[PATCH 4/9] Add configure option to disable DES authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



DES is not good for encryption anymore and some C libraries does not
even implement it. We add a --disable-authdes to optionally disable
it, but let it be enabled by default for compatibility.

This is needed for musl libc.

Signed-off-by: Natanael Copa <ncopa@xxxxxxxxxxxxxxx>
---
 configure.ac    |  6 ++++++
 src/Makefile.am | 12 ++++++++++--
 src/rpc_soc.c   |  2 ++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 0180801..e6d3df5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -15,6 +15,12 @@ if test x$enable_gssapi = xyes; then
 	AC_SUBST([GSSAPI_CFLAGS])
 	AC_SUBST([GSSAPI_LIBS])
 fi
+
+AC_ARG_ENABLE(authdes,
+	[AC_HELP_STRING([--disable-authdes], [Disable DES authentication @<:@default=no@:>@])],
+      [],[enable_authdes=yes])
+AM_CONDITIONAL(AUTHDES, test x$enable_authdes = xyes)
+
 AC_ARG_ENABLE(ipv6,
 	[AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
 	[],[enable_ipv6=yes])
diff --git a/src/Makefile.am b/src/Makefile.am
index de57c8f..26ccbdf 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -42,6 +42,7 @@ lib_LTLIBRARIES = libtirpc.la
 # misunderstanding of the purpose of library versions."
 #
 libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_CFLAGS =
 
 libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
         clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -51,7 +52,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
         rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
         svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-        auth_time.c auth_des.c authdes_prot.c debug.c
+        auth_time.c debug.c
 
 ## XDR
 libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
@@ -60,9 +61,16 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_ref
 if GSS
     libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
     libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
-    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
+    libtirpc_la_CFLAGS += -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
 endif
 
+## DES authentication
+if AUTHDES
+    libtirpc_la_SOURCES += auth_des.c authdes_prot.c
+    libtirpc_la_CFLAGS += -DHAVE_AUTHDES
+endif
+
+
 ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
 ## libtirpc_a_SOURCES += netname.c netnamer.c rpcdname.c \
 ## libtirpc_a_SOURCES += rtime.c \
diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index 338edbb..b12b116 100644
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -520,6 +520,7 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
 	    (resultproc_t) rpc_wrap_bcast, "udp");
 }
 
+#if HAVE_AUTHDES
 /*
  * Create the client des authentication object. Obsoleted by
  * authdes_seccreate().
@@ -551,6 +552,7 @@ fallback:
 	dummy = authdes_seccreate(servername, window, NULL, ckey);
 	return (dummy);
 }
+#endif
 
 /*
  * Create a client handle for a unix connection. Obsoleted by clnt_vc_create()
-- 
2.2.0

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux