Remove obsolete securid auth method.
This commit is contained in:
Todd C. Miller
2
INSTALL
2
INSTALL
@@ -166,7 +166,7 @@ Special features/options:
|
||||
|
||||
--with-SecurID[=DIR]
|
||||
Enable SecurID support. If specified, DIR is directory containing
|
||||
sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
|
||||
libaceclnt.a, acexport.h, and sdacmvls.h.
|
||||
|
||||
--with-fwtk[=DIR]
|
||||
Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
|
||||
|
||||
1
MANIFEST
1
MANIFEST
@@ -139,7 +139,6 @@ plugins/sudoers/auth/pam.c
|
||||
plugins/sudoers/auth/passwd.c
|
||||
plugins/sudoers/auth/rfc1938.c
|
||||
plugins/sudoers/auth/secureware.c
|
||||
plugins/sudoers/auth/securid.c
|
||||
plugins/sudoers/auth/securid5.c
|
||||
plugins/sudoers/auth/sia.c
|
||||
plugins/sudoers/auth/sudo_auth.c
|
||||
|
||||
73
configure
vendored
73
configure
vendored
@@ -18080,7 +18080,6 @@ if test ${with_SecurID-'no'} != "no"; then
|
||||
with_SecurID=/usr/ace
|
||||
fi
|
||||
CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
|
||||
_LDFLAGS="${LDFLAGS}"
|
||||
|
||||
if test X"$with_rpath" = X"yes"; then
|
||||
case "$host" in
|
||||
@@ -18096,78 +18095,8 @@ if test ${with_SecurID-'no'} != "no"; then
|
||||
blibpath_add="${blibpath_add}:${with_SecurID}"
|
||||
fi
|
||||
|
||||
#
|
||||
# Determine whether to use the new or old SecurID API
|
||||
#
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5
|
||||
$as_echo_n "checking for SD_Init in -laceclnt... " >&6; }
|
||||
if ${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+:} false; then :
|
||||
$as_echo_n "(cached) " >&6
|
||||
else
|
||||
ac_check_lib_save_LIBS=$LIBS
|
||||
LIBS="-laceclnt
|
||||
-lpthread
|
||||
|
||||
$LIBS"
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
|
||||
/* Override any GCC internal prototype to avoid an error.
|
||||
Use char because int might match the return type of a GCC
|
||||
builtin and then its argument prototype would still apply. */
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
#endif
|
||||
char SD_Init ();
|
||||
int
|
||||
main ()
|
||||
{
|
||||
return SD_Init ();
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
_ACEOF
|
||||
if ac_fn_c_try_link "$LINENO"; then :
|
||||
ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes
|
||||
else
|
||||
ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no
|
||||
fi
|
||||
rm -f core conftest.err conftest.$ac_objext \
|
||||
conftest$ac_exeext conftest.$ac_ext
|
||||
LIBS=$ac_check_lib_save_LIBS
|
||||
fi
|
||||
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5
|
||||
$as_echo "$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6; }
|
||||
if test "x$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" = xyes; then :
|
||||
|
||||
AUTH_OBJS="$AUTH_OBJS securid5.lo";
|
||||
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
|
||||
|
||||
|
||||
|
||||
if test X"$with_rpath" = X"yes"; then
|
||||
case "$host" in
|
||||
*-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
|
||||
;;
|
||||
*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID}"
|
||||
fi
|
||||
if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
|
||||
blibpath_add="${blibpath_add}:${with_SecurID}"
|
||||
fi
|
||||
|
||||
|
||||
else
|
||||
|
||||
AUTH_OBJS="$AUTH_OBJS securid.lo";
|
||||
SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
|
||||
|
||||
fi
|
||||
|
||||
LDFLAGS="${_LDFLAGS}"
|
||||
AUTH_OBJS="$AUTH_OBJS securid5.lo";
|
||||
fi
|
||||
|
||||
|
||||
|
||||
20
configure.in
20
configure.in
@@ -2468,27 +2468,9 @@ if test ${with_SecurID-'no'} != "no"; then
|
||||
with_SecurID=/usr/ace
|
||||
fi
|
||||
CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
|
||||
_LDFLAGS="${LDFLAGS}"
|
||||
SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
|
||||
#
|
||||
# Determine whether to use the new or old SecurID API
|
||||
#
|
||||
AC_CHECK_LIB(aceclnt, SD_Init,
|
||||
[
|
||||
AUTH_OBJS="$AUTH_OBJS securid5.lo";
|
||||
SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
|
||||
]
|
||||
[
|
||||
SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
|
||||
], [
|
||||
AUTH_OBJS="$AUTH_OBJS securid.lo";
|
||||
SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
|
||||
],
|
||||
[
|
||||
-lpthread
|
||||
]
|
||||
)
|
||||
LDFLAGS="${_LDFLAGS}"
|
||||
AUTH_OBJS="$AUTH_OBJS securid5.lo";
|
||||
fi
|
||||
|
||||
dnl
|
||||
|
||||
2
mkdep.pl
2
mkdep.pl
@@ -54,7 +54,7 @@ sub mkdep {
|
||||
$makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:;
|
||||
$makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo:;
|
||||
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
|
||||
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid.lo securid5.lo sia.lo:;
|
||||
$makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
|
||||
$makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mktemp.lo nanosleep.lo setenv.lo siglist.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo unsetenv.lo utimes.lo globtest.o fnm_test.o:;
|
||||
|
||||
# Parse OBJS lines
|
||||
|
||||
@@ -631,13 +631,6 @@ secureware.lo: $(authdir)/secureware.c $(top_builddir)/config.h \
|
||||
$(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
|
||||
$(incdir)/gettext.h
|
||||
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/secureware.c
|
||||
securid.lo: $(authdir)/securid.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
|
||||
$(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \
|
||||
$(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
|
||||
$(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
|
||||
$(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \
|
||||
$(incdir)/sudo_debug.h $(incdir)/gettext.h
|
||||
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/securid.c
|
||||
securid5.lo: $(authdir)/securid5.c $(top_builddir)/config.h \
|
||||
$(srcdir)/sudoers.h $(top_builddir)/pathnames.h \
|
||||
$(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
|
||||
|
||||
@@ -1,102 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 1999-2005, 2007, 2010-2011
|
||||
* Todd C. Miller <Todd.Miller@courtesan.com>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
||||
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
||||
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* Sponsored in part by the Defense Advanced Research Projects
|
||||
* Agency (DARPA) and Air Force Research Laboratory, Air Force
|
||||
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
#include <stdio.h>
|
||||
#ifdef STDC_HEADERS
|
||||
# include <stdlib.h>
|
||||
# include <stddef.h>
|
||||
#else
|
||||
# ifdef HAVE_STDLIB_H
|
||||
# include <stdlib.h>
|
||||
# endif
|
||||
#endif /* STDC_HEADERS */
|
||||
#ifdef HAVE_STRING_H
|
||||
# include <string.h>
|
||||
#endif /* HAVE_STRING_H */
|
||||
#ifdef HAVE_STRINGS_H
|
||||
# include <strings.h>
|
||||
#endif /* HAVE_STRINGS_H */
|
||||
#ifdef HAVE_UNISTD_H
|
||||
# include <unistd.h>
|
||||
#endif /* HAVE_UNISTD_H */
|
||||
#include <pwd.h>
|
||||
|
||||
#include <sdi_athd.h>
|
||||
#include <sdconf.h>
|
||||
#include <sdacmvls.h>
|
||||
|
||||
#include "sudoers.h"
|
||||
#include "sudo_auth.h"
|
||||
|
||||
union config_record configure;
|
||||
|
||||
int
|
||||
securid_init(struct passwd *pw, sudo_auth *auth)
|
||||
{
|
||||
static struct SD_CLIENT sd_dat; /* SecurID data block */
|
||||
debug_decl(securid_init, SUDO_DEBUG_AUTH)
|
||||
|
||||
auth->data = (void *) &sd_dat; /* For method-specific data */
|
||||
|
||||
if (creadcfg() == 0)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
else
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
|
||||
int
|
||||
securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
|
||||
{
|
||||
struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
|
||||
debug_decl(securid_setup, SUDO_DEBUG_AUTH)
|
||||
|
||||
/* Re-initialize SecurID every time. */
|
||||
if (sd_init(sd) == 0) {
|
||||
/* The programmer's guide says username is 32 bytes */
|
||||
strlcpy(sd->username, pw->pw_name, 32);
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
} else {
|
||||
warningx(_("unable to contact the SecurID server"));
|
||||
debug_return_int(AUTH_FATAL);
|
||||
}
|
||||
}
|
||||
|
||||
int
|
||||
securid_verify(struct passwd *pw, char *pass, sudo_auth *auth)
|
||||
{
|
||||
struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
|
||||
int rval;
|
||||
debug_decl(securid_verify, SUDO_DEBUG_AUTH)
|
||||
|
||||
rval = sd_auth(sd);
|
||||
sd_close();
|
||||
if (rval == ACM_OK)
|
||||
debug_return_int(AUTH_SUCCESS);
|
||||
else
|
||||
debug_return_int(AUTH_FAILURE);
|
||||
}
|
||||
Reference in New Issue
Block a user