krb4 bye bye

5 files changed, 0 insertions, 291 deletions

diff --git a/libexec/login_krb4-or-pwd/Makefile b/libexec/login_krb4-or-pwd/Makefile
deleted file mode 100644
index f8f97c65ce7..00000000000
--- a/libexec/login_krb4-or-pwd/Makefile
+++ /dev/null
@@ -1,27 +0,0 @@
-#	$OpenBSD: Makefile,v 1.5 2002/05/11 00:20:20 espie Exp $
-
-.include <bsd.own.mk>
-
-PROG=	login_krb4-or-pwd
-SRCS=	login.c login_passwd.c
-MAN=	${PROG}.8
-CFLAGS+=-DPASSWD -Wall -Werror -I${.CURDIR}/../login_passwd
-
-.if (${KERBEROS:L} == "yes")
-SRCS+=	login_krb4.c 
-DPADD+=  ${LIBKRB} ${LIBCRYPTO} ${LIBUTIL} ${LIBDES}
-LDADD+=	-lkrb -lcrypto -lutil -ldes
-CFLAGS+=-DKRB4
-.PATH:	${.CURDIR}/../login_passwd ${.CURDIR}/../login_krb4
-.else
-DPADD+=  ${LIBUTIL}
-LDADD+=  -lutil
-.PATH:	${.CURDIR}/../login_passwd
-.endif
-
-BINOWN=	root
-BINGRP= auth
-BINMODE=4555
-BINDIR= /usr/libexec/auth
-
-.include <bsd.prog.mk>
diff --git a/libexec/login_krb4-or-pwd/login_krb4-or-pwd.8 b/libexec/login_krb4-or-pwd/login_krb4-or-pwd.8
deleted file mode 100644
index 5cd3eb83c71..00000000000
--- a/libexec/login_krb4-or-pwd/login_krb4-or-pwd.8
+++ /dev/null
@@ -1,58 +0,0 @@
-.\" $OpenBSD: login_krb4-or-pwd.8,v 1.8 2002/11/09 03:03:14 fgsch Exp $
-.\"
-.\" Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
-.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd December 11, 2000
-.Dt LOGIN_KRB-OR-PWD 8
-.Os
-.Sh NAME
-.Nm login_krb4-or-pwd
-.Nd provide KerberosIV or password authentication type
-.Sh SYNOPSIS
-.Nm login_krb4-or-pwd
-.Op Fl s Ar service
-.Op Fl v Ar wheel=yes|no
-.Op Fl v Ar lastchance=yes|no
-.Ar user
-.Op Ar class
-.Sh DESCRIPTION
-The
-.Nm
-utility first attempts to authenticate the user via KerberosIV
-and, failing that, falls back to standard password authentication.
-.Pp
-If KerberosIV is not configured on the system,
-.Nm
-is equivalent to calling
-.Xr login_passwd 8 .
-.Pp
-.Nm
-accepts any command line arguments described in
-.Xr login_krb4 8
-or
-.Xr login_passwd 8 .
-.Sh SEE ALSO
-.Xr kerberos 1 ,
-.Xr login_krb4 8 ,
-.Xr login_passwd 8
-
diff --git a/libexec/login_krb4/Makefile b/libexec/login_krb4/Makefile
deleted file mode 100644
index 07cfeaa5a4a..00000000000
--- a/libexec/login_krb4/Makefile
+++ /dev/null
@@ -1,26 +0,0 @@
-#	$OpenBSD: Makefile,v 1.5 2002/05/11 00:20:20 espie Exp $
-
-.include <bsd.own.mk>
-
-PROG=	login_krb4
-SRCS=	login.c
-MAN=	${PROG}.8
-CFLAGS+=-Wall -Werror -I${.CURDIR}/../login_passwd
-.PATH:	${.CURDIR}/../login_passwd
-
-.if (${KERBEROS:L} == "yes")
-SRCS+=	login_krb4.c
-DPADD+=	${LIBKRB} ${LIBCRYPTO} ${LIBDES}
-LDADD+=	-lkrb -lcrypto -ldes
-CFLAGS+=-DKRB4
-.endif
-
-DPADD+=	${LIBUTIL}
-LDADD+=	-lutil
-
-BINOWN=	root
-BINGRP= auth
-BINMODE=4555
-BINDIR= /usr/libexec/auth
-
-.include <bsd.prog.mk>
diff --git a/libexec/login_krb4/login_krb4.8 b/libexec/login_krb4/login_krb4.8
deleted file mode 100644
index 1bba2c3badc..00000000000
--- a/libexec/login_krb4/login_krb4.8
+++ /dev/null
@@ -1,89 +0,0 @@
-.\" $OpenBSD: login_krb4.8,v 1.9 2002/11/09 03:03:14 fgsch Exp $
-.\"
-.\" Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
-.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd December 11, 2000
-.Dt LOGIN_KERBEROS 8
-.Os
-.Sh NAME
-.Nm login_krb4
-.Nd provide KerberosIV authentication type
-.Sh SYNOPSIS
-.Nm login_krb4
-.Op Fl s Ar service
-.Op Fl v Ar lastchance=yes|no
-.Ar user
-.Op Ar class
-.Sh DESCRIPTION
-The
-.Nm
-utility implements the KerberosIV authentication mechanism.
-It is called by
-.Xr login 1 ,
-.Xr su 1 ,
-.Xr ftpd 8 ,
-and others to authenticate the
-.Ar user
-with KerberosIV.
-.Pp
-The
-.Ar user
-argument is the user's name to be authenticated.
-.Pp
-The
-.Ar service
-argument specifies which protocol to use with the
-invoking program.
-The allowed protocols are
-.Em login ,
-.Em challenge ,
-and
-.Em response .
-(The
-.Em challenge
-protocol is silently ignored but will report success as KerberosIV
-authentication is not challenge-response based).
-.Pp
-If the
-.Ar lastchance
-argument is specified and is equal to
-.Dq yes ,
-then if the user's password has expired, and it has not been
-expired longer than
-.Dq password-dead
-seconds (see
-.Xr login.conf 5 ) ,
-the user will be able to log in one last time to change the password.
-.Pp
-.Nm
-will prompt the user for a password and report back to the
-invoking program whether or not the authentication was
-successful.
-.Sh SEE ALSO
-.Xr kerberos 1 ,
-.Xr login 1 ,
-.Xr passwd 1 ,
-.Xr su 1 ,
-.Xr login.conf 5 ,
-.Xr ftpd 8 ,
-.Xr login_krb4-or-pwd 8
diff --git a/libexec/login_krb4/login_krb4.c b/libexec/login_krb4/login_krb4.c
deleted file mode 100644
index fbec0346411..00000000000
--- a/libexec/login_krb4/login_krb4.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/*	$OpenBSD: login_krb4.c,v 1.5 2002/09/06 18:45:06 deraadt Exp $	*/
-
-/*-
- * Copyright (c) 2001 Hans Insulander <hin@openbsd.org>.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "common.h"
-#include <fcntl.h>
-
-#include <kerberosIV/krb.h>
-
-int
-krb4_login(char *username, char *password, char *invokinguser, int new_tickets)
-{
-	char realm[REALM_SZ];
-	char tkfile[MAXPATHLEN];
-	char *instance, *targetuser;
-	struct passwd *pwd;
-	int ret, fd;
-
-	/* Check if we can open the srvtab file */
-	if ((fd = open(KEYFILE, O_RDONLY, 0400)) < 0)
-		return (AUTH_FAILED);
-	close(fd);
-
-	pwd = getpwnam(username);
-	tkfile[0] = '\0';
-
-	targetuser = username;
-	if (krb_get_lrealm(realm, 1))
-		syslog(LOG_INFO, "krb_get_lrealm failed");
-
-	if (new_tickets) {
-		snprintf(tkfile, sizeof(tkfile), "%s%d", TKT_ROOT,
-		    pwd ? pwd->pw_uid : getuid());
-		krb_set_tkt_string(tkfile);
-		unlink(tkfile);
-	}
-
-	if (strcmp(username, "root") == 0) {
-		instance = "root";
-		username = invokinguser;
-	} else
-		instance = "";
-
-	/*
-	 * This kludge is needed because the krb library checks if it seems
-	 * to be running as a setuid program, due to problems with setuid
-	 * programs and environment variables.
-	 *
-	 * But in this case it's okay, because the login scripts are called
-	 * with a clean environment.
-	 */
-	setuid(geteuid());
-	ret = krb_verify_user(username, instance , realm, password, 1, "rcmd");
-
-	if (new_tickets && pwd)
-		chown(tkfile, pwd->pw_uid, pwd->pw_gid);
-
-	if (ret == KSUCCESS &&
-	    krb_kuserok(username, instance, realm, targetuser) == 0) {
-		fprintf(back, BI_AUTH "\n");
-		if (strlen(tkfile) > 0)
-			fprintf(back, BI_SETENV " KRBTKFILE %s\n", tkfile);
-		return (AUTH_OK);
-	}
-	unlink(tkfile);
-	return (AUTH_FAILED);
-}