From da699c8b81e818ba97ff8115397d7f7afe0bf512 Mon Sep 17 00:00:00 2001 From: Michael Meffie Date: Mon, 10 Sep 2018 23:47:33 -0400 Subject: [PATCH] klog.krb5 -lifetime is not implemented The klog.krb5 -lifetime option was copied from earlier versions of log and klog, which had the ability to set the krb4 token lifetime. However, the -lifetime option is not feasible the krb5 version, and so is not implemented in klog.krb5. Update the klog.krb5 man page to document the -lifetime option has no effect. Remove the code which unnecessarily checks the unused klog.krb5 -lifetime command line argument. The unused lifetime variable was discovered by Pat Riehecky using the clang scan-build static analyzer. Change-Id: I5f459ec46eaff87a69ccdf7de386a671d0944a5a Reviewed-on: https://gerrit.openafs.org/13309 Tested-by: BuildBot Reviewed-by: PatRiehecky Reviewed-by: Michael Meffie Reviewed-by: Benjamin Kaduk --- doc/man-pages/pod1/klog.krb5.pod | 14 +------------- src/aklog/klog.c | 32 +------------------------------- 2 files changed, 2 insertions(+), 44 deletions(-) diff --git a/doc/man-pages/pod1/klog.krb5.pod b/doc/man-pages/pod1/klog.krb5.pod index 023deeef6f..419fc6928c 100644 --- a/doc/man-pages/pod1/klog.krb5.pod +++ b/doc/man-pages/pod1/klog.krb5.pod @@ -60,11 +60,6 @@ the following: =item * -The lifetime specified by the issuer with the B<-lifetime> argument if -that argument was given. - -=item * - The maximum ticket lifetime recorded for the C> principal in thet Kerberos database. @@ -191,8 +186,7 @@ major problems encountered. =item B<-lifetime> -Requests a specific lifetime for the token. Provide a number of hours and -optionally minutes and seconds in the format I[B<:>I[B<:>I]]. +This option is not implemented by B and has no effect. =item B<-setpag> @@ -258,12 +252,6 @@ Corporation's test cell: % klog.krb5 -principal admin -cell test.example.com Password for admin@EXAMPLE.COM: -In the following, the issuer requests a ticket lifetime of 104 hours 30 -minutes (4 days 8 hours 30 minutes). - - % klog.krb5 -lifetime 104:30 - Password for user@EXAMPLE.ORG: - =head1 PRIVILEGE REQUIRED None diff --git a/src/aklog/klog.c b/src/aklog/klog.c index 88e49070ae..ebeb006a1f 100644 --- a/src/aklog/klog.c +++ b/src/aklog/klog.c @@ -126,6 +126,7 @@ main(int argc, char *argv[]) cmd_AddParm(ts, "-pipe", CMD_FLAG, CMD_OPTIONAL, "read password from stdin"); cmd_AddParm(ts, "-silent", CMD_FLAG, CMD_OPTIONAL, "silent operation"); + /* Note: -lifetime is not implemented in this version of klog. */ cmd_AddParm(ts, "-lifetime", CMD_SINGLE, CMD_OPTIONAL, "ticket lifetime in hh[:mm[:ss]]"); cmd_AddParm(ts, "-setpag", CMD_FLAG, CMD_OPTIONAL, @@ -358,7 +359,6 @@ CommandProc(struct cmd_syndesc *as, void *arock) int authtype; #endif krb5_data enc_part[1]; - time_t lifetime; /* requested ticket lifetime */ krb5_prompter_fct pf = NULL; char *pass = 0; void *pa = 0; @@ -508,36 +508,6 @@ CommandProc(struct cmd_syndesc *as, void *arock) pass = passwd; } - if (as->parms[aLIFETIME].items) { - char *life = as->parms[aLIFETIME].items->data; - char *sp; /* string ptr to rest of life */ - lifetime = 3600 * strtol(life, &sp, 0); /* hours */ - if (sp == life) { - bad_lifetime: - if (!Silent) - fprintf(stderr, "%s: translating '%s' to lifetime failed\n", - rn, life); - return 1; - } - if (*sp == ':') { - life = sp + 1; /* skip the colon */ - lifetime += 60 * strtol(life, &sp, 0); /* minutes */ - if (sp == life) - goto bad_lifetime; - if (*sp == ':') { - life = sp + 1; - lifetime += strtol(life, &sp, 0); /* seconds */ - if (sp == life) - goto bad_lifetime; - if (*sp) - goto bad_lifetime; - } else if (*sp) - goto bad_lifetime; - } else if (*sp) - goto bad_lifetime; - } else - lifetime = 0; - /* Get the password if it wasn't provided. */ if (!pass) { if (Pipe) {