nss: Remove cryptographic key support from nss_files, nss_nis, nss_ni…

…splus The interface has hard-coded buffer sizes and is therefore tied to DES. It also does not match current practice where different services on the same host use different key material. This change simplifies removal of the sunrpc code.
fira959 · Jul 7, 2020 · 94d9c76 · 94d9c76
1 parent afc3a2e
commit 94d9c76
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 760 deletions.
diff --git a/NEWS b/NEWS
@@ -104,6 +104,12 @@ Deprecated and removed features, and other changes affecting compatibility:
   or contents might be overwritten on subsequent calls in the same thread or
   if the thread is terminated.  It makes strerror MT-safe.
 
+* The "files", "nis" and "nisplus" NSS modules no longer supports the
+  "key" database (used for secure RPC).  The contents of the
+  /etc/publickey file will be ignored, regardless of the settings in
+  /etc/nsswitch.conf.  (This method of storing RPC keys only supported
+  the obsolete and insecure AUTH_DES flavor of secure RPC.)
+
 Changes to build and runtime requirements:
 
 * powerpc64le requires GCC 7.4 or newer.  This is required for supporting

diff --git a/nis/Makefile b/nis/Makefile
@@ -36,7 +36,7 @@ headers			:= $(wildcard rpcsvc/*.[hx])
 # These are the databases available for the nis (and perhaps later nisplus)
 # service.  This must be a superset of the services in nss.
 databases		= proto service hosts network grp pwd rpc ethers \
-			  spwd netgrp alias publickey
+			  spwd netgrp alias
 
 # Specify rules for the nss_* modules.
 services		:= nis nisplus

diff --git a/nis/nss_nis/nis-publickey.c b/nis/nss_nis/nis-publickey.c