(Illustration by Gaich Muramatsu)
On Wed, Mar 28, 2007 at 09:04:31PM +0200, u+codalist-p4pg_at_chalmers.se wrote: > the patch is appreciated, hope it will be accepted > (of course running all installations here secure-only anyway). > > May be it's time to deprecate the cross-compatibility with old insecure > installations? As a bonus, some code could be dropped. I was thinking of changing it with something like the following patch, which would still allow XOR to be reenabled at run-time if necessary. Then at a later point I would just remove the code that implements the old handshake which should be fairly easy to identify as it involves anything that is disabled by the RPC2_secure_only variable. Jan diff --git a/rpc2-src/rpc2b.c b/rpc2-src/rpc2b.c index 0a4eca1..825e488 100644 --- a/rpc2-src/rpc2b.c +++ b/rpc2-src/rpc2b.c @@ -112,15 +112,10 @@ long RPC2_Init(char *VId, /* magic version string */ if (RPC2_Preferred_Keysize > 64) RPC2_Preferred_Keysize /= 8; - /* Do we accept only secure connections, default is no. This can - * be enabled by setting the RPC2SEC_ONLY environment variable. - * (and forced as disabled by setting RPC2SEC_ONLY=0/false/no) - * - * At some point once every client and server is 'expected' to run - * rpc2-2.0 or later we can change the default behaviour to accept - * only secure connections. */ + /* Do we accept only secure connections, default is yes. This can be + * disabled by setting the RPC2SEC_ONLY to 0, false, no, (nada, forgetit) */ env = getenv("RPC2SEC_ONLY"); - RPC2_secure_only = env && memchr("0fFnN", *env, 5) == NULL; + RPC2_secure_only = !env || (env && memchr("0fFnN", *env, 5) == NULL); verbose = (Options && (Options->Flags & RPC2_OPTION_VERBOSE_INIT)); secure_init(verbose);Received on 2007-03-28 16:34:22