Drop kerberos 4 support.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23363 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/su/su.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999 - 2007 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1999 - 2008 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -57,9 +57,6 @@ RCSID("$Id$");
 #ifdef KRB5
 #include <krb5.h>
 #endif
-#ifdef KRB4
-#include <krb.h>
-#endif
 #include <kafs.h>
 #include <err.h>
 #include <roken.h>
@@ -137,26 +134,6 @@ dup_info(const struct passwd *pwd)
     return info;
 }
 
-#if defined(KRB4) || defined(KRB5)
-static void
-set_tkfile()
-{
-#ifndef TKT_ROOT
-#define TKT_ROOT "/tmp/tkt"
-#endif
-    int fd;
-    if(*tkfile != '\0')
-	return;
-    snprintf(tkfile, sizeof(tkfile), "%s_XXXXXX", TKT_ROOT);
-    fd = mkstemp(tkfile);
-    if(fd >= 0)
-	close(fd);
-#ifdef KRB4
-    krb_set_tkt_string(tkfile);
-#endif
-}
-#endif
-
 #ifdef KRB5
 static krb5_context context;
 static krb5_ccache ccache;
@@ -263,10 +240,6 @@ krb5_start_session(void)
 	errx(1, "malloc - out of memory");
     esetenv("KRB5CCNAME", cc_name, 1);
 
-    /* we want to export this even if we don't directly support KRB4 */
-    set_tkfile();
-    esetenv("KRBTKFILE", tkfile, 1);
-            
     /* convert creds? */
     if(k_hasafs()) {
 	if (k_setpag() == 0)
@@ -279,79 +252,6 @@ krb5_start_session(void)
 }
 #endif
 
-#ifdef KRB4
-
-static int
-krb_verify(const struct passwd *login_info,
-	   const struct passwd *su_info,
-	   const char *kerberos_instance)
-{
-    int ret;
-    char *login_name = NULL;
-    char *name, *instance, realm[REALM_SZ];
-	
-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
-    login_name = getlogin();
-#endif
-
-    ret = krb_get_lrealm(realm, 1);
-	
-    if (login_name == NULL || strcmp (login_name, "root") == 0) 
-	login_name = login_info->pw_name;
-    if (strcmp (su_info->pw_name, "root") == 0) {
-	name = login_name;
-	instance = (char*)kerberos_instance;
-    } else {
-	name = su_info->pw_name;
-	instance = "";
-    }
-
-    if(su_info->pw_uid != 0 || 
-       krb_kuserok(name, instance, realm, su_info->pw_name) == 0) {
-	char password[128];
-	char *prompt;
-	ret = asprintf (&prompt, 
-		  "%s's Password: ",
-		  krb_unparse_name_long (name, instance, realm));
-	if (ret == -1)
-	    return (1);
-	if (UI_UTIL_read_pw_string (password, sizeof (password), prompt, 0)) {
-	    memset (password, 0, sizeof (password));
-	    free(prompt);
-	    return (1);
-	}
-	free(prompt);
-	if (strlen(password) == 0)
-	    return (1);		/* Empty passwords are not allowed */
-	set_tkfile();
-	setuid(geteuid()); /* need to run as root here */
-	ret = krb_verify_user(name, instance, realm, password, 
-			      KRB_VERIFY_SECURE, NULL);
-	memset(password, 0, sizeof(password));
-	
-	if(ret) {
-	    warnx("%s", krb_get_err_text(ret));
-	    return 1;
-	}
-	chown (tkt_string(), su_info->pw_uid, su_info->pw_gid);
-	return 0;
-    }
-    return 1;
-}
-
-
-static int
-krb_start_session(void)
-{
-    esetenv("KRBTKFILE", tkfile, 1);
-            
-    /* convert creds? */
-    if(k_hasafs() && k_setpag() == 0)
-	krb_afslog(NULL, NULL);
-            
-    return 0;
-}
-#endif
 
 #define GROUP_MEMBER		0
 #define GROUP_MISSING		1
@@ -482,11 +382,6 @@ main(int argc, char **argv)
       (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0)
 	ok = 5;
 #endif
-#ifdef KRB4
-    if(kerberos_flag && ok == 0 &&
-       (kerberos_error = krb_verify(login_info, su_info, kerberos_instance)) == 0)
-	ok = 4;
-#endif
 
     if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
 	printf("Sorry!\n");
@@ -610,10 +505,6 @@ main(int argc, char **argv)
 #ifdef KRB5
         if (ok == 5)
            krb5_start_session();
-#endif
-#ifdef KRB4
-	if (ok == 4)
-	    krb_start_session();
 #endif
 	execv(shell, args);
     }