DIR is the base directory containing the compiled FWTK package
(or at least the library and header files).
- --with-kerb4[=DIR]
- Enable Kerberos IV support. If specified, DIR is the base
- directory containing the Kerberos IV include and lib dirs.
- This uses Kerberos passphrases for authentication but does
- not use the Kerberos cookie scheme.
-
--with-kerb5[=DIR]
Enable Kerberos V support. If specified, DIR is the base
directory containing the Kerberos V include and lib dirs.
plugins/sudoers/auth/bsdauth.c
plugins/sudoers/auth/dce.c
plugins/sudoers/auth/fwtk.c
-plugins/sudoers/auth/kerb4.c
plugins/sudoers/auth/kerb5.c
plugins/sudoers/auth/pam.c
plugins/sudoers/auth/passwd.c
shadow enabled) */
#undef HAVE_ISSECURE
-/* Define to 1 if you use Kerberos IV. */
-#undef HAVE_KERB4
-
/* Define to 1 if you use Kerberos V. */
#undef HAVE_KERB5
with_long_otp_prompt
with_SecurID
with_fwtk
-with_kerb4
with_kerb5
with_aixauth
with_pam
--with-long-otp-prompt use a two line OTP (skey/opie) prompt
--with-SecurID[=DIR] enable SecurID support
--with-fwtk[=DIR] enable FWTK AuthSRV support
- --with-kerb4[=DIR] enable Kerberos IV support
--with-kerb5[=DIR] enable Kerberos V support
--with-aixauth enable AIX general authentication support
--with-pam enable PAM support
-# Check whether --with-kerb4 was given.
-if test "${with_kerb4+set}" = set; then :
- withval=$with_kerb4; case $with_kerb4 in
- no) ;;
- *) { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to try kerberos IV authentication" >&5
-$as_echo_n "checking whether to try kerberos IV authentication... " >&6; }
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- AUTH_REG="$AUTH_REG kerb4"
- ;;
-esac
-fi
-
-
-
# Check whether --with-kerb5 was given.
if test "${with_kerb5+set}" = set; then :
withval=$with_kerb5; case $with_kerb5 in
done
fi
-if test ${with_kerb4-'no'} != "no"; then
- $as_echo "#define HAVE_KERB4 1" >>confdefs.h
-
- O_LDFLAGS="$LDFLAGS"
- if test "$with_kerb4" = "yes"; then
- found=no
- O_CPPFLAGS="$CPPFLAGS"
- for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
- CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <krb.h>
-int
-main ()
-{
-
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_cpp "$LINENO"; then :
- found=yes; break
-fi
-rm -f conftest.err conftest.i conftest.$ac_ext
- done
- test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
- else
-
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
- ;;
- *) LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
- ;;
- esac
- else
- LDFLAGS="${LDFLAGS} -L${with_kerb4}/lib"
- fi
- if test X"$blibpath" != X"" -a "LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_kerb4}/lib"
- fi
-
-
- if test X"$with_rpath" = X"yes"; then
- case "$host" in
- *-*-hpux*) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb4}/lib -Wl,+b,${with_kerb4}/lib"
- ;;
- *) SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb4}/lib -Wl,-R${with_kerb4}/lib"
- ;;
- esac
- else
- SUDOERS_LDFLAGS="${SUDOERS_LDFLAGS} -L${with_kerb4}/lib"
- fi
- if test X"$blibpath" != X"" -a "SUDOERS_LDFLAGS" = "SUDO_LDFLAGS"; then
- blibpath_add="${blibpath_add}:${with_kerb4}/lib"
- fi
-
- CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
- ac_fn_c_check_header_mongrel "$LINENO" "krb.h" "ac_cv_header_krb_h" "$ac_includes_default"
-if test "x$ac_cv_header_krb_h" = xyes; then :
- found=yes
-else
- found=no
-fi
-
-
- fi
- if test X"$found" = X"no"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&5
-$as_echo "$as_me: WARNING: Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS" >&2;}
- fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes" >&5
-$as_echo_n "checking for des_cbc_encrypt in -ldes... " >&6; }
-if ${ac_cv_lib_des_des_cbc_encrypt+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldes $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char des_cbc_encrypt ();
-int
-main ()
-{
-return des_cbc_encrypt ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_des_des_cbc_encrypt=yes
-else
- ac_cv_lib_des_des_cbc_encrypt=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des_des_cbc_encrypt" >&5
-$as_echo "$ac_cv_lib_des_des_cbc_encrypt" >&6; }
-if test "x$ac_cv_lib_des_des_cbc_encrypt" = xyes; then :
- K4LIBS="-ldes"
-else
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for des_cbc_encrypt in -ldes425" >&5
-$as_echo_n "checking for des_cbc_encrypt in -ldes425... " >&6; }
-if ${ac_cv_lib_des425_des_cbc_encrypt+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-ldes425 $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-/* Override any GCC internal prototype to avoid an error.
- Use char because int might match the return type of a GCC
- builtin and then its argument prototype would still apply. */
-#ifdef __cplusplus
-extern "C"
-#endif
-char des_cbc_encrypt ();
-int
-main ()
-{
-return des_cbc_encrypt ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_des425_des_cbc_encrypt=yes
-else
- ac_cv_lib_des425_des_cbc_encrypt=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_des425_des_cbc_encrypt" >&5
-$as_echo "$ac_cv_lib_des425_des_cbc_encrypt" >&6; }
-if test "x$ac_cv_lib_des425_des_cbc_encrypt" = xyes; then :
- K4LIBS="-ldes425"
-else
- K4LIBS=""
-fi
-
-
-fi
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using KTH Kerberos IV" >&5
-$as_echo_n "checking whether we are using KTH Kerberos IV... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-#include <krb.h>
-int
-main ()
-{
-const char *tmp = krb4_version;
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
- K4LIBS="${K4LIBS} -lcom_err"
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lroken" >&5
-$as_echo_n "checking for main in -lroken... " >&6; }
-if ${ac_cv_lib_roken_main+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lroken $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- ac_cv_lib_roken_main=yes
-else
- ac_cv_lib_roken_main=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_roken_main" >&5
-$as_echo "$ac_cv_lib_roken_main" >&6; }
-if test "x$ac_cv_lib_roken_main" = xyes; then :
- K4LIBS="${K4LIBS} -lroken"
-fi
-
-
-else
-
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-
-fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
- as_ac_Lib=`$as_echo "ac_cv_lib_krb_main$K4LIBS" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb" >&5
-$as_echo_n "checking for main in -lkrb... " >&6; }
-if eval \${$as_ac_Lib+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb $K4LIBS $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- eval "$as_ac_Lib=yes"
-else
- eval "$as_ac_Lib=no"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-eval ac_res=\$$as_ac_Lib
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
- K4LIBS="-lkrb $K4LIBS"
-else
-
- as_ac_Lib=`$as_echo "ac_cv_lib_krb4_main$K4LIBS" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lkrb4" >&5
-$as_echo_n "checking for main in -lkrb4... " >&6; }
-if eval \${$as_ac_Lib+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_check_lib_save_LIBS=$LIBS
-LIBS="-lkrb4 $K4LIBS $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h. */
-
-
-int
-main ()
-{
-return main ();
- ;
- return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
- eval "$as_ac_Lib=yes"
-else
- eval "$as_ac_Lib=no"
-fi
-rm -f core conftest.err conftest.$ac_objext \
- conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-eval ac_res=\$$as_ac_Lib
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
-$as_echo "$ac_res" >&6; }
-if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
- K4LIBS="-lkrb4 $K4LIBS"
-else
- K4LIBS="-lkrb $K4LIBS"
- { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS" >&5
-$as_echo "$as_me: WARNING: Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS" >&2;}
-
-fi
-
-
-fi
-
- LDFLAGS="$O_LDFLAGS"
- SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
- AUTH_OBJS="$AUTH_OBJS kerb4.lo"
-fi
-
if test ${with_kerb5-'no'} != "no"; then
# Extract the first word of "krb5-config", so it can be a program name with args.
set dummy krb5-config; ac_word=$2
-
;;
esac])
-AC_ARG_WITH(kerb4, [AS_HELP_STRING([--with-kerb4[[=DIR]]], [enable Kerberos IV support])],
-[case $with_kerb4 in
- no) ;;
- *) AC_MSG_CHECKING(whether to try kerberos IV authentication)
- AC_MSG_RESULT(yes)
- AUTH_REG="$AUTH_REG kerb4"
- ;;
-esac])
-
AC_ARG_WITH(kerb5, [AS_HELP_STRING([--with-kerb5[[=DIR]]], [enable Kerberos V support])],
[case $with_kerb5 in
no) ;;
done
fi
-dnl
-dnl Kerberos IV
-dnl
-if test ${with_kerb4-'no'} != "no"; then
- AC_DEFINE(HAVE_KERB4)
- dnl
- dnl Use the specified directory, if any, else search for correct inc dir
- dnl
- O_LDFLAGS="$LDFLAGS"
- if test "$with_kerb4" = "yes"; then
- found=no
- O_CPPFLAGS="$CPPFLAGS"
- for dir in "" "kerberosIV/" "krb4/" "kerberos4/" "kerberosv4/"; do
- CPPFLAGS="$O_CPPFLAGS -I/usr/include/${dir}"
- AC_PREPROC_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]])], [found=yes; break])
- done
- test X"$found" = X"no" && CPPFLAGS="$O_CPPFLAGS"
- else
- SUDO_APPEND_LIBPATH(LDFLAGS, [${with_kerb4}/lib])
- SUDO_APPEND_LIBPATH(SUDOERS_LDFLAGS, [${with_kerb4}/lib])
- CPPFLAGS="$CPPFLAGS -I${with_kerb4}/include"
- AC_CHECK_HEADER([krb.h], [found=yes], [found=no])
- fi
- if test X"$found" = X"no"; then
- AC_MSG_WARN([Unable to locate Kerberos IV include files, you will have to edit the Makefile and add -I/path/to/krb/includes to CPPFLAGS])
- fi
-
- dnl
- dnl Check for -ldes vs. -ldes425
- dnl
- AC_CHECK_LIB(des, des_cbc_encrypt, [K4LIBS="-ldes"], [
- AC_CHECK_LIB(des425, des_cbc_encrypt, [K4LIBS="-ldes425"], [K4LIBS=""])
- ])
- dnl
- dnl Try to determine whether we have KTH or MIT/CNS Kerberos IV
- dnl
- AC_MSG_CHECKING(whether we are using KTH Kerberos IV)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <krb.h>]], [[const char *tmp = krb4_version;]])], [
- AC_MSG_RESULT(yes)
- K4LIBS="${K4LIBS} -lcom_err"
- AC_CHECK_LIB(roken, main, [K4LIBS="${K4LIBS} -lroken"])
- ], [
- AC_MSG_RESULT(no)
- ]
- )
- dnl
- dnl The actual Kerberos IV lib might be -lkrb or -lkrb4
- dnl
- AC_CHECK_LIB(krb, main, [K4LIBS="-lkrb $K4LIBS"], [
- AC_CHECK_LIB(krb4, main, [K4LIBS="-lkrb4 $K4LIBS"],
- [K4LIBS="-lkrb $K4LIBS"]
- [AC_MSG_WARN([Unable to locate Kerberos IV libraries, you will have to edit the Makefile and add -L/path/to/krb/libs to SUDOERS_LDFLAGS and possibly add Kerberos libs to SUDOERS_LIBS])]
- , [$K4LIBS])
- ], [$K4LIBS])
- LDFLAGS="$O_LDFLAGS"
- SUDOERS_LIBS="${SUDOERS_LIBS} $K4LIBS"
- AUTH_OBJS="$AUTH_OBJS kerb4.lo"
-fi
-
dnl
dnl Kerberos V
dnl There is an easy way and a hard way...
AH_TEMPLATE(HAVE_IN6_ADDR, [Define to 1 if <netinet/in.h> contains struct in6_addr.])
AH_TEMPLATE(HAVE_ISCOMSEC, [Define to 1 if you have the `iscomsec' function. (HP-UX >= 10.x check for shadow enabled)])
AH_TEMPLATE(HAVE_ISSECURE, [Define to 1 if you have the `issecure' function. (SunOS 4.x check for shadow enabled)])
-AH_TEMPLATE(HAVE_KERB4, [Define to 1 if you use Kerberos IV.])
AH_TEMPLATE(HAVE_KERB5, [Define to 1 if you use Kerberos V.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC, [Define to 1 if you have the `krb5_get_init_creds_opt_alloc' function.])
AH_TEMPLATE(HAVE_KRB5_GET_INIT_CREDS_OPT_FREE_TWO_ARGS, [Define to 1 if your `krb5_get_init_creds_opt_free' function takes two arguments.])
_RLD_*
SHLIB_PATH (HP-UX only)
LIBPATH (AIX only)
- KRB_CONF (kerb4 only)
- KRBCONFDIR (kerb4 only)
- KRBTKFILE (kerb4 only)
KRB5_CONFIG (kerb5 only)
VAR_ACE (SecurID only)
USR_ACE (SecurID only)
$makefile =~ s:\@SUDO_OBJS\@:preload.o selinux.o sesh.o sudo_noexec.lo:;
$makefile =~ s:\@SUDOERS_OBJS\@:bsm_audit.lo linux_audit.lo ldap.lo plugin_error.lo:;
# XXX - fill in AUTH_OBJS from contents of the auth dir instead
- $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb4.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid.lo securid5.lo sia.lo:;
+ $makefile =~ s:\@AUTH_OBJS\@:afs.lo aix_auth.lo bsdauth.lo dce.lo fwtk.lo getspwuid.lo kerb5.lo pam.lo passwd.lo rfc1938.lo secureware.lo securid.lo securid5.lo sia.lo:;
$makefile =~ s:\@LTLIBOBJS\@:closefrom.lo dlopen.lo fnmatch.lo getcwd.lo getgrouplist.lo getline.lo getprogname.lo glob.lo isblank.lo memrchr.lo mksiglist.lo mktemp.lo nanosleep.lo setenv.lo siglist.lo snprintf.lo strlcat.lo strlcpy.lo strsignal.lo unsetenv.lo utimes.lo globtest.o fnm_test.o:;
# Parse OBJS lines
$(incdir)/gettext.h
$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(srcdir)/iolog_path.c
iolog_path.o: iolog_path.lo
-kerb4.lo: $(authdir)/kerb4.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
- $(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \
- $(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
- $(srcdir)/defaults.h $(devdir)/def_data.h $(srcdir)/logging.h \
- $(srcdir)/sudo_nss.h $(incdir)/sudo_plugin.h $(incdir)/sudo_debug.h \
- $(incdir)/gettext.h
- $(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(DEFS) $(authdir)/kerb4.c
kerb5.lo: $(authdir)/kerb5.c $(top_builddir)/config.h $(srcdir)/sudoers.h \
$(top_builddir)/pathnames.h $(incdir)/missing.h $(incdir)/error.h \
$(incdir)/alloc.h $(incdir)/list.h $(incdir)/fileops.h \
+++ /dev/null
-/*
- * Copyright (c) 1999-2005, 2007, 2010-2011
- * Todd C. Miller <Todd.Miller@courtesan.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Sponsored in part by the Defense Advanced Research Projects
- * Agency (DARPA) and Air Force Research Laboratory, Air Force
- * Materiel Command, USAF, under agreement number F39502-99-1-0512.
- */
-
-#include <config.h>
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <stdio.h>
-#ifdef STDC_HEADERS
-# include <stdlib.h>
-# include <stddef.h>
-#else
-# ifdef HAVE_STDLIB_H
-# include <stdlib.h>
-# endif
-#endif /* STDC_HEADERS */
-#ifdef HAVE_STRING_H
-# include <string.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_STRINGS_H
-# include <strings.h>
-#endif /* HAVE_STRING_H */
-#ifdef HAVE_UNISTD_H
-# include <unistd.h>
-#endif /* HAVE_UNISTD_H */
-#include <pwd.h>
-#include <krb.h>
-
-#include "sudoers.h"
-#include "sudo_auth.h"
-
-int
-kerb4_init(struct passwd *pw, sudo_auth *auth)
-{
- static char realm[REALM_SZ];
- debug_decl(kerb4_init, SUDO_DEBUG_AUTH)
-
- /* Don't try to verify root */
- if (pw->pw_uid == 0)
- debug_return_int(AUTH_FAILURE);
-
- /* Get the local realm, or retrun failure (no krb.conf) */
- if (krb_get_lrealm(realm, 1) != KSUCCESS)
- debug_return_int(AUTH_FAILURE);
-
- /* Stash a pointer to the realm (used in kerb4_verify) */
- auth->data = (void *) realm;
-
- debug_return_int(AUTH_SUCCESS);
-}
-
-int
-kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth)
-{
- char tkfile[sizeof(_PATH_SUDO_TIMEDIR) + 4 + MAX_UID_T_LEN];
- char *realm = (char *) auth->data;
- int error;
- debug_decl(kerb4_verify, SUDO_DEBUG_AUTH)
-
- /*
- * Set the ticket file to be in sudo sudo timedir so we don't
- * wipe out other (real) kerberos tickets.
- */
- (void) snprintf(tkfile, sizeof(tkfile), "%s/tkt%u",
- _PATH_SUDO_TIMEDIR, (unsigned int) pw->pw_uid);
- (void) krb_set_tkt_string(tkfile);
-
- /* Convert the password to a ticket given. */
- error = krb_get_pw_in_tkt(pw->pw_name, "", realm, "krbtgt", realm,
- DEFAULT_TKT_LIFE, pass);
-
- switch (error) {
- case INTK_OK:
- dest_tkt(); /* we are done with the temp ticket */
- debug_return_int(AUTH_SUCCESS);
- break;
- case INTK_BADPW:
- case KDC_PR_UNKNOWN:
- break;
- default:
- (void) fprintf(stderr, "Warning: Kerberos error: %s\n",
- krb_err_txt[error]);
- }
-
- debug_return_int(AUTH_FAILURE);
-}
#ifdef HAVE_DCE
AUTH_ENTRY("dce", 0, NULL, NULL, dce_verify, NULL, NULL, NULL)
#endif
-#ifdef HAVE_KERB4
- AUTH_ENTRY("kerb4", 0, kerb4_init, NULL, kerb4_verify, NULL, NULL, NULL)
-#endif
#ifdef HAVE_KERB5
AUTH_ENTRY("kerb5", 0, kerb5_init, kerb5_setup, kerb5_verify, kerb5_cleanup, NULL, NULL)
#endif
int rfc1938_verify(struct passwd *pw, char *pass, sudo_auth *auth);
int afs_verify(struct passwd *pw, char *pass, sudo_auth *auth);
int dce_verify(struct passwd *pw, char *pass, sudo_auth *auth);
-int kerb4_init(struct passwd *pw, sudo_auth *auth);
-int kerb4_verify(struct passwd *pw, char *pass, sudo_auth *auth);
int kerb5_init(struct passwd *pw, sudo_auth *auth);
int kerb5_setup(struct passwd *pw, char **prompt, sudo_auth *auth);
int kerb5_verify(struct passwd *pw, char *pass, sudo_auth *auth);
#ifdef __APPLE__
"DYLD_*",
#endif
-#ifdef HAVE_KERB4
- "KRB_CONF*",
- "KRBCONFDIR",
- "KRBTKFILE",
-#endif /* HAVE_KERB4 */
#ifdef HAVE_KERB5
"KRB5_CONFIG*",
"KRB5_KTNAME",
projects / sudo / commitdiff