Date: Tue, 12 Aug 2025 13:41:37 +0300 From: Dima Panov <fluffy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org, Lexi Winter <ivy@FreeBSD.org> Subject: git: 7ac276298b72 - main - Remove Secure RPC DES authentication Message-ID: <851c968c-923a-4809-83d4-b0600e70867b@Canary> In-Reply-To: <202508101537.57AFbHrI067216@gitrepo.freebsd.org> References: <202508101537.57AFbHrI067216@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--689b1a61_60709938_50e Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hello=21 This commit breaks x11-server/xwayland =46AILED: os/liblibxserver=5Fos.a.p/rpcauth.c.o cc -Ios/liblibxserver=5Fo= s.a.p -Ios -I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I.= ./composite -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor = -Imi -I../mi -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/syn= c -Idbe -I../dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include -= Ipresent -I../present -Irandr -I../randr -Irender -I../render -Ixfixes -I= ../xfixes -I/usr/local/include -I/usr/local/include/pixman-1 -I/usr/local= /include/freetype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dne= ver -D=5F=46ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99= -DHAVE=5FDIX=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden -= Wall -Wpointer-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-prototy= pes -Wmissing-prototypes -Wnested-externs -Wbad-function-cast -Wold-style= -definition -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissin= g-format-attribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnull= -Werror=3Dinit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Dse= quence-point -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-bo= unds -Werror=3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-c= ast -Werror=3Dpointer-to-int-cast -O2 -pipe -fstack-protector-strong -fno= -strict-aliasing -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5F= BSD=5FSOURCE -DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD = -MQ os/liblibxserver=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p= /rpcauth.c.o.d -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.= c ../os/rpcauth.c:110:52: error: incomplete definition of type 'struct au= thdes=5Fcred' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)= ->adc=5Ffullname.name); =7C =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=5E= ../os/rpcauth.c:110:22: note: forward declaration of 'struct authdes=5Fc= red' 110 =7C return (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ff= ullname.name); =7C =5E 1 error generated. -- Dima. (desktop, kde, x11, office, ports-secteam)=40=46reeBSD team (fluffy=40=46reeBSD.org, https://t.me/=46luffyBSD) > On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5, = =D0=B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter <ivy=40=46reeBSD.org= (mailto:ivy=40=46reeBSD.org)> wrote: > The branch main has been updated by ivy: > > URL: https://cgit.=46reeBSD.org/src/commit/=3Fid=3D7ac276298b72982189ac= 1a5b17461936dc00163e > > commit 7ac276298b72982189ac1a5b17461936dc00163e > Author: Lexi Winter <ivy=40=46reeBSD.org> > AuthorDate: 2025-08-10 12:57:36 +0000 > Commit: Lexi Winter <ivy=40=46reeBSD.org> > CommitDate: 2025-08-10 15:36:40 +0000 > > Remove Secure RPC DES authentication > > =46ollowing the earlier removal of keyserv, none of this functionality > works since it requires keyserv. > > Remove the relevant symbols from libc's Symbol.map. Leave compatibility= > symbols for existing applications, but since the functions don't work > without keyserv, stub them out to return an error. > > Remove some private symbols that were only used by keyserv; these don't= > get compatibility symbols. > > Remove the documentation for the old functions. > > Remove rpc.ypupdated since it requires DES authentication. > > Reviewed by: manu, des, emaste > Differential Revision: https://reviews.freebsd.org/D50442 > --- > Obsolete=46iles.inc =7C 4 + > include/rpc/auth=5Fdes.h =7C 79 +---- > lib/libc/rpc/Symbol.map =7C 19 -- > lib/libc/rpc/auth=5Fdes.c =7C 455 +---------------------------- > lib/libc/rpc/authdes=5Fprot.c =7C 44 +-- > lib/libc/rpc/key=5Fcall.c =7C 424 +++------------------------ > lib/libc/rpc/publickey.5 =7C 40 --- > lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +----------- > lib/libc/rpc/rpc=5Fsoc.3 =7C 13 +- > lib/libc/rpc/rpc=5Fsoc.c =7C 31 +- > lib/libc/rpc/svc=5Fauth.c =7C 8 - > lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +----------------------------- > lib/librpcsvc/Makefile =7C 2 +- > lib/librpcsvc/yp=5Fupdate.c =7C 199 ------------- > libexec/rc/rc.conf =7C 1 - > libexec/rc/rc.d/Makefile =7C 1 - > libexec/rc/rc.d/ypupdated =7C 35 --- > share/man/man5/rc.conf.5 =7C 9 +- > sys/rpc/auth.h =7C 26 -- > tools/build/mk/OptionalObsolete=46iles.inc =7C 2 - > usr.sbin/Makefile =7C 1 - > usr.sbin/rpc.ypupdated/Makefile =7C 32 --- > usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 -- > usr.sbin/rpc.ypupdated/update.c =7C 328 --------------------- > usr.sbin/rpc.ypupdated/yp=5Fdbdelete.c =7C 68 ----- > usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C 147 ---------- > usr.sbin/rpc.ypupdated/ypupdate =7C 32 --- > usr.sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 --- > usr.sbin/rpc.ypupdated/ypupdated=5Fmain.c =7C 287 ------------------- > usr.sbin/rpc.ypupdated/ypupdated=5Fserver.c =7C 227 --------------- > 30 files changed, 83 insertions(+), 3118 deletions(-) > > diff --git a/Obsolete=46iles.inc b/Obsolete=46iles.inc > index ec324e82f86d..a6662d31829f 100644 > --- a/Obsolete=46iles.inc > +++ b/Obsolete=46iles.inc > =40=40 -51,6 +51,10 =40=40 > =23 xargs -n1 =7C sort =7C uniq -d; > =23 done > > +=23 20250810: Removal of remaining Secure RPC (DES) bits > +OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated > +OLD=5F=46ILES+=3Detc/rc.d/ypupdated > + > =23 20250808: nvmfd removed from base install > OLD=5F=46ILES+=3Dusr/sbin/nvmfd > OLD=5F=46ILES+=3Dusr/share/man/man8/nvmfd.8.gz > diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fdes.h > index 0ff43c13139b..1b4943a74b8b 100644 > --- a/include/rpc/auth=5Fdes.h > +++ b/include/rpc/auth=5Fdes.h > =40=40 -33,91 +33,14 =40=40 > * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. > */ > > -/* > - * auth=5Fdes.h, Protocol for DES style authentication for RPC > - */ > +/* Note, RPC DES authentication was removed in =46reeBSD 15.0. */ > > =23ifndef =5FAUTH=5FDES=5F > =23define =5FAUTH=5FDES=5F > > -/* > - * There are two kinds of =22names=22: fullnames and nicknames > - */ > -enum authdes=5Fnamekind =7B > - ADN=5F=46ULLNAME, > - ADN=5FNICKNAME > -=7D; > - > -/* > - * A fullname contains the network name of the client, > - * a conversation key and the window > - */ > -struct authdes=5Ffullname =7B > - char *name; /* network name of client, up to MAXNETNAMELEN */ > - des=5Fblock key; /* conversation key */ > - u=5Flong window; /* associated window */ > -=7D; > - > - > -/* > - * A credential > - */ > -struct authdes=5Fcred =7B > - enum authdes=5Fnamekind adc=5Fnamekind; > - struct authdes=5Ffullname adc=5Ffullname; > - u=5Flong adc=5Fnickname; > -=7D; > - > - > - > -/* > - * A des authentication verifier > - */ > -struct authdes=5Fverf =7B > - union =7B > - struct timeval adv=5Fctime; /* clear time */ > - des=5Fblock adv=5Fxtime; /* crypt time */ > - =7D adv=5Ftime=5Fu; > - u=5Flong adv=5Fint=5Fu; > -=7D; > - > -/* > - * des authentication verifier: client variety > - * > - * adv=5Ftimestamp is the current time. > - * adv=5Fwinverf is the credential window + 1. > - * Both are encrypted using the conversation key. > - */ > -=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime > -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime > -=23define adv=5Fwinverf adv=5Fint=5Fu > - > -/* > - * des authentication verifier: server variety > - * > - * adv=5Ftimeverf is the client's timestamp + client's window > - * adv=5Fnickname is the server's nickname for the client. > - * adv=5Ftimeverf is encrypted using the conversation key. > - */ > -=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime > -=23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime > -=23define adv=5Fnickname adv=5Fint=5Fu > - > -/* > - * Map a des credential into a unix cred. > - * > - */ > -=5F=5FBEGIN=5FDECLS > -extern int authdes=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, gid= =5Ft *, int *, gid=5Ft * ); > -=5F=5FEND=5FDECLS > - > =5F=5FBEGIN=5FDECLS > -extern bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *); > -extern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *); > extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *, > struct timeval *); > -extern void kgetnetname(char *); > -extern enum auth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct rp= c=5Fmsg *); > =5F=5FEND=5FDECLS > > =23endif /* ndef =5FAUTH=5FDES=5F */ > diff --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map > index 105d6fb6b54e..61e8e084b1e0 100644 > --- a/lib/libc/rpc/Symbol.map > +++ b/lib/libc/rpc/Symbol.map > =40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B > xdr=5Fdesargs; > xdr=5Fdesresp; > > - authdes=5Fseccreate; > - authdes=5Fpk=5Fseccreate; > authnone=5Fcreate; > authunix=5Fcreate; > authunix=5Fcreate=5Fdefault; > - xdr=5Fauthdes=5Fcred; > - xdr=5Fauthdes=5Fverf; > xdr=5Fauthunix=5Fparms; > bindresvport; > bindresvport=5Fsa; > =40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B > endrpcent; > getrpcent; > getrpcport; > - key=5Fsetsecret; > - key=5Fsecretkey=5Fis=5Fset; > - key=5Fencryptsession=5Fpk; > - key=5Fdecryptsession=5Fpk; > - key=5Fencryptsession; > - key=5Fdecryptsession; > - key=5Fgendes; > - key=5Fsetnet; > - key=5Fget=5Fconv; > xdr=5Fkeystatus; > xdr=5Fkeybuf; > xdr=5Fnetnamestr; > =40=40 -130,7 +117,6 =40=40 =46BSD=5F1.0 =7B > callrpc; > registerrpc; > clnt=5Fbroadcast; > - authdes=5Fcreate; > clntunix=5Fcreate; > svcunix=5Fcreate; > svcunixfd=5Fcreate; > =40=40 -180,8 +166,6 =40=40 =46BSD=5F1.0 =7B > =5Fauthenticate; > =5Fsvcauth=5Fnull; > svc=5Fauth=5Freg; > - =5Fsvcauth=5Fdes; > - authdes=5Fgetucred; > =5Fsvcauth=5Funix; > =5Fsvcauth=5Fshort; > svc=5Fdg=5Fcreate; > =40=40 -205,9 +189,6 =40=40 =46BSD=5F1.8 =7B > > =46BSDprivate=5F1.0 =7B > =5F=5Fdes=5Fcrypt=5FLOCAL; > - =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL; > - =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL; > - =5F=5Fkey=5Fgendes=5FLOCAL; > =5F=5Fsvc=5Fclean=5Fidle; > =5F=5Frpc=5Fgss=5Funwrap; > =5F=5Frpc=5Fgss=5Funwrap=5Fstub; > diff --git a/lib/libc/rpc/auth=5Fdes.c b/lib/libc/rpc/auth=5Fdes.c > index c9b20de25cda..754d55cbed3e 100644 > --- a/lib/libc/rpc/auth=5Fdes.c > +++ b/lib/libc/rpc/auth=5Fdes.c > =40=40 -30,463 +30,34 =40=40 > /* > * Copyright (c) 1988 by Sun Microsystems, Inc. > */ > + > /* > - * auth=5Fdes.c, client-side implementation of DES authentication > + * Secure RPC DES authentication was removed in =46reeBSD 15.0. > + * These symbols are provided for backward compatibility, but provide = no > + * functionality and will always return an error. > */ > > =23include =22namespace.h=22 > =23include =22reentrant.h=22 > -=23include <err.h> > -=23include <errno.h> > -=23include <string.h> > -=23include <stdlib.h> > -=23include <unistd.h> > -=23include <rpc/des=5Fcrypt.h> > -=23include <syslog.h> > =23include <rpc/types.h> > =23include <rpc/auth.h> > =23include <rpc/auth=5Fdes.h> > -=23include <rpc/clnt.h> > -=23include <rpc/xdr.h> > -=23include <sys/socket.h> > -=23undef NIS > =23include <rpcsvc/nis.h> > =23include =22un-namespace.h=22 > -=23include =22mt=5Fmisc.h=22 > - > -=23define USEC=5FPER=5FSEC 1000000 > -=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */ > - > -=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5Fpriv= ate > -=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc(sizeof(ob= ject=5Ftype)) > -=23define =46REE(ptr, size) mem=5Ffree((char *)(ptr), (int) size) > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > - > -extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *, struct authdes=5Fcred *);= > -extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR *, struct authdes=5Fverf *);= > -extern int key=5Fencryptsession=5Fpk(char *, netobj *, des=5Fblock *);= > - > -extern bool=5Ft =5F=5Frpc=5Fget=5Ftime=5Foffset(struct timeval *, nis=5F= server *, char *, > - char **, char **); > > -/* > - * DES authenticator operations vector > - */ > -static void authdes=5Fnextverf(AUTH *); > -static bool=5Ft authdes=5Fmarshal(AUTH *, XDR *); > -static bool=5Ft authdes=5Fvalidate(AUTH *, struct opaque=5Fauth *); > -static bool=5Ft authdes=5Frefresh(AUTH *, void *); > -static void authdes=5Fdestroy(AUTH *); > - > -static struct auth=5Fops *authdes=5Fops(void); > - > -/* > - * This struct is pointed to by the ah=5Fprivate field of an =22AUTH *= =22 > - */ > -struct ad=5Fprivate =7B > - char *ad=5Ffullname; /* client's full name */ > - u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */ > - char *ad=5Fservername; /* server's full name */ > - u=5Fint ad=5Fservernamelen; /* length of name, rounded up */ > - u=5Fint ad=5Fwindow; /* client specified window */ > - bool=5Ft ad=5Fdosync; /* synchronize=3F */ > - struct netbuf ad=5Fsyncaddr; /* remote host to synch with */ > - char *ad=5Ftimehost; /* remote host to synch with */ > - struct timeval ad=5Ftimediff; /* server's time - client's time */ > - u=5Fint ad=5Fnickname; /* server's nickname for client */ > - struct authdes=5Fcred ad=5Fcred; /* storage for credential */ > - struct authdes=5Fverf ad=5Fverf; /* storage for verifier */ > - struct timeval ad=5Ftimestamp; /* timestamp sent */ > - des=5Fblock ad=5Fxkey; /* encrypted conversation key */ > - u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public key */ > - char *ad=5Fnetid; /* Timehost netid */ > - char *ad=5Fuaddr; /* Timehost uaddr */ > - nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ server struct */ > -=7D; > - > -AUTH *authdes=5Fpk=5Fseccreate(const char *, netobj *, u=5Fint, const = char *, > - const des=5Fblock *, nis=5Fserver *); > - > -/* > - * documented version of authdes=5Fseccreate > - */ > -/* > - servername: network name of server > - win: time to live > - timehost: optional hostname to sync with > - ckey: optional conversation key to use > -*/ > - > -AUTH * > -authdes=5Fseccreate(const char *servername, const u=5Fint win, > +static AUTH * > +=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win, > const char *timehost, const des=5Fblock *ckey) > =7B > - u=5Fchar pkey=5Fdata=5B1024=5D; > - netobj pkey; > - AUTH *dummy; > - > - if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B > - syslog(LOG=5FERR, > - =22authdes=5Fseccreate: no public key found for %s=22, > - servername); > - return (NULL); > - =7D > - > - pkey.n=5Fbytes =3D (char *) pkey=5Fdata; > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)pkey=5Fdata) + 1; > - dummy =3D authdes=5Fpk=5Fseccreate(servername, &pkey, win, timehost, > - ckey, NULL); > - return (dummy); > -=7D > - > -/* > - * Slightly modified version of authdessec=5Fcreate which takes the pu= blic key > - * of the server principal as an argument. This spares us a call to > - * getpublickey() which in the nameserver context can cause a deadlock= . > - */ > -AUTH * > -authdes=5Fpk=5Fseccreate(const char *servername, netobj *pkey, u=5Fint= window, > - const char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr) > -=7B > - AUTH *auth; > - struct ad=5Fprivate *ad; > - char namebuf=5BMAXNETNAMELEN+1=5D; > - > - /* > - * Allocate everything now > - */ > - auth =3D ALLOC(AUTH); > - if (auth =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > - return (NULL); > - =7D > - ad =3D ALLOC(struct ad=5Fprivate); > - if (ad =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - ad->ad=5Ffullname =3D ad->ad=5Fservername =3D NULL; /* Sanity reasons= */ > - ad->ad=5Ftimehost =3D NULL; > - ad->ad=5Fnetid =3D NULL; > - ad->ad=5Fuaddr =3D NULL; > - ad->ad=5Fnis=5Fsrvr =3D NULL; > - ad->ad=5Ftimediff.tv=5Fsec =3D 0; > - ad->ad=5Ftimediff.tv=5Fusec =3D 0; > - memcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen); > - if (=21getnetname(namebuf)) > - goto failed; > - ad->ad=5Ffullnamelen =3D RNDUP((u=5Fint) strlen(namebuf)); > - ad->ad=5Ffullname =3D (char *)mem=5Falloc(ad->ad=5Ffullnamelen + 1); > - ad->ad=5Fservernamelen =3D strlen(servername); > - ad->ad=5Fservername =3D (char *)mem=5Falloc(ad->ad=5Fservernamelen + = 1); > - > - if (ad->ad=5Ffullname =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D N= ULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - if (timehost =21=3D NULL) =7B > - ad->ad=5Ftimehost =3D (char *)mem=5Falloc(strlen(timehost) + 1); > - if (ad->ad=5Ftimehost =3D=3D NULL) =7B > - syslog(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); > - goto failed; > - =7D > - memcpy(ad->ad=5Ftimehost, timehost, strlen(timehost) + 1); > - ad->ad=5Fdosync =3D TRUE; > - =7D else if (srvr =21=3D NULL) =7B > - ad->ad=5Fnis=5Fsrvr =3D srvr; /* transient */ > - ad->ad=5Fdosync =3D TRUE; > - =7D else =7B > - ad->ad=5Fdosync =3D =46ALSE; > - =7D > - memcpy(ad->ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1); > - memcpy(ad->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1); > - ad->ad=5Fwindow =3D window; > - if (ckey =3D=3D NULL) =7B > - if (key=5Fgendes(&auth->ah=5Fkey) < 0) =7B > - syslog(LOG=5FERR, > - =22authdes=5Fseccreate: keyserv(1m) is unable to generate session key= =22); > - goto failed; > - =7D > - =7D else =7B > - auth->ah=5Fkey =3D *ckey; > - =7D > - > - /* > - * Set up auth handle > - */ > - auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES; > - auth->ah=5Fverf.oa=5Fflavor =3D AUTH=5FDES; > - auth->ah=5Fops =3D authdes=5Fops(); > - auth->ah=5Fprivate =3D (caddr=5Ft)ad; > - > - if (=21authdes=5Frefresh(auth, NULL)) =7B > - goto failed; > - =7D > - ad->ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */ > - return (auth); > - > -failed: > - if (auth) > - =46REE(auth, sizeof (AUTH)); > - if (ad) =7B > - if (ad->ad=5Ffullname) > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > - if (ad->ad=5Fservername) > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > - if (ad->ad=5Ftimehost) > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > - if (ad->ad=5Fnetid) > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > - if (ad->ad=5Fuaddr) > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > - =46REE(ad, sizeof (struct ad=5Fprivate)); > - =7D > return (NULL); > =7D > +=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5Fseccreate, =46= BSD=5F1.0); > > -/* > - * Implement the five authentication operations > - */ > - > - > -/* > - * 1. Next Verifier > - */ > -/*ARGSUSED*/ > -static void > -authdes=5Fnextverf(AUTH *auth =5F=5Funused) > +static AUTH * > +=5F=5Fauthdes=5Fpk=5Fseccreate(const char *servername =5F=5Funused, ne= tobj *pkey =5F=5Funused, > + u=5Fint window =5F=5Funused, const char *timehost =5F=5Funused, > + const des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funused= ) > =7B > - /* what the heck am I supposed to do=3F=3F=3F */ > -=7D > - > - > -/* > - * 2. Marshal > - */ > -static bool=5Ft > -authdes=5Fmarshal(AUTH *auth, XDR *xdrs) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > - struct authdes=5Fverf *verf =3D &ad->ad=5Fverf; > - des=5Fblock cryptbuf=5B2=5D; > - des=5Fblock ivec; > - int status; > - int len; > - rpc=5Finline=5Ft *ixdr; > - > - /* > - * =46igure out the =22time=22, accounting for any time difference > - * with the server if necessary. > - */ > - (void)gettimeofday(&ad->ad=5Ftimestamp, NULL); > - ad->ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec; > - ad->ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec; > - while (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B > - ad->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC; > - ad->ad=5Ftimestamp.tv=5Fsec++; > - =7D > - > - /* > - * XDR the timestamp and possibly some other things, then > - * encrypt them. > - */ > - ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fsec); > - IXDR=5FPUT=5FINT32(ixdr, ad->ad=5Ftimestamp.tv=5Fusec); > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow); > - IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1); > - ivec.key.high =3D ivec.key.low =3D 0; > - status =3D cbc=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > - (u=5Fint) 2 * sizeof (des=5Fblock), > - DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec); > - =7D else =7B > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)cryptbuf, > - (u=5Fint) sizeof (des=5Fblock), > - DES=5FENCRYPT =7C DES=5FHW); > - =7D > - if (DES=5F=46AILED(status)) =7B > - syslog(LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22); > - return (=46ALSE); > - =7D > - ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbuf=5B0=5D; > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.key.high; > - ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.low; > - =7D else =7B > - ad->ad=5Fcred.adc=5Fnickname =3D ad->ad=5Fnickname; > - ad->ad=5Fverf.adv=5Fwinverf =3D 0; > - =7D > - > - /* > - * Serialize the credential and verifier into opaque > - * authentication data. > - */ > - if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNAME) =7B > - len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5FXDR=5FUNIT + ad->ad=5Ffullname= len); > - =7D else =7B > - len =3D (1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > - =7D > - > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > - IXDR=5FPUT=5FINT32(ixdr, len); > - =7D else =7B > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Fflavor)); > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > - =7D > - ATTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred)); > - > - len =3D (2 + 1)*BYTES=5FPER=5FXDR=5FUNIT; > - if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B > - IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); > - IXDR=5FPUT=5FINT32(ixdr, len); > - =7D else =7B > - ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor)); > - ATTEMPT(xdr=5Fputint32(xdrs, &len)); > - =7D > - ATTEMPT(xdr=5Fauthdes=5Fverf(xdrs, verf)); > - return (TRUE); > -=7D > - > - > -/* > - * 3. Validate > - */ > -static bool=5Ft > -authdes=5Fvalidate(AUTH *auth, struct opaque=5Fauth *rverf) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fverf verf; > - int status; > - uint32=5Ft *ixdr; > - des=5Fblock buf; > - > - if (rverf->oa=5Flength =21=3D (2 + 1) * BYTES=5FPER=5FXDR=5FUNIT) =7B= > - return (=46ALSE); > - =7D > -/* LINTED pointer alignment */ > - ixdr =3D (uint32=5Ft *)rverf->oa=5Fbase; > - buf.key.high =3D (uint32=5Ft)*ixdr++; > - buf.key.low =3D (uint32=5Ft)*ixdr++; > - verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++; > - > - /* > - * Decrypt the timestamp > - */ > - status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (char *)&buf, > - (u=5Fint)sizeof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW); > - > - if (DES=5F=46AILED(status)) =7B > - syslog(LOG=5FERR, =22authdes=5Fvalidate: DES decryption failure=22); > - return (=46ALSE); > - =7D > - > - /* > - * xdr the decrypted timestamp > - */ > -/* LINTED pointer alignment */ > - ixdr =3D (uint32=5Ft *)buf.c; > - verf.adv=5Ftimestamp.tv=5Fsec =3D IXDR=5FGET=5FINT32(ixdr) + 1; > - verf.adv=5Ftimestamp.tv=5Fusec =3D IXDR=5FGET=5FINT32(ixdr); > - > - /* > - * validate > - */ > - if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5Ftimestamp, > - sizeof(struct timeval)) =21=3D 0) =7B > - syslog(LOG=5FDEBUG, =22authdes=5Fvalidate: verifier mismatch=22); > - return (=46ALSE); > - =7D > - > - /* > - * We have a nickname now, let's use it > - */ > - ad->ad=5Fnickname =3D verf.adv=5Fnickname; > - ad->ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME; > - return (TRUE); > -=7D > - > -/* > - * 4. Refresh > - */ > -/*ARGSUSED*/ > -static bool=5Ft > -authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - struct authdes=5Fcred *cred =3D &ad->ad=5Fcred; > - int ok; > - netobj pkey; > - > - if (ad->ad=5Fdosync) =7B > - ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->ad=5Ftimediff, ad->ad=5Fn= is=5Fsrvr, > - ad->ad=5Ftimehost, &(ad->ad=5Fuaddr), > - &(ad->ad=5Fnetid)); > - if (=21 ok) =7B > - /* > - * Hope the clocks are synced=21 > - */ > - ad->ad=5Fdosync =3D 0; > - syslog(LOG=5FDEBUG, > - =22authdes=5Frefresh: unable to synchronize clock=22); > - =7D > - =7D > - ad->ad=5Fxkey =3D auth->ah=5Fkey; > - pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey); > - pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1; > - if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &ad->ad=5Fx= key) < 0) =7B > - syslog(LOG=5FIN=46O, > - =22authdes=5Frefresh: keyserv(1m) is unable to encrypt session key=22= ); > - return (=46ALSE); > - =7D > - cred->adc=5Ffullname.key =3D ad->ad=5Fxkey; > - cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME; > - cred->adc=5Ffullname.name =3D ad->ad=5Ffullname; > - return (TRUE); > -=7D > - > - > -/* > - * 5. Destroy > - */ > -static void > -authdes=5Fdestroy(AUTH *auth) > -=7B > -/* LINTED pointer alignment */ > - struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); > - > - =46REE(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); > - =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1); > - if (ad->ad=5Ftimehost) > - =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) + 1); > - if (ad->ad=5Fnetid) > - =46REE(ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); > - if (ad->ad=5Fuaddr) > - =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); > - =46REE(ad, sizeof (struct ad=5Fprivate)); > - =46REE(auth, sizeof(AUTH)); > -=7D > - > -static struct auth=5Fops * > -authdes=5Fops(void) > -=7B > - static struct auth=5Fops ops; > - > - /* VARIABLES PROTECTED BY ops=5Flock: ops */ > - > - mutex=5Flock(&authdes=5Fops=5Flock); > - if (ops.ah=5Fnextverf =3D=3D NULL) =7B > - ops.ah=5Fnextverf =3D authdes=5Fnextverf; > - ops.ah=5Fmarshal =3D authdes=5Fmarshal; > - ops.ah=5Fvalidate =3D authdes=5Fvalidate; > - ops.ah=5Frefresh =3D authdes=5Frefresh; > - ops.ah=5Fdestroy =3D authdes=5Fdestroy; > - =7D > - mutex=5Funlock(&authdes=5Fops=5Flock); > - return (&ops); > + return (NULL); > =7D > +=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5Fauthdes=5Fpk=5Fsecc= reate, =46BSD=5F1.0); > diff --git a/lib/libc/rpc/authdes=5Fprot.c b/lib/libc/rpc/authdes=5Fpro= t.c > index 79a0e5baa084..56b44daafe41 100644 > --- a/lib/libc/rpc/authdes=5Fprot.c > +++ b/lib/libc/rpc/authdes=5Fprot.c > =40=40 -42,44 +42,16 =40=40 > =23include <rpc/auth=5Fdes.h> > =23include =22un-namespace.h=22 > > -=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) > - > -bool=5Ft > -xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred) > +static bool=5Ft > +=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cred) > =7B > - enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred->adc=5Fnamekind; > - /* > - * Unrolled xdr > - */ > - ATTEMPT(xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind)); > - switch (cred->adc=5Fnamekind) =7B > - case ADN=5F=46ULLNAME: > - ATTEMPT(xdr=5Fstring(xdrs, &cred->adc=5Ffullname.name, > - MAXNETNAMELEN)); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key, > - sizeof(des=5Fblock))); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.window, > - sizeof(cred->adc=5Ffullname.window))); > - return (TRUE); > - case ADN=5FNICKNAME: > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname, > - sizeof(cred->adc=5Fnickname))); > - return (TRUE); > - default: > - return (=46ALSE); > - =7D > + return (=46ALSE); > =7D > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred, =46= BSD=5F1.0); > > - > -bool=5Ft > -xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authdes=5Fverf *verf) > +static bool=5Ft > +=5F=5Fxdr=5Fauthdes=5Fverf(XDR *xdrs, void *verf) > =7B > - /* > - * Unrolled xdr > - */ > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp, > - sizeof(des=5Fblock))); > - ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fint=5Fu, > - sizeof(verf->adv=5Fint=5Fu))); > - return (TRUE); > + return (=46ALSE); > =7D > +=5F=5Fsym=5Fcompat(xdr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf, =46= BSD=5F1.0); > diff --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c > index 5c87881c815c..eb274fcfff36 100644 > --- a/lib/libc/rpc/key=5Fcall.c > +++ b/lib/libc/rpc/key=5Fcall.c > =40=40 -32,426 +32,78 =40=40 > */ > > /* > - * key=5Fcall.c, Interface to keyserver > - * > - * setsecretkey(key) - set your secret key > - * encryptsessionkey(agent, deskey) - encrypt a session key to talk to= agent > - * decryptsessionkey(agent, deskey) - decrypt ditto > - * gendeskey(deskey) - generate a secure des key > + * Secure RPC keyserver support was removed in =46reeBSD 15.0. > + * These symbols are provided for backward compatibility, but provide = no > + * functionality and will always return an error. > */ > > =23include =22namespace.h=22 > =23include =22reentrant.h=22 > -=23include <stdio.h> > -=23include <stdlib.h> > -=23include <unistd.h> > -=23include <errno.h> > =23include <rpc/rpc.h> > -=23include <rpc/auth.h> > -=23include <rpc/auth=5Funix.h> > =23include <rpc/key=5Fprot.h> > -=23include <string.h> > -=23include <netconfig.h> > -=23include <sys/utsname.h> > -=23include <stdlib.h> > -=23include <signal.h> > -=23include <sys/wait.h> > -=23include <sys/fcntl.h> > +=23include <rpc/auth.h> > =23include =22un-namespace.h=22 > =23include =22mt=5Fmisc.h=22 > > - > -=23define KEY=5FTIMEOUT 5 /* per-try timeout in seconds */ > -=23define KEY=5FNRETRY 12 /* number of retries */ > - > -=23ifdef DEBUG > -=23define debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg); > -=23else > -=23define debug(msg) > -=23endif /* DEBUG */ > - > -/* > - * Hack to allow the keyserver to use AUTH=5FDES (for authenticated > - * NIS+ calls, for example). The only functions that get called > - * are key=5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key=5F= gendes. > - * > - * The approach is to have the keyserver fill in pointers to local > - * implementations of these functions, and to call those in key=5Fcall= (). > - */ > - > -cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fpk=5FLOCAL)(uid=5Ft, void = *arg) =3D 0; > -cryptkeyres *(*=5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL)(uid=5Ft, void = *arg) =3D 0; > -des=5Fblock *(*=5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0; > - > -static int key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, voi= d *); > - > -int > -key=5Fsetsecret(const char *secretkey) > -=7B > - keystatus status; > - > - if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5Ft)xdr=5Fkeybuf, > - (void *)secretkey, > - (xdrproc=5Ft)xdr=5Fkeystatus, &status)) =7B > - return (-1); > - =7D > - if (status =21=3D KEY=5FSUCCESS) =7B > - debug(=22set status is nonzero=22); > - return (-1); > - =7D > - return (0); > -=7D > - > - > -/* key=5Fsecretkey=5Fis=5Fset() returns 1 if the keyserver has a secre= t key > - * stored for the caller's effective uid; it returns 0 otherwise > - * > - * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications sh= ouldn't > - * be using it, because it allows them to get the user's secret key. > - */ > - > -int > -key=5Fsecretkey=5Fis=5Fset(void) > -=7B > - struct key=5Fnetstres kres; > - > - memset((void*)&kres, 0, sizeof (kres)); > - if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (xdrproc=5Ft)xdr=5Fvoid, N= ULL, > - (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &kres) && > - (kres.status =3D=3D KEY=5FSUCCESS) && > - (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B > - /* avoid leaving secret key in memory */ > - memset(kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES);= > - return (1); > - =7D > - return (0); > -=7D > - > -int > -key=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fb= lock *deskey) > -=7B > - cryptkeyarg2 arg; > - cryptkeyres res; > - > - arg.remotename =3D remotename; > - arg.remotekey =3D *remotekey; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcr= yptkeyarg2, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22encrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > -=7D > - > -int > -key=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, des=5Fb= lock *deskey) > -=7B > - cryptkeyarg2 arg; > - cryptkeyres res; > - > - arg.remotename =3D remotename; > - arg.remotekey =3D *remotekey; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcr= yptkeyarg2, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22decrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > -=7D > - > -int > -key=5Fencryptsession(const char *remotename, des=5Fblock *deskey) > +static int > +=5F=5Fkey=5Fsetsecret(const char *secretkey) > =7B > - cryptkeyarg arg; > - cryptkeyres res; > - > - arg.remotename =3D (char *) remotename; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22encrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > - return (0); > + return (-1); > =7D > +=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5Fsetsecret, =46BSD=5F1.= 0); > > -int > -key=5Fdecryptsession(const char *remotename, des=5Fblock *deskey) > +static int > +=5F=5Fkey=5Fsecretkey=5Fis=5Fset(void) > =7B > - cryptkeyarg arg; > - cryptkeyres res; > - > - arg.remotename =3D (char *) remotename; > - arg.deskey =3D *deskey; > - if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg, > - (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B > - return (-1); > - =7D > - if (res.status =21=3D KEY=5FSUCCESS) =7B > - debug(=22decrypt status is nonzero=22); > - return (-1); > - =7D > - *deskey =3D res.cryptkeyres=5Fu.deskey; > return (0); > =7D > +=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F=5Fkey=5Fsecretkey=5F= is=5Fset, =46BSD=5F1.0); > > -int > -key=5Fgendes(des=5Fblock *key) > +static int > +=5F=5Fkey=5Fencryptsession=5Fpk(char *remotename, netobj *remotekey, d= es=5Fblock *deskey) > =7B > - if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NULL,= > - (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B > - return (-1); > - =7D > - return (0); > + return (-1); > =7D > +=5F=5Fsym=5Fcompat(key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptsessi= on=5Fpk, =46BSD=5F1.0); > > -int > -key=5Fsetnet(struct key=5Fnetstarg *arg) > +static int > +=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remotekey, d= es=5Fblock *deskey) > =7B > *** 2726 LINES SKIPPED *** > --689b1a61_60709938_50e Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline <html xmlns=3D=22http://www.w3.org/1999/xhtml=22><head>; <title></title> <= meta name=3D=22viewport=22 content=3D=22width=3Ddevice-width, initial-sca= le=3D1.0, user-scalable=3Dno=22> </head> <body dir=3D=22auto=22><div id=3D= =22CanaryBody=22> <div> Hello=21</div><div><br></div><div>This commit bre= aks x11-server/xwayland</div><div><br></div><div>=46AILED: os/liblibxserv= er=5Fos.a.p/rpcauth.c.o =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 cc -Ios/liblibxserver=5Fos.a.p -Ios -= I../os -I. -I.. -IXext -I../Xext -IXi -I../Xi -Icomposite -I../composite = -Idamageext -I../damageext -Ifb -I../fb -Iglamor -I../glamor -Imi -I../mi= -Imiext/damage -I../miext/damage -Imiext/sync -I../miext/sync -Idbe -I..= /dbe -Idix -I../dix -Idri3 -I../dri3 -Iinclude -I../include -Ipresent -I.= ./present -Irandr -I../randr -Irender -I../render -Ixfixes -I../xfixes -I= /usr/local/include -I/usr/local/include/pixman-1 -I/usr/local/include/fre= etype2 -I/usr/local/include/libpng16 -fdiagnostics-color=3Dnever -D=5F=46= ILE=5FO=46=46SET=5FBITS=3D64 -Wall -Winvalid-pch -std=3Dgnu99 -DHAVE=5FDI= X=5FCON=46IG=5FH -fno-strict-aliasing -fvisibility=3Dhidden -Wall -Wpoint= er-arith -Wmissing-declarations -Wformat=3D2 -Wstrict-prototypes -Wmissin= g-prototypes -Wnested-externs -Wbad-function-cast -Wold-style-definition = -Wunused -Wuninitialized -Wshadow -Wmissing-noreturn -Wmissing-format-att= ribute -Wredundant-decls -Werror=3Dimplicit -Werror=3Dnonnull -Werror=3Di= nit-self -Werror=3Dmain -Werror=3Dmissing-braces -Werror=3Dsequence-point= -Werror=3Dreturn-type -Werror=3Dtrigraphs -Werror=3Darray-bounds -Werror= =3Dwrite-strings -Werror=3Daddress -Werror=3Dint-to-pointer-cast -Werror=3D= pointer-to-int-cast -O2 -pipe -fstack-protector-strong -fno-strict-aliasi= ng -fPIC -D=5FTHREAD=5FSA=46E -D=5FDE=46AULT=5FSOURCE -D=5FBSD=5FSOURCE -= DHAS=5F=46CHOWN -DHAS=5FSTICKY=5FDIR=5FBIT -DCLIENTIDS -MD -MQ os/liblibx= server=5Fos.a.p/rpcauth.c.o -M=46 os/liblibxserver=5Fos.a.p/rpcauth.c.o.d= -o os/liblibxserver=5Fos.a.p/rpcauth.c.o -c ../os/rpcauth.c =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ../os/rpcauth.c:110:52: error:= incomplete definition of type 'struct authdes=5Fcred' =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0110 =7C =C2=A0 =C2=A0 return (((struct authdes=5Fcred *) r.rq=5F= clntcred)->adc=5Ffullname.name); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0=7C =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E=7E= =7E=7E=7E=7E=7E=7E=7E=7E=7E=5E =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0../os/rpcauth.= c:110:22: note: forward declaration of 'struct authdes=5Fcred' =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0110 =7C =C2=A0 =C2=A0 re= turn (((struct authdes=5Fcred *) r.rq=5Fclntcred)->adc=5Ffullname.name= ); =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=7C =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=5E =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A01 error generated.<br= ></div><div><br></div> <div><br></div> </div> <div id=3D=22CanarySig=22> = <div> <div style=3D=22font-family:Helvetica;=22><div style=3D=22font-fami= ly:Helvetica;=22>--<br><div>Dima. (desktop, kde, x11, office, ports-secte= am)=40=46reeBSD team</div><div>(fluffy=40=46reeBSD.org, https://t.me/=46l= uffyBSD)</div></div></div> <div><br></div> </div> </div> <div id=3D=22Can= aryDropbox=22> </div> <blockquote id=3D=22CanaryBlockquote=22> <div> <div= >On =D0=B2=D0=BE=D1=81=D0=BA=D1=80=D0=B5=D1=81=D0=B5=D0=BD=D1=8C=D0=B5, =D0= =B0=D0=B2=D0=B3. 10, 2025 at 6:37 PM, Lexi Winter <<a href=3D=22mailto= :ivy=40=46reeBSD.org=22>ivy=40=46reeBSD.org</a>> wrote:<br></div> <div= >The branch main has been updated by ivy: <br> <br>URL: https://cgit.=46r= eeBSD.org/src/commit/=3Fid=3D7ac276298b72982189ac1a5b17461936dc00163e <br= > <br>commit 7ac276298b72982189ac1a5b17461936dc00163e <br>Author: Lexi Wi= nter <ivy=40=46reeBSD.org> <br>AuthorDate: 2025-08-10 12:57:36 +000= 0 <br>Commit: Lexi Winter <ivy=40=46reeBSD.org> <br>CommitDate: 202= 5-08-10 15:36:40 +0000 <br> <br> Remove Secure RPC DES authentication <br= > <br> =46ollowing the earlier removal of keyserv, none of this functiona= lity <br> works since it requires keyserv. <br> <br> Remove the relevant = symbols from libc's Symbol.map. Leave compatibility <br> symbols for exis= ting applications, but since the functions don't work <br> without keyser= v, stub them out to return an error. <br> <br> Remove some private symbol= s that were only used by keyserv; these don't <br> get compatibility symb= ols. <br> <br> Remove the documentation for the old functions. <br> <br> = Remove rpc.ypupdated since it requires DES authentication. <br> <br> Revi= ewed by: manu, des, emaste <br> Differential Revision: https://reviews.fr= eebsd.org/D50442 <br>--- <br> Obsolete=46iles.inc =7C 4 + <br> include/rp= c/auth=5Fdes.h =7C 79 +---- <br> lib/libc/rpc/Symbol.map =7C 19 -- <br> l= ib/libc/rpc/auth=5Fdes.c =7C 455 +---------------------------- <br> lib/l= ibc/rpc/authdes=5Fprot.c =7C 44 +-- <br> lib/libc/rpc/key=5Fcall.c =7C 42= 4 +++------------------------ <br> lib/libc/rpc/publickey.5 =7C 40 --- <b= r> lib/libc/rpc/rpc=5Fsecure.3 =7C 177 +----------- <br> lib/libc/rpc/rpc= =5Fsoc.3 =7C 13 +- <br> lib/libc/rpc/rpc=5Fsoc.c =7C 31 +- <br> lib/libc/= rpc/svc=5Fauth.c =7C 8 - <br> lib/libc/rpc/svc=5Fauth=5Fdes.c =7C 460 +--= --------------------------- <br> lib/librpcsvc/Makefile =7C 2 +- <br> lib= /librpcsvc/yp=5Fupdate.c =7C 199 ------------- <br> libexec/rc/rc.conf =7C= 1 - <br> libexec/rc/rc.d/Makefile =7C 1 - <br> libexec/rc/rc.d/ypupdated= =7C 35 --- <br> share/man/man5/rc.conf.5 =7C 9 +- <br> sys/rpc/auth.h =7C= 26 -- <br> tools/build/mk/OptionalObsolete=46iles.inc =7C 2 - <br> usr.s= bin/Makefile =7C 1 - <br> usr.sbin/rpc.ypupdated/Makefile =7C 32 --- <br>= usr.sbin/rpc.ypupdated/Makefile.depend =7C 18 -- <br> usr.sbin/rpc.ypupd= ated/update.c =7C 328 --------------------- <br> usr.sbin/rpc.ypupdated/y= p=5Fdbdelete.c =7C 68 ----- <br> usr.sbin/rpc.ypupdated/yp=5Fdbupdate.c =7C= 147 ---------- <br> usr.sbin/rpc.ypupdated/ypupdate =7C 32 --- <br> usr.= sbin/rpc.ypupdated/ypupdated=5Fextern.h =7C 32 --- <br> usr.sbin/rpc.ypup= dated/ypupdated=5Fmain.c =7C 287 ------------------- <br> usr.sbin/rpc.yp= updated/ypupdated=5Fserver.c =7C 227 --------------- <br> 30 files change= d, 83 insertions(+), 3118 deletions(-) <br> <br>diff --git a/Obsolete=46i= les.inc b/Obsolete=46iles.inc <br>index ec324e82f86d..a6662d31829f 100644= <br>--- a/Obsolete=46iles.inc <br>+++ b/Obsolete=46iles.inc <br>=40=40 -= 51,6 +51,10 =40=40 <br> =23 xargs -n1 =7C sort =7C uniq -d; <br> =23 done= <br> <br>+=23 20250810: Removal of remaining Secure RPC (DES) bits <br>+= OLD=5F=46ILES+=3Dusr/sbin/rpc.ypupdated <br>+OLD=5F=46ILES+=3Detc/rc.d/yp= updated <br>+ <br> =23 20250808: nvmfd removed from base install <br> OLD= =5F=46ILES+=3Dusr/sbin/nvmfd <br> OLD=5F=46ILES+=3Dusr/share/man/man8/nvm= fd.8.gz <br>diff --git a/include/rpc/auth=5Fdes.h b/include/rpc/auth=5Fde= s.h <br>index 0ff43c13139b..1b4943a74b8b 100644 <br>--- a/include/rpc/aut= h=5Fdes.h <br>+++ b/include/rpc/auth=5Fdes.h <br>=40=40 -33,91 +33,14 =40= =40 <br> * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. <br> */ <b= r> <br>-/* <br>- * auth=5Fdes.h, Protocol for DES style authentication fo= r RPC <br>- */ <br>+/* Note, RPC DES authentication was removed in =46ree= BSD 15.0. */ <br> <br> =23ifndef =5FAUTH=5FDES=5F <br> =23define =5FAUTH=5F= DES=5F <br> <br>-/* <br>- * There are two kinds of =22names=22: fullnames= and nicknames <br>- */ <br>-enum authdes=5Fnamekind =7B <br>- ADN=5F=46U= LLNAME, <br>- ADN=5FNICKNAME <br>-=7D; <br>- <br>-/* <br>- * A fullname c= ontains the network name of the client, <br>- * a conversation key and th= e window <br>- */ <br>-struct authdes=5Ffullname =7B <br>- char *name; /*= network name of client, up to MAXNETNAMELEN */ <br>- des=5Fblock key; /*= conversation key */ <br>- u=5Flong window; /* associated window */ <br>-= =7D; <br>- <br>- <br>-/* <br>- * A credential <br>- */ <br>-struct authde= s=5Fcred =7B <br>- enum authdes=5Fnamekind adc=5Fnamekind; <br>- struct a= uthdes=5Ffullname adc=5Ffullname; <br>- u=5Flong adc=5Fnickname; <br>-=7D= ; <br>- <br>- <br>- <br>-/* <br>- * A des authentication verifier <br>- *= / <br>-struct authdes=5Fverf =7B <br>- union =7B <br>- struct timeval adv= =5Fctime; /* clear time */ <br>- des=5Fblock adv=5Fxtime; /* crypt time *= / <br>- =7D adv=5Ftime=5Fu; <br>- u=5Flong adv=5Fint=5Fu; <br>-=7D; <br>-= <br>-/* <br>- * des authentication verifier: client variety <br>- * <br>= - * adv=5Ftimestamp is the current time. <br>- * adv=5Fwinverf is the cre= dential window + 1. <br>- * Both are encrypted using the conversation key= . <br>- */ <br>-=23define adv=5Ftimestamp adv=5Ftime=5Fu.adv=5Fctime <br>= -=23define adv=5Fxtimestamp adv=5Ftime=5Fu.adv=5Fxtime <br>-=23define adv= =5Fwinverf adv=5Fint=5Fu <br>- <br>-/* <br>- * des authentication verifie= r: server variety <br>- * <br>- * adv=5Ftimeverf is the client's timestam= p + client's window <br>- * adv=5Fnickname is the server's nickname for t= he client. <br>- * adv=5Ftimeverf is encrypted using the conversation key= . <br>- */ <br>-=23define adv=5Ftimeverf adv=5Ftime=5Fu.adv=5Fctime <br>-= =23define adv=5Fxtimeverf adv=5Ftime=5Fu.adv=5Fxtime <br>-=23define adv=5F= nickname adv=5Fint=5Fu <br>- <br>-/* <br>- * Map a des credential into a = unix cred. <br>- * <br>- */ <br>-=5F=5FBEGIN=5FDECLS <br>-extern int auth= des=5Fgetucred( struct authdes=5Fcred *, uid=5Ft *, gid=5Ft *, int *, gid= =5Ft * ); <br>-=5F=5FEND=5FDECLS <br>- <br> =5F=5FBEGIN=5FDECLS <br>-exte= rn bool=5Ft xdr=5Fauthdes=5Fcred(XDR *, struct authdes=5Fcred *); <br>-ex= tern bool=5Ft xdr=5Fauthdes=5Fverf(XDR *, struct authdes=5Fverf *); <br> = extern int rtime(dev=5Ft, struct netbuf *, int, struct timeval *, <br> st= ruct timeval *); <br>-extern void kgetnetname(char *); <br>-extern enum a= uth=5Fstat =5Fsvcauth=5Fdes(struct svc=5Freq *, struct rpc=5Fmsg *); <br>= =5F=5FEND=5FDECLS <br> <br> =23endif /* ndef =5FAUTH=5FDES=5F */ <br>dif= f --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map <br>index 105= d6fb6b54e..61e8e084b1e0 100644 <br>--- a/lib/libc/rpc/Symbol.map <br>+++ = b/lib/libc/rpc/Symbol.map <br>=40=40 -8,13 +8,9 =40=40 =46BSD=5F1.0 =7B <= br> xdr=5Fdesargs; <br> xdr=5Fdesresp; <br> <br>- authdes=5Fseccreate; <b= r>- authdes=5Fpk=5Fseccreate; <br> authnone=5Fcreate; <br> authunix=5Fcre= ate; <br> authunix=5Fcreate=5Fdefault; <br>- xdr=5Fauthdes=5Fcred; <br>- = xdr=5Fauthdes=5Fverf; <br> xdr=5Fauthunix=5Fparms; <br> bindresvport; <br= > bindresvport=5Fsa; <br>=40=40 -58,15 +54,6 =40=40 =46BSD=5F1.0 =7B <br>= endrpcent; <br> getrpcent; <br> getrpcport; <br>- key=5Fsetsecret; <br>-= key=5Fsecretkey=5Fis=5Fset; <br>- key=5Fencryptsession=5Fpk; <br>- key=5F= decryptsession=5Fpk; <br>- key=5Fencryptsession; <br>- key=5Fdecryptsessi= on; <br>- key=5Fgendes; <br>- key=5Fsetnet; <br>- key=5Fget=5Fconv; <br> = xdr=5Fkeystatus; <br> xdr=5Fkeybuf; <br> xdr=5Fnetnamestr; <br>=40=40 -13= 0,7 +117,6 =40=40 =46BSD=5F1.0 =7B <br> callrpc; <br> registerrpc; <br> c= lnt=5Fbroadcast; <br>- authdes=5Fcreate; <br> clntunix=5Fcreate; <br> svc= unix=5Fcreate; <br> svcunixfd=5Fcreate; <br>=40=40 -180,8 +166,6 =40=40 =46= BSD=5F1.0 =7B <br> =5Fauthenticate; <br> =5Fsvcauth=5Fnull; <br> svc=5Fau= th=5Freg; <br>- =5Fsvcauth=5Fdes; <br>- authdes=5Fgetucred; <br> =5Fsvcau= th=5Funix; <br> =5Fsvcauth=5Fshort; <br> svc=5Fdg=5Fcreate; <br>=40=40 -2= 05,9 +189,6 =40=40 =46BSD=5F1.8 =7B <br> <br> =46BSDprivate=5F1.0 =7B <br= > =5F=5Fdes=5Fcrypt=5FLOCAL; <br>- =5F=5Fkey=5Fencryptsession=5Fpk=5FLOCA= L; <br>- =5F=5Fkey=5Fdecryptsession=5Fpk=5FLOCAL; <br>- =5F=5Fkey=5Fgende= s=5FLOCAL; <br> =5F=5Fsvc=5Fclean=5Fidle; <br> =5F=5Frpc=5Fgss=5Funwrap; = <br> =5F=5Frpc=5Fgss=5Funwrap=5Fstub; <br>diff --git a/lib/libc/rpc/auth=5F= des.c b/lib/libc/rpc/auth=5Fdes.c <br>index c9b20de25cda..754d55cbed3e 10= 0644 <br>--- a/lib/libc/rpc/auth=5Fdes.c <br>+++ b/lib/libc/rpc/auth=5Fde= s.c <br>=40=40 -30,463 +30,34 =40=40 <br> /* <br> * Copyright (c) 1988 by= Sun Microsystems, Inc. <br> */ <br>+ <br> /* <br>- * auth=5Fdes.c, clien= t-side implementation of DES authentication <br>+ * Secure RPC DES authen= tication was removed in =46reeBSD 15.0. <br>+ * These symbols are provide= d for backward compatibility, but provide no <br>+ * functionality and wi= ll always return an error. <br> */ <br> <br> =23include =22namespace.h=22= <br> =23include =22reentrant.h=22 <br>-=23include <err.h> <br>-=23= include <errno.h> <br>-=23include <string.h> <br>-=23include = <stdlib.h> <br>-=23include <unistd.h> <br>-=23include <rpc= /des=5Fcrypt.h> <br>-=23include <syslog.h> <br> =23include <r= pc/types.h> <br> =23include <rpc/auth.h> <br> =23include <rpc= /auth=5Fdes.h> <br>-=23include <rpc/clnt.h> <br>-=23include <= rpc/xdr.h> <br>-=23include <sys/socket.h> <br>-=23undef NIS <br>= =23include <rpcsvc/nis.h> <br> =23include =22un-namespace.h=22 <br= >-=23include =22mt=5Fmisc.h=22 <br>- <br>-=23define USEC=5FPER=5FSEC 1000= 000 <br>-=23define RTIME=5FTIMEOUT 5 /* seconds to wait for sync */ <br>-= <br>-=23define AUTH=5FPRIVATE(auth) (struct ad=5Fprivate *) auth->ah=5F= private <br>-=23define ALLOC(object=5Ftype) (object=5Ftype *) mem=5Falloc= (sizeof(object=5Ftype)) <br>-=23define =46REE(ptr, size) mem=5Ffree((char= *)(ptr), (int) size) <br>-=23define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop))= return (=46ALSE) <br>- <br>-extern bool=5Ft xdr=5Fauthdes=5Fcred( XDR *,= struct authdes=5Fcred *); <br>-extern bool=5Ft xdr=5Fauthdes=5Fverf( XDR= *, struct authdes=5Fverf *); <br>-extern int key=5Fencryptsession=5Fpk(c= har *, netobj *, des=5Fblock *); <br>- <br>-extern bool=5Ft =5F=5Frpc=5Fg= et=5Ftime=5Foffset(struct timeval *, nis=5Fserver *, char *, <br>- char *= *, char **); <br> <br>-/* <br>- * DES authenticator operations vector <br= >- */ <br>-static void authdes=5Fnextverf(AUTH *); <br>-static bool=5Ft a= uthdes=5Fmarshal(AUTH *, XDR *); <br>-static bool=5Ft authdes=5Fvalidate(= AUTH *, struct opaque=5Fauth *); <br>-static bool=5Ft authdes=5Frefresh(A= UTH *, void *); <br>-static void authdes=5Fdestroy(AUTH *); <br>- <br>-st= atic struct auth=5Fops *authdes=5Fops(void); <br>- <br>-/* <br>- * This s= truct is pointed to by the ah=5Fprivate field of an =22AUTH *=22 <br>- */= <br>-struct ad=5Fprivate =7B <br>- char *ad=5Ffullname; /* client's full= name */ <br>- u=5Fint ad=5Ffullnamelen; /* length of name, rounded up */= <br>- char *ad=5Fservername; /* server's full name */ <br>- u=5Fint ad=5F= servernamelen; /* length of name, rounded up */ <br>- u=5Fint ad=5Fwindow= ; /* client specified window */ <br>- bool=5Ft ad=5Fdosync; /* synchroniz= e=3F */ <br>- struct netbuf ad=5Fsyncaddr; /* remote host to synch with *= / <br>- char *ad=5Ftimehost; /* remote host to synch with */ <br>- struct= timeval ad=5Ftimediff; /* server's time - client's time */ <br>- u=5Fint= ad=5Fnickname; /* server's nickname for client */ <br>- struct authdes=5F= cred ad=5Fcred; /* storage for credential */ <br>- struct authdes=5Fverf = ad=5Fverf; /* storage for verifier */ <br>- struct timeval ad=5Ftimestamp= ; /* timestamp sent */ <br>- des=5Fblock ad=5Fxkey; /* encrypted conversa= tion key */ <br>- u=5Fchar ad=5Fpkey=5B1024=5D; /* Server's actual public= key */ <br>- char *ad=5Fnetid; /* Timehost netid */ <br>- char *ad=5Fuad= dr; /* Timehost uaddr */ <br>- nis=5Fserver *ad=5Fnis=5Fsrvr; /* NIS+ ser= ver struct */ <br>-=7D; <br>- <br>-AUTH *authdes=5Fpk=5Fseccreate(const c= har *, netobj *, u=5Fint, const char *, <br>- const des=5Fblock *, nis=5F= server *); <br>- <br>-/* <br>- * documented version of authdes=5Fseccreat= e <br>- */ <br>-/* <br>- servername: network name of server <br>- win: ti= me to live <br>- timehost: optional hostname to sync with <br>- ckey: opt= ional conversation key to use <br>-*/ <br>- <br>-AUTH * <br>-authdes=5Fse= ccreate(const char *servername, const u=5Fint win, <br>+static AUTH * <br= >+=5F=5Fauthdes=5Fseccreate(const char *servername, const u=5Fint win, <b= r> const char *timehost, const des=5Fblock *ckey) <br> =7B <br>- u=5Fchar= pkey=5Fdata=5B1024=5D; <br>- netobj pkey; <br>- AUTH *dummy; <br>- <br>-= if (=21 getpublickey(servername, (char *) pkey=5Fdata)) =7B <br>- syslog= (LOG=5FERR, <br>- =22authdes=5Fseccreate: no public key found for %s=22, = <br>- servername); <br>- return (NULL); <br>- =7D <br>- <br>- pkey.n=5Fby= tes =3D (char *) pkey=5Fdata; <br>- pkey.n=5Flen =3D (u=5Fint)strlen((cha= r *)pkey=5Fdata) + 1; <br>- dummy =3D authdes=5Fpk=5Fseccreate(servername= , &pkey, win, timehost, <br>- ckey, NULL); <br>- return (dummy); <br>= -=7D <br>- <br>-/* <br>- * Slightly modified version of authdessec=5Fcrea= te which takes the public key <br>- * of the server principal as an argum= ent. This spares us a call to <br>- * getpublickey() which in the nameser= ver context can cause a deadlock. <br>- */ <br>-AUTH * <br>-authdes=5Fpk=5F= seccreate(const char *servername, netobj *pkey, u=5Fint window, <br>- con= st char *timehost, const des=5Fblock *ckey, nis=5Fserver *srvr) <br>-=7B = <br>- AUTH *auth; <br>- struct ad=5Fprivate *ad; <br>- char namebuf=5BMAX= NETNAMELEN+1=5D; <br>- <br>- /* <br>- * Allocate everything now <br>- */ = <br>- auth =3D ALLOC(AUTH); <br>- if (auth =3D=3D NULL) =7B <br>- syslog(= LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of memory=22); <br>- return (= NULL); <br>- =7D <br>- ad =3D ALLOC(struct ad=5Fprivate); <br>- if (ad =3D= =3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fpk=5Fseccreate: out of= memory=22); <br>- goto failed; <br>- =7D <br>- ad->ad=5Ffullname =3D = ad->ad=5Fservername =3D NULL; /* Sanity reasons */ <br>- ad->ad=5Ft= imehost =3D NULL; <br>- ad->ad=5Fnetid =3D NULL; <br>- ad->ad=5Fuad= dr =3D NULL; <br>- ad->ad=5Fnis=5Fsrvr =3D NULL; <br>- ad->ad=5Ftim= ediff.tv=5Fsec =3D 0; <br>- ad->ad=5Ftimediff.tv=5Fusec =3D 0; <br>- m= emcpy(ad->ad=5Fpkey, pkey->n=5Fbytes, pkey->n=5Flen); <br>- if (= =21getnetname(namebuf)) <br>- goto failed; <br>- ad->ad=5Ffullnamelen = =3D RNDUP((u=5Fint) strlen(namebuf)); <br>- ad->ad=5Ffullname =3D (cha= r *)mem=5Falloc(ad->ad=5Ffullnamelen + 1); <br>- ad->ad=5Fservernam= elen =3D strlen(servername); <br>- ad->ad=5Fservername =3D (char *)mem= =5Falloc(ad->ad=5Fservernamelen + 1); <br>- <br>- if (ad->ad=5Ffull= name =3D=3D NULL =7C=7C ad->ad=5Fservername =3D=3D NULL) =7B <br>- sys= log(LOG=5FERR, =22authdes=5Fseccreate: out of memory=22); <br>- goto fail= ed; <br>- =7D <br>- if (timehost =21=3D NULL) =7B <br>- ad->ad=5Ftimeh= ost =3D (char *)mem=5Falloc(strlen(timehost) + 1); <br>- if (ad->ad=5F= timehost =3D=3D NULL) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fseccreate:= out of memory=22); <br>- goto failed; <br>- =7D <br>- memcpy(ad->ad=5F= timehost, timehost, strlen(timehost) + 1); <br>- ad->ad=5Fdosync =3D T= RUE; <br>- =7D else if (srvr =21=3D NULL) =7B <br>- ad->ad=5Fnis=5Fsrv= r =3D srvr; /* transient */ <br>- ad->ad=5Fdosync =3D TRUE; <br>- =7D = else =7B <br>- ad->ad=5Fdosync =3D =46ALSE; <br>- =7D <br>- memcpy(ad-= >ad=5Ffullname, namebuf, ad->ad=5Ffullnamelen + 1); <br>- memcpy(ad= ->ad=5Fservername, servername, ad->ad=5Fservernamelen + 1); <br>- a= d->ad=5Fwindow =3D window; <br>- if (ckey =3D=3D NULL) =7B <br>- if (k= ey=5Fgendes(&auth->ah=5Fkey) < 0) =7B <br>- syslog(LOG=5FERR, <= br>- =22authdes=5Fseccreate: keyserv(1m) is unable to generate session ke= y=22); <br>- goto failed; <br>- =7D <br>- =7D else =7B <br>- auth->ah=5F= key =3D *ckey; <br>- =7D <br>- <br>- /* <br>- * Set up auth handle <br>- = */ <br>- auth->ah=5Fcred.oa=5Fflavor =3D AUTH=5FDES; <br>- auth->ah= =5Fverf.oa=5Fflavor =3D AUTH=5FDES; <br>- auth->ah=5Fops =3D authdes=5F= ops(); <br>- auth->ah=5Fprivate =3D (caddr=5Ft)ad; <br>- <br>- if (=21= authdes=5Frefresh(auth, NULL)) =7B <br>- goto failed; <br>- =7D <br>- ad-= >ad=5Fnis=5Fsrvr =3D NULL; /* not needed any longer */ <br>- return (a= uth); <br>- <br>-failed: <br>- if (auth) <br>- =46REE(auth, sizeof (AUTH)= ); <br>- if (ad) =7B <br>- if (ad->ad=5Ffullname) <br>- =46REE(ad->= ad=5Ffullname, ad->ad=5Ffullnamelen + 1); <br>- if (ad->ad=5Fserver= name) <br>- =46REE(ad->ad=5Fservername, ad->ad=5Fservernamelen + 1)= ; <br>- if (ad->ad=5Ftimehost) <br>- =46REE(ad->ad=5Ftimehost, strl= en(ad->ad=5Ftimehost) + 1); <br>- if (ad->ad=5Fnetid) <br>- =46REE(= ad->ad=5Fnetid, strlen(ad->ad=5Fnetid) + 1); <br>- if (ad->ad=5F= uaddr) <br>- =46REE(ad->ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); <b= r>- =46REE(ad, sizeof (struct ad=5Fprivate)); <br>- =7D <br> return (NULL= ); <br> =7D <br>+=5F=5Fsym=5Fcompat(authdes=5Fseccreate, =5F=5Fauthdes=5F= seccreate, =46BSD=5F1.0); <br> <br>-/* <br>- * Implement the five authent= ication operations <br>- */ <br>- <br>- <br>-/* <br>- * 1. Next Verifier = <br>- */ <br>-/*ARGSUSED*/ <br>-static void <br>-authdes=5Fnextverf(AUTH = *auth =5F=5Funused) <br>+static AUTH * <br>+=5F=5Fauthdes=5Fpk=5Fseccreat= e(const char *servername =5F=5Funused, netobj *pkey =5F=5Funused, <br>+ u= =5Fint window =5F=5Funused, const char *timehost =5F=5Funused, <br>+ cons= t des=5Fblock *ckey =5F=5Funused, nis=5Fserver *srvr =5F=5Funused) <br> =7B= <br>- /* what the heck am I supposed to do=3F=3F=3F */ <br>-=7D <br>- <b= r>- <br>-/* <br>- * 2. Marshal <br>- */ <br>-static bool=5Ft <br>-authdes= =5Fmarshal(AUTH *auth, XDR *xdrs) <br>-=7B <br>-/* LINTED pointer alignme= nt */ <br>- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); <br>- struc= t authdes=5Fcred *cred =3D &ad->ad=5Fcred; <br>- struct authdes=5F= verf *verf =3D &ad->ad=5Fverf; <br>- des=5Fblock cryptbuf=5B2=5D; = <br>- des=5Fblock ivec; <br>- int status; <br>- int len; <br>- rpc=5Finli= ne=5Ft *ixdr; <br>- <br>- /* <br>- * =46igure out the =22time=22, account= ing for any time difference <br>- * with the server if necessary. <br>- *= / <br>- (void)gettimeofday(&ad->ad=5Ftimestamp, NULL); <br>- ad-&g= t;ad=5Ftimestamp.tv=5Fsec +=3D ad->ad=5Ftimediff.tv=5Fsec; <br>- ad-&g= t;ad=5Ftimestamp.tv=5Fusec +=3D ad->ad=5Ftimediff.tv=5Fusec; <br>- whi= le (ad->ad=5Ftimestamp.tv=5Fusec >=3D USEC=5FPER=5FSEC) =7B <br>- a= d->ad=5Ftimestamp.tv=5Fusec -=3D USEC=5FPER=5FSEC; <br>- ad->ad=5Ft= imestamp.tv=5Fsec++; <br>- =7D <br>- <br>- /* <br>- * XDR the timestamp a= nd possibly some other things, then <br>- * encrypt them. <br>- */ <br>- = ixdr =3D (rpc=5Finline=5Ft *)cryptbuf; <br>- IXDR=5FPUT=5FINT32(ixdr, ad-= >ad=5Ftimestamp.tv=5Fsec); <br>- IXDR=5FPUT=5FINT32(ixdr, ad->ad=5F= timestamp.tv=5Fusec); <br>- if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D AD= N=5F=46ULLNAME) =7B <br>- IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow= ); <br>- IXDR=5FPUT=5FU=5FINT32(ixdr, ad->ad=5Fwindow - 1); <br>- ivec= .key.high =3D ivec.key.low =3D 0; <br>- status =3D cbc=5Fcrypt((char *)&a= mp;auth->ah=5Fkey, (char *)cryptbuf, <br>- (u=5Fint) 2 * sizeof (des=5F= block), <br>- DES=5FENCRYPT =7C DES=5FHW, (char *)&ivec); <br>- =7D e= lse =7B <br>- status =3D ecb=5Fcrypt((char *)&auth->ah=5Fkey, (cha= r *)cryptbuf, <br>- (u=5Fint) sizeof (des=5Fblock), <br>- DES=5FENCRYPT =7C= DES=5FHW); <br>- =7D <br>- if (DES=5F=46AILED(status)) =7B <br>- syslog(= LOG=5FERR, =22authdes=5Fmarshal: DES encryption failure=22); <br>- return= (=46ALSE); <br>- =7D <br>- ad->ad=5Fverf.adv=5Fxtimestamp =3D cryptbu= f=5B0=5D; <br>- if (ad->ad=5Fcred.adc=5Fnamekind =3D=3D ADN=5F=46ULLNA= ME) =7B <br>- ad->ad=5Fcred.adc=5Ffullname.window =3D cryptbuf=5B1=5D.= key.high; <br>- ad->ad=5Fverf.adv=5Fwinverf =3D cryptbuf=5B1=5D.key.lo= w; <br>- =7D else =7B <br>- ad->ad=5Fcred.adc=5Fnickname =3D ad->ad= =5Fnickname; <br>- ad->ad=5Fverf.adv=5Fwinverf =3D 0; <br>- =7D <br>- = <br>- /* <br>- * Serialize the credential and verifier into opaque <br>- = * authentication data. <br>- */ <br>- if (ad->ad=5Fcred.adc=5Fnamekind= =3D=3D ADN=5F=46ULLNAME) =7B <br>- len =3D ((1 + 1 + 2 + 1)*BYTES=5FPER=5F= XDR=5FUNIT + ad->ad=5Ffullnamelen); <br>- =7D else =7B <br>- len =3D (= 1 + 1)*BYTES=5FPER=5FXDR=5FUNIT; <br>- =7D <br>- <br>- if ((ixdr =3D xdr=5F= inline(xdrs, 2*BYTES=5FPER=5FXDR=5FUNIT))) =7B <br>- IXDR=5FPUT=5FINT32(i= xdr, AUTH=5FDES); <br>- IXDR=5FPUT=5FINT32(ixdr, len); <br>- =7D else =7B= <br>- ATTEMPT(xdr=5Fputint32(xdrs, (int *)&auth->ah=5Fcred.oa=5Ff= lavor)); <br>- ATTEMPT(xdr=5Fputint32(xdrs, &len)); <br>- =7D <br>- A= TTEMPT(xdr=5Fauthdes=5Fcred(xdrs, cred)); <br>- <br>- len =3D (2 + 1)*BYT= ES=5FPER=5FXDR=5FUNIT; <br>- if ((ixdr =3D xdr=5Finline(xdrs, 2*BYTES=5FP= ER=5FXDR=5FUNIT))) =7B <br>- IXDR=5FPUT=5FINT32(ixdr, AUTH=5FDES); <br>- = IXDR=5FPUT=5FINT32(ixdr, len); <br>- =7D else =7B <br>- ATTEMPT(xdr=5Fput= int32(xdrs, (int *)&auth->ah=5Fverf.oa=5Fflavor)); <br>- ATTEMPT(x= dr=5Fputint32(xdrs, &len)); <br>- =7D <br>- ATTEMPT(xdr=5Fauthdes=5Fv= erf(xdrs, verf)); <br>- return (TRUE); <br>-=7D <br>- <br>- <br>-/* <br>-= * 3. Validate <br>- */ <br>-static bool=5Ft <br>-authdes=5Fvalidate(AUTH= *auth, struct opaque=5Fauth *rverf) <br>-=7B <br>-/* LINTED pointer alig= nment */ <br>- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); <br>- st= ruct authdes=5Fverf verf; <br>- int status; <br>- uint32=5Ft *ixdr; <br>-= des=5Fblock buf; <br>- <br>- if (rverf->oa=5Flength =21=3D (2 + 1) * = BYTES=5FPER=5FXDR=5FUNIT) =7B <br>- return (=46ALSE); <br>- =7D <br>-/* L= INTED pointer alignment */ <br>- ixdr =3D (uint32=5Ft *)rverf->oa=5Fba= se; <br>- buf.key.high =3D (uint32=5Ft)*ixdr++; <br>- buf.key.low =3D (ui= nt32=5Ft)*ixdr++; <br>- verf.adv=5Fint=5Fu =3D (uint32=5Ft)*ixdr++; <br>-= <br>- /* <br>- * Decrypt the timestamp <br>- */ <br>- status =3D ecb=5Fc= rypt((char *)&auth->ah=5Fkey, (char *)&buf, <br>- (u=5Fint)siz= eof (des=5Fblock), DES=5FDECRYPT =7C DES=5FHW); <br>- <br>- if (DES=5F=46= AILED(status)) =7B <br>- syslog(LOG=5FERR, =22authdes=5Fvalidate: DES dec= ryption failure=22); <br>- return (=46ALSE); <br>- =7D <br>- <br>- /* <br= >- * xdr the decrypted timestamp <br>- */ <br>-/* LINTED pointer alignmen= t */ <br>- ixdr =3D (uint32=5Ft *)buf.c; <br>- verf.adv=5Ftimestamp.tv=5F= sec =3D IXDR=5FGET=5FINT32(ixdr) + 1; <br>- verf.adv=5Ftimestamp.tv=5Fuse= c =3D IXDR=5FGET=5FINT32(ixdr); <br>- <br>- /* <br>- * validate <br>- */ = <br>- if (bcmp((char *)&ad->ad=5Ftimestamp, (char *)&verf.adv=5F= timestamp, <br>- sizeof(struct timeval)) =21=3D 0) =7B <br>- syslog(LOG=5F= DEBUG, =22authdes=5Fvalidate: verifier mismatch=22); <br>- return (=46ALS= E); <br>- =7D <br>- <br>- /* <br>- * We have a nickname now, let's use it= <br>- */ <br>- ad->ad=5Fnickname =3D verf.adv=5Fnickname; <br>- ad-&g= t;ad=5Fcred.adc=5Fnamekind =3D ADN=5FNICKNAME; <br>- return (TRUE); <br>-= =7D <br>- <br>-/* <br>- * 4. Refresh <br>- */ <br>-/*ARGSUSED*/ <br>-stat= ic bool=5Ft <br>-authdes=5Frefresh(AUTH *auth, void *dummy =5F=5Funused) = <br>-=7B <br>-/* LINTED pointer alignment */ <br>- struct ad=5Fprivate *a= d =3D AUTH=5FPRIVATE(auth); <br>- struct authdes=5Fcred *cred =3D &ad= ->ad=5Fcred; <br>- int ok; <br>- netobj pkey; <br>- <br>- if (ad->a= d=5Fdosync) =7B <br>- ok =3D =5F=5Frpc=5Fget=5Ftime=5Foffset(&ad->= ad=5Ftimediff, ad->ad=5Fnis=5Fsrvr, <br>- ad->ad=5Ftimehost, &(= ad->ad=5Fuaddr), <br>- &(ad->ad=5Fnetid)); <br>- if (=21 ok) =7B= <br>- /* <br>- * Hope the clocks are synced=21 <br>- */ <br>- ad->ad=5F= dosync =3D 0; <br>- syslog(LOG=5FDEBUG, <br>- =22authdes=5Frefresh: unabl= e to synchronize clock=22); <br>- =7D <br>- =7D <br>- ad->ad=5Fxkey =3D= auth->ah=5Fkey; <br>- pkey.n=5Fbytes =3D (char *)(ad->ad=5Fpkey); = <br>- pkey.n=5Flen =3D (u=5Fint)strlen((char *)ad->ad=5Fpkey) + 1; <br= >- if (key=5Fencryptsession=5Fpk(ad->ad=5Fservername, &pkey, &= ad->ad=5Fxkey) < 0) =7B <br>- syslog(LOG=5FIN=46O, <br>- =22authdes= =5Frefresh: keyserv(1m) is unable to encrypt session key=22); <br>- retur= n (=46ALSE); <br>- =7D <br>- cred->adc=5Ffullname.key =3D ad->ad=5F= xkey; <br>- cred->adc=5Fnamekind =3D ADN=5F=46ULLNAME; <br>- cred->= adc=5Ffullname.name =3D ad->ad=5Ffullname; <br>- return (TRUE); <br>-=7D= <br>- <br>- <br>-/* <br>- * 5. Destroy <br>- */ <br>-static void <br>-au= thdes=5Fdestroy(AUTH *auth) <br>-=7B <br>-/* LINTED pointer alignment */ = <br>- struct ad=5Fprivate *ad =3D AUTH=5FPRIVATE(auth); <br>- <br>- =46RE= E(ad->ad=5Ffullname, ad->ad=5Ffullnamelen + 1); <br>- =46REE(ad->= ;ad=5Fservername, ad->ad=5Fservernamelen + 1); <br>- if (ad->ad=5Ft= imehost) <br>- =46REE(ad->ad=5Ftimehost, strlen(ad->ad=5Ftimehost) = + 1); <br>- if (ad->ad=5Fnetid) <br>- =46REE(ad->ad=5Fnetid, strlen= (ad->ad=5Fnetid) + 1); <br>- if (ad->ad=5Fuaddr) <br>- =46REE(ad-&g= t;ad=5Fuaddr, strlen(ad->ad=5Fuaddr) + 1); <br>- =46REE(ad, sizeof (st= ruct ad=5Fprivate)); <br>- =46REE(auth, sizeof(AUTH)); <br>-=7D <br>- <br= >-static struct auth=5Fops * <br>-authdes=5Fops(void) <br>-=7B <br>- stat= ic struct auth=5Fops ops; <br>- <br>- /* VARIABLES PROTECTED BY ops=5Floc= k: ops */ <br>- <br>- mutex=5Flock(&authdes=5Fops=5Flock); <br>- if (= ops.ah=5Fnextverf =3D=3D NULL) =7B <br>- ops.ah=5Fnextverf =3D authdes=5F= nextverf; <br>- ops.ah=5Fmarshal =3D authdes=5Fmarshal; <br>- ops.ah=5Fva= lidate =3D authdes=5Fvalidate; <br>- ops.ah=5Frefresh =3D authdes=5Frefre= sh; <br>- ops.ah=5Fdestroy =3D authdes=5Fdestroy; <br>- =7D <br>- mutex=5F= unlock(&authdes=5Fops=5Flock); <br>- return (&ops); <br>+ return = (NULL); <br> =7D <br>+=5F=5Fsym=5Fcompat(authdes=5Fpk=5Fseccreate, =5F=5F= authdes=5Fpk=5Fseccreate, =46BSD=5F1.0); <br>diff --git a/lib/libc/rpc/au= thdes=5Fprot.c b/lib/libc/rpc/authdes=5Fprot.c <br>index 79a0e5baa084..56= b44daafe41 100644 <br>--- a/lib/libc/rpc/authdes=5Fprot.c <br>+++ b/lib/l= ibc/rpc/authdes=5Fprot.c <br>=40=40 -42,44 +42,16 =40=40 <br> =23include = <rpc/auth=5Fdes.h> <br> =23include =22un-namespace.h=22 <br> <br>-=23= define ATTEMPT(xdr=5Fop) if (=21(xdr=5Fop)) return (=46ALSE) <br>- <br>-b= ool=5Ft <br>-xdr=5Fauthdes=5Fcred(XDR *xdrs, struct authdes=5Fcred *cred)= <br>+static bool=5Ft <br>+=5F=5Fxdr=5Fauthdes=5Fcred(XDR *xdrs, void *cr= ed) <br> =7B <br>- enum authdes=5Fnamekind *padc=5Fnamekind =3D &cred= ->adc=5Fnamekind; <br>- /* <br>- * Unrolled xdr <br>- */ <br>- ATTEMPT= (xdr=5Fenum(xdrs, (enum=5Ft *) padc=5Fnamekind)); <br>- switch (cred->= adc=5Fnamekind) =7B <br>- case ADN=5F=46ULLNAME: <br>- ATTEMPT(xdr=5Fstri= ng(xdrs, &cred->adc=5Ffullname.name, <br>- MAXNETNAMELEN)); <br>- = ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Ffullname.key, <= br>- sizeof(des=5Fblock))); <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&= amp;cred->adc=5Ffullname.window, <br>- sizeof(cred->adc=5Ffullname.= window))); <br>- return (TRUE); <br>- case ADN=5FNICKNAME: <br>- ATTEMPT(= xdr=5Fopaque(xdrs, (caddr=5Ft)&cred->adc=5Fnickname, <br>- sizeof(= cred->adc=5Fnickname))); <br>- return (TRUE); <br>- default: <br>- ret= urn (=46ALSE); <br>- =7D <br>+ return (=46ALSE); <br> =7D <br>+=5F=5Fsym=5F= compat(xdr=5Fauthdes=5Fcred, =5F=5Fxdr=5Fauthdes=5Fcred, =46BSD=5F1.0); <= br> <br>- <br>-bool=5Ft <br>-xdr=5Fauthdes=5Fverf(XDR *xdrs, struct authd= es=5Fverf *verf) <br>+static bool=5Ft <br>+=5F=5Fxdr=5Fauthdes=5Fverf(XDR= *xdrs, void *verf) <br> =7B <br>- /* <br>- * Unrolled xdr <br>- */ <br>-= ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&verf->adv=5Fxtimestamp, <b= r>- sizeof(des=5Fblock))); <br>- ATTEMPT(xdr=5Fopaque(xdrs, (caddr=5Ft)&a= mp;verf->adv=5Fint=5Fu, <br>- sizeof(verf->adv=5Fint=5Fu))); <br>- = return (TRUE); <br>+ return (=46ALSE); <br> =7D <br>+=5F=5Fsym=5Fcompat(x= dr=5Fauthdes=5Fverf, =5F=5Fxdr=5Fauthdes=5Fverf, =46BSD=5F1.0); <br>diff = --git a/lib/libc/rpc/key=5Fcall.c b/lib/libc/rpc/key=5Fcall.c <br>index 5= c87881c815c..eb274fcfff36 100644 <br>--- a/lib/libc/rpc/key=5Fcall.c <br>= +++ b/lib/libc/rpc/key=5Fcall.c <br>=40=40 -32,426 +32,78 =40=40 <br> */ = <br> <br> /* <br>- * key=5Fcall.c, Interface to keyserver <br>- * <br>- *= setsecretkey(key) - set your secret key <br>- * encryptsessionkey(agent,= deskey) - encrypt a session key to talk to agent <br>- * decryptsessionk= ey(agent, deskey) - decrypt ditto <br>- * gendeskey(deskey) - generate a = secure des key <br>+ * Secure RPC keyserver support was removed in =46ree= BSD 15.0. <br>+ * These symbols are provided for backward compatibility, = but provide no <br>+ * functionality and will always return an error. <br= > */ <br> <br> =23include =22namespace.h=22 <br> =23include =22reentrant.= h=22 <br>-=23include <stdio.h> <br>-=23include <stdlib.h> <br= >-=23include <unistd.h> <br>-=23include <errno.h> <br> =23inc= lude <rpc/rpc.h> <br>-=23include <rpc/auth.h> <br>-=23include= <rpc/auth=5Funix.h> <br> =23include <rpc/key=5Fprot.h> <br>-= =23include <string.h> <br>-=23include <netconfig.h> <br>-=23i= nclude <sys/utsname.h> <br>-=23include <stdlib.h> <br>-=23inc= lude <signal.h> <br>-=23include <sys/wait.h> <br>-=23include = <sys/fcntl.h> <br>+=23include <rpc/auth.h> <br> =23include =22= un-namespace.h=22 <br> =23include =22mt=5Fmisc.h=22 <br> <br>- <br>-=23de= fine KEY=5FTIMEOUT 5 /* per-try timeout in seconds */ <br>-=23define KEY=5F= NRETRY 12 /* number of retries */ <br>- <br>-=23ifdef DEBUG <br>-=23defin= e debug(msg) (void) fprintf(stderr, =22%s=5Cn=22, msg); <br>-=23else <br>= -=23define debug(msg) <br>-=23endif /* DEBUG */ <br>- <br>-/* <br>- * Hac= k to allow the keyserver to use AUTH=5FDES (for authenticated <br>- * NIS= + calls, for example). The only functions that get called <br>- * are key= =5Fencryptsession=5Fpk, key=5Fdecryptsession=5Fpk, and key=5Fgendes. <br>= - * <br>- * The approach is to have the keyserver fill in pointers to loc= al <br>- * implementations of these functions, and to call those in key=5F= call(). <br>- */ <br>- <br>-cryptkeyres *(*=5F=5Fkey=5Fencryptsession=5Fp= k=5FLOCAL)(uid=5Ft, void *arg) =3D 0; <br>-cryptkeyres *(*=5F=5Fkey=5Fdec= ryptsession=5Fpk=5FLOCAL)(uid=5Ft, void *arg) =3D 0; <br>-des=5Fblock *(*= =5F=5Fkey=5Fgendes=5FLOCAL)(uid=5Ft, void *) =3D 0; <br>- <br>-static int= key=5Fcall( u=5Flong, xdrproc=5Ft, void *, xdrproc=5Ft, void *); <br>- <= br>-int <br>-key=5Fsetsecret(const char *secretkey) <br>-=7B <br>- keysta= tus status; <br>- <br>- if (=21key=5Fcall((u=5Flong) KEY=5FSET, (xdrproc=5F= t)xdr=5Fkeybuf, <br>- (void *)secretkey, <br>- (xdrproc=5Ft)xdr=5Fkeystat= us, &status)) =7B <br>- return (-1); <br>- =7D <br>- if (status =21=3D= KEY=5FSUCCESS) =7B <br>- debug(=22set status is nonzero=22); <br>- retur= n (-1); <br>- =7D <br>- return (0); <br>-=7D <br>- <br>- <br>-/* key=5Fse= cretkey=5Fis=5Fset() returns 1 if the keyserver has a secret key <br>- * = stored for the caller's effective uid; it returns 0 otherwise <br>- * <br= >- * N.B.: The KEY=5FNET=5FGET key call is undocumented. Applications sho= uldn't <br>- * be using it, because it allows them to get the user's secr= et key. <br>- */ <br>- <br>-int <br>-key=5Fsecretkey=5Fis=5Fset(void) <br= >-=7B <br>- struct key=5Fnetstres kres; <br>- <br>- memset((void*)&kr= es, 0, sizeof (kres)); <br>- if (key=5Fcall((u=5Flong) KEY=5FNET=5FGET, (= xdrproc=5Ft)xdr=5Fvoid, NULL, <br>- (xdrproc=5Ft)xdr=5Fkey=5Fnetstres, &a= mp;kres) && <br>- (kres.status =3D=3D KEY=5FSUCCESS) && <= br>- (kres.key=5Fnetstres=5Fu.knet.st=5Fpriv=5Fkey=5B0=5D =21=3D 0)) =7B = <br>- /* avoid leaving secret key in memory */ <br>- memset(kres.key=5Fne= tstres=5Fu.knet.st=5Fpriv=5Fkey, 0, HEXKEYBYTES); <br>- return (1); <br>-= =7D <br>- return (0); <br>-=7D <br>- <br>-int <br>-key=5Fencryptsession=5F= pk(char *remotename, netobj *remotekey, des=5Fblock *deskey) <br>-=7B <br= >- cryptkeyarg2 arg; <br>- cryptkeyres res; <br>- <br>- arg.remotename =3D= remotename; <br>- arg.remotekey =3D *remotekey; <br>- arg.deskey =3D *de= skey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT=5FPK, (xdrproc=5Ft)= xdr=5Fcryptkeyarg2, &arg, <br>- (xdrproc=5Ft)xdr=5Fcryptkeyres, &= res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.status =21=3D KEY=5F= SUCCESS) =7B <br>- debug(=22encrypt status is nonzero=22); <br>- return (= -1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.deskey; <br>- return= (0); <br>-=7D <br>- <br>-int <br>-key=5Fdecryptsession=5Fpk(char *remote= name, netobj *remotekey, des=5Fblock *deskey) <br>-=7B <br>- cryptkeyarg2= arg; <br>- cryptkeyres res; <br>- <br>- arg.remotename =3D remotename; <= br>- arg.remotekey =3D *remotekey; <br>- arg.deskey =3D *deskey; <br>- if= (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT=5FPK, (xdrproc=5Ft)xdr=5Fcryptkey= arg2, &arg, <br>- (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B <br>= - return (-1); <br>- =7D <br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <= br>- debug(=22decrypt status is nonzero=22); <br>- return (-1); <br>- =7D= <br>- *deskey =3D res.cryptkeyres=5Fu.deskey; <br>- return (0); <br>-=7D= <br>- <br>-int <br>-key=5Fencryptsession(const char *remotename, des=5Fb= lock *deskey) <br>+static int <br>+=5F=5Fkey=5Fsetsecret(const char *secr= etkey) <br> =7B <br>- cryptkeyarg arg; <br>- cryptkeyres res; <br>- <br>-= arg.remotename =3D (char *) remotename; <br>- arg.deskey =3D *deskey; <b= r>- if (=21key=5Fcall((u=5Flong)KEY=5FENCRYPT, (xdrproc=5Ft)xdr=5Fcryptke= yarg, &arg, <br>- (xdrproc=5Ft)xdr=5Fcryptkeyres, &res)) =7B <br>= - return (-1); <br>- =7D <br>- if (res.status =21=3D KEY=5FSUCCESS) =7B <= br>- debug(=22encrypt status is nonzero=22); <br>- return (-1); <br>- =7D= <br>- *deskey =3D res.cryptkeyres=5Fu.deskey; <br>- return (0); <br>+ re= turn (-1); <br> =7D <br>+=5F=5Fsym=5Fcompat(key=5Fsetsecret, =5F=5Fkey=5F= setsecret, =46BSD=5F1.0); <br> <br>-int <br>-key=5Fdecryptsession(const c= har *remotename, des=5Fblock *deskey) <br>+static int <br>+=5F=5Fkey=5Fse= cretkey=5Fis=5Fset(void) <br> =7B <br>- cryptkeyarg arg; <br>- cryptkeyre= s res; <br>- <br>- arg.remotename =3D (char *) remotename; <br>- arg.desk= ey =3D *deskey; <br>- if (=21key=5Fcall((u=5Flong)KEY=5FDECRYPT, (xdrproc= =5Ft)xdr=5Fcryptkeyarg, &arg, <br>- (xdrproc=5Ft)xdr=5Fcryptkeyres, &= amp;res)) =7B <br>- return (-1); <br>- =7D <br>- if (res.status =21=3D KE= Y=5FSUCCESS) =7B <br>- debug(=22decrypt status is nonzero=22); <br>- retu= rn (-1); <br>- =7D <br>- *deskey =3D res.cryptkeyres=5Fu.deskey; <br> ret= urn (0); <br> =7D <br>+=5F=5Fsym=5Fcompat(key=5Fsecretkey=5Fis=5Fset, =5F= =5Fkey=5Fsecretkey=5Fis=5Fset, =46BSD=5F1.0); <br> <br>-int <br>-key=5Fge= ndes(des=5Fblock *key) <br>+static int <br>+=5F=5Fkey=5Fencryptsession=5F= pk(char *remotename, netobj *remotekey, des=5Fblock *deskey) <br> =7B <br= >- if (=21key=5Fcall((u=5Flong)KEY=5FGEN, (xdrproc=5Ft)xdr=5Fvoid, NULL, = <br>- (xdrproc=5Ft)xdr=5Fdes=5Fblock, key)) =7B <br>- return (-1); <br>- = =7D <br>- return (0); <br>+ return (-1); <br> =7D <br>+=5F=5Fsym=5Fcompat= (key=5Fencryptsession=5Fpk, =5F=5Fkey=5Fencryptsession=5Fpk, =46BSD=5F1.0= ); <br> <br>-int <br>-key=5Fsetnet(struct key=5Fnetstarg *arg) <br>+stati= c int <br>+=5F=5Fkey=5Fdecryptsession=5Fpk(char *remotename, netobj *remo= tekey, des=5Fblock *deskey) <br> =7B <br>*** 2726 LINES SKIPPED *** <br> = <br></div> </div> </blockquote> </body></html> --689b1a61_60709938_50e--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?851c968c-923a-4809-83d4-b0600e70867b>