Remove obsolete securid auth method.

2011-11-13 11:54:06 -05:00
parent 6fd3e03857
commit 5c29710f35
7 changed files with 6 additions and 205 deletions
--- a/2
+++ b/2
@@ -166,7 +166,7 @@ Special features/options:

  --with-SecurID[=DIR]
 	Enable SecurID support.  If specified, DIR is directory containing
-	sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
+	libaceclnt.a, acexport.h, and sdacmvls.h.

  --with-fwtk[=DIR]
 	Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
--- a/1
+++ b/1
@@ -139,7 +139,6 @@ plugins/sudoers/auth/pam.c
 plugins/sudoers/auth/passwd.c
 plugins/sudoers/auth/rfc1938.c
 plugins/sudoers/auth/secureware.c
-plugins/sudoers/auth/securid.c
 plugins/sudoers/auth/securid5.c
 plugins/sudoers/auth/sia.c
 plugins/sudoers/auth/sudo_auth.c
--- a/75
+++ b/75
@@ -18080,7 +18080,6 @@ if test ${with_SecurID-'no'} != "no"; then
 	with_SecurID=/usr/ace
    fi
    CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
-    _LDFLAGS="${LDFLAGS}"

    if test X"$with_rpath" = X"yes"; then
 	case "$host" in
@@ -18096,78 +18095,8 @@ if test ${with_SecurID-'no'} != "no"; then
 	blibpath_add="${blibpath_add}:${with_SecurID}"
    fi

-    #
-    # Determine whether to use the new or old SecurID API
-    #
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SD_Init in -laceclnt" >&5
-$as_echo_n "checking for SD_Init in -laceclnt... " >&6; }
-if ${ac_cv_lib_aceclnt_SD_Init_______lpthread_______+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-laceclnt
-	    -lpthread
-
-     $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SD_Init ();
-int
-main ()
-{
-return SD_Init ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_aceclnt_SD_Init_______lpthread_______=yes
-else
-  ac_cv_lib_aceclnt_SD_Init_______lpthread_______=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&5
-$as_echo "$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" >&6; }
-if test "x$ac_cv_lib_aceclnt_SD_Init_______lpthread_______" = xyes; then :
-
-	    AUTH_OBJS="$AUTH_OBJS securid5.lo";
-	    SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
-
-
-
-    if test X"$with_rpath" = X"yes"; then
-	case "$host" in
-	    *-*-hpux*)	SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID} -Wl,+b,${with_SecurID}"
-			;;
-	    *)		SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID} -Wl,-R${with_SecurID}"
-			;;
-	esac
-    else
-	SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_SecurID}"
-    fi
-    if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
-	blibpath_add="${blibpath_add}:${with_SecurID}"
-    fi
-
-
-else
-
-	    AUTH_OBJS="$AUTH_OBJS securid.lo";
-	    SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
-
-fi
-
-    LDFLAGS="${_LDFLAGS}"
+    SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
+    AUTH_OBJS="$AUTH_OBJS securid5.lo";
 fi


--- a/configure.in
+++ b/configure.in
@@ -2468,27 +2468,9 @@ if test ${with_SecurID-'no'} != "no"; then
 	with_SecurID=/usr/ace
    fi
    CPPFLAGS="${CPPFLAGS} -I${with_SecurID}"
-    _LDFLAGS="${LDFLAGS}"
    SUDO_APPEND_LIBPATH(LDFLAGS, [${with_SecurID}])
-    #
-    # Determine whether to use the new or old SecurID API
-    #
-    AC_CHECK_LIB(aceclnt, SD_Init,
-	[
-	    AUTH_OBJS="$AUTH_OBJS securid5.lo";
-	    SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
-	]
-	[
-	    SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_SecurID}])
-	], [
-	    AUTH_OBJS="$AUTH_OBJS securid.lo";
-	    SUDOERS_LIBS="${SUDOERS_LIBS} ${with_SecurID}/sdiclient.a"
-	],
-	[
-	    -lpthread
-	]
-    )
-    LDFLAGS="${_LDFLAGS}"
+    SUDOERS_LIBS="${SUDOERS_LIBS} -laceclnt -lpthread"
+    AUTH_OBJS="$AUTH_OBJS securid5.lo";
 fi

 dnl
--- a/mkdep.pl
+++ b/mkdep.pl
@@ -54,7 +54,7 @@ sub mkdep {
    $makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:;
    $makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo:;
    # XXX - fill in AUTH_OBJS from contents of the auth dir instead
-    $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid.lo securid5.lo sia.lo:;
+    $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid5.lo sia.lo:;
    $makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mktemp.lo nanosleep.lo setenv.lo siglist.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo unsetenv.lo utimes.lo globtest.o fnm_test.o:;

    # Parse OBJS lines
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -631,13 +631,6 @@ secureware.lo: $(authdir)/secureware.c $(top_builddir)/config.h \
               $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
               $(incdir)/gettext.h
 	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/secureware.c
-securid.lo: $(authdir)/securid.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
-            $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \
-            $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
-            $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
-            $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h \
-            $(incdir)/sudo_debug.h $(incdir)/gettext.h
-	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/securid.c
 securid5.lo: $(authdir)/securid5.c $(top_builddir)/config.h \
             $(srcdir)/sudoers.h $(top_builddir)/pathnames.h \
             $(incdir)/missing.h $(incdir)/error.h $(incdir)/alloc.h \
--- a/plugins/sudoers/auth/securid.c
+++ b/plugins/sudoers/auth/securid.c
@@ -1,102 +0,0 @@
-/*
- * Copyright (c) 1999-2005, 2007, 2010-2011
- *	Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F39502-99-1-0512.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-#  include <stdlib.h>
-# endif
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRINGS_H */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <pwd.h>
-
-#include <sdi_athd.h>
-#include <sdconf.h>
-#include <sdacmvls.h>
-
-#include "sudoers.h"
-#include "sudo_auth.h"
-
-union config_record configure;
-
-int
-securid_init(struct passwd *pw, sudo_auth *auth)
-{
-    static struct SD_CLIENT sd_dat;		/* SecurID data block */
-    debug_decl(securid_init, SUDO_DEBUG_AUTH)
-
-    auth->data = (void *) &sd_dat;		/* For method-specific data */
-
-    if (creadcfg() == 0)
-	debug_return_int(AUTH_SUCCESS);
-    else
-	debug_return_int(AUTH_FATAL);
-}
-
-int
-securid_setup(struct passwd *pw, char **promptp, sudo_auth *auth)
-{
-    struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
-    debug_decl(securid_setup, SUDO_DEBUG_AUTH)
-
-    /* Re-initialize SecurID every time. */
-    if (sd_init(sd) == 0) {
-	/* The programmer's guide says username is 32 bytes */
-	strlcpy(sd->username, pw->pw_name, 32);
-	debug_return_int(AUTH_SUCCESS);
-    } else {
-	warningx(_("unable to contact the SecurID server"));
-	debug_return_int(AUTH_FATAL);
-    }
-}
-
-int
-securid_verify(struct passwd *pw, char *pass, sudo_auth *auth)
-{
-    struct SD_CLIENT *sd = (struct SD_CLIENT *) auth->data;
-    int rval;
-    debug_decl(securid_verify, SUDO_DEBUG_AUTH)
-
-    rval = sd_auth(sd);
-    sd_close();
-    if (rval == ACM_OK)
-	debug_return_int(AUTH_SUCCESS);
-    else
-	debug_return_int(AUTH_FAILURE);
-}