(Illustration by Gaich Muramatsu)
The paranoid will appreciate the ability to force RPC2SEC_ONLY at compile time. Default behavior is unchanged I think. My server is now running with this compilation option. (patch is against rpc2) Index: configure.in =================================================================== RCS file: /coda-src/rpc2/configure.in,v retrieving revision 1.73 diff -u -r1.73 configure.in --- configure.in 17 Oct 2006 02:01:31 -0000 1.73 +++ configure.in 28 Mar 2007 17:01:19 -0000 @@ -89,6 +89,17 @@ AC_MSG_WARN(["Building against pthreaded lwp libraries, *experimental*"]) fi +AC_ARG_ENABLE([xor], + [AS_HELP_STRING([--disable-xor], + [disable use of old insecure xor "encryption" method])]) +if test "$enable_xor" = yes ; then + with_xor=1; + AC_MSG_WARN([XOR enabled]) +else + with_xor=0; +fi +AC_DEFINE_UNQUOTED([WITH_XOR], [$with_xor], [1 if xor should be used]) + dnl Generate output files AC_CONFIG_FILES(Makefile pkgs/Makefile pkgs/pkg-bsd.sh pkgs/rpc2.spec debian/Makefile debian/changelog include/Makefile include/rpc2/Makefile secure/Makefile rpc2-src/Makefile rp2gen/Makefile scripts/Makefile) AC_OUTPUT Index: rpc2-src/rpc2b.c =================================================================== RCS file: /coda-src/rpc2/rpc2-src/rpc2b.c,v retrieving revision 4.70 diff -u -r4.70 rpc2b.c --- rpc2-src/rpc2b.c 13 Oct 2006 02:59:47 -0000 4.70 +++ rpc2-src/rpc2b.c 28 Mar 2007 17:01:19 -0000 @@ -112,6 +112,7 @@ if (RPC2_Preferred_Keysize > 64) RPC2_Preferred_Keysize /= 8; +#if WITH_XOR == 1 /* Do we accept only secure connections, default is no. This can * be enabled by setting the RPC2SEC_ONLY environment variable. * (and forced as disabled by setting RPC2SEC_ONLY=0/false/no) @@ -121,6 +122,13 @@ * only secure connections. */ env = getenv("RPC2SEC_ONLY"); RPC2_secure_only = env && memchr("0fFnN", *env, 5) == NULL; +#else + /* + * Compile-time flag said accept only secure. Set variable + * unconditionally without checking environment variable. + */ + RPC2_secure_only = 1; +#endif verbose = (Options && (Options->Flags & RPC2_OPTION_VERBOSE_INIT)); secure_init(verbose);Received on 2007-03-28 14:32:23