##WIN32##all-windows:: $(KCPYTKT)
all-mac::
-kcpytkt: kcpytkt.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ kcpytkt.o $(KRB4COMPAT_LIBS)
+kcpytkt: kcpytkt.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kcpytkt.o $(KRB5_BASE_LIBS)
##WIN32##$(KCPYTKT): $(OUTPRE)kcpytkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) /out:$@ $**
##WIN32##all-windows:: $(KDELTKT)
all-mac::
-kdeltkt: kdeltkt.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ kdeltkt.o $(KRB4COMPAT_LIBS)
+kdeltkt: kdeltkt.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kdeltkt.o $(KRB5_BASE_LIBS)
##WIN32##$(KDELTKT): $(OUTPRE)kdeltkt.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) /out:$@ $**
all-unix:: kdestroy
##WIN32##all-windows:: $(KDESTROY)
-kdestroy: kdestroy.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ kdestroy.o $(KRB4COMPAT_LIBS)
+kdestroy: kdestroy.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kdestroy.o $(KRB5_BASE_LIBS)
##WIN32##$(KDESTROY): $(OUTPRE)kdestroy.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) -out:$@ $**
kdestroy \- destroy Kerberos tickets
.SH SYNOPSIS
.B kdestroy
-[\fB\-5\fP] [\fB\-4\fP] [\fB\-q\fP] [\fB\-c\fP \fIcache_name]
+[\fB\-q\fP] [\fB\-c\fP \fIcache_name]
.br
.SH DESCRIPTION
The
writing zeros to the specified credentials cache that contains them. If
the credentials cache is not specified, the default credentials cache is
destroyed.
-If kdestroy was built with Kerberos 4 support, the default behavior is to
-destroy both Kerberos 5 and Kerberos 4 credentials. Otherwise, kdestroy
-will default to destroying only Kerberos 5 credentials.
.SH OPTIONS
.TP
-.B \-5
-destroy Kerberos 5 credentials. This overrides whatever the default built-in
-behavior may be. This option may be used with
-.B \-4
-.
-.TP
-.B \-4
-destroy Kerberos 4 credentials. This overrides whatever the default built-in
-behavior may be. This option is only available if kinit was built
-with Kerberos 4 compatibility. This option may be used with
-.B \-5
-.
-.TP
.B \-q
Run quietly. Normally
.B kdestroy
.TP "\w'.SM KRB5CCNAME\ \ 'u"
.SM KRB5CCNAME
Location of the Kerberos 5 credentials (ticket) cache.
-.TP "\w'.SM KRBTKFILE\ \ 'u"
-.SM KRBTKFILE
-Filename of the Kerberos 4 credentials (ticket) cache.
.SH FILES
.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
/tmp/krb5cc_[uid]
default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
-.TP "\w'/tmp/tkt[uid]\ \ 'u"
-/tmp/tkt[uid]
-default location of Kerberos 4 credentials cache
-([uid] is the decimal UID of the user).
.SH SEE ALSO
kinit(1), klist(1), krb5(3)
.SH BUGS
#include <unistd.h>
#endif
-#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
-#endif
-
#ifdef __STDC__
#define BELL_CHAR '\a'
#else
char *progname;
-int got_k5 = 0;
-int got_k4 = 0;
-
-int default_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
-int default_k4 = 1;
-#else
-int default_k4 = 0;
-#endif
-
static void usage()
{
#define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
- fprintf(stderr, "Usage: %s [-5] [-4] [-q] [-c cache_name]\n", progname);
- fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
- fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
- fprintf(stderr, "\t (Default is %s%s%s%s)\n",
- default_k5?"Kerberos 5":"",
- (default_k5 && default_k4)?" and ":"",
- default_k4?"Kerberos 4":"",
- (!default_k5 && !default_k4)?"neither":"");
+ fprintf(stderr, "Usage: %s [-q] [-c cache_name]\n", progname);
fprintf(stderr, "\t-q quiet mode\n");
fprintf(stderr, "\t-c specify name of credentials cache\n");
exit(2);
krb5_ccache cache = NULL;
char *cache_name = NULL;
int code = 0;
-#ifdef KRB5_KRB4_COMPAT
- int v4code = 0;
- int v4 = 1;
-#endif
int errflg = 0;
int quiet = 0;
- int use_k5 = 0;
- int use_k4 = 0;
-
progname = GET_PROGNAME(argv[0]);
- got_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
- got_k4 = 1;
-#endif
-
while ((c = getopt(argc, argv, "54qc:")) != -1) {
switch (c) {
case 'q':
}
break;
case '4':
- if (!got_k4)
- {
-#ifdef KRB5_KRB4_COMPAT
- fprintf(stderr, "Kerberos 4 support could not be loaded\n");
-#else
- fprintf(stderr, "This was not built with Kerberos 4 support\n");
-#endif
- exit(3);
- }
- use_k4 = 1;
+ fprintf(stderr, "Kerberos 4 is no longer supported\n");
+ exit(3);
break;
case '5':
- if (!got_k5)
- {
- fprintf(stderr, "Kerberos 5 support could not be loaded\n");
- exit(3);
- }
- use_k5 = 1;
break;
case '?':
default:
usage();
}
- if (!use_k5 && !use_k4)
- {
- use_k5 = default_k5;
- use_k4 = default_k4;
+ retval = krb5_init_context(&kcontext);
+ if (retval) {
+ com_err(progname, retval, "while initializing krb5");
+ exit(1);
}
- if (!use_k5)
- got_k5 = 0;
- if (!use_k4)
- got_k4 = 0;
-
- if (got_k5) {
- retval = krb5_init_context(&kcontext);
- if (retval) {
- com_err(progname, retval, "while initializing krb5");
+ if (cache_name) {
+ code = krb5_cc_resolve (kcontext, cache_name, &cache);
+ if (code != 0) {
+ com_err (progname, code, "while resolving %s", cache_name);
exit(1);
}
-
- if (cache_name) {
-#ifdef KRB5_KRB4_COMPAT
- v4 = 0; /* Don't do v4 if doing v5 and cache name given. */
-#endif
- code = krb5_cc_resolve (kcontext, cache_name, &cache);
- if (code != 0) {
- com_err (progname, code, "while resolving %s", cache_name);
- exit(1);
- }
- } else {
- code = krb5_cc_default(kcontext, &cache);
- if (code) {
- com_err(progname, code, "while getting default ccache");
- exit(1);
- }
- }
-
- code = krb5_cc_destroy (kcontext, cache);
- if (code != 0) {
- com_err (progname, code, "while destroying cache");
- if (code != KRB5_FCC_NOFILE) {
- if (quiet)
- fprintf(stderr, "Ticket cache NOT destroyed!\n");
- else {
- fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n",
- BELL_CHAR, BELL_CHAR);
- }
- errflg = 1;
- }
+ } else {
+ code = krb5_cc_default(kcontext, &cache);
+ if (code) {
+ com_err(progname, code, "while getting default ccache");
+ exit(1);
}
}
-#ifdef KRB5_KRB4_COMPAT
- if (got_k4 && v4) {
- v4code = dest_tkt();
- if (v4code == KSUCCESS && code != 0)
- fprintf(stderr, "Kerberos 4 ticket cache destroyed.\n");
- if (v4code != KSUCCESS && v4code != RET_TKFIL) {
+
+ code = krb5_cc_destroy (kcontext, cache);
+ if (code != 0) {
+ com_err (progname, code, "while destroying cache");
+ if (code != KRB5_FCC_NOFILE) {
if (quiet)
- fprintf(stderr, "Kerberos 4 ticket cache NOT destroyed!\n");
- else
- fprintf(stderr, "Kerberos 4 ticket cache %cNOT%c destroyed!\n",
+ fprintf(stderr, "Ticket cache NOT destroyed!\n");
+ else {
+ fprintf(stderr, "Ticket cache %cNOT%c destroyed!\n",
BELL_CHAR, BELL_CHAR);
+ }
errflg = 1;
}
}
-#endif
return errflg;
}
all-unix:: kinit
##WIN32##all-windows:: $(KINIT)
-kinit: kinit.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ kinit.o $(KRB4COMPAT_LIBS)
+kinit: kinit.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kinit.o $(KRB5_BASE_LIBS)
##WIN32##$(KINIT): $(OUTPRE)kinit.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) -out:$@ $** advapi32.lib
.TP
.B kinit
.ad l
-[\fB\-5\fP]
-[\fB\-4\fP]
[\fB\-V\fP]
[\fB\-l\fP \fIlifetime\fP] [\fB\-s\fP \fIstart_time\fP]
[\fB\-r\fP \fIrenewable_life\fP]
.I kinit
obtains and caches an initial ticket-granting ticket for
.IR principal .
-The typical default behavior is to acquire only
-Kerberos 5 tickets. However, if kinit was built with both
-Kerberos 4 support and with the default behavior of acquiring both
-types of tickets, it will try to acquire both Kerberos 5 and Kerberos 4
-by default.
-Any documentation particular to Kerberos 4 does not apply if Kerberos 4
-support was not built into kinit.
.SH OPTIONS
.TP
-.B \-5
-get Kerberos 5 tickets. This overrides whatever the default built-in
-behavior may be. This option may be used with
-.B \-4
-.
-.TP
-.B \-4
-get Kerberos 4 tickets. This overrides whatever the default built-in
-behavior may be. This option is only available if kinit was built
-with Kerberos 4 compatibility. This option may be used with
-.B \-5
-.
-.TP
.B \-V
display verbose output.
.TP
Postdated tickets are issued with the
.I invalid
flag set, and need to be fed back to the kdc before use.
-(Not applicable to Kerberos 4.)
.TP
\fB\-r\fP \fIrenewable_life\fP
requests renewable tickets, with a total lifetime of
.IR renewable_life .
The duration is in the same format as the
.B \-l
-option, with the same delimiters. (Not applicable to Kerberos 4.)
+option, with the same delimiters.
.TP
.B \-f
-request forwardable tickets. (Not applicable to Kerberos 4.)
+request forwardable tickets.
.TP
.B \-F
-do not request forwardable tickets. (Not applicable to Kerberos 4.)
+do not request forwardable tickets.
.TP
.B \-p
-request proxiable tickets. (Not applicable to Kerberos 4.)
+request proxiable tickets.
.TP
.B \-P
-do not request proxiable tickets. (Not applicable to Kerberos 4.)
+do not request proxiable tickets.
.TP
.B \-a
-request tickets with the local address[es]. (Not applicable to Kerberos 4.)
+request tickets with the local address[es].
.TP
.B \-A
-request address-less tickets. (Not applicable to Kerberos 4.)
+request address-less tickets.
.TP
.B \-v
requests that the ticket granting ticket in the cache (with the
.I invalid
flag set) be passed to the kdc for validation. If the ticket is within
its requested time range, the cache is replaced with the validated
-ticket. (Not applicable to Kerberos 4.)
+ticket.
.TP
.B \-R
requests renewal of the ticket-granting ticket. Note that an expired
ticket cannot be renewed, even if the ticket is still within its
-renewable life. When using this option with Kerberos 4, the kdc must
-support Kerberos 5 to Kerberos 4 ticket conversion.
+renewable life.
.TP
\fB\-k\fP [\fB\-t\fP \fIkeytab_file\fP]
requests a host ticket, obtained from a key in the local host's
the
.B \-t
.I keytab_file
-option; otherwise the default name and location will be used. When using
-this option with Kerberos 4, the kdc must support Kerberos 5 to Kerberos 4
-ticket conversion.
+option; otherwise the default name and location will be used.
.TP
\fB\-c\fP \fIcache_name\fP
use
environment variable is set, its value is used to name the default
ticket cache. Any existing contents of the cache are destroyed by
.IR kinit .
-(Note: The default name for Kerberos 4 comes from the
-.B KRBTKFILE
-environment variable. This option does not apply to Kerberos 4.)
.TP
\fB\-S\fP \fIservice_name\fP
specify an alternate service name to use when
-getting initial tickets. (Applicable to Kerberos 5 or if using both
-Kerberos 5 and Kerberos 4 with a kdc that supports Kerberos 5 to Kerberos 4
-ticket conversion.)
+getting initial tickets.
.TP
\fB\-X\fP \fIattribute\fP[=\fIvalue\fP]
specify a pre\-authentication attribute and value to be passed to
.TP "\w'.SM KRB5CCNAME\ \ 'u"
.SM KRB5CCNAME
Location of the Kerberos 5 credentials (ticket) cache.
-.TP "\w'.SM KRBTKFILE\ \ 'u"
-.SM KRBTKFILE
-Filename of the Kerberos 4 credentials (ticket) cache.
.SH FILES
.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
/tmp/krb5cc_[uid]
default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
-.TP "\w'/tmp/tkt[uid]\ \ 'u"
-/tmp/tkt[uid]
-default location of Kerberos 4 credentials cache
-([uid] is the decimal UID of the user).
.TP
/etc/krb5.keytab
default location for the local host's
#include "autoconf.h"
#include "k5-platform.h" /* for asprintf */
#include <krb5.h>
-#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
-#define HAVE_KRB524
-#else
-#undef HAVE_KRB524
-#endif
#include <string.h>
#include <stdio.h>
#include <time.h>
#endif /* _WIN32 */
#endif /* HAVE_PWD_H */
-static char* progname_v5 = 0;
-#ifdef KRB5_KRB4_COMPAT
-static char* progname_v4 = 0;
-static char* progname_v524 = 0;
-#endif
-
-static int got_k5 = 0;
-static int got_k4 = 0;
-
-static int default_k5 = 1;
-#if defined(KRB5_KRB4_COMPAT) && defined(KINIT_DEFAULT_BOTH)
-static int default_k4 = 1;
-#else
-static int default_k4 = 0;
-#endif
-
-static int authed_k5 = 0;
-static int authed_k4 = 0;
-
-#define KRB4_BACKUP_DEFAULT_LIFE_SECS 24*60*60 /* 1 day */
+static char *progname;
typedef enum { INIT_PW, INIT_KT, RENEW, VALIDATE } action_type;
char* service_name;
char* keytab_name;
char* k5_cache_name;
- char* k4_cache_name;
action_type action;
char* name;
};
-struct k4_data
-{
- krb5_deltat lifetime;
-#ifdef KRB5_KRB4_COMPAT
- char aname[ANAME_SZ + 1];
- char inst[INST_SZ + 1];
- char realm[REALM_SZ + 1];
- char name[ANAME_SZ + 1 + INST_SZ + 1 + REALM_SZ + 1];
-#endif
-};
-
#ifdef GETOPT_LONG
/* if struct[2] == NULL, then long_getopt acts as if the short flag
struct[3] was specified. If struct[2] != NULL, then struct[3] is
#endif
static void
-usage(progname)
- char *progname;
+usage()
{
#define USAGE_BREAK "\n\t"
#define USAGE_BREAK_LONG ""
#endif
- fprintf(stderr, "Usage: %s [-5] [-4] [-V] "
+ fprintf(stderr, "Usage: %s [-V] "
"[-l lifetime] [-s start_time] "
USAGE_BREAK
"[-r renewable_life] "
"\n\n",
progname);
-#define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
-
-#define OPTTYPE_KRB5 "5"
-#define OPTTYPE_KRB4 "4"
-#define OPTTYPE_EITHER "Either 4 or 5"
-#ifdef HAVE_KRB524
-#define OPTTYPE_BOTH "5, or both 5 and 4"
-#else
-#define OPTTYPE_BOTH "5"
-#endif
-
-#ifdef KRB5_KRB4_COMPAT
-#define USAGE_OPT_FMT "%s%-50s%s\n"
-#define ULINE(indent, col1, col2) \
-fprintf(stderr, USAGE_OPT_FMT, indent, col1, col2)
-#else
-#define USAGE_OPT_FMT "%s%s\n"
-#define ULINE(indent, col1, col2) \
-fprintf(stderr, USAGE_OPT_FMT, indent, col1)
-#endif
-
- ULINE(" ", "options:", "valid with Kerberos:");
- fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
- fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
- fprintf(stderr, "\t (Default behavior is to try %s%s%s%s)\n",
- default_k5?"Kerberos 5":"",
- (default_k5 && default_k4)?" and ":"",
- default_k4?"Kerberos 4":"",
- (!default_k5 && !default_k4)?"neither":"");
- ULINE("\t", "-V verbose", OPTTYPE_EITHER);
- ULINE("\t", "-l lifetime", OPTTYPE_EITHER);
- ULINE("\t", "-s start time", OPTTYPE_KRB5);
- ULINE("\t", "-r renewable lifetime", OPTTYPE_KRB5);
- ULINE("\t", "-f forwardable", OPTTYPE_KRB5);
- ULINE("\t", "-F not forwardable", OPTTYPE_KRB5);
- ULINE("\t", "-p proxiable", OPTTYPE_KRB5);
- ULINE("\t", "-P not proxiable", OPTTYPE_KRB5);
- ULINE("\t", "-a include addresses", OPTTYPE_KRB5);
- ULINE("\t", "-A do not include addresses", OPTTYPE_KRB5);
- ULINE("\t", "-v validate", OPTTYPE_KRB5);
- ULINE("\t", "-R renew", OPTTYPE_BOTH);
- ULINE("\t", "-k use keytab", OPTTYPE_BOTH);
- ULINE("\t", "-t filename of keytab to use", OPTTYPE_BOTH);
- ULINE("\t", "-c Kerberos 5 cache name", OPTTYPE_KRB5);
- /* This options is not yet available: */
- /* ULINE("\t", "-C Kerberos 4 cache name", OPTTYPE_KRB4); */
- ULINE("\t", "-S service", OPTTYPE_BOTH);
- ULINE("\t", "-X <attribute>[=<value>]", OPTTYPE_KRB5);
+ fprintf(stderr, " options:");
+ fprintf(stderr, "\t-V verbose\n");
+ fprintf(stderr, "\t-l lifetime\n");
+ fprintf(stderr, "\t-s start time\n");
+ fprintf(stderr, "\t-r renewable lifetime\n");
+ fprintf(stderr, "\t-f forwardable\n");
+ fprintf(stderr, "\t-F not forwardable\n");
+ fprintf(stderr, "\t-p proxiable\n");
+ fprintf(stderr, "\t-P not proxiable\n");
+ fprintf(stderr, "\t-a include addresses\n");
+ fprintf(stderr, "\t-A do not include addresses\n");
+ fprintf(stderr, "\t-v validate\n");
+ fprintf(stderr, "\t-R renew\n");
+ fprintf(stderr, "\t-k use keytab\n");
+ fprintf(stderr, "\t-t filename of keytab to use\n");
+ fprintf(stderr, "\t-c Kerberos 5 cache name\n");
+ fprintf(stderr, "\t-S service\n");
+ fprintf(stderr, "\t-X <attribute>[=<value>]\n");
exit(2);
}
}
static char *
-parse_options(argc, argv, opts, progname)
+parse_options(argc, argv, opts)
int argc;
char **argv;
struct k_opts* opts;
- char *progname;
{
krb5_error_code code;
int errflg = 0;
- int use_k4 = 0;
- int use_k5 = 0;
int i;
while ((i = GETOPT(argc, argv, "r:fpFP54aAVl:s:c:kt:RS:vX:"))
errflg++;
}
break;
-#if 0
- /*
- A little more work is needed before we can enable this
- option.
- */
- case 'C':
- if (opts->k4_cache_name)
- {
- fprintf(stderr, "Only one -C option allowed\n");
- errflg++;
- } else {
- opts->k4_cache_name = optarg;
- }
- break;
-#endif
case '4':
- if (!got_k4)
- {
-#ifdef KRB5_KRB4_COMPAT
- fprintf(stderr, "Kerberos 4 support could not be loaded\n");
-#else
- fprintf(stderr, "This was not built with Kerberos 4 support\n");
-#endif
- exit(3);
- }
- use_k4 = 1;
+ fprintf(stderr, "Kerberos 4 is no longer supported\n");
+ exit(3);
break;
case '5':
- if (!got_k5)
- {
- fprintf(stderr, "Kerberos 5 support could not be loaded\n");
- exit(3);
- }
- use_k5 = 1;
break;
default:
errflg++;
errflg++;
}
- /* At this point, if errorless, we know we only have one option
- selection */
- if (!use_k5 && !use_k4) {
- use_k5 = default_k5;
- use_k4 = default_k4;
- }
-
- /* Now, we encode the OPTTYPE stuff here... */
- if (!use_k5 &&
- (opts->starttime || opts->rlife || opts->forwardable ||
- opts->proxiable || opts->addresses || opts->not_forwardable ||
- opts->not_proxiable || opts->no_addresses ||
- (opts->action == VALIDATE) || opts->k5_cache_name))
- {
- fprintf(stderr, "Specified option that requires Kerberos 5\n");
- errflg++;
- }
- if (!use_k4 &&
- opts->k4_cache_name)
- {
- fprintf(stderr, "Specified option that require Kerberos 4\n");
- errflg++;
- }
- if (
-#ifdef HAVE_KRB524
- !use_k5
-#else
- use_k4
-#endif
- && (opts->service_name || opts->keytab_name ||
- (opts->action == INIT_KT) || (opts->action == RENEW))
- )
- {
- fprintf(stderr, "Specified option that requires Kerberos 5\n");
- errflg++;
- }
-
if (errflg) {
- usage(progname);
+ usage();
}
- got_k5 = got_k5 && use_k5;
- got_k4 = got_k4 && use_k4;
-
opts->principal_name = (optind == argc-1) ? argv[optind] : 0;
return opts->principal_name;
}
static int
-k5_begin(opts, k5, k4)
+k5_begin(opts, k5)
struct k_opts* opts;
-struct k5_data* k5;
-struct k4_data* k4;
+ struct k5_data* k5;
{
- char* progname = progname_v5;
krb5_error_code code = 0;
- if (!got_k5)
- return 0;
-
code = krb5_init_context(&k5->ctx);
if (code) {
com_err(progname, code, "while initializing Kerberos 5 library");
}
opts->principal_name = k5->name;
-#ifdef KRB5_KRB4_COMPAT
- if (got_k4)
- {
- /* Translate to a Kerberos 4 principal */
- code = krb5_524_conv_principal(k5->ctx, k5->me,
- k4->aname, k4->inst, k4->realm);
- if (code) {
- k4->aname[0] = 0;
- k4->inst[0] = 0;
- k4->realm[0] = 0;
- }
- }
-#endif
return 1;
}
memset(k5, 0, sizeof(*k5));
}
-static int
-k4_begin(opts, k4)
- struct k_opts* opts;
- struct k4_data* k4;
-{
-#ifdef KRB5_KRB4_COMPAT
- char* progname = progname_v4;
- int k_errno = 0;
-#endif
-
- if (!got_k4)
- return 0;
-
-#ifdef KRB5_KRB4_COMPAT
- if (k4->aname[0])
- goto skip;
-
- if (opts->principal_name)
- {
- /* Use specified name */
- k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
- opts->principal_name);
- if (k_errno)
- {
- fprintf(stderr, "%s: %s\n", progname,
- krb_get_err_text(k_errno));
- return 0;
- }
- } else {
- /* No principal name specified */
- if (opts->action == INIT_KT) {
- /* Use the default host/service name */
- /* XXX - need to add this functionality */
- fprintf(stderr, "%s: Kerberos 4 srvtab support is not "
- "implemented\n", progname);
- return 0;
- } else {
- /* Get default principal from cache if one exists */
- k_errno = krb_get_tf_fullname(tkt_string(), k4->aname,
- k4->inst, k4->realm);
- if (k_errno)
- {
- char *name = get_name_from_os();
- if (!name)
- {
- fprintf(stderr, "Unable to identify user\n");
- return 0;
- }
- k_errno = kname_parse(k4->aname, k4->inst, k4->realm,
- name);
- if (k_errno)
- {
- fprintf(stderr, "%s: %s\n", progname,
- krb_get_err_text(k_errno));
- return 0;
- }
- }
- }
- }
-
- if (!k4->realm[0])
- krb_get_lrealm(k4->realm, 1);
-
- if (k4->inst[0])
- snprintf(k4->name, sizeof(k4->name), "%s.%s@%s",
- k4->aname, k4->inst, k4->realm);
- else
- snprintf(k4->name, sizeof(k4->name), "%s@%s", k4->aname, k4->realm);
- opts->principal_name = k4->name;
-
- skip:
- if (k4->aname[0] && !k_isname(k4->aname))
- {
- fprintf(stderr, "%s: bad Kerberos 4 name format\n", progname);
- return 0;
- }
-
- if (k4->inst[0] && !k_isinst(k4->inst))
- {
- fprintf(stderr, "%s: bad Kerberos 4 instance format\n", progname);
- return 0;
- }
-
- if (k4->realm[0] && !k_isrealm(k4->realm))
- {
- fprintf(stderr, "%s: bad Kerberos 4 realm format\n", progname);
- return 0;
- }
-#endif /* KRB5_KRB4_COMPAT */
- return 1;
-}
-
-static void
-k4_end(k4)
- struct k4_data* k4;
-{
- memset(k4, 0, sizeof(*k4));
-}
-
-#ifdef KRB5_KRB4_COMPAT
-static char stash_password[1024];
-static int got_password = 0;
-#endif /* KRB5_KRB4_COMPAT */
-
static krb5_error_code
KRB5_CALLCONV
kinit_prompter(
krb5_prompt prompts[]
)
{
- int i;
- krb5_prompt_type *types;
krb5_error_code rc =
krb5_prompter_posix(ctx, data, name, banner, num_prompts, prompts);
- if (!rc && (types = krb5_get_prompt_types(ctx)))
- for (i = 0; i < num_prompts; i++)
- if ((types[i] == KRB5_PROMPT_TYPE_PASSWORD) ||
- (types[i] == KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN))
- {
-#ifdef KRB5_KRB4_COMPAT
- strncpy(stash_password, prompts[i].reply->data,
- sizeof(stash_password));
- got_password = 1;
-#endif
- }
return rc;
}
struct k_opts* opts;
struct k5_data* k5;
{
- char* progname = progname_v5;
int notix = 1;
krb5_keytab keytab = 0;
krb5_creds my_creds;
krb5_get_init_creds_opt *options = NULL;
int i;
- if (!got_k5)
- return 0;
-
memset(&my_creds, 0, sizeof(my_creds));
code = krb5_get_init_creds_opt_alloc(k5->ctx, &options);
break;
}
- /* If got code == KRB5_AP_ERR_V4_REPLY && got_k4, we should
- let the user know that maybe he/she wants -4. */
- if (code == KRB5KRB_AP_ERR_V4_REPLY && got_k4)
- com_err(progname, code, "while %s\n"
- "The KDC doesn't support v5. "
- "You may want the -4 option in the future",
- doing);
- else if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
+ if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY)
fprintf(stderr, "%s: Password incorrect while %s\n", progname,
doing);
else
goto cleanup;
}
- if (!opts->lifetime) {
- /* We need to figure out what lifetime to use for Kerberos 4. */
- opts->lifetime = my_creds.times.endtime - my_creds.times.authtime;
- }
-
code = krb5_cc_initialize(k5->ctx, k5->cc, k5->me);
if (code) {
com_err(progname, code, "when initializing cache %s",
return notix?0:1;
}
-static int
-k4_kinit(opts, k4, ctx)
- struct k_opts* opts;
- struct k4_data* k4;
- krb5_context ctx;
-{
-#ifdef KRB5_KRB4_COMPAT
- char* progname = progname_v4;
- int k_errno = 0;
-#endif
-
- if (!got_k4)
- return 0;
-
- if (opts->starttime)
- return 0;
-
-#ifdef KRB5_KRB4_COMPAT
- if (!k4->lifetime)
- k4->lifetime = opts->lifetime;
- if (!k4->lifetime)
- k4->lifetime = KRB4_BACKUP_DEFAULT_LIFE_SECS;
-
- k4->lifetime = krb_time_to_life(0, k4->lifetime);
-
- switch (opts->action)
- {
- case INIT_PW:
- if (!got_password) {
- unsigned int pwsize = sizeof(stash_password);
- krb5_error_code code;
- char prompt[1024];
-
- snprintf(prompt, sizeof(prompt),
- "Password for %s", opts->principal_name);
- stash_password[0] = 0;
- /*
- Note: krb5_read_password does not actually look at the
- context, so we're ok even if we don't have a context. If
- we cannot dynamically load krb5, we can substitute any
- decent read password function instead of the krb5 one.
- */
- code = krb5_read_password(ctx, prompt, 0, stash_password, &pwsize);
- if (code || pwsize == 0)
- {
- fprintf(stderr, "Error while reading password for '%s'\n",
- opts->principal_name);
- memset(stash_password, 0, sizeof(stash_password));
- return 0;
- }
- got_password = 1;
- }
- k_errno = krb_get_pw_in_tkt(k4->aname, k4->inst, k4->realm, "krbtgt",
- k4->realm, k4->lifetime, stash_password);
-
- if (k_errno) {
- fprintf(stderr, "%s: %s\n", progname,
- krb_get_err_text(k_errno));
- if (authed_k5)
- fprintf(stderr, "Maybe your KDC does not support v4. "
- "Try the -5 option next time.\n");
- return 0;
- }
- return 1;
-#ifndef HAVE_KRB524
- case INIT_KT:
- fprintf(stderr, "%s: srvtabs are not supported\n", progname);
- return 0;
- case RENEW:
- fprintf(stderr, "%s: renewal of krb4 tickets is not supported\n",
- progname);
- return 0;
-#else
- /* These cases are handled by the 524 code - this prevents the compiler
- warnings of not using all the enumerated types.
- */
- case INIT_KT:
- case RENEW:
- case VALIDATE:
- return 0;
-#endif
- }
-#endif
- return 0;
-}
-
-static char*
-getvprogname(v, progname)
- char *v, *progname;
-{
- char *ret;
-
- if (asprintf(&ret, "%s(v%s)", progname, v) < 0)
- return progname;
- else
- return ret;
-}
-
-#ifdef HAVE_KRB524
-/* Convert krb5 tickets to krb4. */
-static int try_convert524(k5)
- struct k5_data* k5;
-{
- char * progname = progname_v524;
- krb5_error_code code = 0;
- int icode = 0;
- krb5_principal kpcserver = 0;
- krb5_creds *v5creds = 0;
- krb5_creds increds;
- CREDENTIALS v4creds;
-
- if (!got_k4 || !got_k5)
- return 0;
-
- memset((char *) &increds, 0, sizeof(increds));
- /*
- From this point on, we can goto cleanup because increds is
- initialized.
- */
-
- if ((code = krb5_build_principal(k5->ctx,
- &kpcserver,
- krb5_princ_realm(k5->ctx, k5->me)->length,
- krb5_princ_realm(k5->ctx, k5->me)->data,
- "krbtgt",
- krb5_princ_realm(k5->ctx, k5->me)->data,
- NULL))) {
- com_err(progname, code,
- "while creating service principal name");
- goto cleanup;
- }
-
- increds.client = k5->me;
- increds.server = kpcserver;
- /* Prevent duplicate free calls. */
- kpcserver = 0;
-
- increds.times.endtime = 0;
- increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- if ((code = krb5_get_credentials(k5->ctx, 0,
- k5->cc,
- &increds,
- &v5creds))) {
- com_err(progname, code,
- "getting V5 credentials");
- goto cleanup;
- }
- if ((icode = krb524_convert_creds_kdc(k5->ctx,
- v5creds,
- &v4creds))) {
- com_err(progname, icode,
- "converting to V4 credentials");
- goto cleanup;
- }
- /* this is stolen from the v4 kinit */
- /* initialize ticket cache */
- if ((icode = in_tkt(v4creds.pname, v4creds.pinst)
- != KSUCCESS)) {
- com_err(progname, icode,
- "trying to create the V4 ticket file");
- goto cleanup;
- }
- /* stash ticket, session key, etc. for future use */
- if ((icode = krb_save_credentials(v4creds.service,
- v4creds.instance,
- v4creds.realm,
- v4creds.session,
- v4creds.lifetime,
- v4creds.kvno,
- &(v4creds.ticket_st),
- v4creds.issue_date))) {
- com_err(progname, icode,
- "trying to save the V4 ticket");
- goto cleanup;
- }
-
- cleanup:
- memset(&v4creds, 0, sizeof(v4creds));
- if (v5creds)
- krb5_free_creds(k5->ctx, v5creds);
- increds.client = 0;
- krb5_free_cred_contents(k5->ctx, &increds);
- if (kpcserver)
- krb5_free_principal(k5->ctx, kpcserver);
- return !(code || icode);
-}
-#endif /* HAVE_KRB524 */
-
int
main(argc, argv)
int argc;
{
struct k_opts opts;
struct k5_data k5;
- struct k4_data k4;
- char *progname;
-
+ int authed_k5 = 0;
progname = GET_PROGNAME(argv[0]);
- progname_v5 = getvprogname("5", progname);
-#ifdef KRB5_KRB4_COMPAT
- progname_v4 = getvprogname("4", progname);
- progname_v524 = getvprogname("524", progname);
-#endif
/* Ensure we can be driven from a pipe */
if(!isatty(fileno(stdin)))
if(!isatty(fileno(stderr)))
setvbuf(stderr, 0, _IONBF, 0);
- /*
- This is where we would put in code to dynamically load Kerberos
- libraries. Currenlty, we just get them implicitly.
- */
- got_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
- got_k4 = 1;
-#endif
-
memset(&opts, 0, sizeof(opts));
opts.action = INIT_PW;
memset(&k5, 0, sizeof(k5));
- memset(&k4, 0, sizeof(k4));
set_com_err_hook (extended_com_err_fn);
- parse_options(argc, argv, &opts, progname);
-
- got_k5 = k5_begin(&opts, &k5, &k4);
- got_k4 = k4_begin(&opts, &k4);
+ parse_options(argc, argv, &opts);
- authed_k5 = k5_kinit(&opts, &k5);
-#ifdef HAVE_KRB524
- if (authed_k5)
- authed_k4 = try_convert524(&k5);
-#endif
- if (!authed_k4)
- authed_k4 = k4_kinit(&opts, &k4, k5.ctx);
-#ifdef KRB5_KRB4_COMPAT
- memset(stash_password, 0, sizeof(stash_password));
-#endif
+ if (k5_begin(&opts, &k5))
+ authed_k5 = k5_kinit(&opts, &k5);
if (authed_k5 && opts.verbose)
fprintf(stderr, "Authenticated to Kerberos v5\n");
- if (authed_k4 && opts.verbose)
- fprintf(stderr, "Authenticated to Kerberos v4\n");
k5_end(&k5);
- k4_end(&k4);
- if ((got_k5 && !authed_k5) || (got_k4 && !authed_k4) ||
- (!got_k5 && !got_k4))
+ if (!authed_k5)
exit(1);
return 0;
}
all-unix:: klist
##WIN32##all-windows:: $(KLIST)
-klist: klist.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ klist.o $(KRB4COMPAT_LIBS)
+klist: klist.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ klist.o $(KRB5_BASE_LIBS)
##WIN32##$(KLIST): $(OUTPRE)klist.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.lib $(SLIB) $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) -out:$@ $** ws2_32.lib $(SCLIB)
.SH NAME
klist \- list cached Kerberos tickets
.SH SYNOPSIS
-\fBklist\fP [\fB\-5\fP] [\fB\-4\fP] [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP]
+\fBklist\fP [\fB\-e\fP] [[\fB\-c\fP] [\fB\-f\fP]
[\fB\-s\fP] [\fB\-a\fP [\fB\-n\fP]]]
[\fB\-k\fP [\fB\-t\fP] [\fB\-K\fP]]
[\fIcache_name\fP | \fIkeytab_name\fP]
cache, or the keys held in a
.B keytab
file.
-If klist was built with Kerberos 4 support, the default behavior is to list
-both Kerberos 5 and Kerberos 4 credentials. Otherwise, klist will default
-to listing only Kerberos 5 credentials.
.SH OPTIONS
.TP
-.B \-5
-list Kerberos 5 credentials. This overrides whatever the default built-in
-behavior may be. This option may be used with
-.B \-4
-.
-.TP
-.B \-4
-list Kerberos 4 credentials. This overrides whatever the default built-in
-behavior may be. This option is only available if kinit was built
-with Kerberos 4 compatibility. This option may be used with
-.B \-5
-.
-.TP
.B \-e
displays the encryption types of the session key and the ticket for each
credential in the credential cache, or each key in the keytab file.
.TP "\w'.SM KRB5CCNAME\ \ 'u"
.SM KRB5CCNAME
Location of the Kerberos 5 credentials (ticket) cache.
-.TP "\w'.SM KRBTKFILE\ \ 'u"
-.SM KRBTKFILE
-Filename of the Kerberos 4 credentials (ticket) cache.
.SH FILES
.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
/tmp/krb5cc_[uid]
default location of Kerberos 5 credentials cache
([uid] is the decimal UID of the user).
-.TP "\w'/tmp/tkt[uid]\ \ 'u"
-/tmp/tkt[uid]
-default location of Kerberos 4 credentials cache
-([uid] is the decimal UID of the user).
.TP
/etc/krb5.keytab
default location for the local host's
#include "autoconf.h"
#include <krb5.h>
-#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
-#endif
#include <com_err.h>
#include <stdlib.h>
#ifdef HAVE_UNISTD_H
void one_addr (krb5_address *);
void fillit (FILE *, unsigned int, int);
-#ifdef KRB5_KRB4_COMPAT
-void do_v4_ccache (char *);
-#endif /* KRB5_KRB4_COMPAT */
-
#define DEFAULT 0
#define CCACHE 1
#define KEYTAB 2
-/*
- * The reason we start out with got_k4 and got_k5 as zero (false) is
- * so that we can easily add dynamic loading support for determining
- * whether Kerberos 4 and Keberos 5 libraries are available
- */
-
-static int got_k5 = 0;
-static int got_k4 = 0;
-
-static int default_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
-static int default_k4 = 1;
-#else
-static int default_k4 = 0;
-#endif
-
static void usage()
{
#define KRB_AVAIL_STRING(x) ((x)?"available":"not available")
- fprintf(stderr, "Usage: %s [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] %s",
+ fprintf(stderr, "Usage: %s [-e] [[-c] [-f] [-s] [-a [-n]]] %s",
progname, "[-k [-t] [-K]] [name]\n");
- fprintf(stderr, "\t-5 Kerberos 5 (%s)\n", KRB_AVAIL_STRING(got_k5));
- fprintf(stderr, "\t-4 Kerberos 4 (%s)\n", KRB_AVAIL_STRING(got_k4));
- fprintf(stderr, "\t (Default is %s%s%s%s)\n",
- default_k5?"Kerberos 5":"",
- (default_k5 && default_k4)?" and ":"",
- default_k4?"Kerberos 4":"",
- (!default_k5 && !default_k4)?"neither":"");
fprintf(stderr, "\t-c specifies credentials cache\n");
fprintf(stderr, "\t-k specifies keytab\n");
fprintf(stderr, "\t (Default is credentials cache)\n");
int c;
char *name;
int mode;
- int use_k5 = 0, use_k4 = 0;
-
- got_k5 = 1;
-#ifdef KRB5_KRB4_COMPAT
- got_k4 = 1;
-#endif
progname = GET_PROGNAME(argv[0]);
mode = KEYTAB;
break;
case '4':
- if (!got_k4)
- {
-#ifdef KRB5_KRB4_COMPAT
- fprintf(stderr, "Kerberos 4 support could not be loaded\n");
-#else
- fprintf(stderr, "This was not built with Kerberos 4 support\n");
-#endif
- exit(3);
- }
- use_k4 = 1;
+ fprintf(stderr, "Kerberos 4 is no longer supported\n");
+ exit(3);
break;
case '5':
- if (!got_k5)
- {
- fprintf(stderr, "Kerberos 5 support could not be loaded\n");
- exit(3);
- }
- use_k5 = 1;
break;
default:
usage();
name = (optind == argc-1) ? argv[optind] : 0;
- if (!use_k5 && !use_k4)
- {
- use_k5 = default_k5;
- use_k4 = default_k4;
- }
-
- if (!use_k5)
- got_k5 = 0;
- if (!use_k4)
- got_k4 = 0;
-
now = time(0);
{
char tmp[BUFSIZ];
timestamp_width = 15;
}
- if (got_k5)
{
krb5_error_code retval;
retval = krb5_init_context(&kcontext);
do_ccache(name);
else
do_keytab(name);
- } else {
-#ifdef KRB5_KRB4_COMPAT
- if (mode == DEFAULT || mode == CCACHE)
- do_v4_ccache(name);
- else {
- /* We may want to add v4 srvtab support */
- fprintf(stderr,
- "%s: srvtab option not supported for Kerberos 4\n",
- progname);
- exit(1);
- }
-#endif /* KRB4_KRB5_COMPAT */
}
return 0;
for (i=0; i<num; i++)
fputc(c, f);
}
-
-#ifdef KRB5_KRB4_COMPAT
-void
-do_v4_ccache(name)
- char * name;
-{
- char pname[ANAME_SZ];
- char pinst[INST_SZ];
- char prealm[REALM_SZ];
- char *file;
- int k_errno;
- CREDENTIALS c;
- int header = 1;
-
- if (!got_k4)
- return;
-
- file = name?name:tkt_string();
-
- if (status_only) {
- fprintf(stderr,
- "%s: exit status option not supported for Kerberos 4\n",
- progname);
- exit(1);
- }
-
- if (got_k5)
- printf("\n\n");
-
- printf("Kerberos 4 ticket cache: %s\n", file);
-
- /*
- * Since krb_get_tf_realm will return a ticket_file error,
- * we will call tf_init and tf_close first to filter out
- * things like no ticket file. Otherwise, the error that
- * the user would see would be
- * klist: can't find realm of ticket file: No ticket file (tf_util)
- * instead of
- * klist: No ticket file (tf_util)
- */
-
- /* Open ticket file */
- k_errno = tf_init(file, R_TKT_FIL);
- if (k_errno) {
- fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
- exit(1);
- }
- /* Close ticket file */
- (void) tf_close();
-
- /*
- * We must find the realm of the ticket file here before calling
- * tf_init because since the realm of the ticket file is not
- * really stored in the principal section of the file, the
- * routine we use must itself call tf_init and tf_close.
- */
- if ((k_errno = krb_get_tf_realm(file, prealm)) != KSUCCESS) {
- fprintf(stderr, "%s: can't find realm of ticket file: %s\n",
- progname, krb_get_err_text (k_errno));
- exit(1);
- }
-
- /* Open ticket file */
- if ((k_errno = tf_init(file, R_TKT_FIL))) {
- fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
- exit(1);
- }
- /* Get principal name and instance */
- if ((k_errno = tf_get_pname(pname)) ||
- (k_errno = tf_get_pinst(pinst))) {
- fprintf(stderr, "%s: %s\n", progname, krb_get_err_text (k_errno));
- exit(1);
- }
-
- /*
- * You may think that this is the obvious place to get the
- * realm of the ticket file, but it can't be done here as the
- * routine to do this must open the ticket file. This is why
- * it was done before tf_init.
- */
-
- printf("Principal: %s%s%s%s%s\n\n", pname,
- (pinst[0] ? "." : ""), pinst,
- (prealm[0] ? "@" : ""), prealm);
- while ((k_errno = tf_get_cred(&c)) == KSUCCESS) {
- if (header) {
- printf("%-18s %-18s %s\n",
- " Issued", " Expires", " Principal");
- header = 0;
- }
- printtime(c.issue_date);
- fputs(" ", stdout);
- printtime(krb_life_to_time(c.issue_date, c.lifetime));
- printf(" %s%s%s%s%s\n",
- c.service, (c.instance[0] ? "." : ""), c.instance,
- (c.realm[0] ? "@" : ""), c.realm);
- }
- if (header && k_errno == EOF) {
- printf("No tickets in file.\n");
- }
-}
-#endif /* KRB4_KRB5_COMPAT */
##WIN32##all-windows:: $(KVNO)
-kvno: kvno.o $(KRB4COMPAT_DEPLIBS)
- $(CC_LINK) -o $@ kvno.o $(KRB4COMPAT_LIBS)
+kvno: kvno.o $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o $@ kvno.o $(KRB5_BASE_LIBS)
##WIN32##$(KVNO): $(OUTPRE)kvno.obj $(BUILDTOP)\util\windows\$(OUTPRE)getopt.obj $(KLIB) $(CLIB) $(EXERES)
##WIN32## link $(EXE_LINKOPTS) /out:$@ $**
.SH NAME
kvno \- print key version numbers of Kerberos principals
.SH SYNOPSIS
-\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB\-4\fP\ |\ [\fB-c ccache\fP]\ [\fB\-e etype\fP]]
+\fBkvno\fP [\fB\-q\fP] [\fB\-h\fP] [\fB-c ccache\fP]\ [\fB\-e etype\fP]
\fBservice1\fP \fBservice2\fP \fB...\fP
.br
.SH DESCRIPTION
.B \-h
prints a usage statement and exits
.TP
-.B \-4
-specifies that Kerberos version 4 tickets should be acquired and
-described. This option is only available if Kerberos 4 support was
-enabled at compilation time.
-.TP
.B \-S sname
specifies that krb5_sname_to_principal() will be used to build
principal names. If this flag is specified, the
.TP "\w'.SM KRB5CCNAME\ \ 'u"
.SM KRB5CCNAME
Location of the credentials (ticket) cache.
-.TP
-.SM KRBTKFILE
-Location of the v4 ticket file.
.SH FILES
.TP "\w'/tmp/krb5cc_[uid]\ \ 'u"
/tmp/krb5cc_[uid]
default location of the credentials cache ([uid] is the decimal UID of
the user).
-.TP
-/tmp/tkt[uid]
-default location of the v4 ticket file.
.SH SEE ALSO
kinit(1), kdestroy(1), krb5(3)
static void xusage()
{
-#ifdef KRB5_KRB4_COMPAT
- fprintf(stderr,
- "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab] [-S sname]] service1 service2 ...\n",
- prog);
-#else
fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] [-S sname] service1 service2 ...\n",
prog);
-#endif
exit(1);
}
int quiet = 0;
-static void do_v4_kvno (int argc, char *argv[]);
static void do_v5_kvno (int argc, char *argv[],
char *ccachestr, char *etypestr, char *keytab_name,
char *sname);
int option;
char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL;
char *sname = NULL;
- int v4 = 0;
set_com_err_hook (extended_com_err_fn);
prog = strrchr(argv[0], '/');
prog = prog ? (prog + 1) : argv[0];
- while ((option = getopt(argc, argv, "c:e:hk:q4S:")) != -1) {
+ while ((option = getopt(argc, argv, "c:e:hk:qS:")) != -1) {
switch (option) {
case 'c':
ccachestr = optarg;
case 'q':
quiet = 1;
break;
- case '4':
- v4 = 1;
- break;
case 'S':
sname = optarg;
break;
if ((argc - optind) < 1)
xusage();
- if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4)
- xusage();
-
- if (sname != NULL && v4)
- xusage();
-
- if (v4)
- do_v4_kvno(argc - optind, argv + optind);
- else
- do_v5_kvno(argc - optind, argv + optind,
- ccachestr, etypestr, keytab_name, sname);
+ do_v5_kvno(argc - optind, argv + optind,
+ ccachestr, etypestr, keytab_name, sname);
return 0;
}
-#ifdef KRB5_KRB4_COMPAT
-#include <kerberosIV/krb.h>
-#endif
-static void do_v4_kvno (int count, char *names[])
-{
-#ifdef KRB5_KRB4_COMPAT
- int i;
-
- for (i = 0; i < count; i++) {
- int err;
- char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ];
- KTEXT_ST req;
- CREDENTIALS creds;
- *name = *inst = *realm = '\0';
- err = kname_parse (name, inst, realm, names[i]);
- if (err) {
- fprintf(stderr, "%s: error parsing name '%s': %s\n",
- prog, names[i], krb_get_err_text(err));
- exit(1);
- }
- if (realm[0] == 0) {
- err = krb_get_lrealm(realm, 1);
- if (err) {
- fprintf(stderr, "%s: error looking up local realm: %s\n",
- prog, krb_get_err_text(err));
- exit(1);
- }
- }
- err = krb_mk_req(&req, name, inst, realm, 0);
- if (err) {
- fprintf(stderr, "%s: krb_mk_req error: %s\n", prog,
- krb_get_err_text(err));
- exit(1);
- }
- err = krb_get_cred(name, inst, realm, &creds);
- if (err) {
- fprintf(stderr, "%s: krb_get_cred error: %s\n", prog,
- krb_get_err_text(err));
- exit(1);
- }
- if (!quiet)
- printf("%s: kvno = %d\n", names[i], creds.kvno);
- }
-#else
- xusage();
-#endif
-}
-
#include <krb5.h>
static krb5_context context;
static void extended_com_err_fn (const char *myprog, errcode_t code,