Remove krb4 support from clients. Some of the code has been

simplified to remove architectural relics of the -4 and -5 options,
but more simplification is likely possible, particularly in kinit.

ticket: 6303
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21449 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 6 insertions, 205 deletions

diff --git a/src/clients/klist/Makefile.in b/src/clients/klist/Makefile.in
index 2a4977bba4..6ec90b1b4d 100644
--- a/src/clients/klist/Makefile.in
+++ b/src/clients/klist/Makefile.in
@@ -22,8 +22,8 @@ SRCS = klist.c
 all-unix:: klist
 ##WIN32##all-windows:: $(KLIST)
 
-klist: klist.o $(KRB4COMPAT_DEPLIBS)
-	$(CC_LINK) -o $@ klist.o $(KRB4COMPAT_LIBS)
+klist: klist.o $(KRB5_BASE_DEPLIBS)
+	$(CC_LINK) -o $@ klist.o $(KRB5_BASE_LIBS)
 
 ##WIN32##$(KLIST): $(OUTPRE)klist.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(SLIB) $(KLIB) $(CLIB) $(EXERES)
 ##WIN32##	link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(SCLIB)
diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M
index c5f66d5250..b3603fd5f6 100644
--- a/src/clients/klist/klist.M
+++ b/src/clients/klist/klist.M
@@ -25,7 +25,7 @@
 .SH NAME
 klist \- list cached Kerberos tickets
 .SH SYNOPSIS
-\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] 
+\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] 
 [\fB\-s\fP] [\fB\-a\fP  [\fB\-n\fP]]]
 [\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]]
 [\fIcache_name\fP | \fIkeytab_name\fP]
@@ -36,24 +36,8 @@ lists the Kerberos principal and Kerberos tickets held in a credentials
 cache, or the keys held in a
 .B keytab
 file.
-If klist was built with Kerberos 4 support, the default behavior is to list
-both Kerberos 5 and Kerberos 4 credentials.  Otherwise, klist will default
-to listing only Kerberos 5 credentials.
 .SH OPTIONS
 .TP
-.B \-5
-list Kerberos 5 credentials.  This overrides whatever the default built-in
-behavior may be.  This option may be used with
-.B \-4
-.
-.TP
-.B \-4
-list Kerberos 4 credentials.  This overrides whatever the default built-in
-behavior may be.  This option is only available if kinit was built
-with Kerberos 4 compatibility.  This option may be used with 
-.B \-5
-.
-.TP
 .B \-e
 displays the encryption types of the session key and the ticket for each
 credential in the credential cache, or each key in the keytab file.
@@ -133,18 +117,11 @@ uses the following environment variables:
 .TP "\w'.SM KRB5CCNAME\ \ 'u"
 .SM KRB5CCNAME
 Location of the Kerberos 5 credentials (ticket) cache.
-.TP "\w'.SM KRBTKFILE\ \ 'u"
-.SM KRBTKFILE
-Filename of the Kerberos 4 credentials (ticket) cache.
 .SH FILES
 .TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
 /tmp/krb5cc_[uid]
 default location of Kerberos 5 credentials cache 
 ([uid] is the decimal UID of the user).
-.TP "\w'/tmp/tkt[uid]\ \ 'u"
-/tmp/tkt[uid]
-default location of Kerberos 4 credentials cache 
-([uid] is the decimal UID of the user).
 .TP
 /etc/krb5.keytab
 default location for the local host's
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index f1a251c660..70ca604e51 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -29,9 +29,6 @@
 
 #include "autoconf.h"
 #include <krb5.h>
-#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
-#endif
 #include <com_err.h>
 #include <stdlib.h>
 #ifdef HAVE_UNISTD_H
@@ -76,43 +73,16 @@ void printtime (time_t);
 void one_addr (krb5_address *);
 void fillit (FILE *, unsigned int, int);
 
-#ifdef KRB5_KRB4_COMPAT
-void do_v4_ccache (char *);
-#endif /* KRB5_KRB4_COMPAT */
-
 #define DEFAULT 0
 #define CCACHE 1
 #define KEYTAB 2
 
-/*
- * The reason we start out with got_k4 and got_k5 as zero (false) is
- * so that we can easily add dynamic loading support for determining
- * whether Kerberos 4 and Keberos 5 libraries are available
- */
-
-static int got_k5 = 0; 
-static int got_k4 = 0;
-
-static int default_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
-static int default_k4 = 1;
-#else
-static int default_k4 = 0;
-#endif
-
 static void usage()
 {
 #define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
 
-    fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] %s",
+    fprintf(stderr, "Usage: %s [-e] [[-c] [-f] [-s] [-a [-n]]] %s",
 	     progname, "[-k [-t] [-K]] [name]\n"); 
-    fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
-    fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
-    fprintf(stderr, "\t   (Default is %s%s%s%s)\n",
-	    default_k5?"Kerberos 5":"",
-	    (default_k5 && default_k4)?" and ":"",
-	    default_k4?"Kerberos 4":"",
-	    (!default_k5 && !default_k4)?"neither":"");
     fprintf(stderr, "\t-c specifies credentials cache\n");
     fprintf(stderr, "\t-k specifies keytab\n");
     fprintf(stderr, "\t   (Default is credentials cache)\n");
@@ -136,12 +106,6 @@ main(argc, argv)
     int c;
     char *name;
     int mode;
-    int use_k5 = 0, use_k4 = 0;
-
-    got_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
-    got_k4 = 1;
-#endif
 
     progname = GET_PROGNAME(argv[0]);
 
@@ -179,24 +143,10 @@ main(argc, argv)
 	    mode = KEYTAB;
 	    break;
 	case '4':
-	    if (!got_k4)
-	    {
-#ifdef KRB5_KRB4_COMPAT
-		fprintf(stderr, "Kerberos 4 support could not be loaded\n");
-#else
-		fprintf(stderr, "This was not built with Kerberos 4 support\n");
-#endif
-		exit(3);
-	    }
-	    use_k4 = 1;
+	    fprintf(stderr, "Kerberos 4 is no longer supported\n");
+	    exit(3);
 	    break;
 	case '5':
-	    if (!got_k5)
-	    {
-		fprintf(stderr, "Kerberos 5 support could not be loaded\n");
-		exit(3);
-	    }
-	    use_k5 = 1;
 	    break;
 	default:
 	    usage();
@@ -224,17 +174,6 @@ main(argc, argv)
 
     name = (optind == argc-1) ? argv[optind] : 0;
 
-    if (!use_k5 && !use_k4)
-    {
-	use_k5 = default_k5;
-	use_k4 = default_k4;
-    }
-
-    if (!use_k5)
-	got_k5 = 0;
-    if (!use_k4)
-	got_k4 = 0;
-
     now = time(0);
     {
 	char tmp[BUFSIZ];
@@ -247,7 +186,6 @@ main(argc, argv)
 	    timestamp_width = 15;
     }
 
-    if (got_k5)
     {
 	krb5_error_code retval;
 	retval = krb5_init_context(&kcontext);
@@ -260,18 +198,6 @@ main(argc, argv)
 	    do_ccache(name);
 	else
 	    do_keytab(name);
-    } else {
-#ifdef KRB5_KRB4_COMPAT
-	if (mode == DEFAULT || mode == CCACHE)
-	    do_v4_ccache(name);
-	else {
-	    /* We may want to add v4 srvtab support */
-	    fprintf(stderr, 
-		    "%s: srvtab option not supported for Kerberos 4\n", 
-		    progname);
-	    exit(1);
-	}
-#endif /* KRB4_KRB5_COMPAT */
     }
 
     return 0;
@@ -733,105 +659,3 @@ fillit(f, num, c)
     for (i=0; i<num; i++)
 	fputc(c, f);
 }
-
-#ifdef KRB5_KRB4_COMPAT
-void
-do_v4_ccache(name)
-    char * name;
-{
-    char    pname[ANAME_SZ];
-    char    pinst[INST_SZ];
-    char    prealm[REALM_SZ];
-    char    *file;
-    int     k_errno;
-    CREDENTIALS c;
-    int     header = 1;
-
-    if (!got_k4)
-	return;
-
-    file = name?name:tkt_string();
-
-    if (status_only) {
-	fprintf(stderr, 
-		"%s: exit status option not supported for Kerberos 4\n",
-		progname);
-	exit(1);
-    }
-
-    if (got_k5)
-	printf("\n\n");
-
-    printf("Kerberos 4 ticket cache: %s\n", file);
-
-    /* 
-     * Since krb_get_tf_realm will return a ticket_file error, 
-     * we will call tf_init and tf_close first to filter out
-     * things like no ticket file.  Otherwise, the error that 
-     * the user would see would be 
-     * klist: can't find realm of ticket file: No ticket file (tf_util)
-     * instead of
-     * klist: No ticket file (tf_util)
-     */
-
-    /* Open ticket file */
-    k_errno = tf_init(file, R_TKT_FIL);
-    if (k_errno) {
-	fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
-	exit(1);
-    }
-    /* Close ticket file */
-    (void) tf_close();
-
-    /* 
-     * We must find the realm of the ticket file here before calling
-     * tf_init because since the realm of the ticket file is not
-     * really stored in the principal section of the file, the
-     * routine we use must itself call tf_init and tf_close.
-     */
-    if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) {
-	fprintf(stderr, "%s: can't find realm of ticket file: %s\n",
-		progname, krb_get_err_text (k_errno));
-	exit(1);
-    }
-
-    /* Open ticket file */
-    if ((k_errno = tf_init(file, R_TKT_FIL))) {
-	fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
-	exit(1);
-    }
-    /* Get principal name and instance */
-    if ((k_errno = tf_get_pname(pname)) ||
-	(k_errno = tf_get_pinst(pinst))) {
-	fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
-	exit(1);
-    }
-
-    /* 
-     * You may think that this is the obvious place to get the
-     * realm of the ticket file, but it can't be done here as the
-     * routine to do this must open the ticket file.  This is why 
-     * it was done before tf_init.
-     */
-       
-    printf("Principal: %s%s%s%s%s\n\n", pname,
-	   (pinst[0] ? "." : ""), pinst,
-	   (prealm[0] ? "@" : ""), prealm);
-    while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
-	if (header) {
-	    printf("%-18s  %-18s  %s\n",
-		   "  Issued", "  Expires", "  Principal");
-	    header = 0;
-	}
-	printtime(c.issue_date);
-	fputs("  ", stdout);
-	printtime(krb_life_to_time(c.issue_date, c.lifetime));
-	printf("  %s%s%s%s%s\n",
-	       c.service, (c.instance[0] ? "." : ""), c.instance,
-	       (c.realm[0] ? "@" : ""), c.realm);
-    }
-    if (header && k_errno == EOF) {
-	printf("No tickets in file.\n");
-    }
-}
-#endif /* KRB4_KRB5_COMPAT */