From 1e2c2576004524cc4fe801922120a6d6b7e517ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 15 Jul 2008 11:25:29 +0000 Subject: [PATCH] Drop kerberos 4 support. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23363 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/su/su.c | 111 +-------------------------------------------------- 1 file changed, 1 insertion(+), 110 deletions(-) diff --git a/appl/su/su.c b/appl/su/su.c index 66b3312e6..94dc819a4 100644 --- a/appl/su/su.c +++ b/appl/su/su.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 - 2007 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2008 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -57,9 +57,6 @@ RCSID("$Id$"); #ifdef KRB5 #include #endif -#ifdef KRB4 -#include -#endif #include #include #include @@ -137,26 +134,6 @@ dup_info(const struct passwd *pwd) return info; } -#if defined(KRB4) || defined(KRB5) -static void -set_tkfile() -{ -#ifndef TKT_ROOT -#define TKT_ROOT "/tmp/tkt" -#endif - int fd; - if(*tkfile != '\0') - return; - snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT); - fd = mkstemp(tkfile); - if(fd >= 0) - close(fd); -#ifdef KRB4 - krb_set_tkt_string(tkfile); -#endif -} -#endif - #ifdef KRB5 static krb5_context context; static krb5_ccache ccache; @@ -263,10 +240,6 @@ krb5_start_session(void) errx(1, "malloc - out of memory"); esetenv("KRB5CCNAME", cc_name, 1); - /* we want to export this even if we don't directly support KRB4 */ - set_tkfile(); - esetenv("KRBTKFILE", tkfile, 1); - /* convert creds? */ if(k_hasafs()) { if (k_setpag() == 0) @@ -279,79 +252,6 @@ krb5_start_session(void) } #endif -#ifdef KRB4 - -static int -krb_verify(const struct passwd *login_info, - const struct passwd *su_info, - const char *kerberos_instance) -{ - int ret; - char *login_name = NULL; - char *name, *instance, realm[REALM_SZ]; - -#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) - login_name = getlogin(); -#endif - - ret = krb_get_lrealm(realm, 1); - - if (login_name == NULL || strcmp (login_name, "root") == 0) - login_name = login_info->pw_name; - if (strcmp (su_info->pw_name, "root") == 0) { - name = login_name; - instance = (char*)kerberos_instance; - } else { - name = su_info->pw_name; - instance = ""; - } - - if(su_info->pw_uid != 0 || - krb_kuserok(name, instance, realm, su_info->pw_name) == 0) { - char password[128]; - char *prompt; - ret = asprintf (&prompt, - "%s's Password: ", - krb_unparse_name_long (name, instance, realm)); - if (ret == -1) - return (1); - if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) { - memset (password, 0, sizeof (password)); - free(prompt); - return (1); - } - free(prompt); - if (strlen(password) == 0) - return (1); /* Empty passwords are not allowed */ - set_tkfile(); - setuid(geteuid()); /* need to run as root here */ - ret = krb_verify_user(name, instance, realm, password, - KRB_VERIFY_SECURE, NULL); - memset(password, 0, sizeof(password)); - - if(ret) { - warnx("%s", krb_get_err_text(ret)); - return 1; - } - chown (tkt_string(), su_info->pw_uid, su_info->pw_gid); - return 0; - } - return 1; -} - - -static int -krb_start_session(void) -{ - esetenv("KRBTKFILE", tkfile, 1); - - /* convert creds? */ - if(k_hasafs() && k_setpag() == 0) - krb_afslog(NULL, NULL); - - return 0; -} -#endif #define GROUP_MEMBER 0 #define GROUP_MISSING 1 @@ -482,11 +382,6 @@ main(int argc, char **argv) (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0) ok = 5; #endif -#ifdef KRB4 - if(kerberos_flag && ok == 0 && - (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0) - ok = 4; -#endif if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) { printf("Sorry!\n"); @@ -610,10 +505,6 @@ main(int argc, char **argv) #ifdef KRB5 if (ok == 5) krb5_start_session(); -#endif -#ifdef KRB4 - if (ok == 4) - krb_start_session(); #endif execv(shell, args); }