From a9521339a7bd807b0dae35b4b70a0150df0bcd24 Mon Sep 17 00:00:00 2001 From: sheldonh Date: Fri, 13 Aug 1999 16:51:40 +0000 Subject: Axe LOGIN_CAP_AUTH. PR: 10115 Reported by: Gene Skonicki Requested by: jdp --- usr.bin/su/Makefile | 18 +++++------------- usr.bin/su/su.c | 53 +---------------------------------------------------- 2 files changed, 6 insertions(+), 65 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile index c698911..384b7ea 100644 --- a/usr.bin/su/Makefile +++ b/usr.bin/su/Makefile @@ -1,27 +1,19 @@ # @(#)Makefile 8.1 (Berkeley) 7/19/93 -# $Id: Makefile,v 1.20 1998/09/02 14:46:20 bde Exp $ +# $Id: Makefile,v 1.21 1998/09/19 22:42:05 obrien Exp $ PROG= su SRCS= su.c -#LC_AUTH=-DLOGIN_CAP_AUTH -COPTS+= -DLOGIN_CAP $(LC_AUTH) -LDADD+= -lutil -DPADD+= ${LIBUTIL} - -.if !defined(LC_AUTH) -COPTS+= -DSKEY -LDADD+= -lskey -lmd -lcrypt -DPADD+= ${LIBSKEY} ${LIBMD} ${LIBCRYPT} -.endif +COPTS+= -DLOGIN_CAP -DSKEY +LDADD+= -lutil -lskey -md -lcrypt +DPADD+= ${LIBUTIL} ${LIBSKEY} ${LIBMD} ${LIBCRYPT} .if defined(WHEELSU) COPTS+= -DWHEELSU .endif CFLAGS+= -Wall -.if exists(${DESTDIR}${LIBDIR}/libkrb.a) && defined(MAKE_KERBEROS4) \ - && !defined(LC_AUTH) +.if exists(${DESTDIR}${LIBDIR}/libkrb.a) && defined(MAKE_KERBEROS4) CFLAGS+=-DKERBEROS DPADD+= ${LIBKRB} ${LIBDES} LDADD+= -lkrb -ldes diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index 4029839..72ace26 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -42,7 +42,7 @@ static const char copyright[] = static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94"; #endif static const char rcsid[] = - "$Id: su.c,v 1.30 1999/07/01 17:59:17 billf Exp $"; + "$Id: su.c,v 1.31 1999/07/02 11:20:59 bde Exp $"; #endif /* not lint */ #include @@ -63,10 +63,6 @@ static const char rcsid[] = #ifdef LOGIN_CAP #include -#ifdef LOGIN_CAP_AUTH -#undef SKEY -#undef KERBEROS -#endif #endif #ifdef SKEY @@ -121,9 +117,6 @@ main(argc, argv) login_cap_t *lc; char *class=NULL; int setwhat; -#ifdef LOGIN_CAP_AUTH - char *style, *approvep, *auth_method = NULL; -#endif #endif #ifdef KERBEROS char *k; @@ -221,15 +214,6 @@ main(argc, argv) } } -#ifdef LOGIN_CAP_AUTH - if (auth_method = strchr(user, ':')) { - *auth_method = '\0'; - auth_method++; - if (*auth_method == '\0') - auth_method = NULL; - } -#endif /* !LOGIN_CAP_AUTH */ - /* get target login information, default to root */ if ((pwd = getpwnam(user)) == NULL) { errx(1, "unknown login: %s", user); @@ -285,40 +269,6 @@ main(argc, argv) } /* if target requires a password, verify it */ if (*pwd->pw_passwd) { -#ifdef LOGIN_CAP_AUTH - /* - * This hands off authorisation to an authorisation program, - * depending on the styles available for the "auth-su", - * authorisation styles. - */ - if ((style = login_getstyle(lc, auth_method, "su")) == NULL) - errx(1, "auth method available for su.\n"); - if (authenticate(user, lc ? lc->lc_class : "default", style, "su") != 0) { -#ifdef WHEELSU - if (!iswheelsu || authenticate(username, lc ? lc->lc_class : "default", style, "su") != 0) { -#endif /* WHEELSU */ - { - fprintf(stderr, "Sorry\n"); - syslog(LOG_AUTH|LOG_WARNING,"BAD SU %s to %s%s", username, user, ontty()); - exit(1); - } - } - - /* - * If authentication succeeds, run any approval - * program, if applicable for this class. - */ - approvep = login_getcapstr(lc, "approve", NULL, NULL); - if (approvep==NULL || auth_script(approvep, approvep, username, lc->lc_class, 0) == 0) { - int r = auth_scan(AUTH_OKAY); - /* See what the authorise program says */ - if (!(r & AUTH_ROOTOKAY) && pwd->pw_uid == 0) { - fprintf(stderr, "Sorry\n"); - syslog(LOG_AUTH|LOG_WARNING,"UNAPPROVED ROOT SU %s%s", user, ontty()); - exit(1); - } - } -#else /* !LOGIN_CAP_AUTH */ #ifdef SKEY #ifdef WHEELSU if (iswheelsu) { @@ -349,7 +299,6 @@ main(argc, argv) pwd = getpwnam(user); } #endif /* WHEELSU */ -#endif /* LOGIN_CAP_AUTH */ } if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) { fprintf(stderr, "Sorry - account expired\n"); -- cgit v1.1