diff options
-rw-r--r-- | kuser/kdestroy.c | 4 | ||||
-rw-r--r-- | kuser/kinit.c | 144 | ||||
-rw-r--r-- | kuser/klist.1 | 6 | ||||
-rw-r--r-- | kuser/klist.c | 157 | ||||
-rw-r--r-- | kuser/kuser_locl.h | 3 |
5 files changed, 4 insertions, 310 deletions
diff --git a/kuser/kdestroy.c b/kuser/kdestroy.c index ff494a25c..7c7d26a4f 100644 --- a/kuser/kdestroy.c +++ b/kuser/kdestroy.c @@ -141,10 +141,6 @@ main (int argc, char **argv) krb5_free_context (context); -#if KRB4 - if(dest_tkt_flag && dest_tkt ()) - exit_val = 1; -#endif if (unlog_flag && k_hasafs ()) { if (k_unlog ()) exit_val = 1; diff --git a/kuser/kinit.c b/kuser/kinit.c index 685b67c4f..391f797db 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -34,9 +34,7 @@ #include "kuser_locl.h" RCSID("$Id$"); -#ifndef KRB4 #include "krb5-v4compat.h" -#endif struct krb5_pk_identity; struct krb5_pk_cert; @@ -183,130 +181,6 @@ usage (int ret) exit (ret); } -#ifdef KRB4 -/* for when the KDC tells us it's a v4 one, we try to talk that */ - -static int -key_to_key(const char *user, - char *instance, - const char *realm, - const void *arg, - des_cblock *key) -{ - memcpy(key, arg, sizeof(des_cblock)); - return 0; -} - -static int -do_v4_fallback (krb5_context context, - const krb5_principal principal, - int lifetime, - int use_srvtab, const char *srvtab_str, - const char *passwd) -{ - int ret; - krb_principal princ; - des_cblock key; - krb5_error_code kret; - - if (lifetime == 0) - lifetime = DEFAULT_TKT_LIFE; - else - lifetime = krb_time_to_life (0, lifetime); - - kret = krb5_524_conv_principal (context, principal, - princ.name, - princ.instance, - princ.realm); - if (kret) { - krb5_warn (context, kret, "krb5_524_conv_principal"); - return 1; - } - - if (use_srvtab || srvtab_str) { - if (srvtab_str == NULL) - srvtab_str = KEYFILE; - - ret = read_service_key (princ.name, princ.instance, princ.realm, - 0, srvtab_str, (char *)&key); - if (ret) { - warnx ("read_service_key %s: %s", srvtab_str, - krb_get_err_text (ret)); - return 1; - } - ret = krb_get_in_tkt (princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, princ.realm, - lifetime, key_to_key, NULL, key); - } else { - ret = krb_get_pw_in_tkt(princ.name, princ.instance, princ.realm, - KRB_TICKET_GRANTING_TICKET, princ.realm, - lifetime, passwd); - } - memset (key, 0, sizeof(key)); - if (ret) { - warnx ("%s", krb_get_err_text(ret)); - return 1; - } - if (do_afslog && k_hasafs()) { - if ((ret = krb_afslog(NULL, NULL)) != 0 && ret != KDC_PR_UNKNOWN) { - if(ret > 0) - warnx ("%s", krb_get_err_text(ret)); - else - warnx ("failed to store AFS token"); - } - } - return 0; -} - - -/* - * the special version of get_default_principal that takes v4 into account - */ - -static krb5_error_code -kinit_get_default_principal (krb5_context context, - krb5_principal *princ) -{ - krb5_error_code ret; - krb5_ccache id; - krb_principal v4_princ; - int kret; - - ret = krb5_cc_default (context, &id); - if (ret == 0) { - ret = krb5_cc_get_principal (context, id, princ); - krb5_cc_close (context, id); - if (ret == 0) - return 0; - } - - kret = krb_get_tf_fullname (tkt_string(), - v4_princ.name, - v4_princ.instance, - v4_princ.realm); - if (kret == KSUCCESS) { - ret = krb5_425_conv_principal (context, - v4_princ.name, - v4_princ.instance, - v4_princ.realm, - princ); - if (ret == 0) - return 0; - } - return krb5_get_default_principal (context, princ); -} - -#else /* !KRB4 */ - -static krb5_error_code -kinit_get_default_principal (krb5_context context, - krb5_principal *princ) -{ - return krb5_get_default_principal (context, princ); -} - -#endif /* !KRB4 */ - static krb5_error_code get_server(krb5_context context, krb5_principal client, @@ -635,19 +509,6 @@ get_new_tickets(krb5_context context, opt); } krb5_get_init_creds_opt_free(context, opt); -#ifdef KRB4 - if (ret == KRB5KRB_AP_ERR_V4_REPLY || ret == KRB5_KDC_UNREACH) { - int exit_val; - - exit_val = do_v4_fallback (context, principal, ticket_life, - use_keytab, keytab_str, passwd); - get_v4_tgt = 0; - do_afslog = 0; - memset(passwd, 0, sizeof(passwd)); - if (exit_val == 0 || ret == KRB5KRB_AP_ERR_V4_REPLY) - return exit_val; - } -#endif memset(passwd, 0, sizeof(passwd)); switch(ret){ @@ -660,6 +521,9 @@ get_new_tickets(krb5_context context, case KRB5KDC_ERR_PREAUTH_FAILED: krb5_errx(context, 1, "Password incorrect"); break; + case KRB5KRB_AP_ERR_V4_REPLY: + krb5_errx(context, 1, "Looks like a Kerberos 4 reply"); + break; default: krb5_err(context, 1, ret, "krb5_get_init_creds"); } @@ -813,7 +677,7 @@ main (int argc, char **argv) if (ret) krb5_err (context, 1, ret, "krb5_parse_name"); } else { - ret = kinit_get_default_principal (context, &principal); + ret = krb5_get_default_principal (context, &principal); if (ret) krb5_err (context, 1, ret, "krb5_get_default_principal"); } diff --git a/kuser/klist.1 b/kuser/klist.1 index a8cb62800..f14180877 100644 --- a/kuser/klist.1 +++ b/kuser/klist.1 @@ -45,7 +45,6 @@ .Xc .Oc .Op Fl s | Fl t | Fl -test -.Op Fl 4 | Fl -v4 .Op Fl T | Fl -tokens .Op Fl 5 | Fl -v5 .Op Fl v | Fl -verbose @@ -74,11 +73,6 @@ credential cache to list Test for there being an active and valid TGT for the local realm of the user in the credential cache. .It Xo -.Fl 4 , -.Fl -v4 -.Xc -display v4 tickets -.It Xo .Fl T , .Fl -tokens .Xc diff --git a/kuser/klist.c b/kuser/klist.c index bf7087b3c..fd6cbbc6a 100644 --- a/kuser/klist.c +++ b/kuser/klist.c @@ -353,145 +353,6 @@ check_for_tgt (krb5_context context, return expired; } -#ifdef KRB4 -/* prints the approximate kdc time differential as something human - readable */ - -static void -print_time_diff(int do_verbose) -{ - int d = abs(krb_get_kdc_time_diff()); - char buf[80]; - - if ((do_verbose && d > 0) || d > 60) { - unparse_time_approx (d, buf, sizeof(buf)); - printf ("Time diff:\t%s\n", buf); - } -} - -/* - * return a short representation of `dp' in string form. - */ - -static char * -short_date(int32_t dp) -{ - char *cp; - time_t t = (time_t)dp; - - if (t == (time_t)(-1L)) return "*** Never *** "; - cp = ctime(&t) + 4; - cp[15] = '\0'; - return (cp); -} - -/* - * Print a list of all the v4 tickets - */ - -static int -display_v4_tickets (int do_verbose) -{ - char *file; - int ret; - krb_principal princ; - CREDENTIALS cred; - int found = 0; - - rtbl_t ct; - - file = getenv ("KRBTKFILE"); - if (file == NULL) - file = TKT_FILE; - - printf("%17s: %s\n", "V4-ticket file", file); - - ret = krb_get_tf_realm (file, princ.realm); - if (ret) { - warnx ("%s", krb_get_err_text(ret)); - return 1; - } - - ret = tf_init (file, R_TKT_FIL); - if (ret) { - warnx ("tf_init: %s", krb_get_err_text(ret)); - return 1; - } - ret = tf_get_pname (princ.name); - if (ret) { - tf_close (); - warnx ("tf_get_pname: %s", krb_get_err_text(ret)); - return 1; - } - ret = tf_get_pinst (princ.instance); - if (ret) { - tf_close (); - warnx ("tf_get_pname: %s", krb_get_err_text(ret)); - return 1; - } - - printf ("%17s: %s\n", "Principal", krb_unparse_name(&princ)); - print_time_diff(do_verbose); - printf("\n"); - - ct = rtbl_create(); - rtbl_add_column(ct, COL_ISSUED, 0); - rtbl_add_column(ct, COL_EXPIRES, 0); - if (do_verbose) - rtbl_add_column(ct, COL_PRINCIPAL_KVNO, 0); - else - rtbl_add_column(ct, COL_PRINCIPAL, 0); - rtbl_set_prefix(ct, " "); - rtbl_set_column_prefix(ct, COL_ISSUED, ""); - - while ((ret = tf_get_cred(&cred)) == KSUCCESS) { - struct timeval tv; - char buf1[20], buf2[20]; - const char *pp; - - found++; - - strlcpy(buf1, - short_date(cred.issue_date), - sizeof(buf1)); - cred.issue_date = krb_life_to_time(cred.issue_date, cred.lifetime); - krb_kdctimeofday(&tv); - if (do_verbose || tv.tv_sec < (unsigned long) cred.issue_date) - strlcpy(buf2, - short_date(cred.issue_date), - sizeof(buf2)); - else - strlcpy(buf2, - ">>> Expired <<<", - sizeof(buf2)); - rtbl_add_column_entry(ct, COL_ISSUED, buf1); - rtbl_add_column_entry(ct, COL_EXPIRES, buf2); - pp = krb_unparse_name_long(cred.service, - cred.instance, - cred.realm); - if (do_verbose) { - char *tmp; - - asprintf(&tmp, "%s (%d)", pp, cred.kvno); - rtbl_add_column_entry(ct, COL_PRINCIPAL_KVNO, tmp); - free(tmp); - } else { - rtbl_add_column_entry(ct, COL_PRINCIPAL, pp); - } - } - rtbl_format(ct, stdout); - rtbl_destroy(ct); - if (!found && ret == EOF) - printf("No tickets in file.\n"); - tf_close(); - - /* - * should do NAT stuff here - */ - return 0; -} -#endif /* KRB4 */ - /* * Print a list of all AFS tokens */ @@ -685,9 +546,6 @@ static int help_flag = 0; static int do_verbose = 0; static int do_list_caches = 0; static int do_test = 0; -#ifdef KRB4 -static int do_v4 = 1; -#endif static int do_tokens = 0; static int do_v5 = 1; static char *cred_cache; @@ -700,10 +558,6 @@ static struct getargs args[] = { { "test", 't', arg_flag, &do_test, "test for having tickets", NULL }, { NULL, 's', arg_flag, &do_test }, -#ifdef KRB4 - { "v4", '4', arg_flag, &do_v4, - "display v4 tickets", NULL }, -#endif { "tokens", 'T', arg_flag, &do_tokens, "display AFS tokens", NULL }, { "v5", '5', arg_flag, &do_v5, @@ -765,20 +619,9 @@ main (int argc, char **argv) do_verbose, do_flags); if (!do_test) { -#ifdef KRB4 - if (do_v4) { - if (do_v5) - printf ("\n"); - display_v4_tickets (do_verbose); - } -#endif if (do_tokens && k_hasafs ()) { if (do_v5) printf ("\n"); -#ifdef KRB4 - else if (do_v4) - printf ("\n"); -#endif display_tokens (do_verbose); } } diff --git a/kuser/kuser_locl.h b/kuser/kuser_locl.h index 878326f5c..ad48a0c99 100644 --- a/kuser/kuser_locl.h +++ b/kuser/kuser_locl.h @@ -75,9 +75,6 @@ #include <err.h> #include <krb5.h> -#ifdef KRB4 -#include <krb.h> -#endif #if defined(HAVE_SYS_IOCTL_H) && SunOS != 40 #include <sys/ioctl.h> #endif |