by Sun =
Microsystems, Inc. <br> */ <br> <br>-/* <br>- * auth=5Fdes.h, Protocol fo=
r DES style authentication for RPC <br>- */ <br>+/* Note, RPC DES authent=
ication was removed in =46reeBSD 15.0. */ <br> <br> =23ifndef =5FAUTH=5FD=
ES=5F <br> =23define =5FAUTH=5FDES=5F <br> <br>-/* <br>- * There are two =
kinds of =22names=22: fullnames and nicknames <br>- */ <br>-enum authdes=5F=
namekind =7B <br>- ADN=5F=46ULLNAME, <br>- ADN=5FNICKNAME <br>-=7D; <br>-=
 <br>-/* <br>- * A fullname contains the network name of the client, <br>=
- * a conversation key and the window <br>- */ <br>-struct authdes=5Ffull=
name =7B <br>- char *name; /* network name of client, up to MAXNETNAMELEN=
 */ <br>- des=5Fblock key; /* conversation key */ <br>- u=5Flong window; =
/* associated window */ <br>-=7D; <br>- <br>- <br>-/* <br>- * A credentia=
l <br>- */ <br>-struct authdes=5Fcred =7B <br>- enum authdes=5Fnamekind a=
dc=5Fnamekind; <br>- struct authdes=5Ffullname adc=5Ffullname; <br>- u=5F=
long adc=5Fnickname; <br>-=7D; <br>- <br>- <br>- <br>-/* <br>- * A des au=
thentication verifier <br>- */ <br>-struct authdes=5Fverf =7B <br>- union=
 =7B <br>- struct timeval adv=5Fctime; /* clear time */ <br>- des=5Fblock=
 adv=5Fxtime; /* crypt time */ <br>- =7D adv=5Ftime=5Fu; <br>- u=5Flong a=
dv=5Fint=5Fu; <br>-=7D; <br>- <br>-/* <br>- * des authentication verifier=
: client variety <br>- * <br>- * adv=5Ftimestamp is the current time. <br=
>- * adv=5Fwinverf is the credential window + 1. <br>- * Both are encrypt=
ed using the conversation key. <br>- */ <br>-=23define adv=5Ftimestamp ad=
v=5Ftime=5Fu.adv=5Fctime <br>-=23define adv=5Fxtimestamp adv=5Ftime=5Fu.a=
dv=5Fxtime <br>-=23define adv=5Fwinverf adv=5Fint=5Fu <br>- <br>-/* <br>-=
 * des authentication verifier: server variety <br>- * <br>- * adv=5Ftime=
verf is the client's timestamp + client's window <br>- * adv=5Fnickname i=
s the server's nickname for the client. <br>- * adv=5Ftimeverf is encrypt=
ed using the conversation key. <br>- */ <br>-=23define adv=5Ftimeverf adv=
=5Ftime=5Fu.adv=5Fctime <br>-=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=
=5Fxtime <br>-=23define adv=5Fnickname adv=5Fint=5Fu <br>- <br>-/* <br>- =
* Map a des credential into a unix cred. <br>- * <br>- */ <br>-=5F=5FBEGI=
N=5FDECLS <br>-extern int authdes=5Fgetucred( struct authdes=5Fcred *, ui=
d=5Ft *, gid=5Ft *, int *, gid=5Ft * ); <br>-=5F=5FEND=5FDECLS <br>- <br>=
 =5F=5FBEGIN=5FDECLS <br>-extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, str=
uct authdes=5Fcred *); <br>-extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, s=
truct authdes=5Fverf *); <br> extern int rtime(dev=5Ft, struct netbuf *, =
int, struct timeval *, <br> struct timeval *); <br>-extern void kgetnetna=
me(char *); <br>-extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Fre=
q *, struct rpc=5Fmsg *); <br> =5F=5FEND=5FDECLS <br> <br> =23endif /* nd=
ef =5FAUTH=5FDES=5F */ <br>diff --git a/lib/libc/rpc/Symbol.map b/lib/lib=
c/rpc/Symbol.map <br>index 105d6fb6b54e..61e8e084b1e0 100644 <br>--- a/li=
b/libc/rpc/Symbol.map <br>+++ b/lib/libc/rpc/Symbol.map <br>=40=40 -8,13 =
+8,9 =40=40 =46BSD=5F1.0 =7B <br> xdr=5Fdesargs; <br> xdr=5Fdesresp; <br>=
 <br>- authdes=5Fseccreate; <br>- authdes=5Fpk=5Fseccreate; <br> authnone=
=5Fcreate; <br> authunix=5Fcreate; <br> authunix=5Fcreate=5Fdefault; <br>=
- xdr=5Fauthdes=5Fcred; <br>- xdr=5Fauthdes=5Fverf; <br> xdr=5Fauthunix=5F=
parms; <br> bindresvport; <br> bindresvport=5Fsa; <br>=40=40 -58,15 +54,6=
 =40=40 =46BSD=5F1.0 =7B <br> endrpcent; <br> getrpcent; <br> getrpcport;=
 <br>- key=5Fsetsecret; <br>- key=5Fsecretkey=5Fis=5Fset; <br>- key=5Fenc=
ryptsession=5Fpk; <br>- key=5Fdecryptsession=5Fpk; <br>- key=5Fencryptses=
sion; <br>- key=5Fdecryptsession; <br>- key=5Fgendes; <br>- key=5Fsetnet;=
 <br>- key=5Fget=5Fconv; <br> xdr=5Fkeystatus; <br> xdr=5Fkeybuf; <br> xd=
r=5Fnetnamestr; <br>=40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B <br> cal=
lrpc; <br> registerrpc; <br> clnt=5Fbroadcast; <br>- authdes=5Fcreate; <b=
r> clntunix=5Fcreate; <br> svcunix=5Fcreate; <br> svcunixfd=5Fcreate; <br=
>=40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B <br> =5Fauthenticate; <br> =
=5Fsvcauth=5Fnull; <br> svc=5Fauth=5Freg; <br>- =5Fsvcauth=5Fdes; <br>- a=
uthdes=5Fgetucred; <br> =5Fsvcauth=5Funix; <br> =5Fsvcauth=5Fshort; <br> =
svc=5Fdg=5Fcreate; <br>=40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B <br> =
<br> =46BSDprivate=5F1.0 =7B <br> =5F=5Fdes=5Fcrypt=5FLOCAL; <br>- =5F=5F=
key=5Fencryptsession=5Fpk=5FLOCAL; <br>- =5F=5Fkey=5Fdecryptsession=5Fpk=5F=
LOCAL; <br>- =5F=5Fkey=5Fgendes=5FLOCAL; <br> =5F=5Fsvc=5Fclean=5Fidle; <=
br> =5F=5Frpc=5Fgss=5Funwrap; <br> =5F=5Frpc=5Fgss=5Funwrap=5Fstub; <br>d=
iff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c <br>ind=
ex c9b20de25cda..754d55cbed3e 100644 <br>--- a/lib/libc/rpc/auth=5Fdes.c =
<br>+++ b/lib/libc/rpc/auth=5Fdes.c <br>=40=40 -30,463 +30,34 =40=40 <br>=
 /* <br> * Copyright (c) 1988 by Sun Microsystems, Inc. <br> */ <br>+ <br=
> /* <br>- * auth=5Fdes.c, client-side implementation of DES authenticati=
on <br>+ * Secure RPC DES authentication was removed in =46reeBSD 15.0. <=
br>+ * These symbols are provided for backward compatibility, but provide=
 no <br>+ * functionality and will always return an error. <br> */ <br> <=
br> =23include =22namespace.h=22 <br> =23include =22reentrant.h=22 <br>-=23=
include &lt;err.h&gt; <br>-=23include &lt;errno.h&gt; <br>-=23include &lt=
;string.h&gt; <br>-=23include &lt;stdlib.h&gt; <br>-=23include &lt;unistd=
.h&gt; <br>-=23include &lt;rpc/des=5Fcrypt.h&gt; <br>-=23include &lt;sysl=
og.h&gt; <br> =23include &lt;rpc/types.h&gt; <br> =23include &lt;rpc/auth=
.h&gt; <br> =23include &lt;rpc/auth=5Fdes.h&gt; <br>-=23include &lt;rpc/c=
lnt.h&gt; <br>-=23include &lt;rpc/xdr.h&gt; <br>-=23include &lt;sys/socke=
t.h&gt; <br>-=23undef NIS <br> =23include &lt;rpcsvc/nis.h&gt; <br> =23in=
clude =22un-namespace.h=22 <br>-=23include =22mt=5Fmisc.h=22 <br>- <br>-=23=
define USEC=5FPER=5FSEC 1000000 <br>-=23define RTIME=5FTIMEOUT 5 /* secon=
ds to wait for sync */ <br>- <br>-=23define AUTH=5FPRIVATE(auth) (struct =
ad=5Fprivate *) auth-&gt;ah=5Fprivate <br>-=23define ALLOC(object=5Ftype)=
 (object=5Ftype *) mem=5Falloc(sizeof(object=5Ftype)) <br>-=23define =46R=
EE(ptr, size) mem=5Ffree((char *)(ptr), (int) size) <br>-=23define ATTEMP=
T(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) <br>- <br>-extern bool=5F=
t xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *); <br>-extern bool=
=5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *); <br>-extern i=
nt key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *); <br>- <br>=
-extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, nis=5F=
server *, char *, <br>- char **, char **); <br> <br>-/* <br>- * DES authe=
nticator operations vector <br>- */ <br>-static void authdes=5Fnextverf(A=
UTH *); <br>-static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *); <br>-stati=
c bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *); <br>-stati=
c bool=5Ft authdes=5Frefresh(AUTH *, void *); <br>-static void authdes=5F=
destroy(AUTH *); <br>- <br>-static struct auth=5Fops *authdes=5Fops(void)=
; <br>- <br>-/* <br>- * This struct is pointed to by the ah=5Fprivate fie=
ld of an =22AUTH *=22 <br>- */ <br>-struct ad=5Fprivate =7B <br>- char *a=
d=5Ffullname; /* client's full name */ <br>- u=5Fint ad=5Ffullnamelen; /*=
 length of name, rounded up */ <br>- char *ad=5Fservername; /* server's f=
ull name */ <br>- u=5Fint ad=5Fservernamelen; /* length of name, rounded =
up */ <br>- u=5Fint ad=5Fwindow; /* client specified window */ <br>- bool=
=5Ft ad=5Fdosync; /* synchronize=3F */ <br>- struct netbuf ad=5Fsyncaddr;=
 /* remote host to synch with */ <br>- char *ad=5Ftimehost; /* remote hos=
t to synch with */ <br>- struct timeval ad=5Ftimediff; /* server's time -=
 client's time */ <br>- u=5Fint ad=5Fnickname; /* server's nickname for c=
lient */ <br>- struct authdes=5Fcred ad=5Fcred; /* storage for credential=
 */ <br>- struct authdes=5Fverf ad=5Fverf; /* storage for verifier */ <br=
>- struct timeval ad=5Ftimestamp; /* timestamp sent */ <br>- des=5Fblock =
ad=5Fxkey; /* encrypted conversation key */ <br>- u=5Fchar ad=5Fpkey=5B10=
24=5D; /* Server's actual public key */ <br>- char *ad=5Fnetid; /* Timeho=
st netid */ <br>- char *ad=5Fuaddr; /* Timehost uaddr */ <br>- nis=5Fserv=
er *ad=5Fnis=5Fsrvr; /* NIS+ server struct */ <br>-=7D; <br>- <br>-AUTH *=
authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, const char *, <=
br>- const des=5Fblock *, nis=5Fserver *); <br>- <br>-/* <br>- * document=
ed version of authdes=5Fseccreate <br>- */ <br>-/* <br>- servername: netw=
ork name of server <br>- win: time to live <br>- timehost: optional hostn=
ame to sync with <br>- ckey: optional conversation key to use <br>-*/ <br=
>- <br>-AUTH * <br>-authdes=5Fseccreate(const char *servername, const u=5F=
int win, <br>+static AUTH * <br>+=5F=5Fauthdes=5Fseccreate(const char *se=
rvername, const u=5Fint win, <br> const char *timehost, const des=5Fblock=
 *ckey) <br> =7B <br>- u=5Fchar pkey=5Fdata=5B1024=5D; <br>- netobj pkey;=
 <br>- AUTH *dummy; <br>- <br>- if (=21 getpublickey(servername, (char *)=
 pkey=5Fdata)) =7B <br>- syslog(LOG=5FERR, <br>- =22authdes=5Fseccreate: =
no public key found for %s=22, <br>- servername); <br>- return (NULL); <b=
r>- =7D <br>- <br>- pkey.n=5Fbytes =3D (char *) pkey=5Fdata; <br>- pkey.n=
=5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1; <br>- dummy =3D auth=
des=5Fpk=5Fseccreate(servername, &amp;pkey, win, timehost, <br>- ckey, NU=
LL); <br>- return (dummy); <br>-=7D <br>- <br>-/* <br>- * Slightly modifi=
ed version of authdessec=5Fcreate which takes the public key <br>- * of t=
he server principal as an argument. This spares us a call to <br>- * getp=
ublickey() which in the nameserver context can cause a deadlock. <br>- */=
 <br>-AUTH * <br>-authdes=5Fpk=5Fseccreate(const char *servername, netobj=
 *pkey, u=5Fint window, <br>- const char *timehost, const des=5Fblock *ck=
ey, nis=5Fserver *srvr) <br>-=7B <br>- AUTH *auth; <br>- struct ad=5Fpriv=
ate *ad; <br>- char namebuf=5BMAXNETNAMELEN+1=5D; <br>- <br>- /* <br>- * =
Allocate everything now <br>- */ <br>- auth =3D ALLOC(AUTH); <br>- if (au=
th =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: =
out of memory=22); <br>- return (NULL); <br>- =7D <br>- ad =3D ALLOC(stru=
ct ad=5Fprivate); <br>- if (ad =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22=
authdes=5Fpk=5Fseccreate: out of memory=22); <br>- goto failed; <br>- =7D=
 <br>- ad-&gt;ad=5Ffullname =3D ad-&gt;ad=5Fservername =3D NULL; /* Sanit=
y reasons */ <br>- ad-&gt;ad=5Ftimehost =3D NULL; <br>- ad-&gt;ad=5Fnetid=
 =3D NULL; <br>- ad-&gt;ad=5Fuaddr =3D NULL; <br>- ad-&gt;ad=5Fnis=5Fsrvr=
 =3D NULL; <br>- ad-&gt;ad=5Ftimediff.tv=5Fsec =3D 0; <br>- ad-&gt;ad=5Ft=
imediff.tv=5Fusec =3D 0; <br>- memcpy(ad-&gt;ad=5Fpkey, pkey-&gt;n=5Fbyte=
s, pkey-&gt;n=5Flen); <br>- if (=21getnetname(namebuf)) <br>- goto failed=
; <br>- ad-&gt;ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf)); <br=
>- ad-&gt;ad=5Ffullname =3D (char *)mem=5Falloc(ad-&gt;ad=5Ffullnamelen +=
 1); <br>- ad-&gt;ad=5Fservernamelen =3D strlen(servername); <br>- ad-&gt=
;ad=5Fservername =3D (char *)mem=5Falloc(ad-&gt;ad=5Fservernamelen + 1); =
<br>- <br>- if (ad-&gt;ad=5Ffullname =3D=3D NULL =7C=7C ad-&gt;ad=5Fserve=
rname =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fseccreate: ou=
t of memory=22); <br>- goto failed; <br>- =7D <br>- if (timehost =21=3D N=
ULL) =7B <br>- ad-&gt;ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timeho=
st) + 1); <br>- if (ad-&gt;ad=5Ftimehost =3D=3D NULL) =7B <br>- syslog(LO=
G=5FERR, =22authdes=5Fseccreate: out of memory=22); <br>- goto failed; <b=
r>- =7D <br>- memcpy(ad-&gt;ad=5Ftimehost, timehost, strlen(timehost) + 1=
); <br>- ad-&gt;ad=5Fdosync =3D TRUE; <br>- =7D else if (srvr =21=3D NULL=
) =7B <br>- ad-&gt;ad=5Fnis=5Fsrvr =3D srvr; /* transient */ <br>- ad-&gt=
;ad=5Fdosync =3D TRUE; <br>- =7D else =7B <br>- ad-&gt;ad=5Fdosync =3D =46=
ALSE; <br>- =7D <br>- memcpy(ad-&gt;ad=5Ffullname, namebuf, ad-&gt;ad=5Ff=
ullnamelen + 1); <br>- memcpy(ad-&gt;ad=5Fservername, servername, ad-&gt;=
ad=5Fservernamelen + 1); <br>- ad-&gt;ad=5Fwindow =3D window; <br>- if (c=
key =3D=3D NULL) =7B <br>- if (key=5Fgendes(&amp;auth-&gt;ah=5Fkey) &lt; =
0) =7B <br>- syslog(LOG=5FERR, <br>- =22authdes=5Fseccreate: keyserv(1m) =
is unable to generate session key=22); <br>- goto failed; <br>- =7D <br>-=
 =7D else =7B <br>- auth-&gt;ah=5Fkey =3D *ckey; <br>- =7D <br>- <br>- /*=
 <br>- * Set up auth handle <br>- */ <br>- auth-&gt;ah=5Fcred.oa=5Fflavor=
 =3D AUTH=5FDES; <br>- auth-&gt;ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES; <br=
>- auth-&gt;ah=5Fops =3D authdes=5Fops(); <br>- auth-&gt;ah=5Fprivate =3D=
 (caddr=5Ft)ad; <br>- <br>- if (=21authdes=5Frefresh(auth, NULL)) =7B <br=
>- goto failed; <br>- =7D <br>- ad-&gt;ad=5Fnis=5Fsrvr =3D NULL; /* not n=
eeded any longer */ <br>- return (auth); <br>- <br>-failed: <br>- if (aut=
h) <br>- =46REE(auth, sizeof (AUTH)); <br>- if (ad) =7B <br>- if (ad-&gt;=
ad=5Ffullname) <br>- =46REE(ad-&gt;ad=5Ffullname, ad-&gt;ad=5Ffullnamelen=
 + 1); <br>- if (ad-&gt;ad=5Fservername) <br>- =46REE(ad-&gt;ad=5Fservern=
ame, ad-&gt;ad=5Fservernamelen + 1); <br>- if (ad-&gt;ad=5Ftimehost) <br>=
- =46REE(ad-&gt;ad=5Ftimehost, strlen(ad-&gt;ad=5Ftimehost) + 1); <br>- i=
f (ad-&gt;ad=5Fnetid) <br>- =46REE(ad-&gt;ad=5Fnetid, strlen(ad-&gt;ad=5F=
netid) + 1); <br>- if (ad-&gt;ad=5Fuaddr) <br>- =46REE(ad-&gt;ad=5Fuaddr,=
 strlen(ad-&gt;ad=5Fuaddr) + 1); <br>- =46REE(ad, sizeof (struct ad=5Fpri=
vate)); <br>- =7D <br> return (NULL); <br> =7D <br>+=5F=5Fsym=5Fcompat(au=
thdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46BSD=5F1.0); <br> <br>-/*=
 <br>- * Implement the five authentication operations <br>- */ <br>- <br>=
- <br>-/* <br>- * 1. Next Verifier <br>- */ <br>-/*ARGSUSED*/ <br>-static=
 void <br>-authdes=5Fnextverf(AUTH *auth =5F=5Funused) <br>+static AUTH *=
 <br>+=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused,=
 netobj *pkey =5F=5Funused, <br>+ u=5Fint window =5F=5Funused, const char=
 *timehost =5F=5Funused, <br>+ const des=5Fblock *ckey =5F=5Funused, nis=5F=
server *srvr =5F=5Funused) <br> =7B <br>- /* what the heck am I supposed =
to do=3F=3F=3F */ <br>-=7D <br>- <br>- <br>-/* <br>- * 2. Marshal <br>- *=
/ <br>-static bool=5Ft <br>-authdes=5Fmarshal(AUTH *auth, XDR *xdrs) <br>=
-=7B <br>-/* LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D=
 AUTH=5FPRIVATE(auth); <br>- struct authdes=5Fcred *cred =3D &amp;ad-&gt;=
ad=5Fcred; <br>- struct authdes=5Fverf *verf =3D &amp;ad-&gt;ad=5Fverf; <=
br>- des=5Fblock cryptbuf=5B2=5D; <br>- des=5Fblock ivec; <br>- int statu=
s; <br>- int len; <br>- rpc=5Finline=5Ft *ixdr; <br>- <br>- /* <br>- * =46=
igure out the =22time=22, accounting for any time difference <br>- * with=
 the server if necessary. <br>- */ <br>- (void)gettimeofday(&amp;ad-&gt;a=
d=5Ftimestamp, NULL); <br>- ad-&gt;ad=5Ftimestamp.tv=5Fsec +=3D ad-&gt;ad=
=5Ftimediff.tv=5Fsec; <br>- ad-&gt;ad=5Ftimestamp.tv=5Fusec +=3D ad-&gt;a=
d=5Ftimediff.tv=5Fusec; <br>- while (ad-&gt;ad=5Ftimestamp.tv=5Fusec &gt;=
=3D USEC=5FPER=5FSEC) =7B <br>- ad-&gt;ad=5Ftimestamp.tv=5Fusec -=3D USEC=
=5FPER=5FSEC; <br>- ad-&gt;ad=5Ftimestamp.tv=5Fsec++; <br>- =7D <br>- <br=
>- /* <br>- * XDR the timestamp and possibly some other things, then <br>=
- * encrypt them. <br>- */ <br>- ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; <=
br>- IXDR=5FPUT=5FINT32(ixdr, ad-&gt;ad=5Ftimestamp.tv=5Fsec); <br>- IXDR=
=5FPUT=5FINT32(ixdr, ad-&gt;ad=5Ftimestamp.tv=5Fusec); <br>- if (ad-&gt;a=
d=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- IXDR=5FPUT=5FU=
=5FINT32(ixdr, ad-&gt;ad=5Fwindow); <br>- IXDR=5FPUT=5FU=5FINT32(ixdr, ad=
-&gt;ad=5Fwindow - 1); <br>- ivec.key.high =3D ivec.key.low =3D 0; <br>- =
status =3D cbc=5Fcrypt((char *)&amp;auth-&gt;ah=5Fkey, (char *)cryptbuf, =
<br>- (u=5Fint) 2 * sizeof (des=5Fblock), <br>- DES=5FENCRYPT =7C DES=5FH=
W, (char *)&amp;ivec); <br>- =7D else =7B <br>- status =3D ecb=5Fcrypt((c=
har *)&amp;auth-&gt;ah=5Fkey, (char *)cryptbuf, <br>- (u=5Fint) sizeof (d=
es=5Fblock), <br>- DES=5FENCRYPT =7C DES=5FHW); <br>- =7D <br>- if (DES=5F=
=46AILED(status)) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fmarshal: DES e=
ncryption failure=22); <br>- return (=46ALSE); <br>- =7D <br>- ad-&gt;ad=5F=
verf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D; <br>- if (ad-&gt;ad=5Fcred.adc=
=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- ad-&gt;ad=5Fcred.adc=5Fful=
lname.window =3D cryptbuf=5B1=5D.key.high; <br>- ad-&gt;ad=5Fverf.adv=5Fw=
inverf =3D cryptbuf=5B1=5D.key.low; <br>- =7D else =7B <br>- ad-&gt;ad=5F=
cred.adc=5Fnickname =3D ad-&gt;ad=5Fnickname; <br>- ad-&gt;ad=5Fverf.adv=5F=
winverf =3D 0; <br>- =7D <br>- <br>- /* <br>- * Serialize the credential =
and verifier into opaque <br>- * authentication data. <br>- */ <br>- if (=
ad-&gt;ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- len =3D=
 ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad-&gt;ad=5Ffullnamelen); <b=
r>- =7D else =7B <br>- len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; <br>- =7D=
 <br>- <br>- if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT)=
)) =7B <br>- IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); <br>- IXDR=5FPUT=5FINT=
32(ixdr, len); <br>- =7D else =7B <br>- ATTEMPT(xdr=5Fputint32(xdrs, (int=
 *)&amp;auth-&gt;ah=5Fcred.oa=5Fflavor)); <br>- ATTEMPT(xdr=5Fputint32(xd=
rs, &amp;len)); <br>- =7D <br>- ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred))=
; <br>- <br>- len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT; <br>- if ((ixdr =3D=
 xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B <br>- IXDR=5FPUT=5F=
INT32(ixdr, AUTH=5FDES); <br>- IXDR=5FPUT=5FINT32(ixdr, len); <br>- =7D e=
lse =7B <br>- ATTEMPT(xdr=5Fputint32(xdrs, (int *)&amp;auth-&gt;ah=5Fverf=
.oa=5Fflavor)); <br>- ATTEMPT(xdr=5Fputint32(xdrs, &amp;len)); <br>- =7D =
<br>- ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf)); <br>- return (TRUE); <br=
>-=7D <br>- <br>- <br>-/* <br>- * 3. Validate <br>- */ <br>-static bool=5F=
t <br>-authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf) <br>-=7B=
 <br>-/* LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D AU=
TH=5FPRIVATE(auth); <br>- struct authdes=5Fverf verf; <br>- int status; <=
br>- uint32=5Ft *ixdr; <br>- des=5Fblock buf; <br>- <br>- if (rverf-&gt;o=
a=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B <br>- return (=46=
ALSE); <br>- =7D <br>-/* LINTED pointer alignment */ <br>- ixdr =3D (uint=
32=5Ft *)rverf-&gt;oa=5Fbase; <br>- buf.key.high =3D (uint32=5Ft)*ixdr++;=
 <br>- buf.key.low =3D (uint32=5Ft)*ixdr++; <br>- verf.adv=5Fint=5Fu =3D =
(uint32=5Ft)*ixdr++; <br>- <br>- /* <br>- * Decrypt the timestamp <br>- *=
/ <br>- status =3D ecb=5Fcrypt((char *)&amp;auth-&gt;ah=5Fkey, (char *)&a=
mp;buf, <br>- (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW);=
 <br>- <br>- if (DES=5F=46AILED(status)) =7B <br>- syslog(LOG=5FERR, =22a=
uthdes=5Fvalidate: DES decryption failure=22); <br>- return (=46ALSE); <b=
r>- =7D <br>- <br>- /* <br>- * xdr the decrypted timestamp <br>- */ <br>-=
/* LINTED pointer alignment */ <br>- ixdr =3D (uint32=5Ft *)buf.c; <br>- =
verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1; <br>- ver=
f.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr); <br>- <br>- /* =
<br>- * validate <br>- */ <br>- if (bcmp((char *)&amp;ad-&gt;ad=5Ftimesta=
mp, (char *)&amp;verf.adv=5Ftimestamp, <br>- sizeof(struct timeval)) =21=3D=
 0) =7B <br>- syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatc=
h=22); <br>- return (=46ALSE); <br>- =7D <br>- <br>- /* <br>- * We have a=
 nickname now, let's use it <br>- */ <br>- ad-&gt;ad=5Fnickname =3D verf.=
adv=5Fnickname; <br>- ad-&gt;ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME;=
 <br>- return (TRUE); <br>-=7D <br>- <br>-/* <br>- * 4. Refresh <br>- */ =
<br>-/*ARGSUSED*/ <br>-static bool=5Ft <br>-authdes=5Frefresh(AUTH *auth,=
 void *dummy =5F=5Funused) <br>-=7B <br>-/* LINTED pointer alignment */ <=
br>- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); <br>- struct authd=
es=5Fcred *cred =3D &amp;ad-&gt;ad=5Fcred; <br>- int ok; <br>- netobj pke=
y; <br>- <br>- if (ad-&gt;ad=5Fdosync) =7B <br>- ok =3D =5F=5Frpc=5Fget=5F=
time=5Foffset(&amp;ad-&gt;ad=5Ftimediff, ad-&gt;ad=5Fnis=5Fsrvr, <br>- ad=
-&gt;ad=5Ftimehost, &amp;(ad-&gt;ad=5Fuaddr), <br>- &amp;(ad-&gt;ad=5Fnet=
id)); <br>- if (=21 ok) =7B <br>- /* <br>- * Hope the clocks are synced=21=
 <br>- */ <br>- ad-&gt;ad=5Fdosync =3D 0; <br>- syslog(LOG=5FDEBUG, <br>-=
 =22authdes=5Frefresh: unable to synchronize clock=22); <br>- =7D <br>- =7D=
 <br>- ad-&gt;ad=5Fxkey =3D auth-&gt;ah=5Fkey; <br>- pkey.n=5Fbytes =3D (=
char *)(ad-&gt;ad=5Fpkey); <br>- pkey.n=5Flen =3D (u=5Fint)strlen((char *=
)ad-&gt;ad=5Fpkey) + 1; <br>- if (key=5Fencryptsession=5Fpk(ad-&gt;ad=5Fs=
ervername, &amp;pkey, &amp;ad-&gt;ad=5Fxkey) &lt; 0) =7B <br>- syslog(LOG=
=5FIN=46O, <br>- =22authdes=5Frefresh: keyserv(1m) is unable to encrypt s=
ession key=22); <br>- return (=46ALSE); <br>- =7D <br>- cred-&gt;adc=5Ffu=
llname.key =3D ad-&gt;ad=5Fxkey; <br>- cred-&gt;adc=5Fnamekind =3D ADN=5F=
=46ULLNAME; <br>- cred-&gt;adc=5Ffullname.name =3D ad-&gt;ad=5Ffullname; =
<br>- return (TRUE); <br>-=7D <br>- <br>- <br>-/* <br>- * 5. Destroy <br>=
- */ <br>-static void <br>-authdes=5Fdestroy(AUTH *auth) <br>-=7B <br>-/*=
 LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D AUTH=5FPRI=
VATE(auth); <br>- <br>- =46REE(ad-&gt;ad=5Ffullname, ad-&gt;ad=5Ffullname=
len + 1); <br>- =46REE(ad-&gt;ad=5Fservername, ad-&gt;ad=5Fservernamelen =
+ 1); <br>- if (ad-&gt;ad=5Ftimehost) <br>- =46REE(ad-&gt;ad=5Ftimehost, =
strlen(ad-&gt;ad=5Ftimehost) + 1); <br>- if (ad-&gt;ad=5Fnetid) <br>- =46=
REE(ad-&gt;ad=5Fnetid, strlen(ad-&gt;ad=5Fnetid) + 1); <br>- if (ad-&gt;a=
d=5Fuaddr) <br>- =46REE(ad-&gt;ad=5Fuaddr, strlen(ad-&gt;ad=5Fuaddr) + 1)=
; <br>- =46REE(ad, sizeof (struct ad=5Fprivate)); <br>- =46REE(auth, size=
of(AUTH)); <br>-=7D <br>- <br>-static struct auth=5Fops * <br>-authdes=5F=
ops(void) <br>-=7B <br>- static struct auth=5Fops ops; <br>- <br>- /* VAR=
IABLES PROTECTED BY ops=5Flock: ops */ <br>- <br>- mutex=5Flock(&amp;auth=
des=5Fops=5Flock); <br>- if (ops.ah=5Fnextverf =3D=3D NULL) =7B <br>- ops=
.ah=5Fnextverf =3D authdes=5Fnextverf; <br>- ops.ah=5Fmarshal =3D authdes=
=5Fmarshal; <br>- ops.ah=5Fvalidate =3D authdes=5Fvalidate; <br>- ops.ah=5F=
refresh =3D authdes=5Frefresh; <br>- ops.ah=5Fdestroy =3D authdes=5Fdestr=
oy; <br>- =7D <br>- mutex=5Funlock(&amp;authdes=5Fops=5Flock); <br>- retu=
rn (&amp;ops); <br>+ return (NULL); <br> =7D <br>+=5F=5Fsym=5Fcompat(auth=
des=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fseccreate, =46BSD=5F1.0); <br>=
diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fprot.=
c <br>index 79a0e5baa084..56b44daafe41 100644 <br>--- a/lib/libc/rpc/auth=
des=5Fprot.c <br>+++ b/lib/libc/rpc/authdes=5Fprot.c <br>=40=40 -42,44 +4=
2,16 =40=40 <br> =23include &lt;rpc/auth=5Fdes.h&gt; <br> =23include =22u=
n-namespace.h=22 <br> <br>-=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop))=
 return (=46ALSE) <br>- <br>-bool=5Ft <br>-xdr=5Fauthdes=5Fcred(XDR *xdrs=
, struct authdes=5Fcred *cred) <br>+static bool=5Ft <br>+=5F=5Fxdr=5Fauth=
des=5Fcred(XDR *xdrs, void *cred) <br> =7B <br>- enum authdes=5Fnamekind =
*padc=5Fnamekind =3D &amp;cred-&gt;adc=5Fnamekind; <br>- /* <br>- * Unrol=
led xdr <br>- */ <br>- ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamek=
ind)); <br>- switch (cred-&gt;adc=5Fnamekind) =7B <br>- case ADN=5F=46ULL=
NAME: <br>- ATTEMPT(xdr=5Fstring(xdrs, &amp;cred-&gt;adc=5Ffullname.name,=
 <br>- MAXNETNAMELEN)); <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&amp;=
cred-&gt;adc=5Ffullname.key, <br>- sizeof(des=5Fblock))); <br>- ATTEMPT(x=
dr=5Fopaque(xdrs, (caddr=5Ft)&amp;cred-&gt;adc=5Ffullname.window, <br>- s=
izeof(cred-&gt;adc=5Ffullname.window))); <br>- return (TRUE); <br>- case =
ADN=5FNICKNAME: <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&amp;cred-&gt=
;adc=5Fnickname, <br>- sizeof(cred-&gt;adc=5Fnickname))); <br>- return (T=
RUE); <br>- default: <br>- return (=46ALSE); <br>- =7D <br>+ return (=46A=
LSE); <br> =7D <br>+=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5F=
authdes=5Fcred, =46BSD=5F1.0); <br> <br>- <br>-bool=5Ft <br>-xdr=5Fauthde=
s=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf) <br>+static bool=5Ft <br=
>+=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf) <br> =7B <br>- /* <br=
>- * Unrolled xdr <br>- */ <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&a=
mp;verf-&gt;adv=5Fxtimestamp, <br>- sizeof(des=5Fblock))); <br>- ATTEMPT(=
xdr=5Fopaque(xdrs, (caddr=5Ft)&amp;verf-&gt;adv=5Fint=5Fu, <br>- sizeof(v=
erf-&gt;adv=5Fint=5Fu))); <br>- return (TRUE); <br>+ return (=46ALSE); <b=
r> =7D <br>+=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5F=
verf, =46BSD=5F1.0); <br>diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/lib=
c/rpc/key=5Fcall.c <br>index 5c87881c815c..eb274fcfff36 100644 <br>--- a/=
lib/libc/rpc/key=5Fcall.c <br>+++ b/lib/libc/rpc/key=5Fcall.c <br>=40=40 =
-32,426 +32,78 =40=40 <br> */ <br> <br> /* <br>- * key=5Fcall.c, Interfac=
e to keyserver <br>- * <br>- * setsecretkey(key) - set your secret key <b=
r>- * encryptsessionkey(agent, deskey) - encrypt a session key to talk to=
 agent <br>- * decryptsessionkey(agent, deskey) - decrypt ditto <br>- * g=
endeskey(deskey) - generate a secure des key <br>+ * Secure RPC keyserver=
 support was removed in =46reeBSD 15.0. <br>+ * These symbols are provide=
d for backward compatibility, but provide no <br>+ * functionality and wi=
ll always return an error. <br> */ <br> <br> =23include =22namespace.h=22=
 <br> =23include =22reentrant.h=22 <br>-=23include &lt;stdio.h&gt; <br>-=23=
include &lt;stdlib.h&gt; <br>-=23include &lt;unistd.h&gt; <br>-=23include=
 &lt;errno.h&gt; <br> =23include &lt;rpc/rpc.h&gt; <br>-=23include &lt;rp=
c/auth.h&gt; <br>-=23include &lt;rpc/auth=5Funix.h&gt; <br> =23include &l=
t;rpc/key=5Fprot.h&gt; <br>-=23include &lt;string.h&gt; <br>-=23include &=
lt;netconfig.h&gt; <br>-=23include &lt;sys/utsname.h&gt; <br>-=23include =
&lt;stdlib.h&gt; <br>-=23include &lt;signal.h&gt; <br>-=23include &lt;sys=
/wait.h&gt; <br>-=23include &lt;sys/fcntl.h&gt; <br>+=23include &lt;rpc/a=
uth.h&gt; <br> =23include =22un-namespace.h=22 <br> =23include =22mt=5Fmi=
sc.h=22 <br> <br>- <br>-=23define KEY=5FTIMEOUT 5 /* per-try timeout in s=
econds */ <br>-=23define KEY=5FNRETRY 12 /* number of retries */ <br>- <b=
r>-=23ifdef DEBUG <br>-=23define debug(msg) (void) fprintf(stderr, =22%s=5C=
n=22, msg); <br>-=23else <br>-=23define debug(msg) <br>-=23endif /* DEBUG=
 */ <br>- <br>-/* <br>- * Hack to allow the keyserver to use AUTH=5FDES (=
for authenticated <br>- * NIS+ calls, for example). The only functions th=
at get called <br>- * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession=
=5Fpk, and key=5Fgendes. <br>- * <br>- * The approach is to have the keys=
erver fill in pointers to local <br>- * implementations of these function=
s, and to call those in key=5Fcall(). <br>- */ <br>- <br>-cryptkeyres *(*=
=5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *arg) =3D 0; <br>-=
cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *ar=
g) =3D 0; <br>-des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *=
) =3D 0; <br>- <br>-static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *,=
 xdrproc=5Ft, void *); <br>- <br>-int <br>-key=5Fsetsecret(const char *se=
cretkey) <br>-=7B <br>- keystatus status; <br>- <br>- if (=21key=5Fcall((=
u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf, <br>- (void *)secretkey, =
<br>- (xdrproc=5Ft)xdr=5Fkeystatus, &amp;status)) =7B <br>- return (-1); =
<br>- =7D <br>- if (status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22set s=
tatus is nonzero=22); <br>- return (-1); <br>- =7D <br>- return (0); <br>=
-=7D <br>- <br>- <br>-/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the ke=
yserver has a secret key <br>- * stored for the caller's effective uid; i=
t returns 0 otherwise <br>- * <br>- * N.B.: The KEY=5FNET=5FGET key call =
is undocumented. Applications shouldn't <br>- * be using it, because it a=
llows them to get the user's secret key. <br>- */ <br>- <br>-int <br>-key=
=5Fsecretkey=5Fis=5Fset(void) <br>-=7B <br>- struct key=5Fnetstres kres; =
<br>- <br>- memset((void*)&amp;kres, 0, sizeof (kres)); <br>- if (key=5Fc=
all((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid, NULL, <br>- (xdr=
proc=5Ft)xdr=5Fkey=5Fnetstres, &amp;kres) &amp;&amp; <br>- (kres.status =3D=
=3D KEY=5FSUCCESS) &amp;&amp; <br>- (kres.key=5Fnetstres=5Fu.knet.st=5Fpr=
iv=5Fkey=5B0=5D =21=3D 0)) =7B <br>- /* avoid leaving secret key in memor=
y */ <br>- memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEY=
BYTES); <br>- return (1); <br>- =7D <br>- return (0); <br>-=7D <br>- <br>=
-int <br>-key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, =
des=5Fblock *deskey) <br>-=7B <br>- cryptkeyarg2 arg; <br>- cryptkeyres r=
es; <br>- <br>- arg.remotename =3D remotename; <br>- arg.remotekey =3D *r=
emotekey; <br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong=
)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcryptkeyarg2, &amp;arg, <br>- (xd=
rproc=5Ft)xdr=5Fcryptkeyres, &amp;res)) =7B <br>- return (-1); <br>- =7D =
<br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22encrypt sta=
tus is nonzero=22); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cr=
yptkeyres=5Fu.deskey; <br>- return (0); <br>-=7D <br>- <br>-int <br>-key=5F=
decryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fblock *des=
key) <br>-=7B <br>- cryptkeyarg2 arg; <br>- cryptkeyres res; <br>- <br>- =
arg.remotename =3D remotename; <br>- arg.remotekey =3D *remotekey; <br>- =
arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5F=
PK, (xdrproc=5Ft)xdr=5Fcryptkeyarg2, &amp;arg, <br>- (xdrproc=5Ft)xdr=5Fc=
ryptkeyres, &amp;res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.sta=
tus =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22decrypt status is nonzero=22=
); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.des=
key; <br>- return (0); <br>-=7D <br>- <br>-int <br>-key=5Fencryptsession(=
const char *remotename, des=5Fblock *deskey) <br>+static int <br>+=5F=5Fk=
ey=5Fsetsecret(const char *secretkey) <br> =7B <br>- cryptkeyarg arg; <br=
>- cryptkeyres res; <br>- <br>- arg.remotename =3D (char *) remotename; <=
br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FENCR=
YPT, (xdrproc=5Ft)xdr=5Fcryptkeyarg, &amp;arg, <br>- (xdrproc=5Ft)xdr=5Fc=
ryptkeyres, &amp;res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.sta=
tus =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22encrypt status is nonzero=22=
); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.des=
key; <br>- return (0); <br>+ return (-1); <br> =7D <br>+=5F=5Fsym=5Fcompa=
t(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F1.0); <br> <br>-int <b=
r>-key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey) <br>=
+static int <br>+=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void) <br> =7B <br>- cr=
yptkeyarg arg; <br>- cryptkeyres res; <br>- <br>- arg.remotename =3D (cha=
r *) remotename; <br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=
=5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcryptkeyarg, &amp;arg, <br>- (x=
drproc=5Ft)xdr=5Fcryptkeyres, &amp;res)) =7B <br>- return (-1); <br>- =7D=
 <br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22decrypt st=
atus is nonzero=22); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.c=
ryptkeyres=5Fu.deskey; <br> return (0); <br> =7D <br>+=5F=5Fsym=5Fcompat(=
key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey=5Fis=5Fset, =46BSD=5F1.=
0); <br> <br>-int <br>-key=5Fgendes(des=5Fblock *key) <br>+static int <br=
>+=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, de=
s=5Fblock *deskey) <br> =7B <br>- if (=21key=5Fcall((u=5Flong)KEY=5FGEN, =
(xdrproc=5Ft)xdr=5Fvoid, NULL, <br>- (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)=
) =7B <br>- return (-1); <br>- =7D <br>- return (0); <br>+ return (-1); <=
br> =7D <br>+=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fen=
cryptsession=5Fpk, =46BSD=5F1.0); <br> <br>-int <br>-key=5Fsetnet(struct =
key=5Fnetstarg *arg) <br>+static int <br>+=5F=5Fkey=5Fdecryptsession=5Fpk=
(char *remotename, netobj *remotekey, des=5Fblock *deskey) <br> =7B <br>*=
** 2726 LINES SKIPPED *** <br> <br></div> </div> </blockquote> </div> </d=
iv> </blockquote> </body></html>
--689b40a3_2336c6b7_50e--