auth: Remove src/auth/copyauth

Analysis of the source for code for copyauth has flagged potential string buffer overflows due to the use of strcpy. Attempting to fix the use of strcpy, would require additional work since copyauth currently fails to build due to unresolved external references during linking. The copyauth command has not been built by default on non-Windows systems since 2009, 'curpag-via-pioctl-20090603' (4af75fe96a), and never has been built by default on Windows system since the initial git commit for openafs. According to the man page, the functionality of copyauth has been superseded by aklog, there is also a caution noted about using copyauth due to security concerns. Remove the copyauth utility and the associated references. Change-Id: I96ba9af341bc97a329132ed4fd39f3b567d0ea4a Reviewed-on: https://gerrit.openafs.org/15480 Reviewed-by: Andrew Deason <adeason@sinenomine.net> Tested-by: BuildBot <buildbot@rampaginggeek.com> Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
2025-01-18 06:50:12 +00:00 · 2023-06-21 10:12:41 -06:00 · 2023-06-21 10:12:41 -06:00 · c0ff0c7f42
commit c0ff0c7f42
parent 3bf2a27566
12 changed files with 3 additions and 159 deletions
--- a/doc/man-pages/NTMakefile
+++ b/doc/man-pages/NTMakefile
@ -33,7 +33,6 @@ PODS = \
        pod1\aklog.pod                 \
        pod1\cmdebug.pod               \
        pod1\afs_compile_et.pod        \
-        pod1\copyauth.pod              \
        pod1\dlog.pod                  \
        pod1\fs.pod                    \
        pod1\fs_apropos.pod            \
--- a/doc/man-pages/pod1/copyauth.pod
+++ b/doc/man-pages/pod1/copyauth.pod
@ -1,44 +0,0 @@
-=head1 NAME
-
-copyauth - Copies user's AFS credentials to a new cell
-
-=head1 SYNOPSIS
-
-=for html
-<div class="synopsis">
-
-B<copyauth> S<<< <I<cell name>> >>> 
-
-=for html
-</div>
-
-=head1 DESCRIPTION
-
-The B<copyauth> command copies existing AFS credentials in the local
-cell to the foreign cell specified on the command line.  
-
-The functionality in this command is largely superseded by L<aklog(1)>.
-
-=head1 CAUTIONS
-
-This functionality only works if you have a shared AFS key across multiple
-cells, which is strongly discouraged as it weakens security.  If you do
-not understand those risks, you should not use this tool.
-
-=head1 EXAMPLES
-
-   % copyauth other.cell.org
-
-=head1 PRIVILEGE REQUIRED
-
-None.
-
-=head1 SEE ALSO
-
-L<aklog(1)>,
-L<tokens(1)>
-
-=head1 COPYRIGHT
-
-This documentation was written by Steven Jenkins and is covered 
-by the IBM Public License Version 1.0. 
--- a/src/WINNT/install/wix/files.wxi
+++ b/src/WINNT/install/wix/files.wxi
@ -361,7 +361,6 @@
                            <File Id="file_CmdRef_1_afsmonitor_html" Name="afsmonit.htm" LongName="afsmonitor.html" DiskId="1" />
                            <File Id="file_CmdRef_1_aklog_html" Name="aklog.htm" LongName="aklog.html" DiskId="1" />
                            <File Id="file_CmdRef_1_cmdebug_html" Name="cmdebug.htm" LongName="cmdebug.html" DiskId="1" />
-                            <File Id="file_CmdRef_1_copyauth_html" Name="copyauth.htm" LongName="copyauth.html" DiskId="1" />
                            <File Id="file_CmdRef_1_dlog_html" Name="dlog.htm" LongName="dlog.html" DiskId="1" />
                            <File Id="file_CmdRef_1_fs_html"  Name="fs.htm"  LongName="fs.html"  DiskId="1"  />
                            <File Id="file_CmdRef_1_fs_apropos_html"  Name="fs_aprop.htm"  LongName="fs_apropos.html"  DiskId="1"  />
--- a/src/auth/.gitignore
+++ b/src/auth/.gitignore
@ -5,7 +5,6 @@
 /acfg_errors.c
 /auth.h
 /cellconfig.h
-/copyauth
 /ktc_errors.c
 /setkey
 /token.h
--- a/src/auth/Makefile.in
+++ b/src/auth/Makefile.in
@ -87,7 +87,6 @@ cellconfig.lo: cellconfig.c ${INCLS}
 realms.lo: realms.c ${INCLS}
 netrestrict.lo: ${INCLS}

-copyauth.o: copyauth.c ${INCLS} AFS_component_version_number.o
 setkey.o: setkey.c ${INCLS} AFS_component_version_number.o

 $(LT_objs): $(INCLS)
@ -111,9 +110,6 @@ libauth_pic.la: $(LT_objs)
 libpam_auth.la: $(BASE_objs)
 	$(LT_LDLIB_pic) $(BASE_objs)

-copyauth: copyauth.o ${LIBS}
-	$(AFS_LDRULE) copyauth.o ${LIBS} ${XLIBS}
-
 setkey: setkey.o ${LIBS}
 	$(AFS_LDRULE) setkey.o ${LIBS} ${XLIBS}

@ -126,7 +122,6 @@ cellconfig.h: acfg_errors.et cellconfig.p.h
 CFLAGS_authcon.lo = @CFLAGS_NODEPRECATED_DECLARATIONS@
 authcon.lo: cellconfig.h
 cellconfig.lo: cellconfig.h
-copyauth.o: cellconfig.h
 keys.lo: cellconfig.h
 ktc.lo: cellconfig.h
 netrestrict.lo: cellconfig.h
@ -141,7 +136,6 @@ auth.h: ktc_errors.et auth.p.h
 	${COMPILE_ET_H} -p ${srcdir} ktc_errors -h auth

 authcon.lo: auth.h
-copyauth.o: auth.h
 ktc.lo: auth.h
 token.lo: auth.h
 userok.lo: auth.h
@ -187,7 +181,7 @@ test:

 clean:
 	$(LT_CLEAN)
-	$(RM) -f *.o *.a copyauth setkey auth.h cellconfig.h acfg_errors.c \
+	$(RM) -f *.o *.a setkey auth.h cellconfig.h acfg_errors.c \
 		ktc_errors.c token.h token.xdr.c core Ktoken.xdr.c \
 		AFS_component_version_number.c

--- a/src/auth/NTMakefile
+++ b/src/auth/NTMakefile
@ -108,19 +108,6 @@ $(SETKEY_EXEFILE): $(SETKEY_EXEOBJS) $(EXELIBS)
        $(CODESIGN_USERLAND)
        $(SYMSTORE_IMPORT)

-# build copyauth
-COPYAUTH_EXEFILE = $(DESTDIR)\etc\copyauth.exe
-
-COPYAUTH_EXEOBJS =\
-	$(OUT)\copyauth.obj
-
-$(COPYAUTH_EXEFILE): $(COPYAUTH_EXEOBJS) $(EXELIBS)
-	$(EXECONLINK)
-        $(_VC_MANIFEST_EMBED_EXE)
-	$(EXEPREP)
-        $(CODESIGN_USERLAND)
-        $(SYMSTORE_IMPORT)
-
 $(INCFILES):$$(@F)
 	 $(COPY)  $** $(INCFILEDIR)\.

@ -134,7 +121,7 @@ ktc_errors.c auth.h: ktc_errors.et auth.p.h

 install_headers: $(INCFILES)

-install: $(AFSAUTH_LIBFILE) $(AFSAUTH_KRB_LIBFILE) $(OUT)\setkey.exe # $(COPYAUTH_EXEFILE)
+install: $(AFSAUTH_LIBFILE) $(AFSAUTH_KRB_LIBFILE) $(OUT)\setkey.exe

 clean::
 	$(DEL) acfg_errors.c ktc_errors.c
--- a/src/auth/copyauth.c
+++ b/src/auth/copyauth.c
@ -1,86 +0,0 @@
-/*
- * Copyright 2000, International Business Machines Corporation and others.
- * All Rights Reserved.
- *
- * This software has been released under the terms of the IBM Public
- * License.  For details, see the LICENSE file in the top-level source
- * directory or online at http://www.openafs.org/dl/license10.html
- */
-
-#include <afsconfig.h>
-#include <afs/param.h>
-
-#include <roken.h>
-
-#include <afs/afsutil.h>
-
-#include "auth.h"
-#include "cellconfig.h"
-
-#include "AFS_component_version_number.c"
-
-char whoami[256];
-
-int
-main(int argc, char **argv)
-{
-    char localName[64];
-    afs_int32 code;
-    char *cname;
-    struct afsconf_dir *tdir;
-    struct ktc_principal tserver;
-    struct ktc_token token;
-
-    strcpy(whoami, argv[0]);
-
-    if (argc <= 1) {
-	printf
-	    ("%s: copies a file system ticket from the local cell to another cell\n",
-	     whoami);
-	printf("%s: usage is 'setauth <new-cell>\n", whoami);
-	exit(1);
-    }
-
-    cname = argv[1];
-
-    /* lookup the name of the local cell */
-    tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
-    if (!tdir) {
-	printf("copyauth: can't open dir %s\n", AFSDIR_CLIENT_ETC_DIRPATH);
-	exit(1);
-    }
-    code = afsconf_GetLocalCell(tdir, localName, sizeof(localName));
-    if (code) {
-	printf("%s: can't determine local cell name\n", whoami);
-	exit(1);
-    }
-    /* done with configuration stuff now */
-    afsconf_Close(tdir);
-
-
-    /* get ticket in local cell */
-    strcpy(tserver.cell, localName);
-    strcpy(tserver.name, "afs");
-    tserver.instance[0] = 0;
-    code = ktc_GetToken(&tserver, &token, sizeof(token), NULL);
-    if (code) {
-	printf
-	    ("%s: failed to get '%s' service ticket in cell '%s' (code %d)\n",
-	     whoami, tserver.name, tserver.cell, code);
-	exit(1);
-    }
-
-    /* and now set the ticket in the new cell */
-    strcpy(tserver.cell, argv[1]);
-    code = ktc_SetToken(&tserver, &token, NULL, 0);
-    if (code) {
-	printf
-	    ("%s: failed to set ticket (code %d), are you sure you're authenticated?\n",
-	     whoami, code);
-	exit(1);
-    }
-
-    /* all done */
-    printf("Authentication established for cell %s.\n", cname);
-    exit(0);
-}
--- a/src/auth/test/Makefile.in
+++ b/src/auth/test/Makefile.in
@ -33,7 +33,7 @@ testnetrestrict: testnetrestrict.lo

 clean:
 	$(LT_CLEAN)
-	$(RM) -f *.o copyauth testcellconf ktctest testnetrestrict core
+	$(RM) -f *.o testcellconf ktctest testnetrestrict core

 install:

--- a/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.00
+++ b/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.00
@ -182,7 +182,6 @@
        file_permissions -u 222 -o root -g sys
          file	backup
          file  butc
-          file  copyauth
 	  file	fms
 	  file	fstrace
          file	kas
--- a/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.11
+++ b/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.11
@ -183,7 +183,6 @@
        file_permissions -u 222 -o root -g sys
          file	backup
          file  butc
-          file  copyauth
 	  file	fms
 	  file	fstrace
          file	kas
--- a/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.22
+++ b/src/packaging/HP-UX/psf-1.2.10-transarc-paths-11.22
@ -182,7 +182,6 @@
        file_permissions -u 222 -o root -g sys
          file	backup
          file  butc
-          file  copyauth
 	  file	fms
 	  file	fstrace
          file	kas
--- a/src/packaging/RedHat/openafs.spec.in
+++ b/src/packaging/RedHat/openafs.spec.in
@ -776,7 +776,6 @@ rm -f $RPM_BUILD_ROOT%{_mandir}/man1/symlink_list.1
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/symlink_make.1
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/symlink_remove.1
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/dlog.*
-rm -f $RPM_BUILD_ROOT%{_mandir}/man1/copyauth.*
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/dpass.*
 rm -f $RPM_BUILD_ROOT%{_mandir}/man1/livesys.*
 rm -f $RPM_BUILD_ROOT%{_mandir}/man8/afsd.fuse.8