diff options
author | Greg Hudson <ghudson@mit.edu> | 2008-12-15 19:37:51 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2008-12-15 19:37:51 +0000 |
commit | 38d175630716003c7c4fe9eb5284a66aedf1e119 (patch) | |
tree | b493229e36917e4cdd5954c0a413bd19bfabbc65 /src/clients/klist | |
parent | b03dd7a3955864c7f84742ac37a97cf00bcd786e (diff) | |
download | krb5-38d175630716003c7c4fe9eb5284a66aedf1e119.tar.gz krb5-38d175630716003c7c4fe9eb5284a66aedf1e119.tar.xz krb5-38d175630716003c7c4fe9eb5284a66aedf1e119.zip |
Remove krb4 support from clients. Some of the code has been
simplified to remove architectural relics of the -4 and -5 options,
but more simplification is likely possible, particularly in kinit.
ticket: 6303
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21449 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/clients/klist')
-rw-r--r-- | src/clients/klist/Makefile.in | 4 | ||||
-rw-r--r-- | src/clients/klist/klist.M | 25 | ||||
-rw-r--r-- | src/clients/klist/klist.c | 182 |
3 files changed, 6 insertions, 205 deletions
diff --git a/src/clients/klist/Makefile.in b/src/clients/klist/Makefile.in index 2a4977bba4..6ec90b1b4d 100644 --- a/src/clients/klist/Makefile.in +++ b/src/clients/klist/Makefile.in @@ -22,8 +22,8 @@ SRCS = klist.c all-unix:: klist ##WIN32##all-windows:: $(KLIST) -klist: klist.o $(KRB4COMPAT_DEPLIBS) - $(CC_LINK) -o $@ klist.o $(KRB4COMPAT_LIBS) +klist: klist.o $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ klist.o $(KRB5_BASE_LIBS) ##WIN32##$(KLIST): $(OUTPRE)klist.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(SLIB) $(KLIB) $(CLIB) $(EXERES) ##WIN32## link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(SCLIB) diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index c5f66d5250..b3603fd5f6 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -25,7 +25,7 @@ .SH NAME klist \- list cached Kerberos tickets .SH SYNOPSIS -\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] +\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP] [\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]] [\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]] [\fIcache_name\fP | \fIkeytab_name\fP] @@ -36,24 +36,8 @@ lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a .B keytab file. -If klist was built with Kerberos 4 support, the default behavior is to list -both Kerberos 5 and Kerberos 4 credentials. Otherwise, klist will default -to listing only Kerberos 5 credentials. .SH OPTIONS .TP -.B \-5 -list Kerberos 5 credentials. This overrides whatever the default built-in -behavior may be. This option may be used with -.B \-4 -. -.TP -.B \-4 -list Kerberos 4 credentials. This overrides whatever the default built-in -behavior may be. This option is only available if kinit was built -with Kerberos 4 compatibility. This option may be used with -.B \-5 -. -.TP .B \-e displays the encryption types of the session key and the ticket for each credential in the credential cache, or each key in the keytab file. @@ -133,18 +117,11 @@ uses the following environment variables: .TP "\w'.SM KRB5CCNAME\ \ 'u" .SM KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache. -.TP "\w'.SM KRBTKFILE\ \ 'u" -.SM KRBTKFILE -Filename of the Kerberos 4 credentials (ticket) cache. .SH FILES .TP "\w'/tmp/krb5cc_[uid]\ \ 'u" /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache ([uid] is the decimal UID of the user). -.TP "\w'/tmp/tkt[uid]\ \ 'u" -/tmp/tkt[uid] -default location of Kerberos 4 credentials cache -([uid] is the decimal UID of the user). .TP /etc/krb5.keytab default location for the local host's diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c index f1a251c660..70ca604e51 100644 --- a/src/clients/klist/klist.c +++ b/src/clients/klist/klist.c @@ -29,9 +29,6 @@ #include "autoconf.h" #include <krb5.h> -#ifdef KRB5_KRB4_COMPAT -#include <kerberosIV/krb.h> -#endif #include <com_err.h> #include <stdlib.h> #ifdef HAVE_UNISTD_H @@ -76,43 +73,16 @@ void printtime (time_t); void one_addr (krb5_address *); void fillit (FILE *, unsigned int, int); -#ifdef KRB5_KRB4_COMPAT -void do_v4_ccache (char *); -#endif /* KRB5_KRB4_COMPAT */ - #define DEFAULT 0 #define CCACHE 1 #define KEYTAB 2 -/* - * The reason we start out with got_k4 and got_k5 as zero (false) is - * so that we can easily add dynamic loading support for determining - * whether Kerberos 4 and Keberos 5 libraries are available - */ - -static int got_k5 = 0; -static int got_k4 = 0; - -static int default_k5 = 1; -#ifdef KRB5_KRB4_COMPAT -static int default_k4 = 1; -#else -static int default_k4 = 0; -#endif - static void usage() { #define KRB_AVAIL_STRING(x) ((x)?"available":"not available") - fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] %s", + fprintf(stderr, "Usage: %s [-e] [[-c] [-f] [-s] [-a [-n]]] %s", progname, "[-k [-t] [-K]] [name]\n"); - fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5)); - fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4)); - fprintf(stderr, "\t (Default is %s%s%s%s)\n", - default_k5?"Kerberos 5":"", - (default_k5 && default_k4)?" and ":"", - default_k4?"Kerberos 4":"", - (!default_k5 && !default_k4)?"neither":""); fprintf(stderr, "\t-c specifies credentials cache\n"); fprintf(stderr, "\t-k specifies keytab\n"); fprintf(stderr, "\t (Default is credentials cache)\n"); @@ -136,12 +106,6 @@ main(argc, argv) int c; char *name; int mode; - int use_k5 = 0, use_k4 = 0; - - got_k5 = 1; -#ifdef KRB5_KRB4_COMPAT - got_k4 = 1; -#endif progname = GET_PROGNAME(argv[0]); @@ -179,24 +143,10 @@ main(argc, argv) mode = KEYTAB; break; case '4': - if (!got_k4) - { -#ifdef KRB5_KRB4_COMPAT - fprintf(stderr, "Kerberos 4 support could not be loaded\n"); -#else - fprintf(stderr, "This was not built with Kerberos 4 support\n"); -#endif - exit(3); - } - use_k4 = 1; + fprintf(stderr, "Kerberos 4 is no longer supported\n"); + exit(3); break; case '5': - if (!got_k5) - { - fprintf(stderr, "Kerberos 5 support could not be loaded\n"); - exit(3); - } - use_k5 = 1; break; default: usage(); @@ -224,17 +174,6 @@ main(argc, argv) name = (optind == argc-1) ? argv[optind] : 0; - if (!use_k5 && !use_k4) - { - use_k5 = default_k5; - use_k4 = default_k4; - } - - if (!use_k5) - got_k5 = 0; - if (!use_k4) - got_k4 = 0; - now = time(0); { char tmp[BUFSIZ]; @@ -247,7 +186,6 @@ main(argc, argv) timestamp_width = 15; } - if (got_k5) { krb5_error_code retval; retval = krb5_init_context(&kcontext); @@ -260,18 +198,6 @@ main(argc, argv) do_ccache(name); else do_keytab(name); - } else { -#ifdef KRB5_KRB4_COMPAT - if (mode == DEFAULT || mode == CCACHE) - do_v4_ccache(name); - else { - /* We may want to add v4 srvtab support */ - fprintf(stderr, - "%s: srvtab option not supported for Kerberos 4\n", - progname); - exit(1); - } -#endif /* KRB4_KRB5_COMPAT */ } return 0; @@ -733,105 +659,3 @@ fillit(f, num, c) for (i=0; i<num; i++) fputc(c, f); } - -#ifdef KRB5_KRB4_COMPAT -void -do_v4_ccache(name) - char * name; -{ - char pname[ANAME_SZ]; - char pinst[INST_SZ]; - char prealm[REALM_SZ]; - char *file; - int k_errno; - CREDENTIALS c; - int header = 1; - - if (!got_k4) - return; - - file = name?name:tkt_string(); - - if (status_only) { - fprintf(stderr, - "%s: exit status option not supported for Kerberos 4\n", - progname); - exit(1); - } - - if (got_k5) - printf("\n\n"); - - printf("Kerberos 4 ticket cache: %s\n", file); - - /* - * Since krb_get_tf_realm will return a ticket_file error, - * we will call tf_init and tf_close first to filter out - * things like no ticket file. Otherwise, the error that - * the user would see would be - * klist: can't find realm of ticket file: No ticket file (tf_util) - * instead of - * klist: No ticket file (tf_util) - */ - - /* Open ticket file */ - k_errno = tf_init(file, R_TKT_FIL); - if (k_errno) { - fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno)); - exit(1); - } - /* Close ticket file */ - (void) tf_close(); - - /* - * We must find the realm of the ticket file here before calling - * tf_init because since the realm of the ticket file is not - * really stored in the principal section of the file, the - * routine we use must itself call tf_init and tf_close. - */ - if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) { - fprintf(stderr, "%s: can't find realm of ticket file: %s\n", - progname, krb_get_err_text (k_errno)); - exit(1); - } - - /* Open ticket file */ - if ((k_errno = tf_init(file, R_TKT_FIL))) { - fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno)); - exit(1); - } - /* Get principal name and instance */ - if ((k_errno = tf_get_pname(pname)) || - (k_errno = tf_get_pinst(pinst))) { - fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno)); - exit(1); - } - - /* - * You may think that this is the obvious place to get the - * realm of the ticket file, but it can't be done here as the - * routine to do this must open the ticket file. This is why - * it was done before tf_init. - */ - - printf("Principal: %s%s%s%s%s\n\n", pname, - (pinst[0] ? "." : ""), pinst, - (prealm[0] ? "@" : ""), prealm); - while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { - if (header) { - printf("%-18s %-18s %s\n", - " Issued", " Expires", " Principal"); - header = 0; - } - printtime(c.issue_date); - fputs(" ", stdout); - printtime(krb_life_to_time(c.issue_date, c.lifetime)); - printf(" %s%s%s%s%s\n", - c.service, (c.instance[0] ? "." : ""), c.instance, - (c.realm[0] ? "@" : ""), c.realm); - } - if (header && k_errno == EOF) { - printf("No tickets in file.\n"); - } -} -#endif /* KRB4_KRB5_COMPAT */ |