Remove "incomplete" TCB support

configure.ac

@@ -230,9 +230,6 @@ AC_ARG_WITH(attr,
 AC_ARG_WITH(skey,
 	[AS_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
 	[with_skey=$withval], [with_skey=no])
-AC_ARG_WITH(tcb,
-	[AS_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
-	[with_tcb=$withval], [with_tcb=maybe])
 AC_ARG_WITH(sha-crypt,
 	[AS_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
 	[with_sha_crypt=$withval], [with_sha_crypt=yes])
@@ -565,28 +562,6 @@ if test "$with_selinux" != "no"; then
 	fi
 fi
 
-AC_SUBST(LIBTCB)
-if test "$with_tcb" != "no"; then
-	AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
-	if test "$tcb_header$with_tcb" = "noyes" ; then
-		AC_MSG_ERROR([tcb.h is missing])
-	elif test "$tcb_header" = "yes" ; then
-		AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
-		if test "$tcb_lib$with_tcb" = "noyes" ; then
-			AC_MSG_ERROR([libtcb not found])
-		elif test "$tcb_lib" = "no" ; then
-			with_tcb="no"
-		else
-			AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
-			LIBTCB="-ltcb"
-			with_tcb="yes"
-		fi
-	else
-		with_tcb="no"
-	fi
-fi
-AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
-
 AC_SUBST(LIBPAM)
 if test "$with_libpam" != "no"; then
 	AC_CHECK_LIB(pam, pam_start,
@@ -757,7 +732,6 @@ echo "	SELinux support:		$with_selinux"
 echo "	BtrFS support:			$with_btrfs"
 echo "	ACL support:			$with_acl"
 echo "	Extended Attributes support:	$with_attr"
-echo "	tcb support (incomplete):	$with_tcb"
 echo "	shadow group support:		$enable_shadowgrp"
 echo "	S/Key support:			$with_skey"
 echo "	SHA passwords encryption:	$with_sha_crypt"

lib/Makefile.am

@@ -208,10 +208,6 @@ libshadow_la_SOURCES = \
 	xgetspnam.c \
 	yesno.c
 
-if WITH_TCB
-libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
-endif
-
 if WITH_BTRFS
 libshadow_la_SOURCES += btrfs.c
 endif

lib/commonio.c

@@ -29,9 +29,6 @@
 #include "defines.h"
 #include "memzero.h"
 #include "nscd.h"
-#ifdef WITH_TCB
-#include <tcb.h>
-#endif				/* WITH_TCB */
 #include "prototypes.h"
 #include "shadowlog_internal.h"
 #include "sssd.h"
@@ -608,13 +605,6 @@ int commonio_open (struct commonio_db *db, int mode)
 	saved_errno = errno;
 	db->fp = NULL;
 	if (fd >= 0) {
-#ifdef WITH_TCB
-		if (tcb_is_suspect (fd) != 0) {
-			(void) close (fd);
-			errno = EINVAL;
-			return 0;
-		}
-#endif				/* WITH_TCB */
 		db->fp = fdopen (fd, db->readonly ? "r" : "r+");
 		saved_errno = errno;
 		if (NULL == db->fp) {

lib/getdef.c

@@ -145,11 +145,6 @@ static struct itemdef def_table[] = {
 #endif
 	{"SYSLOG_SG_ENAB", NULL},
 	{"SYSLOG_SU_ENAB", NULL},
-#ifdef WITH_TCB
-	{"TCB_AUTH_GROUP", NULL},
-	{"TCB_SYMLINKS", NULL},
-	{"USE_TCB", NULL},
-#endif
 	{"FORCE_SHADOW", NULL},
 	{"GRANT_AUX_GROUP_SUBIDS", NULL},
 	{"PREVENT_NO_AUTH", NULL},

lib/shadowio.c

@@ -19,10 +19,6 @@
 #include "commonio.h"
 #include "getdef.h"
 #include "shadowio.h"
-#ifdef WITH_TCB
-#include <tcb.h>
-#include "tcbfuncs.h"
-#endif				/* WITH_TCB */
 
 static /*@null@*/ /*@only@*/void *shadow_dup (const void *ent)
 {
@@ -117,45 +113,12 @@ bool spw_file_present (void)
 
 int spw_lock (void)
 {
-#ifdef WITH_TCB
-	int retval = 0;
-
-	if (!getdef_bool ("USE_TCB")) {
-#endif				/* WITH_TCB */
-		return commonio_lock (&shadow_db);
-#ifdef WITH_TCB
-	}
-	if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
-		return 0;
-	}
-	if (lckpwdf_tcb (shadow_db.filename) == 0) {
-		shadow_db.locked = 1;
-		retval = 1;
-	}
-	if (shadowtcb_gain_priv () == SHADOWTCB_FAILURE) {
-		return 0;
-	}
-	return retval;
-#endif				/* WITH_TCB */
+	return commonio_lock (&shadow_db);
 }
 
 int spw_open (int mode)
 {
-	int retval = 0;
-#ifdef WITH_TCB
-	bool use_tcb = getdef_bool ("USE_TCB");
-
-	if (use_tcb && (shadowtcb_drop_priv () == SHADOWTCB_FAILURE)) {
-		return 0;
-	}
-#endif				/* WITH_TCB */
-	retval = commonio_open (&shadow_db, mode);
-#ifdef WITH_TCB
-	if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) {
-		return 0;
-	}
-#endif				/* WITH_TCB */
-	return retval;
+	return commonio_open (&shadow_db, mode);
 }
 
 /*@observer@*/ /*@null@*/const struct spwd *spw_locate (const char *name)
@@ -185,45 +148,12 @@ int spw_rewind (void)
 
 int spw_close (void)
 {
-	int retval = 0;
-#ifdef WITH_TCB
-	bool use_tcb = getdef_bool ("USE_TCB");
-
-	if (use_tcb && (shadowtcb_drop_priv () == SHADOWTCB_FAILURE)) {
-		return 0;
-	}
-#endif				/* WITH_TCB */
-	retval = commonio_close (&shadow_db);
-#ifdef WITH_TCB
-	if (use_tcb && (shadowtcb_gain_priv () == SHADOWTCB_FAILURE)) {
-		return 0;
-	}
-#endif				/* WITH_TCB */
-	return retval;
+	return commonio_close (&shadow_db);
 }
 
 int spw_unlock (void)
 {
-#ifdef WITH_TCB
-	int retval = 0;
-
-	if (!getdef_bool ("USE_TCB")) {
-#endif				/* WITH_TCB */
-		return commonio_unlock (&shadow_db);
-#ifdef WITH_TCB
-	}
-	if (shadowtcb_drop_priv () == SHADOWTCB_FAILURE) {
-		return 0;
-	}
-	if (ulckpwdf_tcb () == 0) {
-		shadow_db.locked = 0;
-		retval = 1;
-	}
-	if (shadowtcb_gain_priv () == SHADOWTCB_FAILURE) {
-		return 0;
-	}
-	return retval;
-#endif				/* WITH_TCB */
+	return commonio_unlock (&shadow_db);
 }
 
 struct commonio_entry *__spw_get_head (void)
@@ -239,10 +169,5 @@ void __spw_del_entry (const struct commonio_entry *ent)
 /* Sort with respect to passwd ordering. */
 int spw_sort ()
 {
-#ifdef WITH_TCB
-	if (getdef_bool ("USE_TCB")) {
-		return 0;
-	}
-#endif				/* WITH_TCB */
 	return commonio_sort_wrt (&shadow_db, __pw_get_db ());
 }