On Sun, Aug 10, 2025 at 03:37:17PM +0000, Lexi Winter wrote: > The branch main has been updated by ivy: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=7ac276298b72982189ac1a5b17461936dc00163e > > commit 7ac276298b72982189ac1a5b17461936dc00163e > Author: Lexi Winter <i...@freebsd.org> > AuthorDate: 2025-08-10 12:57:36 +0000 > Commit: Lexi Winter <i...@freebsd.org> > CommitDate: 2025-08-10 15:36:40 +0000 > > Remove Secure RPC DES authentication > > Following the earlier removal of keyserv, none of this functionality > works since it requires keyserv. > > Remove the relevant symbols from libc's Symbol.map. Leave compatibility > symbols for existing applications, but since the functions don't work > without keyserv, stub them out to return an error. > > Remove some private symbols that were only used by keyserv; these don't > get compatibility symbols. > > Remove the documentation for the old functions. > > Remove rpc.ypupdated since it requires DES authentication. > > Reviewed by: manu, des, emaste > Differential Revision: https://reviews.freebsd.org/D50442 > --- > ObsoleteFiles.inc | 4 + > include/rpc/auth_des.h | 79 +---- > lib/libc/rpc/Symbol.map | 19 -- > lib/libc/rpc/auth_des.c | 455 +---------------------------- > lib/libc/rpc/authdes_prot.c | 44 +-- > lib/libc/rpc/key_call.c | 424 +++------------------------ > lib/libc/rpc/publickey.5 | 40 --- > lib/libc/rpc/rpc_secure.3 | 177 +----------- > lib/libc/rpc/rpc_soc.3 | 13 +- > lib/libc/rpc/rpc_soc.c | 31 +- > lib/libc/rpc/svc_auth.c | 8 - > lib/libc/rpc/svc_auth_des.c | 460 > +----------------------------- > lib/librpcsvc/Makefile | 2 +- > lib/librpcsvc/yp_update.c | 199 ------------- > libexec/rc/rc.conf | 1 - > libexec/rc/rc.d/Makefile | 1 - > libexec/rc/rc.d/ypupdated | 35 --- > share/man/man5/rc.conf.5 | 9 +- > sys/rpc/auth.h | 26 -- > tools/build/mk/OptionalObsoleteFiles.inc | 2 - > usr.sbin/Makefile | 1 - > usr.sbin/rpc.ypupdated/Makefile | 32 --- > usr.sbin/rpc.ypupdated/Makefile.depend | 18 -- > usr.sbin/rpc.ypupdated/update.c | 328 --------------------- > usr.sbin/rpc.ypupdated/yp_dbdelete.c | 68 ----- > usr.sbin/rpc.ypupdated/yp_dbupdate.c | 147 ---------- > usr.sbin/rpc.ypupdated/ypupdate | 32 --- > usr.sbin/rpc.ypupdated/ypupdated_extern.h | 32 --- > usr.sbin/rpc.ypupdated/ypupdated_main.c | 287 ------------------- > usr.sbin/rpc.ypupdated/ypupdated_server.c | 227 --------------- > 30 files changed, 83 insertions(+), 3118 deletions(-) > > diff --git a/ObsoleteFiles.inc b/ObsoleteFiles.inc > index ec324e82f86d..a6662d31829f 100644 > --- a/ObsoleteFiles.inc > +++ b/ObsoleteFiles.inc > @@ -51,6 +51,10 @@ > # xargs -n1 | sort | uniq -d; > # done > > +# 20250810: Removal of remaining Secure RPC (DES) bits > +OLD_FILES+=usr/sbin/rpc.ypupdated > +OLD_FILES+=etc/rc.d/ypupdated > + > # 20250808: nvmfd removed from base install > OLD_FILES+=usr/sbin/nvmfd > OLD_FILES+=usr/share/man/man8/nvmfd.8.gz > diff --git a/include/rpc/auth_des.h b/include/rpc/auth_des.h > index 0ff43c13139b..1b4943a74b8b 100644 > --- a/include/rpc/auth_des.h > +++ b/include/rpc/auth_des.h > @@ -33,91 +33,14 @@ > * Copyright (c) 1986 - 1991 by Sun Microsystems, Inc. > */ > > -/* > - * auth_des.h, Protocol for DES style authentication for RPC > - */ > +/* Note, RPC DES authentication was removed in FreeBSD 15.0. */ > > #ifndef _AUTH_DES_ > #define _AUTH_DES_ > > -/* > - * There are two kinds of "names": fullnames and nicknames > - */ > -enum authdes_namekind { > - ADN_FULLNAME, > - ADN_NICKNAME > -}; > - > -/* > - * A fullname contains the network name of the client, > - * a conversation key and the window > - */ > -struct authdes_fullname { > - char *name; /* network name of client, up to MAXNETNAMELEN > */ > - des_block key; /* conversation key */ > - u_long window; /* associated window */ > -}; > - > - > -/* > - * A credential > - */ > -struct authdes_cred { > - enum authdes_namekind adc_namekind; > - struct authdes_fullname adc_fullname; > - u_long adc_nickname; > -}; > - > - > - > -/* > - * A des authentication verifier > - */ > -struct authdes_verf { > - union { > - struct timeval adv_ctime; /* clear time */ > - des_block adv_xtime; /* crypt time */ > - } adv_time_u; > - u_long adv_int_u; > -}; > - > -/* > - * des authentication verifier: client variety > - * > - * adv_timestamp is the current time. > - * adv_winverf is the credential window + 1. > - * Both are encrypted using the conversation key. > - */ > -#define adv_timestamp adv_time_u.adv_ctime > -#define adv_xtimestamp adv_time_u.adv_xtime > -#define adv_winverf adv_int_u > - > -/* > - * des authentication verifier: server variety > - * > - * adv_timeverf is the client's timestamp + client's window > - * adv_nickname is the server's nickname for the client. > - * adv_timeverf is encrypted using the conversation key. > - */ > -#define adv_timeverf adv_time_u.adv_ctime > -#define adv_xtimeverf adv_time_u.adv_xtime > -#define adv_nickname adv_int_u > - > -/* > - * Map a des credential into a unix cred. > - * > - */ > -__BEGIN_DECLS > -extern int authdes_getucred( struct authdes_cred *, uid_t *, gid_t *, int *, > gid_t * ); > -__END_DECLS > - > __BEGIN_DECLS > -extern bool_t xdr_authdes_cred(XDR *, struct authdes_cred *); > -extern bool_t xdr_authdes_verf(XDR *, struct authdes_verf *); > extern int rtime(dev_t, struct netbuf *, int, struct timeval *, > struct timeval *); > -extern void kgetnetname(char *); > -extern enum auth_stat _svcauth_des(struct svc_req *, struct rpc_msg *); > __END_DECLS > > #endif /* ndef _AUTH_DES_ */ > diff --git a/lib/libc/rpc/Symbol.map b/lib/libc/rpc/Symbol.map > index 105d6fb6b54e..61e8e084b1e0 100644 > --- a/lib/libc/rpc/Symbol.map > +++ b/lib/libc/rpc/Symbol.map > @@ -8,13 +8,9 @@ FBSD_1.0 { > xdr_desargs; > xdr_desresp; > > - authdes_seccreate; > - authdes_pk_seccreate; > authnone_create; > authunix_create; > authunix_create_default; > - xdr_authdes_cred; > - xdr_authdes_verf; > xdr_authunix_parms; > bindresvport; > bindresvport_sa;
The commit breaks libc ABI and must be reverted. This email is the formal request to do so.
