Remove iruserok(_sa)? and __ivaliduser(sa)?

ok millert@ deraadt@

4 files changed, 21 insertions, 97 deletions

diff --git a/lib/libc/Symbols.list b/lib/libc/Symbols.list
index 21964a299fe..ebe477a4ded 100644
--- a/lib/libc/Symbols.list
+++ b/lib/libc/Symbols.list
@@ -999,8 +999,6 @@ __b64_ntop
 __b64_pton
 __dn_comp
 __dn_skipname
-__ivaliduser
-__ivaliduser_sa
 __p_class
 __p_class_syms
 __p_type
@@ -1092,8 +1090,6 @@ inet_network
 inet_ntoa
 inet_ntop
 inet_pton
-iruserok
-iruserok_sa
 link_ntoa
 ntohl
 ntohs
diff --git a/lib/libc/hidden/unistd.h b/lib/libc/hidden/unistd.h
index a7ac1a5824e..6eed324f9f9 100644
--- a/lib/libc/hidden/unistd.h
+++ b/lib/libc/hidden/unistd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: unistd.h,v 1.8 2016/05/07 19:05:22 guenther Exp $	*/
+/*	$OpenBSD: unistd.h,v 1.9 2016/05/23 00:12:58 guenther Exp $	*/
 /*
  * Copyright (c) 2015 Philip Guenther <guenther@openbsd.org>
  *
@@ -91,8 +91,6 @@ PROTO_NORMAL(getuid);
 PROTO_DEPRECATED(getusershell);
 PROTO_DEPRECATED(getwd);
 PROTO_NORMAL(initgroups);
-PROTO_DEPRECATED(iruserok);
-PROTO_NORMAL(iruserok_sa);
 PROTO_NORMAL(isatty);
 PROTO_NORMAL(issetugid);
 PROTO_NORMAL(lchown);
diff --git a/lib/libc/net/rcmd.3 b/lib/libc/net/rcmd.3
index 5fe1ee58eb3..3bba0bc73d3 100644
--- a/lib/libc/net/rcmd.3
+++ b/lib/libc/net/rcmd.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rcmd.3,v 1.32 2015/03/23 22:29:32 halex Exp $
+.\"	$OpenBSD: rcmd.3,v 1.33 2016/05/23 00:12:58 guenther Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 23 2015 $
+.Dd $Mdocdate: May 23 2016 $
 .Dt RCMD 3
 .Os
 .Sh NAME
@@ -35,9 +35,7 @@
 .Nm rcmd_af ,
 .Nm rresvport ,
 .Nm rresvport_af ,
-.Nm iruserok ,
-.Nm ruserok ,
-.Nm iruserok_sa
+.Nm ruserok
 .Nd routines for returning a stream to a remote command
 .Sh SYNOPSIS
 .In unistd.h
@@ -50,11 +48,7 @@
 .Ft int
 .Fn rresvport_af "int *port" "int af"
 .Ft int
-.Fn iruserok "u_int32_t raddr" "int superuser" "const char *ruser" "const char *luser"
-.Ft int
 .Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser"
-.Ft int
-.Fn iruserok_sa "const void *sa" "int salen" "int superuser" "const char *ruser" "const char *luser"
 .Sh DESCRIPTION
 The
 .Fn rcmd
@@ -90,15 +84,10 @@ and
 functions return a descriptor to a socket
 with an address in the privileged port space.
 The
-.Fn iruserok
-and
 .Fn ruserok
-functions are used by servers
+function is used by servers
 to authenticate clients requesting service with
 .Fn rcmd .
-.Fn iruserok_sa
-is an address family independent variant of
-.Fn iruserok .
 .Pp
 The
 .Fn rcmd
@@ -149,7 +138,7 @@ must be
 .Fn rcmd_af
 takes address family in the last argument.
 If the last argument is
-.Dv PF_UNSPEC ,
+.Dv AF_UNSPEC ,
 interpretation of
 .Fa *ahost
 will obey the underlying address resolution like DNS.
@@ -174,11 +163,9 @@ need to be seeded with a port number; if that port
 is not available these functions will find another.
 .Pp
 The
-.Fn iruserok
-and
 .Fn ruserok
-functions take a remote host's IP address or name, respectively,
-two user names and a flag indicating whether the local user's
+function takes a remote host's name, two user names,
+and a flag indicating whether the local user's
 name is that of the superuser.
 Then, if the user is
 .Em not
@@ -198,35 +185,14 @@ Zero is returned if the machine name is listed in the
 file, or the host and remote user name are found in the
 .Pa .rhosts
 file; otherwise
-.Fn iruserok
-and
 .Fn ruserok
-return \-1.
+returns \-1.
 If the local domain (as obtained from
 .Xr gethostname 3 )
 is the same as the remote domain, only the machine name need be specified.
 .Pp
-If the IP address of the remote host is known,
-.Fn iruserok
-should be used in preference to
-.Fn ruserok ,
-as it does not require trusting the DNS server for the remote host's domain.
-.Pp
-While
-.Fn iruserok
-can handle IPv4 addresses only,
-.Fn iruserok_sa
-and
 .Fn ruserok
-can handle other address families as well, like IPv6.
-The first argument of
-.Fn iruserok_sa
-is typed as
-.Li "void *"
-to avoid dependency between
-.In unistd.h
-and
-.In sys/socket.h .
+implicitly requires trusting the DNS server for the remote host's domain.
 .Sh DIAGNOSTICS
 The
 .Fn rcmd
@@ -255,3 +221,12 @@ is overloaded to mean
 These
 functions appeared in
 .Bx 4.2 .
+.Pp
+The
+.Fn iruserok
+and
+.Fn iruserok_sa
+functions, IP address based versions of
+.Fn ruserok ,
+were removed in
+.Ox 6.0 .
diff --git a/lib/libc/net/ruserok.c b/lib/libc/net/ruserok.c
index 4218b419b76..cab6f964494 100644
--- a/lib/libc/net/ruserok.c
+++ b/lib/libc/net/ruserok.c
@@ -48,12 +48,11 @@
 #include <syslog.h>
 #include <unistd.h>
 
-int	__ivaliduser(FILE *, in_addr_t, const char *, const char *);
-int	__ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
+static int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t,
 	    const char *, const char *);
-PROTO_NORMAL(__ivaliduser_sa);
 static int __icheckhost(struct sockaddr *, socklen_t, const char *);
 static char *__gethostloop(struct sockaddr *, socklen_t);
+static int iruserok_sa(const void *, int, int, const char *, const char *);
 
 int
 ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
@@ -79,28 +78,6 @@ ruserok(const char *rhost, int superuser, const char *ruser, const char *luser)
 	return (-1);
 }
 
-/*
- * New .rhosts strategy: We are passed an ip address. We spin through
- * hosts.equiv and .rhosts looking for a match. When the .rhosts only
- * has ip addresses, we don't have to trust a nameserver.  When it
- * contains hostnames, we spin through the list of addresses the nameserver
- * gives us and look for a match.
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int
-iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser)
-{
-	struct sockaddr_in sin;
-
-	memset(&sin, 0, sizeof(sin));
-	sin.sin_family = AF_INET;
-	sin.sin_len = sizeof(struct sockaddr_in);
-	memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr));
-	return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser,
-		    luser);
-}
-
 int
 iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser,
     const char *luser)
@@ -173,27 +150,6 @@ again:
 	}
 	return (-1);
 }
-DEF_WEAK(iruserok_sa);
-
-/*
- * XXX
- * Don't make static, used by lpd(8).
- *
- * Returns 0 if ok, -1 if not ok.
- */
-int
-__ivaliduser(FILE *hostf, in_addr_t raddrl, const char *luser,
-    const char *ruser)
-{
-	struct sockaddr_in sin;
-
-	memset(&sin, 0, sizeof(sin));
-	sin.sin_family = AF_INET;
-	sin.sin_len = sizeof(struct sockaddr_in);
-	memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr));
-	return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len,
-		    luser, ruser);
-}
 
 int
 __ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
@@ -335,7 +291,6 @@ __ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen,
 bail:
 	return (-1);
 }
-DEF_STRONG(__ivaliduser_sa);
 
 /*
  * Returns "true" if match, 0 if no match.  If we do not find any