From e5784c1ca8821bb65b2b59e8d9cbe6539b4c7221 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 20 Aug 2015 17:21:12 +0200
Subject: [PATCH] cmdmon: update candm.h

Remove the auth fields in the command request/reply and replace the
token and utoken fields with padding.
---
 candm.h  | 26 +++++++++-----------------
 client.c |  8 ++++----
 cmdmon.c | 10 +++-------
 3 files changed, 16 insertions(+), 28 deletions(-)

diff --git a/candm.h b/candm.h
index f3bea3a..e21d494 100644
--- a/candm.h
+++ b/candm.h
@@ -31,7 +31,6 @@
 
 #include "sysincl.h"
 #include "addressing.h"
-#include "hash.h"
 
 /* This is the default port to use for CANDM, if no alternative is
    defined */
@@ -336,6 +335,8 @@ typedef struct {
    Version 6 : added padding to requests to prevent amplification attack,
    changed maximum number of samples in manual list to 16, new commands: modify
    makestep, smoothing report, smoothtime command
+
+   Authentication was removed later in version 6.
  */
 
 #define PROTO_VERSION_NUMBER 6
@@ -364,8 +365,8 @@ typedef struct {
                              (count up from zero for same sequence
                              number) */
   uint32_t sequence; /* Client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* Command token (to prevent replay attack) */
+  uint32_t pad1;
+  uint32_t pad2;
 
   union {
     REQ_Null null;
@@ -400,15 +401,10 @@ typedef struct {
     REQ_SmoothTime smoothtime;
   } data; /* Command specific parameters */
 
-  /* The following fields only set the maximum size of the packet.
-     There are no holes between them and the actual data. */
-
-  /* Padding used to prevent traffic amplification */
+  /* Padding used to prevent traffic amplification.  It only defines the
+     maximum size of the packet, there is no hole after the data field. */
   uint8_t padding[MAX_PADDING_LENGTH];
 
-  /* Authentication data */
-  uint8_t auth[MAX_HASH_LENGTH];
-
 } CMD_Request;
 
 /* ================================================== */
@@ -614,9 +610,9 @@ typedef struct {
   uint16_t pad2;
   uint16_t pad3;
   uint32_t sequence; /* Echo of client's sequence number */
-  uint32_t utoken; /* Unique token per incarnation of daemon */
-  uint32_t token; /* New command token (only if command was successfully
-                          authenticated) */
+  uint32_t pad4;
+  uint32_t pad5;
+
   union {
     RPY_Null null;
     RPY_N_Sources n_sources;
@@ -631,10 +627,6 @@ typedef struct {
     RPY_Smoothing smoothing;
   } data; /* Reply specific parameters */
 
-  /* authentication of the packet, there is no hole after the actual data
-     from the data union, this field only sets the maximum auth size */
-  uint8_t auth[MAX_HASH_LENGTH];
-
 } CMD_Reply;
 
 /* ================================================== */
diff --git a/client.c b/client.c
index 26c15e3..2fbc549 100644
--- a/client.c
+++ b/client.c
@@ -1270,8 +1270,8 @@ submit_request(CMD_Request *request, CMD_Reply *reply)
   tx_sequence = sequence++;
   request->sequence = htonl(tx_sequence);
   request->attempt = 0;
-  request->utoken = 0;
-  request->token = 0;
+  request->pad1 = 0;
+  request->pad2 = 0;
 
   timeout = initial_timeout;
 
@@ -1392,9 +1392,9 @@ submit_request(CMD_Request *request, CMD_Reply *reply)
 #endif
 
         /* Good packet received, print out results */
-        DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d utok=%08x tok=%d",
+        DEBUG_LOG(LOGF_Client, "Reply cmd=%d reply=%d stat=%d seq=%d",
                   ntohs(reply->command), ntohs(reply->reply), ntohs(reply->status),
-                  ntohl(reply->sequence), ntohl(reply->utoken), ntohl(reply->token));
+                  ntohl(reply->sequence));
         break;
       }
     }
diff --git a/cmdmon.c b/cmdmon.c
index 3ae5d39..6581e05 100644
--- a/cmdmon.c
+++ b/cmdmon.c
@@ -1244,18 +1244,14 @@ read_from_cmd_socket(void *anything)
   tx_message.res1 = 0;
   tx_message.res2 = 0;
   tx_message.command = rx_message.command;
-  tx_message.sequence = rx_message.sequence;
   tx_message.reply = htons(RPY_NULL);
   tx_message.status = htons(STT_SUCCESS);
   tx_message.pad1 = 0;
   tx_message.pad2 = 0;
   tx_message.pad3 = 0;
-  tx_message.utoken = 0;
-  /* Set this to a default (invalid) value.  This protects against the
-     token field being set to an arbitrary value if we reject the
-     message, e.g. due to the host failing the access check. */
-  tx_message.token = htonl(0xffffffffUL);
-  memset(&tx_message.auth, 0, sizeof(tx_message.auth));
+  tx_message.sequence = rx_message.sequence;
+  tx_message.pad4 = 0;
+  tx_message.pad5 = 0;
 
   if (rx_message.version != PROTO_VERSION_NUMBER) {
     DEBUG_LOG(LOGF_CmdMon, "Read command packet with protocol version %d (expected %d) from %s",