From: Ivailo Monev <xakepa10@gmail.com>
Date: Tue, 29 Mar 2022 13:57:39 +0000 (+0300)
Subject: kdm: drop disabled krb4 support
X-Git-Tag: 4.22.0~762
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=5d1148e9dd4d1aef2e2b5a3d2e8ad437c40b38d8;p=kde%2Fkde-workspace.git

kdm: drop disabled krb4 support

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
---

diff --git a/kdm/ConfigureChecks.cmake b/kdm/ConfigureChecks.cmake
index 2b077880..02ee779b 100644
--- a/kdm/ConfigureChecks.cmake
+++ b/kdm/ConfigureChecks.cmake
@@ -140,26 +140,6 @@ if (X11_Xdmcp_FOUND)
     cmake_reset_check_state()
 endif (X11_Xdmcp_FOUND)
 
-option(KDE4_KERBEROS4 "Compile KDM with Kerberos v4 support" OFF)
-if (KDE4_KERBEROS4)
-    find_path(KRB4_INCLUDE_DIR krb.h)
-    find_library(KRB4_LIBRARY krb)
-    find_library(DES_LIBRARY des)
-    if (KRB4_INCLUDE_DIR AND KRB4_LIBRARY)
-        set(KERBEROS 1)
-        set(KRB4_LIBRARIES ${KRB4_LIBRARY} ${DES_LIBRARY} ${RESOLV_LIBRARIES})
-    endif (KRB4_INCLUDE_DIR AND KRB4_LIBRARY)
-    option(KDE4_AFS "Compile KDM with AFS support" OFF)
-    if (KDE4_AFS)
-        find_path(AFS_INCLUDE_DIR kafs.h)
-        find_library(AFS_LIBRARY kafs)
-        if (AFS_INCLUDE_DIR AND AFS_LIBRARY)
-            set(AFS 1)
-            set(KRB4_LIBRARIES ${KRB4_LIBRARIES} ${AFS_LIBRARY})
-        endif (AFS_INCLUDE_DIR AND AFS_LIBRARY)
-    endif (KDE4_AFS)
-endif (KDE4_KERBEROS4)
-
 option(KDE4_XDMCP "Build KDM with XDMCP support" ON)
 if (KDE4_XDMCP AND X11_Xdmcp_FOUND)
     set(XDMCP 1)
diff --git a/kdm/README b/kdm/README
index a6d821d6..f8daafe5 100644
--- a/kdm/README
+++ b/kdm/README
@@ -14,14 +14,6 @@ cmake options that affect KDM
   Set the PAM service used by all of kdebase resp. specifically by KDM.
   Whether PAM should be used in the first place is auto-detected.
 
--DKDE4_KERBEROS4:BOOL=ON
-  Compile KDM (and the LDAP KIO slave) with KTH Kerberos 4 support. Note
-  that this does not work with the Kerberos 4 compatibility layer found in
-  MIT Kerberos 5. This affects KDM only if PAM is not used.
-
--DKDE4_AFS:BOOL=ON
-  Compile KDM with AFS support. Depends on KDE4_KERBEROS4.
-
 -DKDE4_KRB5AUTH:BOOL=ON
 -DKDE4_RPCAUTH:BOOL=ON
   Compile KDM with Kerberos 5 resp. secure RPC support for X authorization
diff --git a/kdm/backend/client.c b/kdm/backend/client.c
index 195c5db8..932faf6e 100644
--- a/kdm/backend/client.c
+++ b/kdm/backend/client.c
@@ -56,13 +56,6 @@ extern int key_setnet(struct key_netstarg *arg);
 #ifdef USE_PAM
 # include <security/pam_appl.h>
 #else /* USE_PAM */
-# ifdef KERBEROS
-#  include <sys/param.h>
-#  include <krb.h>
-#  ifdef AFS
-#   include <kafs.h>
-#  endif
-# endif
 /* for nologin */
 # include <sys/types.h>
 # include <unistd.h>
@@ -106,9 +99,6 @@ static int inAuth;
 # ifdef USESHADOW
 static struct spwd *sp;
 # endif
-# ifdef KERBEROS
-static char krbtkfile[MAXPATHLEN];
-# endif
 #endif
 
 static void
@@ -121,8 +111,7 @@ displayStr(int lv, const char *msg)
 }
 
 #if !defined(USE_PAM) \
-     && (defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW) \
-         || (defined(KERBEROS) && defined(AFS)))
+     && (defined(HAVE_STRUCT_PASSWD_PW_EXPIRE) || defined(USESHADOW))
 static void
 displayMsg(int lv, const char *msg, ...)
 {
@@ -605,36 +594,6 @@ verify(GConvFunc gconv, int rootok)
             V_RET_NP;
     }
 
-# ifdef KERBEROS
-    if (p->pw_uid) {
-        int ret;
-        char realm[REALM_SZ];
-
-        if (krb_get_lrealm(realm, 1)) {
-            logError("Cannot get KerberosIV realm.\n");
-            V_RET_FAIL(0);
-        }
-
-        sprintf(krbtkfile, "%s.%.*s", TKT_ROOT, MAXPATHLEN - strlen(TKT_ROOT) - 2, td->name);
-        krb_set_tkt_string(krbtkfile);
-        unlink(krbtkfile);
-
-        ret = krb_verify_user(curuser, "", realm, curpass, 1, "rcmd");
-        if (ret == KSUCCESS) {
-            chown(krbtkfile, p->pw_uid, p->pw_gid);
-            debug("KerberosIV verify succeeded\n");
-            goto done;
-        } else if (ret != KDC_PR_UNKNOWN && ret != SKDC_CANT) {
-            logError("KerberosIV verification failure %\"s for %s\n",
-                     krb_get_err_text(ret), curuser);
-            krbtkfile[0] = '\0';
-            V_RET_FAIL(0);
-        }
-        debug("KerberosIV verify failed: %s\n", krb_get_err_text(ret));
-    }
-    krbtkfile[0] = '\0';
-# endif /* KERBEROS */
-
 # if defined(HAVE_PW_ENCRYPT)
     if (!(crpt_passwd = pw_encrypt(curpass, p->pw_passwd)) || strcmp(crpt_passwd, p->pw_passwd))
 # elif defined(HAVE_CRYPT)
@@ -1174,25 +1133,6 @@ startClient(volatile int *pid)
 
     strcpy(curuser, p->pw_name); /* Use normalized login name. */
 
-#if !defined(USE_PAM) && defined(KERBEROS) && defined(AFS)
-    if (krbtkfile[0] != '\0') {
-        if (k_hasafs()) {
-            int fail = False;
-            if (k_setpag() == -1) {
-                logError("setpag() for %s failed\n", curuser);
-                fail = True;
-            }
-            if ((ret = k_afsklog(0, 0)) != KSUCCESS) {
-                logError("AFS Warning: %s\n", krb_get_err_text(ret));
-                fail = True;
-            }
-            if (fail)
-                displayMsg(V_MSG_ERR,
-                           "Warning: Problems during Kerberos4/AFS setup.");
-        }
-    }
-#endif /* !PAM && KERBEROS && AFS*/
-
     curuid = p->pw_uid;
     curgid = p->pw_gid;
 
@@ -1210,10 +1150,6 @@ startClient(volatile int *pid)
     env = setEnv(env, "PATH", curuid ? td->userPath : td->systemPath);
     env = setEnv(env, "SHELL", p->pw_shell);
     env = setEnv(env, "HOME", p->pw_dir);
-#if !defined(USE_PAM) && defined(KERBEROS)
-    if (krbtkfile[0] != '\0')
-        env = setEnv(env, "KRBTKFILE", krbtkfile);
-#endif
     userEnviron = inheritEnv(env, envvars);
     env = systemEnv(0, curuser);
     systemEnviron = setEnv(env, "HOME", p->pw_dir);
@@ -1634,17 +1570,6 @@ clientExited(void)
 #ifdef K5AUTH
                 krb5Destroy(td->name);
 #endif /* K5AUTH */
-#if !defined(USE_PAM)
-# ifdef KERBEROS
-                if (krbtkfile[0]) {
-                    (void)dest_tkt();
-#  ifdef AFS
-                    if (k_hasafs())
-                        (void)k_unlog();
-#  endif
-                }
-# endif
-#endif /* !USE_PAM */
             }
             exit(0);
         case -1:
diff --git a/kdm/config-kdm.h.cmake b/kdm/config-kdm.h.cmake
index d508f59a..355e99da 100644
--- a/kdm/config-kdm.h.cmake
+++ b/kdm/config-kdm.h.cmake
@@ -67,12 +67,6 @@
 /* Define if kdm should use Kerberos 5 for Xauth cookies. */
 #cmakedefine K5AUTH 1
 
-/* Define if kdm should use Kerberos IV */
-#cmakedefine KERBEROS 1
-
-/* Define if kdm should not use AFS */
-#cmakedefine AFS 1
-
 /* Define if kdm should be built with XDMCP support */
 #cmakedefine XDMCP 1
 
diff --git a/kdm/config.def b/kdm/config.def
index 279c6e38..7534497f 100644
--- a/kdm/config.def
+++ b/kdm/config.def
@@ -1045,8 +1045,7 @@ Instance: #"/nfs-shared/var/dmrcs"
 Comment: &
 Description:
  The directory in which &kdm; should store users' <filename>.dmrc</filename> files. This is only
- needed if the home directories are not readable before actually logging in
- (like with AFS).
+ needed if the home directories are not readable before actually logging in.
 
 
 Section: Xdmcp