Date: Tue, 12 Aug 2025 16:24:51 +0300 From: Dima Panov <fluffy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org, Lexi Winter <ivy@FreeBSD.org> Subject: git: 7ac276298b72 - main - Remove Secure RPC DES authentication Message-ID: <8e7a9c07-5efd-4450-a590-a6aeaa59b402@Canary> In-Reply-To: <851c968c-923a-4809-83d4-b0600e70867b@Canary> References: <202508101537.57AFbHrI067216@gitrepo.freebsd.org> <851c968c-923a-4809-83d4-b0600e70867b@Canary>
next in thread | previous in thread | raw e-mail | index | archive | help
--689b40a3_2336c6b7_50e Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All xservers are affected. However, upstream already deal with it in commit https://gitlab.freedeskt= op.org/xorg/xserver/-/commit/71b207a2ebc1465c7d9ad9262f60930f6a1d42ee -- Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team (fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD) > On =D0=B2=D1=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, =D0=B0=D0=B2=D0=B3. 12, = 2025 at 1:41 PM, Dima Panov <fluffy=40=46reeBSD.org (mailto:fluffy=40=46r= eeBSD.org)> wrote: > Hello=21 > > This commit breaks x11-server/xwayland > > =46AILED: os/liblibxserver=5Fos.a.p/rpcauth.c.o cc -Ios/liblibxserver=5F= os.a.p -Ios -I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I= ../composite -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor= -Imi -I../mi -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/sy= nc -Idbe -I../dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include = -Ipresent -I../present -Irandr -I../randr -Irender -I../render -Ixfixes -= I../xfixes -I/usr/local/include -I/usr/local/include/pixman-1 -I/usr/loca= l/include/freetype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dn= ever -D=5F=46ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu9= 9 -DHAVE=5FDIX=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden = -Wall -Wpointer-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-protot= ypes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-styl= e-definition -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissi= ng-format-attribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnul= l -Werror=3Dinit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Ds= equence-point -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-b= ounds -Werror=3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-= cast -Werror=3Dpointer-to-int-cast -O2 -pipe -fstack-protector-strong -fn= o-strict-aliasing -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5F= BSD=5FSOURCE -DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD = -MQ os/liblibxserver=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p= /rpcauth.c.o.d -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.= c ../os/rpcauth.c:110:52: error: incomplete definition of type 'struct au= thdes=5Fcred' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)= ->adc=5Ffullname.name); =7C =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=5E= ../os/rpcauth.c:110:22: note: forward declaration of 'struct authdes=5Fc= red' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ff= ullname.name); =7C =5E 1 error generated. > > > -- > Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team > (fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD) > > > > > On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5= , =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter <ivy=40=46reeBSD.o= rg (mailto:ivy=40=46reeBSD.org)> wrote: > > The branch main has been updated by ivy: > > > > URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298b72982189= ac1a5b17461936dc00163e > > > > commit 7ac276298b72982189ac1a5b17461936dc00163e > > Author: Lexi Winter <ivy=40=46reeBSD.org> > > AuthorDate: 2025-08-10 12:57:36 +0000 > > Commit: Lexi Winter <ivy=40=46reeBSD.org> > > CommitDate: 2025-08-10 15:36:40 +0000 > > > > Remove Secure RPC DES authentication > > > > =46ollowing the earlier removal of keyserv, none of this functionalit= y > > works since it requires keyserv. > > > > Remove the relevant symbols from libc's Symbol.map. Leave compatibili= ty > > symbols for existing applications, but since the functions don't work= > > without keyserv, stub them out to return an error. > > > > Remove some private symbols that were only used by keyserv; these don= 't > > get compatibility symbols. > > > > Remove the documentation for the old functions. > > > > Remove rpc.ypupdated since it requires DES authentication. > > > > Reviewed by: manu, des, emaste > > Differential Revision: https://reviews.freebsd.org/D50442 > > --- > > Obsolete=46iles.inc =7C 4 + > > include/rpc/auth=5Fdes.h =7C 79 +---- > > lib/libc/rpc/Symbol.map =7C 19 -- > > lib/libc/rpc/auth=5Fdes.c =7C 455 +---------------------------- > > lib/libc/rpc/authdes=5Fprot.c =7C 44 +-- > > lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------ > > lib/libc/rpc/publickey.5 =7C 40 --- > > lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +----------- > > lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +- > > lib/libc/rpc/rpc=5Fsoc.c =7C 31 +- > > lib/libc/rpc/svc=5Fauth.c =7C 8 - > > lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +----------------------------= - > > lib/librpcsvc/Makefile =7C 2 +- > > lib/librpcsvc/yp=5Fupdate.c =7C 199 ------------- > > libexec/rc/rc.conf =7C 1 - > > libexec/rc/rc.d/Makefile =7C 1 - > > libexec/rc/rc.d/ypupdated =7C 35 --- > > share/man/man5/rc.conf.5 =7C 9 +- > > sys/rpc/auth.h =7C 26 -- > > tools/build/mk/OptionalObsolete=46iles.inc =7C 2 - > > usr.sbin/Makefile =7C 1 - > > usr.sbin/rpc.ypupdated/Makefile =7C 32 --- > > usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 -- > > usr.sbin/rpc.ypupdated/update.c =7C 328 --------------------- > > usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 ----- > > usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C 147 ---------- > > usr.sbin/rpc.ypupdated/ypupdate =7C 32 --- > > usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 --- > > usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 -------------------= > > usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 --------------- > > 30 files changed, 83 insertions(+), 3118 deletions(-) > > > > diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc > > index ec324e82f86d..a6662d31829f 100644 > > --- a/Obsolete=46iles.inc > > +++ b/Obsolete=46iles.inc > > =40=40 -51,6 +51,10 =40=40 > > =23 xargs -n1 =7C sort =7C uniq -d; > > =23 done > > > > +=23 20250810: Removal of remaining Secure RPC (DES) bits > > +OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated > > +OLD=5F=46ILES+=3Detc/rc.d/ypupdated > > + > > =23 20250808: nvmfd removed from base install > > OLD=5F=46ILES+=3Dusr/sbin/nvmfd > > OLD=5F=46ILES+=3Dusr/share/man/man8/nvmfd.8.gz > > diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fdes.h > > index 0ff43c13139b..1b4943a74b8b 100644 > > --- a/include/rpc/auth=5Fdes.h > > +++ b/include/rpc/auth=5Fdes.h > > =40=40 -33,91 +33,14 =40=40 > > * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. > > */ > > > > -/* > > - * auth=5Fdes.h, Protocol for DES style authentication for RPC > > - */ > > +/* Note, RPC DES authentication was removed in =46reeBSD 15.0. */ > > > > =23ifndef =5FAUTH=5FDES=5F > > =23define =5FAUTH=5FDES=5F > > > > -/* > > - * There are two kinds of =22names=22: fullnames and nicknames > > - */ > > -enum authdes=5Fnamekind =7B > > - ADN=5F=46ULLNAME, > > - ADN=5FNICKNAME > > -=7D; > > - > > -/* > > - * A fullname contains the network name of the client, > > - * a conversation key and the window > > - */ > > -struct authdes=5Ffullname =7B > > - char *name; /* network name of client, up to MAXNETNAMELEN */ > > - des=5Fblock key; /* conversation key */ > > - u=5Flong window; /* associated window */ > > -=7D; > > - > > - > > -/* > > - * A credential > > - */ > > -struct authdes=5Fcred =7B > > - enum authdes=5Fnamekind adc=5Fnamekind; > > - struct authdes=5Ffullname adc=5Ffullname; > > - u=5Flong adc=5Fnickname; > > -=7D; > > - > > - > > - > > -/* > > - * A des authentication verifier > > - */ > > -struct authdes=5Fverf =7B > > - union =7B > > - struct timeval adv=5Fctime; /* clear time */ > > - des=5Fblock adv=5Fxtime; /* crypt time */ > > - =7D adv=5Ftime=5Fu; > > - u=5Flong adv=5Fint=5Fu; > > -=7D; > > - > > -/* > > - * des authentication verifier: client variety > > - * > > - * adv=5Ftimestamp is the current time. > > - * adv=5Fwinverf is the credential window + 1. > > - * Both are encrypted using the conversation key. > > - */ > > -=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime > > -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime > > -=23define adv=5Fwinverf adv=5Fint=5Fu > > - > > -/* > > - * des authentication verifier: server variety > > - * > > - * adv=5Ftimeverf is the client's timestamp + client's window > > - * adv=5Fnickname is the server's nickname for the client. > > - * adv=5Ftimeverf is encrypted using the conversation key. > > - */ > > -=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime > > -=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime > > -=23define adv=5Fnickname adv=5Fint=5Fu > > - > > -/* > > - * Map a des credential into a unix cred. > > - * > > - */ > > -=5F=5FBEGIN=5FDECLS > > -extern int authdes=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, g= id=5Ft *, int *, gid=5Ft * ); > > -=5F=5FEND=5FDECLS > > - > > =5F=5FBEGIN=5FDECLS > > -extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *)= ; > > -extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *)= ; > > extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *, > > struct timeval *); > > -extern void kgetnetname(char *); > > -extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct = rpc=5Fmsg *); > > =5F=5FEND=5FDECLS > > > > =23endif /* ndef =5FAUTH=5FDES=5F */ > > diff --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map > > index 105d6fb6b54e..61e8e084b1e0 100644 > > --- a/lib/libc/rpc/Symbol.map > > +++ b/lib/libc/rpc/Symbol.map > > =40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B > > xdr=5Fdesargs; > > xdr=5Fdesresp; > > > > - authdes=5Fseccreate; > > - authdes=5Fpk=5Fseccreate; > > authnone=5Fcreate; > > authunix=5Fcreate; > > authunix=5Fcreate=5Fdefault; > > - xdr=5Fauthdes=5Fcred; > > - xdr=5Fauthdes=5Fverf; > > xdr=5Fauthunix=5Fparms; > > bindresvport; > > bindresvport=5Fsa; > > =40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B > > endrpcent; > > getrpcent; > > getrpcport; > > - key=5Fsetsecret; > > - key=5Fsecretkey=5Fis=5Fset; > > - key=5Fencryptsession=5Fpk; > > - key=5Fdecryptsession=5Fpk; > > - key=5Fencryptsession; > > - key=5Fdecryptsession; > > - key=5Fgendes; > > - key=5Fsetnet; > > - key=5Fget=5Fconv; > > xdr=5Fkeystatus; > > xdr=5Fkeybuf; > > xdr=5Fnetnamestr; > > =40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B > > callrpc; > > registerrpc; > > clnt=5Fbroadcast; > > - authdes=5Fcreate; > > clntunix=5Fcreate; > > svcunix=5Fcreate; > > svcunixfd=5Fcreate; > > =40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B > > =5Fauthenticate; > > =5Fsvcauth=5Fnull; > > svc=5Fauth=5Freg; > > - =5Fsvcauth=5Fdes; > > - authdes=5Fgetucred; > > =5Fsvcauth=5Funix; > > =5Fsvcauth=5Fshort; > > svc=5Fdg=5Fcreate; > > =40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B > > > > =46BSDprivate=5F1.0 =7B > > =5F=5Fdes=5Fcrypt=5FLOCAL; > > - =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL; > > - =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL; > > - =5F=5Fkey=5Fgendes=5FLOCAL; > > =5F=5Fsvc=5Fclean=5Fidle; > > =5F=5Frpc=5Fgss=5Funwrap; > > =5F=5Frpc=5Fgss=5Funwrap=5Fstub; > > diff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c > > index c9b20de25cda..754d55cbed3e 100644 > > --- a/lib/libc/rpc/auth=5Fdes.c > > +++ b/lib/libc/rpc/auth=5Fdes.c > > =40=40 -30,463 +30,34 =40=40 > > /* > > * Copyright (c) 1988 by Sun Microsystems, Inc. > > */ > > + > > /* > > - * auth=5Fdes.c, client-side implementation of DES authentication > > + * Secure RPC DES authentication was removed in =46reeBSD 15.0. > > + * These symbols are provided for backward compatibility, but provid= e no > > + * functionality and will always return an error. > > */ > > > > =23include =22namespace.h=22 > > =23include =22reentrant.h=22 > > -=23include <err.h> > > -=23include <errno.h> > > -=23include <string.h> > > -=23include <stdlib.h> > > -=23include <unistd.h> > > -=23include <rpc/des=5Fcrypt.h> > > -=23include <syslog.h> > > =23include <rpc/types.h> > > =23include <rpc/auth.h> > > =23include <rpc/auth=5Fdes.h> > > -=23include <rpc/clnt.h> > > -=23include <rpc/xdr.h> > > -=23include <sys/socket.h> > > -=23undef NIS > > =23include <rpcsvc/nis.h> > > =23include =22un-namespace.h=22 > > -=23include =22mt=5Fmisc.h=22 > > - > > -=23define USEC=5FPER=5FSEC 1000000 > > -=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */ > > - > > -=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5Fpr= ivate > > -=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc(sizeof(= object=5Ftype)) > > -=23define =46REE(ptr, size) mem=5Ffree((char *)(ptr), (int) size) > > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > > - > > -extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *= ); > > -extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *= ); > > -extern int key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *= ); > > - > > -extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, ni= s=5Fserver *, char *, > > - char **, char **); > > > > -/* > > - * DES authenticator operations vector > > - */ > > -static void authdes=5Fnextverf(AUTH *); > > -static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *); > > -static bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *); > > -static bool=5Ft authdes=5Frefresh(AUTH *, void *); > > -static void authdes=5Fdestroy(AUTH *); > > - > > -static struct auth=5Fops *authdes=5Fops(void); > > - > > -/* > > - * This struct is pointed to by the ah=5Fprivate field of an =22AUTH= *=22 > > - */ > > -struct ad=5Fprivate =7B > > - char *ad=5Ffullname; /* client's full name */ > > - u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */ > > - char *ad=5Fservername; /* server's full name */ > > - u=5Fint ad=5Fservernamelen; /* length of name, rounded up */ > > - u=5Fint ad=5Fwindow; /* client specified window */ > > - bool=5Ft ad=5Fdosync; /* synchronize=3F */ > > - struct netbuf ad=5Fsyncaddr; /* remote host to synch with */ > > - char *ad=5Ftimehost; /* remote host to synch with */ > > - struct timeval ad=5Ftimediff; /* server's time - client's time */ > > - u=5Fint ad=5Fnickname; /* server's nickname for client */ > > - struct authdes=5Fcred ad=5Fcred; /* storage for credential */ > > - struct authdes=5Fverf ad=5Fverf; /* storage for verifier */ > > - struct timeval ad=5Ftimestamp; /* timestamp sent */ > > - des=5Fblock ad=5Fxkey; /* encrypted conversation key */ > > - u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public key */ > > - char *ad=5Fnetid; /* Timehost netid */ > > - char *ad=5Fuaddr; /* Timehost uaddr */ > > - nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ server struct */ > > -=7D; > > - > > -AUTH *authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, cons= t char *, > > - const des=5Fblock *, nis=5Fserver *); > > - > > -/* > > - * documented version of authdes=5Fseccreate > > - */ > > -/* > > - servername: network name of server > > - win: time to live > > - timehost: optional hostname to sync with > > - ckey: optional conversation key to use > > -*/ > > - > > -AUTH * > > -authdes=5Fseccreate(const char *servername, const u=5Fint win, > > +static AUTH * > > +=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win,= > > const char *timehost, const des=5Fblock *ckey) > > =7B > > - u=5Fchar pkey=5Fdata=5B1024=5D; > > - netobj pkey; > > - AUTH *dummy; > > - > > - if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B > > - syslog(LOG=5FERR, > > - =22authdes=5Fseccreate: no public key found for %s=22, > > - servername); > > - return (NULL); > > - =7D > > - > > - pkey.n=5Fbytes =3D (char *) pkey=5Fdata; > > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1; > > - dummy =3D authdes=5Fpk=5Fseccreate(servername, &pkey, win, timehost= , > > - ckey, NULL); > > - return (dummy); > > -=7D > > - > > -/* > > - * Slightly modified version of authdessec=5Fcreate which takes the = public key > > - * of the server principal as an argument. This spares us a call to > > - * getpublickey() which in the nameserver context can cause a deadlo= ck. > > - */ > > -AUTH * > > -authdes=5Fpk=5Fseccreate(const char *servername, netobj *pkey, u=5Fi= nt window, > > - const char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr) > > -=7B > > - AUTH *auth; > > - struct ad=5Fprivate *ad; > > - char namebuf=5BMAXNETNAMELEN+1=5D; > > - > > - /* > > - * Allocate everything now > > - */ > > - auth =3D ALLOC(AUTH); > > - if (auth =3D=3D NULL) =7B > > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > > - return (NULL); > > - =7D > > - ad =3D ALLOC(struct ad=5Fprivate); > > - if (ad =3D=3D NULL) =7B > > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > > - goto failed; > > - =7D > > - ad->ad=5Ffullname =3D ad->ad=5Fservername =3D NULL; /* Sanity reaso= ns */ > > - ad->ad=5Ftimehost =3D NULL; > > - ad->ad=5Fnetid =3D NULL; > > - ad->ad=5Fuaddr =3D NULL; > > - ad->ad=5Fnis=5Fsrvr =3D NULL; > > - ad->ad=5Ftimediff.tv=5Fsec =3D 0; > > - ad->ad=5Ftimediff.tv=5Fusec =3D 0; > > - memcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen); > > - if (=21getnetname(namebuf)) > > - goto failed; > > - ad->ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf)); > > - ad->ad=5Ffullname =3D (char *)mem=5Falloc(ad->ad=5Ffullnamelen + 1)= ; > > - ad->ad=5Fservernamelen =3D strlen(servername); > > - ad->ad=5Fservername =3D (char *)mem=5Falloc(ad->ad=5Fservernamelen = + 1); > > - > > - if (ad->ad=5Ffullname =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D= NULL) =7B > > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > > - goto failed; > > - =7D > > - if (timehost =21=3D NULL) =7B > > - ad->ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timehost) + 1); > > - if (ad->ad=5Ftimehost =3D=3D NULL) =7B > > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > > - goto failed; > > - =7D > > - memcpy(ad->ad=5Ftimehost, timehost, strlen(timehost) + 1); > > - ad->ad=5Fdosync =3D TRUE; > > - =7D else if (srvr =21=3D NULL) =7B > > - ad->ad=5Fnis=5Fsrvr =3D srvr; /* transient */ > > - ad->ad=5Fdosync =3D TRUE; > > - =7D else =7B > > - ad->ad=5Fdosync =3D =46ALSE; > > - =7D > > - memcpy(ad->ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1); > > - memcpy(ad->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1)= ; > > - ad->ad=5Fwindow =3D window; > > - if (ckey =3D=3D NULL) =7B > > - if (key=5Fgendes(&auth->ah=5Fkey) < 0) =7B > > - syslog(LOG=5FERR, > > - =22authdes=5Fseccreate: keyserv(1m) is unable to generate session k= ey=22); > > - goto failed; > > - =7D > > - =7D else =7B > > - auth->ah=5Fkey =3D *ckey; > > - =7D > > - > > - /* > > - * Set up auth handle > > - */ > > - auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES; > > - auth->ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES; > > - auth->ah=5Fops =3D authdes=5Fops(); > > - auth->ah=5Fprivate =3D (caddr=5Ft)ad; > > - > > - if (=21authdes=5Frefresh(auth, NULL)) =7B > > - goto failed; > > - =7D > > - ad->ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */ > > - return (auth); > > - > > -failed: > > - if (auth) > > - =46REE(auth, sizeof (AUTH)); > > - if (ad) =7B > > - if (ad->ad=5Ffullname) > > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > > - if (ad->ad=5Fservername) > > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > > - if (ad->ad=5Ftimehost) > > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > > - if (ad->ad=5Fnetid) > > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > > - if (ad->ad=5Fuaddr) > > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > > - =46REE(ad, sizeof (struct ad=5Fprivate)); > > - =7D > > return (NULL); > > =7D > > +=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46= BSD=5F1.0); > > > > -/* > > - * Implement the five authentication operations > > - */ > > - > > - > > -/* > > - * 1. Next Verifier > > - */ > > -/*ARGSUSED*/ > > -static void > > -authdes=5Fnextverf(AUTH *auth =5F=5Funused) > > +static AUTH * > > +=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused, = netobj *pkey =5F=5Funused, > > + u=5Fint window =5F=5Funused, const char *timehost =5F=5Funused, > > + const des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funus= ed) > > =7B > > - /* what the heck am I supposed to do=3F=3F=3F */ > > -=7D > > - > > - > > -/* > > - * 2. Marshal > > - */ > > -static bool=5Ft > > -authdes=5Fmarshal(AUTH *auth, XDR *xdrs) > > -=7B > > -/* LINTED pointer alignment */ > > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > > - struct authdes=5Fverf *verf =3D &ad->ad=5Fverf; > > - des=5Fblock cryptbuf=5B2=5D; > > - des=5Fblock ivec; > > - int status; > > - int len; > > - rpc=5Finline=5Ft *ixdr; > > - > > - /* > > - * =46igure out the =22time=22, accounting for any time difference > > - * with the server if necessary. > > - */ > > - (void)gettimeofday(&ad->ad=5Ftimestamp, NULL); > > - ad->ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec; > > - ad->ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec; > > - while (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B > > - ad->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC; > > - ad->ad=5Ftimestamp.tv=5Fsec++; > > - =7D > > - > > - /* > > - * XDR the timestamp and possibly some other things, then > > - * encrypt them. > > - */ > > - ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; > > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fsec); > > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fusec); > > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow); > > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1); > > - ivec.key.high =3D ivec.key.low =3D 0; > > - status =3D cbc=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > > - (u=5Fint) 2 * sizeof (des=5Fblock), > > - DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec); > > - =7D else =7B > > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > > - (u=5Fint) sizeof (des=5Fblock), > > - DES=5FENCRYPT =7C DES=5FHW); > > - =7D > > - if (DES=5F=46AILED(status)) =7B > > - syslog(LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22);= > > - return (=46ALSE); > > - =7D > > - ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D; > > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > > - ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.key.high; > > - ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.low; > > - =7D else =7B > > - ad->ad=5Fcred.adc=5Fnickname =3D ad->ad=5Fnickname; > > - ad->ad=5Fverf.adv=5Fwinverf =3D 0; > > - =7D > > - > > - /* > > - * Serialize the credential and verifier into opaque > > - * authentication data. > > - */ > > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > > - len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad->ad=5Ffullna= melen); > > - =7D else =7B > > - len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > > - =7D > > - > > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > > - IXDR=5FPUT=5FINT32(ixdr, len); > > - =7D else =7B > > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Fflavor));= > > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > > - =7D > > - ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred)); > > - > > - len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > > - IXDR=5FPUT=5FINT32(ixdr, len); > > - =7D else =7B > > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor));= > > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > > - =7D > > - ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf)); > > - return (TRUE); > > -=7D > > - > > - > > -/* > > - * 3. Validate > > - */ > > -static bool=5Ft > > -authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf) > > -=7B > > -/* LINTED pointer alignment */ > > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > > - struct authdes=5Fverf verf; > > - int status; > > - uint32=5Ft *ixdr; > > - des=5Fblock buf; > > - > > - if (rverf->oa=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B= > > - return (=46ALSE); > > - =7D > > -/* LINTED pointer alignment */ > > - ixdr =3D (uint32=5Ft *)rverf->oa=5Fbase; > > - buf.key.high =3D (uint32=5Ft)*ixdr++; > > - buf.key.low =3D (uint32=5Ft)*ixdr++; > > - verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++; > > - > > - /* > > - * Decrypt the timestamp > > - */ > > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)&buf, > > - (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW); > > - > > - if (DES=5F=46AILED(status)) =7B > > - syslog(LOG=5FERR, =22authdes=5Fvalidate: DES decryption failure=22)= ; > > - return (=46ALSE); > > - =7D > > - > > - /* > > - * xdr the decrypted timestamp > > - */ > > -/* LINTED pointer alignment */ > > - ixdr =3D (uint32=5Ft *)buf.c; > > - verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1; > > - verf.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr); > > - > > - /* > > - * validate > > - */ > > - if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5Ftimestamp= , > > - sizeof(struct timeval)) =21=3D 0) =7B > > - syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatch=22); > > - return (=46ALSE); > > - =7D > > - > > - /* > > - * We have a nickname now, let's use it > > - */ > > - ad->ad=5Fnickname =3D verf.adv=5Fnickname; > > - ad->ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME; > > - return (TRUE); > > -=7D > > - > > -/* > > - * 4. Refresh > > - */ > > -/*ARGSUSED*/ > > -static bool=5Ft > > -authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused) > > -=7B > > -/* LINTED pointer alignment */ > > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > > - int ok; > > - netobj pkey; > > - > > - if (ad->ad=5Fdosync) =7B > > - ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->ad=5Ftimediff, ad->ad=5F= nis=5Fsrvr, > > - ad->ad=5Ftimehost, &(ad->ad=5Fuaddr), > > - &(ad->ad=5Fnetid)); > > - if (=21 ok) =7B > > - /* > > - * Hope the clocks are synced=21 > > - */ > > - ad->ad=5Fdosync =3D 0; > > - syslog(LOG=5FDEBUG, > > - =22authdes=5Frefresh: unable to synchronize clock=22); > > - =7D > > - =7D > > - ad->ad=5Fxkey =3D auth->ah=5Fkey; > > - pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey); > > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1; > > - if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &ad->ad=5F= xkey) < 0) =7B > > - syslog(LOG=5FIN=46O, > > - =22authdes=5Frefresh: keyserv(1m) is unable to encrypt session key=22= ); > > - return (=46ALSE); > > - =7D > > - cred->adc=5Ffullname.key =3D ad->ad=5Fxkey; > > - cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME; > > - cred->adc=5Ffullname.name =3D ad->ad=5Ffullname; > > - return (TRUE); > > -=7D > > - > > - > > -/* > > - * 5. Destroy > > - */ > > -static void > > -authdes=5Fdestroy(AUTH *auth) > > -=7B > > -/* LINTED pointer alignment */ > > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > > - > > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > > - if (ad->ad=5Ftimehost) > > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > > - if (ad->ad=5Fnetid) > > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > > - if (ad->ad=5Fuaddr) > > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > > - =46REE(ad, sizeof (struct ad=5Fprivate)); > > - =46REE(auth, sizeof(AUTH)); > > -=7D > > - > > -static struct auth=5Fops * > > -authdes=5Fops(void) > > -=7B > > - static struct auth=5Fops ops; > > - > > - /* VARIABLES PROTECTED BY ops=5Flock: ops */ > > - > > - mutex=5Flock(&authdes=5Fops=5Flock); > > - if (ops.ah=5Fnextverf =3D=3D NULL) =7B > > - ops.ah=5Fnextverf =3D authdes=5Fnextverf; > > - ops.ah=5Fmarshal =3D authdes=5Fmarshal; > > - ops.ah=5Fvalidate =3D authdes=5Fvalidate; > > - ops.ah=5Frefresh =3D authdes=5Frefresh; > > - ops.ah=5Fdestroy =3D authdes=5Fdestroy; > > - =7D > > - mutex=5Funlock(&authdes=5Fops=5Flock); > > - return (&ops); > > + return (NULL); > > =7D > > +=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fse= ccreate, =46BSD=5F1.0); > > diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fp= rot.c > > index 79a0e5baa084..56b44daafe41 100644 > > --- a/lib/libc/rpc/authdes=5Fprot.c > > +++ b/lib/libc/rpc/authdes=5Fprot.c > > =40=40 -42,44 +42,16 =40=40 > > =23include <rpc/auth=5Fdes.h> > > =23include =22un-namespace.h=22 > > > > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > > - > > -bool=5Ft > > -xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred) > > +static bool=5Ft > > +=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cred) > > =7B > > - enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred->adc=5Fnamekind;= > > - /* > > - * Unrolled xdr > > - */ > > - ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind)); > > - switch (cred->adc=5Fnamekind) =7B > > - case ADN=5F=46ULLNAME: > > - ATTEMPT(xdr=5Fstring(xdrs, &cred->adc=5Ffullname.name, > > - MAXNETNAMELEN)); > > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key, > > - sizeof(des=5Fblock))); > > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.window,= > > - sizeof(cred->adc=5Ffullname.window))); > > - return (TRUE); > > - case ADN=5FNICKNAME: > > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname, > > - sizeof(cred->adc=5Fnickname))); > > - return (TRUE); > > - default: > > - return (=46ALSE); > > - =7D > > + return (=46ALSE); > > =7D > > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred,= =46BSD=5F1.0); > > > > - > > -bool=5Ft > > -xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf) > > +static bool=5Ft > > +=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf) > > =7B > > - /* > > - * Unrolled xdr > > - */ > > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp, > > - sizeof(des=5Fblock))); > > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fint=5Fu, > > - sizeof(verf->adv=5Fint=5Fu))); > > - return (TRUE); > > + return (=46ALSE); > > =7D > > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf,= =46BSD=5F1.0); > > diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c > > index 5c87881c815c..eb274fcfff36 100644 > > --- a/lib/libc/rpc/key=5Fcall.c > > +++ b/lib/libc/rpc/key=5Fcall.c > > =40=40 -32,426 +32,78 =40=40 > > */ > > > > /* > > - * key=5Fcall.c, Interface to keyserver > > - * > > - * setsecretkey(key) - set your secret key > > - * encryptsessionkey(agent, deskey) - encrypt a session key to talk = to agent > > - * decryptsessionkey(agent, deskey) - decrypt ditto > > - * gendeskey(deskey) - generate a secure des key > > + * Secure RPC keyserver support was removed in =46reeBSD 15.0. > > + * These symbols are provided for backward compatibility, but provid= e no > > + * functionality and will always return an error. > > */ > > > > =23include =22namespace.h=22 > > =23include =22reentrant.h=22 > > -=23include <stdio.h> > > -=23include <stdlib.h> > > -=23include <unistd.h> > > -=23include <errno.h> > > =23include <rpc/rpc.h> > > -=23include <rpc/auth.h> > > -=23include <rpc/auth=5Funix.h> > > =23include <rpc/key=5Fprot.h> > > -=23include <string.h> > > -=23include <netconfig.h> > > -=23include <sys/utsname.h> > > -=23include <stdlib.h> > > -=23include <signal.h> > > -=23include <sys/wait.h> > > -=23include <sys/fcntl.h> > > +=23include <rpc/auth.h> > > =23include =22un-namespace.h=22 > > =23include =22mt=5Fmisc.h=22 > > > > - > > -=23define KEY=5FTIMEOUT 5 /* per-try timeout in seconds */ > > -=23define KEY=5FNRETRY 12 /* number of retries */ > > - > > -=23ifdef DEBUG > > -=23define debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg); > > -=23else > > -=23define debug(msg) > > -=23endif /* DEBUG */ > > - > > -/* > > - * Hack to allow the keyserver to use AUTH=5FDES (for authenticated > > - * NIS+ calls, for example). The only functions that get called > > - * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key= =5Fgendes. > > - * > > - * The approach is to have the keyserver fill in pointers to local > > - * implementations of these functions, and to call those in key=5Fca= ll(). > > - */ > > - > > -cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, voi= d *arg) =3D 0; > > -cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, voi= d *arg) =3D 0; > > -des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0; > > - > > -static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, v= oid *); > > - > > -int > > -key=5Fsetsecret(const char *secretkey) > > -=7B > > - keystatus status; > > - > > - if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf, > > - (void *)secretkey, > > - (xdrproc=5Ft)xdr=5Fkeystatus, &status)) =7B > > - return (-1); > > - =7D > > - if (status =21=3D KEY=5FSUCCESS) =7B > > - debug(=22set status is nonzero=22); > > - return (-1); > > - =7D > > - return (0); > > -=7D > > - > > - > > -/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the keyserver has a sec= ret key > > - * stored for the caller's effective uid; it returns 0 otherwise > > - * > > - * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications = shouldn't > > - * be using it, because it allows them to get the user's secret key.= > > - */ > > - > > -int > > -key=5Fsecretkey=5Fis=5Fset(void) > > -=7B > > - struct key=5Fnetstres kres; > > - > > - memset((void*)&kres, 0, sizeof (kres)); > > - if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid,= NULL, > > - (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &kres) && > > - (kres.status =3D=3D KEY=5FSUCCESS) && > > - (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B= > > - /* avoid leaving secret key in memory */ > > - memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES= ); > > - return (1); > > - =7D > > - return (0); > > -=7D > > - > > -int > > -key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, des=5F= block *deskey) > > -=7B > > - cryptkeyarg2 arg; > > - cryptkeyres res; > > - > > - arg.remotename =3D remotename; > > - arg.remotekey =3D *remotekey; > > - arg.deskey =3D *deskey; > > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5F= cryptkeyarg2, &arg, > > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > > - return (-1); > > - =7D > > - if (res.status =21=3D KEY=5FSUCCESS) =7B > > - debug(=22encrypt status is nonzero=22); > > - return (-1); > > - =7D > > - *deskey =3D res.cryptkeyres=5Fu.deskey; > > - return (0); > > -=7D > > - > > -int > > -key=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, des=5F= block *deskey) > > -=7B > > - cryptkeyarg2 arg; > > - cryptkeyres res; > > - > > - arg.remotename =3D remotename; > > - arg.remotekey =3D *remotekey; > > - arg.deskey =3D *deskey; > > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5F= cryptkeyarg2, &arg, > > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > > - return (-1); > > - =7D > > - if (res.status =21=3D KEY=5FSUCCESS) =7B > > - debug(=22decrypt status is nonzero=22); > > - return (-1); > > - =7D > > - *deskey =3D res.cryptkeyres=5Fu.deskey; > > - return (0); > > -=7D > > - > > -int > > -key=5Fencryptsession(const char *remotename, des=5Fblock *deskey) > > +static int > > +=5F=5Fkey=5Fsetsecret(const char *secretkey) > > =7B > > - cryptkeyarg arg; > > - cryptkeyres res; > > - > > - arg.remotename =3D (char *) remotename; > > - arg.deskey =3D *deskey; > > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcrypt= keyarg, &arg, > > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > > - return (-1); > > - =7D > > - if (res.status =21=3D KEY=5FSUCCESS) =7B > > - debug(=22encrypt status is nonzero=22); > > - return (-1); > > - =7D > > - *deskey =3D res.cryptkeyres=5Fu.deskey; > > - return (0); > > + return (-1); > > =7D > > +=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F= 1.0); > > > > -int > > -key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey) > > +static int > > +=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void) > > =7B > > - cryptkeyarg arg; > > - cryptkeyres res; > > - > > - arg.remotename =3D (char *) remotename; > > - arg.deskey =3D *deskey; > > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcrypt= keyarg, &arg, > > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > > - return (-1); > > - =7D > > - if (res.status =21=3D KEY=5FSUCCESS) =7B > > - debug(=22decrypt status is nonzero=22); > > - return (-1); > > - =7D > > - *deskey =3D res.cryptkeyres=5Fu.deskey; > > return (0); > > =7D > > +=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey= =5Fis=5Fset, =46BSD=5F1.0); > > > > -int > > -key=5Fgendes(des=5Fblock *key) > > +static int > > +=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey,= des=5Fblock *deskey) > > =7B > > - if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NUL= L, > > - (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B > > - return (-1); > > - =7D > > - return (0); > > + return (-1); > > =7D > > +=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptses= sion=5Fpk, =46BSD=5F1.0); > > > > -int > > -key=5Fsetnet(struct key=5Fnetstarg *arg) > > +static int > > +=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey,= des=5Fblock *deskey) > > =7B > > *** 2726 LINES SKIPPED *** > > --689b40a3_2336c6b7_50e Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22><head>; <title></title> <= meta name=3D=22viewport=22 content=3D=22width=3Ddevice-width, initial-sca= le=3D1.0, user-scalable=3Dno=22> </head> <body dir=3D=22auto=22><div id=3D= =22CanaryBody=22> <div> All xservers are affected.=C2=A0</div><div><br></= div><div>However, upstream already deal with it in commit=C2=A0<span styl= e=3D=22font-family: system-ui; font-size: 12px;=22>https://gitlab.freedes= ktop.org/xorg/xserver/-/commit/71b207a2ebc1465c7d9ad9262f60930f6a1d42ee</= span></div> <div><br></div> </div> <div id=3D=22CanarySig=22> <div> <div = style=3D=22font-family:Helvetica;=22><div style=3D=22font-family:Helvetic= a;=22>--<br><div>Dima. (desktop, kde, x11, office, ports-secteam)=40=46re= eBSD team</div><div>(fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)</d= iv></div></div> <div><br></div> </div> </div> <div id=3D=22CanaryDropbox=22= > </div> <blockquote id=3D=22CanaryBlockquote=22> <div> <div>On =D0=B2=D1= =82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, =D0=B0=D0=B2=D0=B3. 12, 2025 at 1:41 P= M, Dima Panov <<a href=3D=22mailto:fluffy=40=46reeBSD.org=22>fluffy=40= =46reeBSD.org</a>> wrote:<br></div> <div dir=3D=22auto=22><div id=3D=22= =22> <div> Hello=21</div><div><br></div><div>This commit breaks x11-serve= r/xwayland</div><div><br></div><div>=46AILED: os/liblibxserver=5Fos.a.p/r= pcauth.c.o =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 cc -Ios/liblibxserver=5Fos.a.p -Ios -I../os -I. -I.= . -IXext -I../Xext -IXi -I../Xi -Icomposite -I../composite -Idamageext -I= ../damageext -Ifb -I../fb -Iglamor -I../glamor -Imi -I../mi -Imiext/damag= e -I../miext/damage -Imiext/sync -I../miext/sync -Idbe -I../dbe -Idix -I.= ./dix -Idri3 -I../dri3 -Iinclude -I../include -Ipresent -I../present -Ira= ndr -I../randr -Irender -I../render -Ixfixes -I../xfixes -I/usr/local/inc= lude -I/usr/local/include/pixman-1 -I/usr/local/include/freetype2 -I/usr/= local/include/libpng16 -fdiagnostics-color=3Dnever -D=5F=46ILE=5FO=46=46S= ET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99 -DHAVE=5FDIX=5FCON=46IG=5F= H -fno-strict-aliasing -fvisibility=3Dhidden -Wall -Wpointer-arith -Wmiss= ing-declarations -Wformat=3D2 -Wstrict-prototypes -Wmissing-prototypes -W= nested-externs -Wbad-function-cast -Wold-style-definition -Wunused -Wunin= itialized -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wredund= ant-decls -Werror=3Dimplicit -Werror=3Dnonnull -Werror=3Dinit-self -Werro= r=3Dmain -Werror=3Dmissing-braces -Werror=3Dsequence-point -Werror=3Dretu= rn-type -Werror=3Dtrigraphs -Werror=3Darray-bounds -Werror=3Dwrite-string= s -Werror=3Daddress -Werror=3Dint-to-pointer-cast -Werror=3Dpointer-to-in= t-cast -O2 -pipe -fstack-protector-strong -fno-strict-aliasing -fPIC -D=5F= THREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5FBSD=5FSOURCE -DHAS=5F=46CHOW= N -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD -MQ os/liblibxserver=5Fos.a.= p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p/rpcauth.c.o.d -o os/liblibx= server=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.c =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 ../os/rpcauth.c:110:52: error: incomplete de= finition of type 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110= =7C =C2=A0 =C2=A0 return (((struct authdes=5Fcred *) r.rq=5Fclntcred)-&g= t;adc=5Ffullname.name); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=5E =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0../os/rpcauth.c:110:22: = note: forward declaration of 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110 =7C =C2=A0 =C2=A0 return (((str= uct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ffullname.name); =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=5E =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01 error generated.<br></div><div><b= r></div> <div><br></div> </div> <div id=3D=22=22> <div> <div style=3D=22f= ont-family:Helvetica;=22><div style=3D=22font-family:Helvetica;=22>--<br>= <div>Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team</d= iv><div>(fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD)</div></div></d= iv> <div><br></div> </div> </div> <div id=3D=22CanaryDropbox=22> </div> <= blockquote id=3D=22=22> <div> <div>On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5= =D1=81=D0=B5=D0=BD=D1=8C=D0=B5, =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, = Lexi Winter <<a href=3D=22mailto:ivy=40=46reeBSD.org=22>ivy=40=46reeBS= D.org</a>> wrote:<br></div> <div>The branch main has been updated by i= vy: <br> <br>URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298= b72982189ac1a5b17461936dc00163e <br> <br>commit 7ac276298b72982189ac1a5b1= 7461936dc00163e <br>Author: Lexi Winter <ivy=40=46reeBSD.org> <br>A= uthorDate: 2025-08-10 12:57:36 +0000 <br>Commit: Lexi Winter <ivy=40=46= reeBSD.org> <br>CommitDate: 2025-08-10 15:36:40 +0000 <br> <br> Remove= Secure RPC DES authentication <br> <br> =46ollowing the earlier removal = of keyserv, none of this functionality <br> works since it requires keyse= rv. <br> <br> Remove the relevant symbols from libc's Symbol.map. Leave c= ompatibility <br> symbols for existing applications, but since the functi= ons don't work <br> without keyserv, stub them out to return an error. <b= r> <br> Remove some private symbols that were only used by keyserv; these= don't <br> get compatibility symbols. <br> <br> Remove the documentation= for the old functions. <br> <br> Remove rpc.ypupdated since it requires = DES authentication. <br> <br> Reviewed by: manu, des, emaste <br> Differe= ntial Revision: https://reviews.freebsd.org/D50442 <br>--- <br> Obsolete=46= iles.inc =7C 4 + <br> include/rpc/auth=5Fdes.h =7C 79 +---- <br> lib/libc= /rpc/Symbol.map =7C 19 -- <br> lib/libc/rpc/auth=5Fdes.c =7C 455 +-------= --------------------- <br> lib/libc/rpc/authdes=5Fprot.c =7C 44 +-- <br> = lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------ <br> lib/li= bc/rpc/publickey.5 =7C 40 --- <br> lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +-= ---------- <br> lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +- <br> lib/libc/rpc/rpc=5F= soc.c =7C 31 +- <br> lib/libc/rpc/svc=5Fauth.c =7C 8 - <br> lib/libc/rpc/= svc=5Fauth=5Fdes.c =7C 460 +----------------------------- <br> lib/librpc= svc/Makefile =7C 2 +- <br> lib/librpcsvc/yp=5Fupdate.c =7C 199 ----------= --- <br> libexec/rc/rc.conf =7C 1 - <br> libexec/rc/rc.d/Makefile =7C 1 -= <br> libexec/rc/rc.d/ypupdated =7C 35 --- <br> share/man/man5/rc.conf.5 = =7C 9 +- <br> sys/rpc/auth.h =7C 26 -- <br> tools/build/mk/OptionalObsole= te=46iles.inc =7C 2 - <br> usr.sbin/Makefile =7C 1 - <br> usr.sbin/rpc.yp= updated/Makefile =7C 32 --- <br> usr.sbin/rpc.ypupdated/Makefile.depend =7C= 18 -- <br> usr.sbin/rpc.ypupdated/update.c =7C 328 ---------------------= <br> usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 ----- <br> usr.sbin/r= pc.ypupdated/yp=5Fdbupdate.c =7C 147 ---------- <br> usr.sbin/rpc.ypupdat= ed/ypupdate =7C 32 --- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C= 32 --- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 ----------= --------- <br> usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 ------= --------- <br> 30 files changed, 83 insertions(+), 3118 deletions(-) <br>= <br>diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc <br>index ec3= 24e82f86d..a6662d31829f 100644 <br>--- a/Obsolete=46iles.inc <br>+++ b/Ob= solete=46iles.inc <br>=40=40 -51,6 +51,10 =40=40 <br> =23 xargs -n1 =7C s= ort =7C uniq -d; <br> =23 done <br> <br>+=23 20250810: Removal of remaini= ng Secure RPC (DES) bits <br>+OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated <br= >+OLD=5F=46ILES+=3Detc/rc.d/ypupdated <br>+ <br> =23 20250808: nvmfd remo= ved from base install <br> OLD=5F=46ILES+=3Dusr/sbin/nvmfd <br> OLD=5F=46= ILES+=3Dusr/share/man/man8/nvmfd.8.gz <br>diff --git a/include/rpc/auth=5F= des.h b/include/rpc/auth=5Fdes.h <br>index 0ff43c13139b..1b4943a74b8b 100= 644 <br>--- a/include/rpc/auth=5Fdes.h <br>+++ b/include/rpc/auth=5Fdes.h= <br>=40=40 -33,91 +33,14 =40=40 <br> * Copyright (c) 1986 - 1991 by Sun = Microsystems, Inc. <br> */ <br> <br>-/* <br>- * auth=5Fdes.h, Protocol fo= r DES style authentication for RPC <br>- */ <br>+/* Note, RPC DES authent= ication was removed in =46reeBSD 15.0. */ <br> <br> =23ifndef =5FAUTH=5FD= ES=5F <br> =23define =5FAUTH=5FDES=5F <br> <br>-/* <br>- * There are two = kinds of =22names=22: fullnames and nicknames <br>- */ <br>-enum authdes=5F= namekind =7B <br>- ADN=5F=46ULLNAME, <br>- ADN=5FNICKNAME <br>-=7D; <br>-= <br>-/* <br>- * A fullname contains the network name of the client, <br>= - * a conversation key and the window <br>- */ <br>-struct authdes=5Ffull= name =7B <br>- char *name; /* network name of client, up to MAXNETNAMELEN= */ <br>- des=5Fblock key; /* conversation key */ <br>- u=5Flong window; = /* associated window */ <br>-=7D; <br>- <br>- <br>-/* <br>- * A credentia= l <br>- */ <br>-struct authdes=5Fcred =7B <br>- enum authdes=5Fnamekind a= dc=5Fnamekind; <br>- struct authdes=5Ffullname adc=5Ffullname; <br>- u=5F= long adc=5Fnickname; <br>-=7D; <br>- <br>- <br>- <br>-/* <br>- * A des au= thentication verifier <br>- */ <br>-struct authdes=5Fverf =7B <br>- union= =7B <br>- struct timeval adv=5Fctime; /* clear time */ <br>- des=5Fblock= adv=5Fxtime; /* crypt time */ <br>- =7D adv=5Ftime=5Fu; <br>- u=5Flong a= dv=5Fint=5Fu; <br>-=7D; <br>- <br>-/* <br>- * des authentication verifier= : client variety <br>- * <br>- * adv=5Ftimestamp is the current time. <br= >- * adv=5Fwinverf is the credential window + 1. <br>- * Both are encrypt= ed using the conversation key. <br>- */ <br>-=23define adv=5Ftimestamp ad= v=5Ftime=5Fu.adv=5Fctime <br>-=23define adv=5Fxtimestamp adv=5Ftime=5Fu.a= dv=5Fxtime <br>-=23define adv=5Fwinverf adv=5Fint=5Fu <br>- <br>-/* <br>-= * des authentication verifier: server variety <br>- * <br>- * adv=5Ftime= verf is the client's timestamp + client's window <br>- * adv=5Fnickname i= s the server's nickname for the client. <br>- * adv=5Ftimeverf is encrypt= ed using the conversation key. <br>- */ <br>-=23define adv=5Ftimeverf adv= =5Ftime=5Fu.adv=5Fctime <br>-=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv= =5Fxtime <br>-=23define adv=5Fnickname adv=5Fint=5Fu <br>- <br>-/* <br>- = * Map a des credential into a unix cred. <br>- * <br>- */ <br>-=5F=5FBEGI= N=5FDECLS <br>-extern int authdes=5Fgetucred( struct authdes=5Fcred *, ui= d=5Ft *, gid=5Ft *, int *, gid=5Ft * ); <br>-=5F=5FEND=5FDECLS <br>- <br>= =5F=5FBEGIN=5FDECLS <br>-extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, str= uct authdes=5Fcred *); <br>-extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, s= truct authdes=5Fverf *); <br> extern int rtime(dev=5Ft, struct netbuf *, = int, struct timeval *, <br> struct timeval *); <br>-extern void kgetnetna= me(char *); <br>-extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Fre= q *, struct rpc=5Fmsg *); <br> =5F=5FEND=5FDECLS <br> <br> =23endif /* nd= ef =5FAUTH=5FDES=5F */ <br>diff --git a/lib/libc/rpc/Symbol.map b/lib/lib= c/rpc/Symbol.map <br>index 105d6fb6b54e..61e8e084b1e0 100644 <br>--- a/li= b/libc/rpc/Symbol.map <br>+++ b/lib/libc/rpc/Symbol.map <br>=40=40 -8,13 = +8,9 =40=40 =46BSD=5F1.0 =7B <br> xdr=5Fdesargs; <br> xdr=5Fdesresp; <br>= <br>- authdes=5Fseccreate; <br>- authdes=5Fpk=5Fseccreate; <br> authnone= =5Fcreate; <br> authunix=5Fcreate; <br> authunix=5Fcreate=5Fdefault; <br>= - xdr=5Fauthdes=5Fcred; <br>- xdr=5Fauthdes=5Fverf; <br> xdr=5Fauthunix=5F= parms; <br> bindresvport; <br> bindresvport=5Fsa; <br>=40=40 -58,15 +54,6= =40=40 =46BSD=5F1.0 =7B <br> endrpcent; <br> getrpcent; <br> getrpcport;= <br>- key=5Fsetsecret; <br>- key=5Fsecretkey=5Fis=5Fset; <br>- key=5Fenc= ryptsession=5Fpk; <br>- key=5Fdecryptsession=5Fpk; <br>- key=5Fencryptses= sion; <br>- key=5Fdecryptsession; <br>- key=5Fgendes; <br>- key=5Fsetnet;= <br>- key=5Fget=5Fconv; <br> xdr=5Fkeystatus; <br> xdr=5Fkeybuf; <br> xd= r=5Fnetnamestr; <br>=40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B <br> cal= lrpc; <br> registerrpc; <br> clnt=5Fbroadcast; <br>- authdes=5Fcreate; <b= r> clntunix=5Fcreate; <br> svcunix=5Fcreate; <br> svcunixfd=5Fcreate; <br= >=40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B <br> =5Fauthenticate; <br> = =5Fsvcauth=5Fnull; <br> svc=5Fauth=5Freg; <br>- =5Fsvcauth=5Fdes; <br>- a= uthdes=5Fgetucred; <br> =5Fsvcauth=5Funix; <br> =5Fsvcauth=5Fshort; <br> = svc=5Fdg=5Fcreate; <br>=40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B <br> = <br> =46BSDprivate=5F1.0 =7B <br> =5F=5Fdes=5Fcrypt=5FLOCAL; <br>- =5F=5F= key=5Fencryptsession=5Fpk=5FLOCAL; <br>- =5F=5Fkey=5Fdecryptsession=5Fpk=5F= LOCAL; <br>- =5F=5Fkey=5Fgendes=5FLOCAL; <br> =5F=5Fsvc=5Fclean=5Fidle; <= br> =5F=5Frpc=5Fgss=5Funwrap; <br> =5F=5Frpc=5Fgss=5Funwrap=5Fstub; <br>d= iff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c <br>ind= ex c9b20de25cda..754d55cbed3e 100644 <br>--- a/lib/libc/rpc/auth=5Fdes.c = <br>+++ b/lib/libc/rpc/auth=5Fdes.c <br>=40=40 -30,463 +30,34 =40=40 <br>= /* <br> * Copyright (c) 1988 by Sun Microsystems, Inc. <br> */ <br>+ <br= > /* <br>- * auth=5Fdes.c, client-side implementation of DES authenticati= on <br>+ * Secure RPC DES authentication was removed in =46reeBSD 15.0. <= br>+ * These symbols are provided for backward compatibility, but provide= no <br>+ * functionality and will always return an error. <br> */ <br> <= br> =23include =22namespace.h=22 <br> =23include =22reentrant.h=22 <br>-=23= include <err.h> <br>-=23include <errno.h> <br>-=23include <= ;string.h> <br>-=23include <stdlib.h> <br>-=23include <unistd= .h> <br>-=23include <rpc/des=5Fcrypt.h> <br>-=23include <sysl= og.h> <br> =23include <rpc/types.h> <br> =23include <rpc/auth= .h> <br> =23include <rpc/auth=5Fdes.h> <br>-=23include <rpc/c= lnt.h> <br>-=23include <rpc/xdr.h> <br>-=23include <sys/socke= t.h> <br>-=23undef NIS <br> =23include <rpcsvc/nis.h> <br> =23in= clude =22un-namespace.h=22 <br>-=23include =22mt=5Fmisc.h=22 <br>- <br>-=23= define USEC=5FPER=5FSEC 1000000 <br>-=23define RTIME=5FTIMEOUT 5 /* secon= ds to wait for sync */ <br>- <br>-=23define AUTH=5FPRIVATE(auth) (struct = ad=5Fprivate *) auth->ah=5Fprivate <br>-=23define ALLOC(object=5Ftype)= (object=5Ftype *) mem=5Falloc(sizeof(object=5Ftype)) <br>-=23define =46R= EE(ptr, size) mem=5Ffree((char *)(ptr), (int) size) <br>-=23define ATTEMP= T(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) <br>- <br>-extern bool=5F= t xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *); <br>-extern bool= =5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *); <br>-extern i= nt key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *); <br>- <br>= -extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, nis=5F= server *, char *, <br>- char **, char **); <br> <br>-/* <br>- * DES authe= nticator operations vector <br>- */ <br>-static void authdes=5Fnextverf(A= UTH *); <br>-static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *); <br>-stati= c bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *); <br>-stati= c bool=5Ft authdes=5Frefresh(AUTH *, void *); <br>-static void authdes=5F= destroy(AUTH *); <br>- <br>-static struct auth=5Fops *authdes=5Fops(void)= ; <br>- <br>-/* <br>- * This struct is pointed to by the ah=5Fprivate fie= ld of an =22AUTH *=22 <br>- */ <br>-struct ad=5Fprivate =7B <br>- char *a= d=5Ffullname; /* client's full name */ <br>- u=5Fint ad=5Ffullnamelen; /*= length of name, rounded up */ <br>- char *ad=5Fservername; /* server's f= ull name */ <br>- u=5Fint ad=5Fservernamelen; /* length of name, rounded = up */ <br>- u=5Fint ad=5Fwindow; /* client specified window */ <br>- bool= =5Ft ad=5Fdosync; /* synchronize=3F */ <br>- struct netbuf ad=5Fsyncaddr;= /* remote host to synch with */ <br>- char *ad=5Ftimehost; /* remote hos= t to synch with */ <br>- struct timeval ad=5Ftimediff; /* server's time -= client's time */ <br>- u=5Fint ad=5Fnickname; /* server's nickname for c= lient */ <br>- struct authdes=5Fcred ad=5Fcred; /* storage for credential= */ <br>- struct authdes=5Fverf ad=5Fverf; /* storage for verifier */ <br= >- struct timeval ad=5Ftimestamp; /* timestamp sent */ <br>- des=5Fblock = ad=5Fxkey; /* encrypted conversation key */ <br>- u=5Fchar ad=5Fpkey=5B10= 24=5D; /* Server's actual public key */ <br>- char *ad=5Fnetid; /* Timeho= st netid */ <br>- char *ad=5Fuaddr; /* Timehost uaddr */ <br>- nis=5Fserv= er *ad=5Fnis=5Fsrvr; /* NIS+ server struct */ <br>-=7D; <br>- <br>-AUTH *= authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, const char *, <= br>- const des=5Fblock *, nis=5Fserver *); <br>- <br>-/* <br>- * document= ed version of authdes=5Fseccreate <br>- */ <br>-/* <br>- servername: netw= ork name of server <br>- win: time to live <br>- timehost: optional hostn= ame to sync with <br>- ckey: optional conversation key to use <br>-*/ <br= >- <br>-AUTH * <br>-authdes=5Fseccreate(const char *servername, const u=5F= int win, <br>+static AUTH * <br>+=5F=5Fauthdes=5Fseccreate(const char *se= rvername, const u=5Fint win, <br> const char *timehost, const des=5Fblock= *ckey) <br> =7B <br>- u=5Fchar pkey=5Fdata=5B1024=5D; <br>- netobj pkey;= <br>- AUTH *dummy; <br>- <br>- if (=21 getpublickey(servername, (char *)= pkey=5Fdata)) =7B <br>- syslog(LOG=5FERR, <br>- =22authdes=5Fseccreate: = no public key found for %s=22, <br>- servername); <br>- return (NULL); <b= r>- =7D <br>- <br>- pkey.n=5Fbytes =3D (char *) pkey=5Fdata; <br>- pkey.n= =5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1; <br>- dummy =3D auth= des=5Fpk=5Fseccreate(servername, &pkey, win, timehost, <br>- ckey, NU= LL); <br>- return (dummy); <br>-=7D <br>- <br>-/* <br>- * Slightly modifi= ed version of authdessec=5Fcreate which takes the public key <br>- * of t= he server principal as an argument. This spares us a call to <br>- * getp= ublickey() which in the nameserver context can cause a deadlock. <br>- */= <br>-AUTH * <br>-authdes=5Fpk=5Fseccreate(const char *servername, netobj= *pkey, u=5Fint window, <br>- const char *timehost, const des=5Fblock *ck= ey, nis=5Fserver *srvr) <br>-=7B <br>- AUTH *auth; <br>- struct ad=5Fpriv= ate *ad; <br>- char namebuf=5BMAXNETNAMELEN+1=5D; <br>- <br>- /* <br>- * = Allocate everything now <br>- */ <br>- auth =3D ALLOC(AUTH); <br>- if (au= th =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: = out of memory=22); <br>- return (NULL); <br>- =7D <br>- ad =3D ALLOC(stru= ct ad=5Fprivate); <br>- if (ad =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22= authdes=5Fpk=5Fseccreate: out of memory=22); <br>- goto failed; <br>- =7D= <br>- ad->ad=5Ffullname =3D ad->ad=5Fservername =3D NULL; /* Sanit= y reasons */ <br>- ad->ad=5Ftimehost =3D NULL; <br>- ad->ad=5Fnetid= =3D NULL; <br>- ad->ad=5Fuaddr =3D NULL; <br>- ad->ad=5Fnis=5Fsrvr= =3D NULL; <br>- ad->ad=5Ftimediff.tv=5Fsec =3D 0; <br>- ad->ad=5Ft= imediff.tv=5Fusec =3D 0; <br>- memcpy(ad->ad=5Fpkey, pkey->n=5Fbyte= s, pkey->n=5Flen); <br>- if (=21getnetname(namebuf)) <br>- goto failed= ; <br>- ad->ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf)); <br= >- ad->ad=5Ffullname =3D (char *)mem=5Falloc(ad->ad=5Ffullnamelen += 1); <br>- ad->ad=5Fservernamelen =3D strlen(servername); <br>- ad->= ;ad=5Fservername =3D (char *)mem=5Falloc(ad->ad=5Fservernamelen + 1); = <br>- <br>- if (ad->ad=5Ffullname =3D=3D NULL =7C=7C ad->ad=5Fserve= rname =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fseccreate: ou= t of memory=22); <br>- goto failed; <br>- =7D <br>- if (timehost =21=3D N= ULL) =7B <br>- ad->ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timeho= st) + 1); <br>- if (ad->ad=5Ftimehost =3D=3D NULL) =7B <br>- syslog(LO= G=5FERR, =22authdes=5Fseccreate: out of memory=22); <br>- goto failed; <b= r>- =7D <br>- memcpy(ad->ad=5Ftimehost, timehost, strlen(timehost) + 1= ); <br>- ad->ad=5Fdosync =3D TRUE; <br>- =7D else if (srvr =21=3D NULL= ) =7B <br>- ad->ad=5Fnis=5Fsrvr =3D srvr; /* transient */ <br>- ad->= ;ad=5Fdosync =3D TRUE; <br>- =7D else =7B <br>- ad->ad=5Fdosync =3D =46= ALSE; <br>- =7D <br>- memcpy(ad->ad=5Ffullname, namebuf, ad->ad=5Ff= ullnamelen + 1); <br>- memcpy(ad->ad=5Fservername, servername, ad->= ad=5Fservernamelen + 1); <br>- ad->ad=5Fwindow =3D window; <br>- if (c= key =3D=3D NULL) =7B <br>- if (key=5Fgendes(&auth->ah=5Fkey) < = 0) =7B <br>- syslog(LOG=5FERR, <br>- =22authdes=5Fseccreate: keyserv(1m) = is unable to generate session key=22); <br>- goto failed; <br>- =7D <br>-= =7D else =7B <br>- auth->ah=5Fkey =3D *ckey; <br>- =7D <br>- <br>- /*= <br>- * Set up auth handle <br>- */ <br>- auth->ah=5Fcred.oa=5Fflavor= =3D AUTH=5FDES; <br>- auth->ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES; <br= >- auth->ah=5Fops =3D authdes=5Fops(); <br>- auth->ah=5Fprivate =3D= (caddr=5Ft)ad; <br>- <br>- if (=21authdes=5Frefresh(auth, NULL)) =7B <br= >- goto failed; <br>- =7D <br>- ad->ad=5Fnis=5Fsrvr =3D NULL; /* not n= eeded any longer */ <br>- return (auth); <br>- <br>-failed: <br>- if (aut= h) <br>- =46REE(auth, sizeof (AUTH)); <br>- if (ad) =7B <br>- if (ad->= ad=5Ffullname) <br>- =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen= + 1); <br>- if (ad->ad=5Fservername) <br>- =46REE(ad->ad=5Fservern= ame, ad->ad=5Fservernamelen + 1); <br>- if (ad->ad=5Ftimehost) <br>= - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); <br>- i= f (ad->ad=5Fnetid) <br>- =46REE(ad->ad=5Fnetid, strlen(ad->ad=5F= netid) + 1); <br>- if (ad->ad=5Fuaddr) <br>- =46REE(ad->ad=5Fuaddr,= strlen(ad->ad=5Fuaddr) + 1); <br>- =46REE(ad, sizeof (struct ad=5Fpri= vate)); <br>- =7D <br> return (NULL); <br> =7D <br>+=5F=5Fsym=5Fcompat(au= thdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46BSD=5F1.0); <br> <br>-/*= <br>- * Implement the five authentication operations <br>- */ <br>- <br>= - <br>-/* <br>- * 1. Next Verifier <br>- */ <br>-/*ARGSUSED*/ <br>-static= void <br>-authdes=5Fnextverf(AUTH *auth =5F=5Funused) <br>+static AUTH *= <br>+=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused,= netobj *pkey =5F=5Funused, <br>+ u=5Fint window =5F=5Funused, const char= *timehost =5F=5Funused, <br>+ const des=5Fblock *ckey =5F=5Funused, nis=5F= server *srvr =5F=5Funused) <br> =7B <br>- /* what the heck am I supposed = to do=3F=3F=3F */ <br>-=7D <br>- <br>- <br>-/* <br>- * 2. Marshal <br>- *= / <br>-static bool=5Ft <br>-authdes=5Fmarshal(AUTH *auth, XDR *xdrs) <br>= -=7B <br>-/* LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D= AUTH=5FPRIVATE(auth); <br>- struct authdes=5Fcred *cred =3D &ad->= ad=5Fcred; <br>- struct authdes=5Fverf *verf =3D &ad->ad=5Fverf; <= br>- des=5Fblock cryptbuf=5B2=5D; <br>- des=5Fblock ivec; <br>- int statu= s; <br>- int len; <br>- rpc=5Finline=5Ft *ixdr; <br>- <br>- /* <br>- * =46= igure out the =22time=22, accounting for any time difference <br>- * with= the server if necessary. <br>- */ <br>- (void)gettimeofday(&ad->a= d=5Ftimestamp, NULL); <br>- ad->ad=5Ftimestamp.tv=5Fsec +=3D ad->ad= =5Ftimediff.tv=5Fsec; <br>- ad->ad=5Ftimestamp.tv=5Fusec +=3D ad->a= d=5Ftimediff.tv=5Fusec; <br>- while (ad->ad=5Ftimestamp.tv=5Fusec >= =3D USEC=5FPER=5FSEC) =7B <br>- ad->ad=5Ftimestamp.tv=5Fusec -=3D USEC= =5FPER=5FSEC; <br>- ad->ad=5Ftimestamp.tv=5Fsec++; <br>- =7D <br>- <br= >- /* <br>- * XDR the timestamp and possibly some other things, then <br>= - * encrypt them. <br>- */ <br>- ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; <= br>- IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fsec); <br>- IXDR= =5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fusec); <br>- if (ad->a= d=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- IXDR=5FPUT=5FU= =5FINT32(ixdr, ad->ad=5Fwindow); <br>- IXDR=5FPUT=5FU=5FINT32(ixdr, ad= ->ad=5Fwindow - 1); <br>- ivec.key.high =3D ivec.key.low =3D 0; <br>- = status =3D cbc=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, = <br>- (u=5Fint) 2 * sizeof (des=5Fblock), <br>- DES=5FENCRYPT =7C DES=5FH= W, (char *)&ivec); <br>- =7D else =7B <br>- status =3D ecb=5Fcrypt((c= har *)&auth->ah=5Fkey, (char *)cryptbuf, <br>- (u=5Fint) sizeof (d= es=5Fblock), <br>- DES=5FENCRYPT =7C DES=5FHW); <br>- =7D <br>- if (DES=5F= =46AILED(status)) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fmarshal: DES e= ncryption failure=22); <br>- return (=46ALSE); <br>- =7D <br>- ad->ad=5F= verf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D; <br>- if (ad->ad=5Fcred.adc= =5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- ad->ad=5Fcred.adc=5Fful= lname.window =3D cryptbuf=5B1=5D.key.high; <br>- ad->ad=5Fverf.adv=5Fw= inverf =3D cryptbuf=5B1=5D.key.low; <br>- =7D else =7B <br>- ad->ad=5F= cred.adc=5Fnickname =3D ad->ad=5Fnickname; <br>- ad->ad=5Fverf.adv=5F= winverf =3D 0; <br>- =7D <br>- <br>- /* <br>- * Serialize the credential = and verifier into opaque <br>- * authentication data. <br>- */ <br>- if (= ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B <br>- len =3D= ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad->ad=5Ffullnamelen); <b= r>- =7D else =7B <br>- len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; <br>- =7D= <br>- <br>- if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT)= )) =7B <br>- IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); <br>- IXDR=5FPUT=5FINT= 32(ixdr, len); <br>- =7D else =7B <br>- ATTEMPT(xdr=5Fputint32(xdrs, (int= *)&auth->ah=5Fcred.oa=5Fflavor)); <br>- ATTEMPT(xdr=5Fputint32(xd= rs, &len)); <br>- =7D <br>- ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred))= ; <br>- <br>- len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT; <br>- if ((ixdr =3D= xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B <br>- IXDR=5FPUT=5F= INT32(ixdr, AUTH=5FDES); <br>- IXDR=5FPUT=5FINT32(ixdr, len); <br>- =7D e= lse =7B <br>- ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fverf= .oa=5Fflavor)); <br>- ATTEMPT(xdr=5Fputint32(xdrs, &len)); <br>- =7D = <br>- ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf)); <br>- return (TRUE); <br= >-=7D <br>- <br>- <br>-/* <br>- * 3. Validate <br>- */ <br>-static bool=5F= t <br>-authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf) <br>-=7B= <br>-/* LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D AU= TH=5FPRIVATE(auth); <br>- struct authdes=5Fverf verf; <br>- int status; <= br>- uint32=5Ft *ixdr; <br>- des=5Fblock buf; <br>- <br>- if (rverf->o= a=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B <br>- return (=46= ALSE); <br>- =7D <br>-/* LINTED pointer alignment */ <br>- ixdr =3D (uint= 32=5Ft *)rverf->oa=5Fbase; <br>- buf.key.high =3D (uint32=5Ft)*ixdr++;= <br>- buf.key.low =3D (uint32=5Ft)*ixdr++; <br>- verf.adv=5Fint=5Fu =3D = (uint32=5Ft)*ixdr++; <br>- <br>- /* <br>- * Decrypt the timestamp <br>- *= / <br>- status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)&a= mp;buf, <br>- (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW);= <br>- <br>- if (DES=5F=46AILED(status)) =7B <br>- syslog(LOG=5FERR, =22a= uthdes=5Fvalidate: DES decryption failure=22); <br>- return (=46ALSE); <b= r>- =7D <br>- <br>- /* <br>- * xdr the decrypted timestamp <br>- */ <br>-= /* LINTED pointer alignment */ <br>- ixdr =3D (uint32=5Ft *)buf.c; <br>- = verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1; <br>- ver= f.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr); <br>- <br>- /* = <br>- * validate <br>- */ <br>- if (bcmp((char *)&ad->ad=5Ftimesta= mp, (char *)&verf.adv=5Ftimestamp, <br>- sizeof(struct timeval)) =21=3D= 0) =7B <br>- syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatc= h=22); <br>- return (=46ALSE); <br>- =7D <br>- <br>- /* <br>- * We have a= nickname now, let's use it <br>- */ <br>- ad->ad=5Fnickname =3D verf.= adv=5Fnickname; <br>- ad->ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME;= <br>- return (TRUE); <br>-=7D <br>- <br>-/* <br>- * 4. Refresh <br>- */ = <br>-/*ARGSUSED*/ <br>-static bool=5Ft <br>-authdes=5Frefresh(AUTH *auth,= void *dummy =5F=5Funused) <br>-=7B <br>-/* LINTED pointer alignment */ <= br>- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); <br>- struct authd= es=5Fcred *cred =3D &ad->ad=5Fcred; <br>- int ok; <br>- netobj pke= y; <br>- <br>- if (ad->ad=5Fdosync) =7B <br>- ok =3D =5F=5Frpc=5Fget=5F= time=5Foffset(&ad->ad=5Ftimediff, ad->ad=5Fnis=5Fsrvr, <br>- ad= ->ad=5Ftimehost, &(ad->ad=5Fuaddr), <br>- &(ad->ad=5Fnet= id)); <br>- if (=21 ok) =7B <br>- /* <br>- * Hope the clocks are synced=21= <br>- */ <br>- ad->ad=5Fdosync =3D 0; <br>- syslog(LOG=5FDEBUG, <br>-= =22authdes=5Frefresh: unable to synchronize clock=22); <br>- =7D <br>- =7D= <br>- ad->ad=5Fxkey =3D auth->ah=5Fkey; <br>- pkey.n=5Fbytes =3D (= char *)(ad->ad=5Fpkey); <br>- pkey.n=5Flen =3D (u=5Fint)strlen((char *= )ad->ad=5Fpkey) + 1; <br>- if (key=5Fencryptsession=5Fpk(ad->ad=5Fs= ervername, &pkey, &ad->ad=5Fxkey) < 0) =7B <br>- syslog(LOG= =5FIN=46O, <br>- =22authdes=5Frefresh: keyserv(1m) is unable to encrypt s= ession key=22); <br>- return (=46ALSE); <br>- =7D <br>- cred->adc=5Ffu= llname.key =3D ad->ad=5Fxkey; <br>- cred->adc=5Fnamekind =3D ADN=5F= =46ULLNAME; <br>- cred->adc=5Ffullname.name =3D ad->ad=5Ffullname; = <br>- return (TRUE); <br>-=7D <br>- <br>- <br>-/* <br>- * 5. Destroy <br>= - */ <br>-static void <br>-authdes=5Fdestroy(AUTH *auth) <br>-=7B <br>-/*= LINTED pointer alignment */ <br>- struct ad=5Fprivate *ad =3D AUTH=5FPRI= VATE(auth); <br>- <br>- =46REE(ad->ad=5Ffullname, ad->ad=5Ffullname= len + 1); <br>- =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen = + 1); <br>- if (ad->ad=5Ftimehost) <br>- =46REE(ad->ad=5Ftimehost, = strlen(ad->ad=5Ftimehost) + 1); <br>- if (ad->ad=5Fnetid) <br>- =46= REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); <br>- if (ad->a= d=5Fuaddr) <br>- =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1)= ; <br>- =46REE(ad, sizeof (struct ad=5Fprivate)); <br>- =46REE(auth, size= of(AUTH)); <br>-=7D <br>- <br>-static struct auth=5Fops * <br>-authdes=5F= ops(void) <br>-=7B <br>- static struct auth=5Fops ops; <br>- <br>- /* VAR= IABLES PROTECTED BY ops=5Flock: ops */ <br>- <br>- mutex=5Flock(&auth= des=5Fops=5Flock); <br>- if (ops.ah=5Fnextverf =3D=3D NULL) =7B <br>- ops= .ah=5Fnextverf =3D authdes=5Fnextverf; <br>- ops.ah=5Fmarshal =3D authdes= =5Fmarshal; <br>- ops.ah=5Fvalidate =3D authdes=5Fvalidate; <br>- ops.ah=5F= refresh =3D authdes=5Frefresh; <br>- ops.ah=5Fdestroy =3D authdes=5Fdestr= oy; <br>- =7D <br>- mutex=5Funlock(&authdes=5Fops=5Flock); <br>- retu= rn (&ops); <br>+ return (NULL); <br> =7D <br>+=5F=5Fsym=5Fcompat(auth= des=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fseccreate, =46BSD=5F1.0); <br>= diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fprot.= c <br>index 79a0e5baa084..56b44daafe41 100644 <br>--- a/lib/libc/rpc/auth= des=5Fprot.c <br>+++ b/lib/libc/rpc/authdes=5Fprot.c <br>=40=40 -42,44 +4= 2,16 =40=40 <br> =23include <rpc/auth=5Fdes.h> <br> =23include =22u= n-namespace.h=22 <br> <br>-=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop))= return (=46ALSE) <br>- <br>-bool=5Ft <br>-xdr=5Fauthdes=5Fcred(XDR *xdrs= , struct authdes=5Fcred *cred) <br>+static bool=5Ft <br>+=5F=5Fxdr=5Fauth= des=5Fcred(XDR *xdrs, void *cred) <br> =7B <br>- enum authdes=5Fnamekind = *padc=5Fnamekind =3D &cred->adc=5Fnamekind; <br>- /* <br>- * Unrol= led xdr <br>- */ <br>- ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamek= ind)); <br>- switch (cred->adc=5Fnamekind) =7B <br>- case ADN=5F=46ULL= NAME: <br>- ATTEMPT(xdr=5Fstring(xdrs, &cred->adc=5Ffullname.name,= <br>- MAXNETNAMELEN)); <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&= cred->adc=5Ffullname.key, <br>- sizeof(des=5Fblock))); <br>- ATTEMPT(x= dr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.window, <br>- s= izeof(cred->adc=5Ffullname.window))); <br>- return (TRUE); <br>- case = ADN=5FNICKNAME: <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->= ;adc=5Fnickname, <br>- sizeof(cred->adc=5Fnickname))); <br>- return (T= RUE); <br>- default: <br>- return (=46ALSE); <br>- =7D <br>+ return (=46A= LSE); <br> =7D <br>+=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5F= authdes=5Fcred, =46BSD=5F1.0); <br> <br>- <br>-bool=5Ft <br>-xdr=5Fauthde= s=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf) <br>+static bool=5Ft <br= >+=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf) <br> =7B <br>- /* <br= >- * Unrolled xdr <br>- */ <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&a= mp;verf->adv=5Fxtimestamp, <br>- sizeof(des=5Fblock))); <br>- ATTEMPT(= xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fint=5Fu, <br>- sizeof(v= erf->adv=5Fint=5Fu))); <br>- return (TRUE); <br>+ return (=46ALSE); <b= r> =7D <br>+=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5F= verf, =46BSD=5F1.0); <br>diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/lib= c/rpc/key=5Fcall.c <br>index 5c87881c815c..eb274fcfff36 100644 <br>--- a/= lib/libc/rpc/key=5Fcall.c <br>+++ b/lib/libc/rpc/key=5Fcall.c <br>=40=40 = -32,426 +32,78 =40=40 <br> */ <br> <br> /* <br>- * key=5Fcall.c, Interfac= e to keyserver <br>- * <br>- * setsecretkey(key) - set your secret key <b= r>- * encryptsessionkey(agent, deskey) - encrypt a session key to talk to= agent <br>- * decryptsessionkey(agent, deskey) - decrypt ditto <br>- * g= endeskey(deskey) - generate a secure des key <br>+ * Secure RPC keyserver= support was removed in =46reeBSD 15.0. <br>+ * These symbols are provide= d for backward compatibility, but provide no <br>+ * functionality and wi= ll always return an error. <br> */ <br> <br> =23include =22namespace.h=22= <br> =23include =22reentrant.h=22 <br>-=23include <stdio.h> <br>-=23= include <stdlib.h> <br>-=23include <unistd.h> <br>-=23include= <errno.h> <br> =23include <rpc/rpc.h> <br>-=23include <rp= c/auth.h> <br>-=23include <rpc/auth=5Funix.h> <br> =23include &l= t;rpc/key=5Fprot.h> <br>-=23include <string.h> <br>-=23include &= lt;netconfig.h> <br>-=23include <sys/utsname.h> <br>-=23include = <stdlib.h> <br>-=23include <signal.h> <br>-=23include <sys= /wait.h> <br>-=23include <sys/fcntl.h> <br>+=23include <rpc/a= uth.h> <br> =23include =22un-namespace.h=22 <br> =23include =22mt=5Fmi= sc.h=22 <br> <br>- <br>-=23define KEY=5FTIMEOUT 5 /* per-try timeout in s= econds */ <br>-=23define KEY=5FNRETRY 12 /* number of retries */ <br>- <b= r>-=23ifdef DEBUG <br>-=23define debug(msg) (void) fprintf(stderr, =22%s=5C= n=22, msg); <br>-=23else <br>-=23define debug(msg) <br>-=23endif /* DEBUG= */ <br>- <br>-/* <br>- * Hack to allow the keyserver to use AUTH=5FDES (= for authenticated <br>- * NIS+ calls, for example). The only functions th= at get called <br>- * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession= =5Fpk, and key=5Fgendes. <br>- * <br>- * The approach is to have the keys= erver fill in pointers to local <br>- * implementations of these function= s, and to call those in key=5Fcall(). <br>- */ <br>- <br>-cryptkeyres *(*= =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *arg) =3D 0; <br>-= cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *ar= g) =3D 0; <br>-des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *= ) =3D 0; <br>- <br>-static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *,= xdrproc=5Ft, void *); <br>- <br>-int <br>-key=5Fsetsecret(const char *se= cretkey) <br>-=7B <br>- keystatus status; <br>- <br>- if (=21key=5Fcall((= u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf, <br>- (void *)secretkey, = <br>- (xdrproc=5Ft)xdr=5Fkeystatus, &status)) =7B <br>- return (-1); = <br>- =7D <br>- if (status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22set s= tatus is nonzero=22); <br>- return (-1); <br>- =7D <br>- return (0); <br>= -=7D <br>- <br>- <br>-/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the ke= yserver has a secret key <br>- * stored for the caller's effective uid; i= t returns 0 otherwise <br>- * <br>- * N.B.: The KEY=5FNET=5FGET key call = is undocumented. Applications shouldn't <br>- * be using it, because it a= llows them to get the user's secret key. <br>- */ <br>- <br>-int <br>-key= =5Fsecretkey=5Fis=5Fset(void) <br>-=7B <br>- struct key=5Fnetstres kres; = <br>- <br>- memset((void*)&kres, 0, sizeof (kres)); <br>- if (key=5Fc= all((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid, NULL, <br>- (xdr= proc=5Ft)xdr=5Fkey=5Fnetstres, &kres) && <br>- (kres.status =3D= =3D KEY=5FSUCCESS) && <br>- (kres.key=5Fnetstres=5Fu.knet.st=5Fpr= iv=5Fkey=5B0=5D =21=3D 0)) =7B <br>- /* avoid leaving secret key in memor= y */ <br>- memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEY= BYTES); <br>- return (1); <br>- =7D <br>- return (0); <br>-=7D <br>- <br>= -int <br>-key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, = des=5Fblock *deskey) <br>-=7B <br>- cryptkeyarg2 arg; <br>- cryptkeyres r= es; <br>- <br>- arg.remotename =3D remotename; <br>- arg.remotekey =3D *r= emotekey; <br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong= )KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcryptkeyarg2, &arg, <br>- (xd= rproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B <br>- return (-1); <br>- =7D = <br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22encrypt sta= tus is nonzero=22); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cr= yptkeyres=5Fu.deskey; <br>- return (0); <br>-=7D <br>- <br>-int <br>-key=5F= decryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fblock *des= key) <br>-=7B <br>- cryptkeyarg2 arg; <br>- cryptkeyres res; <br>- <br>- = arg.remotename =3D remotename; <br>- arg.remotekey =3D *remotekey; <br>- = arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5F= PK, (xdrproc=5Ft)xdr=5Fcryptkeyarg2, &arg, <br>- (xdrproc=5Ft)xdr=5Fc= ryptkeyres, &res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.sta= tus =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22decrypt status is nonzero=22= ); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.des= key; <br>- return (0); <br>-=7D <br>- <br>-int <br>-key=5Fencryptsession(= const char *remotename, des=5Fblock *deskey) <br>+static int <br>+=5F=5Fk= ey=5Fsetsecret(const char *secretkey) <br> =7B <br>- cryptkeyarg arg; <br= >- cryptkeyres res; <br>- <br>- arg.remotename =3D (char *) remotename; <= br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FENCR= YPT, (xdrproc=5Ft)xdr=5Fcryptkeyarg, &arg, <br>- (xdrproc=5Ft)xdr=5Fc= ryptkeyres, &res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.sta= tus =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22encrypt status is nonzero=22= ); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.des= key; <br>- return (0); <br>+ return (-1); <br> =7D <br>+=5F=5Fsym=5Fcompa= t(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F1.0); <br> <br>-int <b= r>-key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey) <br>= +static int <br>+=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void) <br> =7B <br>- cr= yptkeyarg arg; <br>- cryptkeyres res; <br>- <br>- arg.remotename =3D (cha= r *) remotename; <br>- arg.deskey =3D *deskey; <br>- if (=21key=5Fcall((u= =5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcryptkeyarg, &arg, <br>- (x= drproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B <br>- return (-1); <br>- =7D= <br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <br>- debug(=22decrypt st= atus is nonzero=22); <br>- return (-1); <br>- =7D <br>- *deskey =3D res.c= ryptkeyres=5Fu.deskey; <br> return (0); <br> =7D <br>+=5F=5Fsym=5Fcompat(= key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey=5Fis=5Fset, =46BSD=5F1.= 0); <br> <br>-int <br>-key=5Fgendes(des=5Fblock *key) <br>+static int <br= >+=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, de= s=5Fblock *deskey) <br> =7B <br>- if (=21key=5Fcall((u=5Flong)KEY=5FGEN, = (xdrproc=5Ft)xdr=5Fvoid, NULL, <br>- (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)= ) =7B <br>- return (-1); <br>- =7D <br>- return (0); <br>+ return (-1); <= br> =7D <br>+=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fen= cryptsession=5Fpk, =46BSD=5F1.0); <br> <br>-int <br>-key=5Fsetnet(struct = key=5Fnetstarg *arg) <br>+static int <br>+=5F=5Fkey=5Fdecryptsession=5Fpk= (char *remotename, netobj *remotekey, des=5Fblock *deskey) <br> =7B <br>*= ** 2726 LINES SKIPPED *** <br> <br></div> </div> </blockquote> </div> </d= iv> </blockquote> </body></html> --689b40a3_2336c6b7_50e--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e7a9c07-5efd-4450-a590-a6aeaa59b402>