drop krb4 support

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24495 ec53bebd-3082-4978-b11e-865c3cabbd6b
2009-01-26 01:09:16 +00:00
parent 3a2db6c8ea
commit a21969d84d
10 changed files with 16 additions and 447 deletions
--- a/appl/ftp/ftpd/Makefile.am
+++ b/appl/ftp/ftpd/Makefile.am
@@ -8,9 +8,6 @@ libexec_PROGRAMS = ftpd

 CHECK_LOCAL = 

-if KRB4
-krb4_sources = krb4.c
-endif
 if KRB5
 krb5_sources = gssapi.c gss_userok.c
 endif
@@ -30,7 +27,7 @@ ftpd_SOURCES =		\
 	$(krb4_sources) \
 	$(krb5_sources)

-EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
+EXTRA_ftpd_SOURCES = kauth.c gssapi.c gss_userok.c

 $(ftpd_OBJECTS): security.h

@@ -38,12 +35,10 @@ security.c:
 	@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
 security.h:
 	@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
-krb4.c:
-	@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
 gssapi.c:
 	@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .

-CLEANFILES = security.c security.h krb4.c gssapi.c
+CLEANFILES = security.c security.h gssapi.c

 man_MANS = ftpd.8 ftpusers.5

--- a/appl/ftp/ftpd/ftpcmd.y
+++ b/appl/ftp/ftpd/ftpcmd.y
@@ -501,26 +501,7 @@ cmd

 	| SITE SP KAUTH SP STRING CRLF check_login
 		{
-#ifdef KRB4
-			char *p;
-			
-			if(guest)
-				reply(500, "Can't be done as guest.");
-			else{
-				if($7 && $5 != NULL){
-				    p = strpbrk($5, " \t");
-				    if(p){
-					*p++ = 0;
-					kauth($5, p + strspn(p, " \t"));
-				    }else
-					kauth($5, NULL);
-				}
-			}
-			if($5 != NULL)
-			    free($5);
-#else
 			reply(500, "Command not implemented.");
-#endif
 		}
 	| SITE SP KLIST CRLF check_login
 		{
@@ -529,29 +510,15 @@ cmd
 		}
 	| SITE SP KDESTROY CRLF check_login
 		{
-#ifdef KRB4
-		    if($5)
-			kdestroy();
-#else
 		    reply(500, "Command not implemented.");
-#endif
 		}
 	| SITE SP KRBTKFILE SP STRING CRLF check_login
 		{
-#ifdef KRB4
-		    if(guest)
-			reply(500, "Can't be done as guest.");
-		    else if($7 && $5)
-			krbtkfile($5);
-		    if($5)
-			free($5);
-#else
 		    reply(500, "Command not implemented.");
-#endif
 		}
 	| SITE SP AFSLOG CRLF check_login
 		{
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)
 		    if(guest)
 			reply(500, "Can't be done as guest.");
 		    else if($5)
@@ -562,7 +529,7 @@ cmd
 		}
 	| SITE SP AFSLOG SP STRING CRLF check_login
 		{
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)
 		    if(guest)
 			reply(500, "Can't be done as guest.");
 		    else if($7)
--- a/appl/ftp/ftpd/ftpd.c
+++ b/appl/ftp/ftpd/ftpd.c
@@ -271,16 +271,6 @@ main(int argc, char **argv)

    setprogname (argv[0]);

-    /* detach from any tickets and tokens */
-    {
-#ifdef KRB4
-	char tkfile[1024];
-	snprintf(tkfile, sizeof(tkfile),
-		 "/tmp/ftp_%u", (unsigned)getpid());
-	krb_set_tkt_string(tkfile);
-#endif
-    }
-
    if(getarg(args, num_args, argc, argv, &optind))
 	usage(1);

--- a/appl/ftp/ftpd/ftpd_locl.h
+++ b/appl/ftp/ftpd/ftpd_locl.h
@@ -145,11 +145,7 @@
 #include <krb5.h>
 #endif /* KRB5 */

-#ifdef KRB4
-#include <krb.h>
-#endif
-
-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)
 #include <kafs.h>
 #endif

--- a/appl/ftp/ftpd/kauth.c
+++ b/appl/ftp/ftpd/kauth.c
@@ -35,224 +35,13 @@

 RCSID("$Id$");

-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)

 int do_destroy_tickets = 1;
 char *k5ccname;

 #endif

-#ifdef KRB4
-
-static KTEXT_ST cip;
-static unsigned int lifetime;
-static time_t local_time;
-
-static krb_principal pr;
-
-static int
-save_tkt(const char *user,
-	 const char *instance,
-	 const char *realm,
-	 const void *arg,
-	 key_proc_t key_proc,
-	 KTEXT *cipp)
-{
-    local_time = time(0);
-    memmove(&cip, *cipp, sizeof(cip));
-    return -1;
-}
-
-static int
-store_ticket(KTEXT cip)
-{
-    char *ptr;
-    des_cblock session;
-    krb_principal sp;
-    unsigned char kvno;
-    KTEXT_ST tkt;
-    int left = cip->length;
-    int len;
-    int kerror;
-
-    ptr = (char *) cip->dat;
-
-    /* extract session key */
-    memmove(session, ptr, 8);
-    ptr += 8;
-    left -= 8;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-
-    /* extract server's name */
-    strlcpy(sp.name, ptr, sizeof(sp.name));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-
-    /* extract server's instance */
-    strlcpy(sp.instance, ptr, sizeof(sp.instance));
-    ptr += len + 1;
-    left -= len + 1;
-
-    len = strnlen(ptr, left);
-    if (len == left)
-	return(INTK_BADPW);
-
-    /* extract server's realm */
-    strlcpy(sp.realm, ptr, sizeof(sp.realm));
-    ptr += len + 1;
-    left -= len + 1;
-
-    if(left < 3)
-	return INTK_BADPW;
-    /* extract ticket lifetime, server key version, ticket length */
-    /* be sure to avoid sign extension on lifetime! */
-    lifetime = (unsigned char) ptr[0];
-    kvno = (unsigned char) ptr[1];
-    tkt.length = (unsigned char) ptr[2];
-    ptr += 3;
-    left -= 3;
-
-    if (tkt.length > left)
-	return(INTK_BADPW);
-
-    /* extract ticket itself */
-    memmove(tkt.dat, ptr, tkt.length);
-    ptr += tkt.length;
-    left -= tkt.length;
-
-    /* Here is where the time should be verified against the KDC.
-     * Unfortunately everything is sent in host byte order (receiver
-     * makes wrong) , and at this stage there is no way for us to know
-     * which byteorder the KDC has. So we simply ignore the time,
-     * there are no security risks with this, the only thing that can
-     * happen is that we might receive a replayed ticket, which could
-     * at most be useless.
-     */
-
-#if 0
-    /* check KDC time stamp */
-    {
-	time_t kdc_time;
-
-	memmove(&kdc_time, ptr, sizeof(kdc_time));
-	if (swap_bytes) swap_u_long(kdc_time);
-
-	ptr += 4;
-
-	if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
-	    return(RD_AP_TIME);		/* XXX should probably be better
-					   code */
-	}
-    }
-#endif
-
-    /* initialize ticket cache */
-
-    if (tf_create(TKT_FILE) != KSUCCESS)
-	return(INTK_ERR);
-
-    if (tf_put_pname(pr.name) != KSUCCESS ||
-	tf_put_pinst(pr.instance) != KSUCCESS) {
-	tf_close();
-	return(INTK_ERR);
-    }
-
-
-    kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session,
-			  lifetime, kvno, &tkt, local_time);
-    tf_close();
-
-    return(kerror);
-}
-
-void
-kauth(char *principal, char *ticket)
-{
-    char *p;
-    int ret;
-
-    if(get_command_prot() != prot_private) {
-	reply(500, "Request denied (bad protection level)");
-	return;
-    }
-    ret = krb_parse_name(principal, &pr);
-    if(ret){
-	reply(500, "Bad principal: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(pr.realm[0] == 0)
-	krb_get_lrealm(pr.realm, 1);
-
-    if(ticket){
-	cip.length = base64_decode(ticket, &cip.dat);
-	if(cip.length == -1){
-	    reply(500, "Failed to decode data.");
-	    return;
-	}
-	ret = store_ticket(&cip);
-	if(ret){
-	    reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	    memset(&cip, 0, sizeof(cip));
-	    return;
-	}
-	do_destroy_tickets = 1;
-
-	if(k_hasafs())
-	    krb_afslog(0, 0);
-	reply(200, "Tickets will be destroyed on exit.");
-	return;
-    }
-
-    ret = krb_get_in_tkt (pr.name,
-			  pr.instance,
-			  pr.realm,
-			  KRB_TICKET_GRANTING_TICKET,
-			  pr.realm,
-			  DEFAULT_TKT_LIFE,
-			  NULL, save_tkt, NULL);
-    if(ret != INTK_BADPW){
-	reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
-	return;
-    }
-    if(base64_encode(cip.dat, cip.length, &p) < 0) {
-	reply(500, "Out of memory while base64-encoding.");
-	return;
-    }
-    reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
-    free(p);
-    memset(&cip, 0, sizeof(cip));
-}
-
-
-static char *
-short_date(int32_t dp)
-{
-    char *cp;
-    time_t t = (time_t)dp;
-
-    if (t == (time_t)(-1L)) return "***  Never  *** ";
-    cp = ctime(&t) + 4;
-    cp[15] = '\0';
-    return (cp);
-}
-
-void
-krbtkfile(const char *tkfile)
-{
-    do_destroy_tickets = 0;
-    krb_set_tkt_string(tkfile);
-    reply(200, "Using ticket file %s", tkfile);
-}
-
-#endif /* KRB4 */
-
 #ifdef KRB5

 static void
@@ -278,7 +67,7 @@ dest_cc(void)
 }
 #endif

-#if defined(KRB4) || defined(KRB5)
+#if defined(KRB5)

 /*
 * Only destroy if we created the tickets
@@ -288,9 +77,6 @@ void
 cond_kdestroy(void)
 {
    if (do_destroy_tickets) {
-#if KRB4
-	dest_tkt();
-#endif
 #if KRB5
 	dest_cc();
 #endif
@@ -302,9 +88,6 @@ cond_kdestroy(void)
 void
 kdestroy(void)
 {
-#if KRB4
-    dest_tkt();
-#endif
 #if KRB5
    dest_cc();
 #endif
@@ -336,9 +119,6 @@ afslog(const char *cell, int quiet)
 	    krb5_cc_close (context, id);
 	    krb5_free_context (context);
 	}
-#endif
-#ifdef KRB4
-	krb_afslog(cell, 0);
 #endif
 	if (!quiet)
 	    reply(200, "afslog done");
@@ -357,4 +137,4 @@ afsunlog(void)

 #else
 int ftpd_afslog_placeholder;
-#endif /* KRB4 || KRB5 */
+#endif /* KRB5 */
--- a/appl/ftp/ftpd/ls.c
+++ b/appl/ftp/ftpd/ls.c
@@ -405,14 +405,14 @@ find_log10(int num)
 * have to fetch them.
 */

-#ifdef KRB4
+#ifdef KRB5
 static int do_the_afs_dance = 1;
 #endif

 static int
 lstat_file (const char *file, struct stat *sb)
 {
-#ifdef KRB4
+#ifdef KRB5
    if (do_the_afs_dance &&
 	k_hasafs()
 	&& strcmp(file, ".")
@@ -494,7 +494,7 @@ lstat_file (const char *file, struct stat *sb)

 	return 0;
    }
-#endif /* KRB4 */
+#endif /* KRB5 */
    return lstat (file, sb);
 }