1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
From 5aff70a8fc06163c4ed5fcc45df4a734447000bd Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 15 Dec 2014 11:40:20 +0100
Subject: [PATCH 4/9] Add configure option to disable DES authentication
DES is not good for encryption anymore and some C libraries does not
even implement it. We add a --disable-authdes to optionally disable
it, but let it be enabled by default for compatibility.
This is needed for musl libc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
---
configure.ac | 6 ++++++
src/Makefile.am | 12 ++++++++++--
src/rpc_soc.c | 2 ++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/configure.ac b/configure.ac
index 0180801..e6d3df5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,6 +15,12 @@ if test x$enable_gssapi = xyes; then
AC_SUBST([GSSAPI_CFLAGS])
AC_SUBST([GSSAPI_LIBS])
fi
+
+AC_ARG_ENABLE(authdes,
+ [AC_HELP_STRING([--disable-authdes], [Disable DES authentication @<:@default=no@:>@])],
+ [],[enable_authdes=yes])
+AM_CONDITIONAL(AUTHDES, test x$enable_authdes = xyes)
+
AC_ARG_ENABLE(ipv6,
[AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
[],[enable_ipv6=yes])
diff --git a/src/Makefile.am b/src/Makefile.am
index de57c8f..26ccbdf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -42,6 +42,7 @@ lib_LTLIBRARIES = libtirpc.la
# misunderstanding of the purpose of library versions."
#
libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_CFLAGS =
libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -51,7 +52,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
- auth_time.c auth_des.c authdes_prot.c debug.c
+ auth_time.c debug.c
## XDR
libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
@@ -60,9 +61,16 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_ref
if GSS
libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
- libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
+ libtirpc_la_CFLAGS += -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
endif
+## DES authentication
+if AUTHDES
+ libtirpc_la_SOURCES += auth_des.c authdes_prot.c
+ libtirpc_la_CFLAGS += -DHAVE_AUTHDES
+endif
+
+
## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
## libtirpc_a_SOURCES += netname.c netnamer.c rpcdname.c \
## libtirpc_a_SOURCES += rtime.c \
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 338edbb..b12b116 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -520,6 +520,7 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
(resultproc_t) rpc_wrap_bcast, "udp");
}
+#if HAVE_AUTHDES
/*
* Create the client des authentication object. Obsoleted by
* authdes_seccreate().
@@ -551,6 +552,7 @@ fallback:
dummy = authdes_seccreate(servername, window, NULL, ckey);
return (dummy);
}
+#endif
/*
* Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
--
2.2.0
|
