Add configure option to disable DES authentication

DES is not good for encryption anymore and some C libraries does not
even implement it. We add a --disable-authdes to optionally disable
it, but let it be enabled by default for compatibility.

This is needed for musl libc.

Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/configure.ac b/configure.ac
index 0180801a33c747410031d789aefed34c587d0c60..e6d3df5e04317cf6d072a3978d7100a914eee1cc 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -15,6 +15,12 @@ if test x$enable_gssapi = xyes; then
        AC_SUBST([GSSAPI_CFLAGS])
        AC_SUBST([GSSAPI_LIBS])
 fi
+
+AC_ARG_ENABLE(authdes,
+       [AC_HELP_STRING([--disable-authdes], [Disable DES authentication @<:@default=no@:>@])],
+      [],[enable_authdes=yes])
+AM_CONDITIONAL(AUTHDES, test x$enable_authdes = xyes)
+
 AC_ARG_ENABLE(ipv6,
        [AC_HELP_STRING([--disable-ipv6], [Disable IPv6 support @<:@default=no@:>@])],
        [],[enable_ipv6=yes])

diff --git a/src/Makefile.am b/src/Makefile.am
index de57c8f63c556beb965fd964a32256e337d3a096..26ccbdf3d045dcf5a90ba45b48d8d617348a66f1 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -42,6 +42,7 @@ lib_LTLIBRARIES = libtirpc.la
 # misunderstanding of the purpose of library versions."
 #
 libtirpc_la_LDFLAGS = -lpthread -version-info 1:10:0
+libtirpc_la_CFLAGS =
 
 libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c clnt_bcast.c \
         clnt_dg.c clnt_generic.c clnt_perror.c clnt_raw.c clnt_simple.c \
@@ -51,7 +52,7 @@ libtirpc_la_SOURCES = auth_none.c auth_unix.c authunix_prot.c bindresvport.c cln
         rpc_callmsg.c rpc_generic.c rpc_soc.c rpcb_clnt.c rpcb_prot.c \
         rpcb_st_xdr.c svc.c svc_auth.c svc_dg.c svc_auth_unix.c svc_auth_none.c \
         svc_generic.c svc_raw.c svc_run.c svc_simple.c svc_vc.c getpeereid.c \
-        auth_time.c auth_des.c authdes_prot.c debug.c
+        auth_time.c debug.c
 
 ## XDR
 libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_reference.c xdr_stdio.c
@@ -60,9 +61,16 @@ libtirpc_la_SOURCES += xdr.c xdr_rec.c xdr_array.c xdr_float.c xdr_mem.c xdr_ref
 if GSS
     libtirpc_la_SOURCES += auth_gss.c authgss_prot.c svc_auth_gss.c
     libtirpc_la_LDFLAGS += $(GSSAPI_LIBS)
-    libtirpc_la_CFLAGS = -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
+    libtirpc_la_CFLAGS += -DHAVE_RPCSEC_GSS $(GSSAPI_CFLAGS)
 endif
 
+## DES authentication
+if AUTHDES
+    libtirpc_la_SOURCES += auth_des.c authdes_prot.c
+    libtirpc_la_CFLAGS += -DHAVE_AUTHDES
+endif
+
+
 ## libtirpc_a_SOURCES += key_call.c key_prot_xdr.c getpublickey.c
 ## libtirpc_a_SOURCES += netname.c netnamer.c rpcdname.c \
 ## libtirpc_a_SOURCES += rtime.c \

diff --git a/src/rpc_soc.c b/src/rpc_soc.c
index e146ed40b1d2d1172d490489a8d057daa0efbbb1..65743238f5079fde5fcd4b20fe2e483c3e66edb4 100644 (file)
--- a/src/rpc_soc.c
+++ b/src/rpc_soc.c
@@ -520,6 +520,7 @@ clnt_broadcast(prog, vers, proc, xargs, argsp, xresults, resultsp, eachresult)
            (resultproc_t) rpc_wrap_bcast, "udp");
 }
 
+#if HAVE_AUTHDES
 /*
  * Create the client des authentication object. Obsoleted by
  * authdes_seccreate().
@@ -551,6 +552,7 @@ fallback:
        dummy = authdes_seccreate(servername, window, NULL, ckey);
        return (dummy);
 }
+#endif
 
 /*
  * Create a client handle for a unix connection. Obsoleted by clnt_vc_create()