Axe LOGIN_CAP_AUTH.

PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp

2 files changed, 6 insertions, 65 deletions

diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile
index c698911..384b7ea 100644
--- a/usr.bin/su/Makefile
+++ b/usr.bin/su/Makefile
@@ -1,27 +1,19 @@
 #	@(#)Makefile	8.1 (Berkeley) 7/19/93
-#	$Id: Makefile,v 1.20 1998/09/02 14:46:20 bde Exp $
+#	$Id: Makefile,v 1.21 1998/09/19 22:42:05 obrien Exp $
 
 PROG=	su
 SRCS=	su.c
 
-#LC_AUTH=-DLOGIN_CAP_AUTH
-COPTS+= -DLOGIN_CAP $(LC_AUTH)
-LDADD+= -lutil
-DPADD+= ${LIBUTIL}
-
-.if !defined(LC_AUTH)
-COPTS+=	-DSKEY
-LDADD+= -lskey -lmd -lcrypt
-DPADD+= ${LIBSKEY} ${LIBMD} ${LIBCRYPT}
-.endif
+COPTS+= -DLOGIN_CAP -DSKEY
+LDADD+= -lutil -lskey -md -lcrypt
+DPADD+= ${LIBUTIL} ${LIBSKEY} ${LIBMD} ${LIBCRYPT}
 
 .if defined(WHEELSU)
 COPTS+=	-DWHEELSU
 .endif
 CFLAGS+= -Wall
 
-.if exists(${DESTDIR}${LIBDIR}/libkrb.a) && defined(MAKE_KERBEROS4) \
-	&& !defined(LC_AUTH)
+.if exists(${DESTDIR}${LIBDIR}/libkrb.a) && defined(MAKE_KERBEROS4)
 CFLAGS+=-DKERBEROS
 DPADD+=	${LIBKRB} ${LIBDES}
 LDADD+=	-lkrb -ldes
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 4029839..72ace26 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";
 #endif
 static const char rcsid[] =
-	"$Id: su.c,v 1.30 1999/07/01 17:59:17 billf Exp $";
+	"$Id: su.c,v 1.31 1999/07/02 11:20:59 bde Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -63,10 +63,6 @@ static const char rcsid[] =
 
 #ifdef LOGIN_CAP
 #include <login_cap.h>
-#ifdef LOGIN_CAP_AUTH
-#undef SKEY
-#undef KERBEROS
-#endif
 #endif
 
 #ifdef	SKEY
@@ -121,9 +117,6 @@ main(argc, argv)
 	login_cap_t *lc;
 	char *class=NULL;
 	int setwhat;
-#ifdef LOGIN_CAP_AUTH
-	char *style, *approvep, *auth_method = NULL;
-#endif
 #endif
 #ifdef KERBEROS
 	char *k;
@@ -221,15 +214,6 @@ main(argc, argv)
 		}
 	}
 
-#ifdef LOGIN_CAP_AUTH
-	if (auth_method = strchr(user, ':')) {
-		*auth_method = '\0';
-		auth_method++;
-		if (*auth_method == '\0')
-			auth_method = NULL;
-	}
-#endif /* !LOGIN_CAP_AUTH */
-
 	/* get target login information, default to root */
 	if ((pwd = getpwnam(user)) == NULL) {
 		errx(1, "unknown login: %s", user);
@@ -285,40 +269,6 @@ main(argc, argv)
 		}
 		/* if target requires a password, verify it */
 		if (*pwd->pw_passwd) {
-#ifdef LOGIN_CAP_AUTH
-		/*
-		 * This hands off authorisation to an authorisation program,
-		 * depending on the styles available for the "auth-su",
-		 * authorisation styles.
-		 */
-		if ((style = login_getstyle(lc, auth_method, "su")) == NULL)
-			errx(1, "auth method available for su.\n");
-		if (authenticate(user, lc ? lc->lc_class : "default", style, "su") != 0) {
-#ifdef WHEELSU
-			if (!iswheelsu || authenticate(username, lc ? lc->lc_class : "default", style, "su") != 0) {
-#endif /* WHEELSU */
-			{
-			fprintf(stderr, "Sorry\n");
-			syslog(LOG_AUTH|LOG_WARNING,"BAD SU %s to %s%s", username, user, ontty());
-			exit(1);
-			}
-		}
-
-		/*
-		 * If authentication succeeds, run any approval
-		 * program, if applicable for this class.
-		 */
-		approvep = login_getcapstr(lc, "approve", NULL, NULL);
-		if (approvep==NULL || auth_script(approvep, approvep, username, lc->lc_class, 0) == 0) {
-			int     r = auth_scan(AUTH_OKAY);
-			/* See what the authorise program says */
-			if (!(r & AUTH_ROOTOKAY) && pwd->pw_uid == 0) {
-				fprintf(stderr, "Sorry\n");
-				syslog(LOG_AUTH|LOG_WARNING,"UNAPPROVED ROOT SU %s%s", user, ontty());
-				exit(1);
-			}
-		}
-#else /* !LOGIN_CAP_AUTH */
 #ifdef	SKEY
 #ifdef WHEELSU
 			if (iswheelsu) {
@@ -349,7 +299,6 @@ main(argc, argv)
 				pwd = getpwnam(user);
 			}
 #endif /* WHEELSU */
-#endif /* LOGIN_CAP_AUTH */
 		}
 		if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
 			fprintf(stderr, "Sorry - account expired\n");