Remove Kerberos 4 support

INSTALL

@@ -25,18 +25,6 @@ by adding the option "--with-krb5=KRBPREFIX" to the configure line,
 where KRBPREFIX/include and KRBPREFIX/lib are the directories you
 have the Kerberos libraries installed in.
 
-If your site has a Kerberos 4 service, you can enable Kerberos 4 support
-by adding the option "--with-krb4=KRBPREFIX" to the configure line,
-where KRBPREFIX/include and KRBPREFIX/lib are the directories you
-have the Kerberos libraries installed in.  Note that this is
-deprecated, and should only be enabled for transitions.
-
-If you build with both krb5 and krb4, you will get a client that only
-knows how to authenticate with krb5 servers, but a server that can
-understand authentication from both krb4 and krb5 clients.
-
-If you want/need a krb4 client, you have to build without krb5.
-
 If you have a make which supports VPATH in a manner compatible with
 GNU make, you can build in a separate directory.  Simply invoke the
 configure script from within the build directory and configure will
@@ -52,12 +40,12 @@ to the configure line.
 If you have Hesiod and/or Kerberos installed such that you can't
 specify a single prefix for both include files and libraries, set the
 environment variables CPPFLAGS and LDFLAGS to include the relevant
-directories, and just configure with "--with-krb4" and
+directories, and just configure with "--with-krb5" and
 "--with-hesiod".  For instance (for a csh-like shell):
 
 	setenv CPPFLAGS "-I/opt/athena/include"
 	setenv LDFLAGS "-I/opt/athena/arch/sparc/lib"
-	./configure --with-hesiod --with-krb4
+	./configure --with-hesiod --with-krb5
 	make
 	make install
 

clients/zshutdown_notify/zshutdown_notify.c

@@ -30,10 +30,6 @@ static const char rcsid_zshutdown_notify_c[] =
 #define N_DEF_FORMAT	"From $sender:\n@bold(Shutdown message from $1 at $time)\n@center(System going down, message is:)\n\n$2\n\n@center(@bold($3))"
 #define N_FIELD_CNT	3
 
-#ifdef HAVE_KRB4
-#define SVC_NAME	"rcmd"
-#endif
-
 /*
  * Standard warning strings appended as extra fields to
  * the message body.
@@ -53,12 +49,6 @@ main(int argc,
     char msgbuff[BUFSIZ], message[Z_MAXPKTLEN], *ptr;
     char scratch[BUFSIZ];
     char *msg[N_FIELD_CNT];
-#ifdef HAVE_KRB4
-    char tkt_filename[MAXPATHLEN];
-    char rlm[REALM_SZ];
-    char hn2[NS_MAXDNAME];
-    char *cp;
-#endif
 
     if (gethostname(hostname, sizeof(hostname)) < 0) {
 	com_err(argv[0], errno, "while finding hostname");
@@ -73,33 +63,6 @@ main(int argc,
     sprintf(scratch, warning, hostname);
     msg[2] = scratch;
 
-#ifdef HAVE_KRB4
-    (void) sprintf(tkt_filename, "/tmp/tkt_zshut_%d", getpid());
-    krb_set_tkt_string(tkt_filename);
-
-    cp = krb_get_phost(hostname);
-    if (cp)
-	(void) strcpy(hn2, cp);
-    else {
-	fprintf(stderr, "%s: can't figure out canonical hostname\n",argv[0]);
-	exit(1);
-    }
-    retval = krb_get_lrealm(rlm, 1);
-    if (retval) {
-	fprintf(stderr, "%s: can't get local realm: %s\n",
-		argv[0], krb_get_err_text(retval));
-	exit(1);
-    }
-    retval = krb_get_svc_in_tkt(SVC_NAME, hn2, rlm,
-				SERVER_SERVICE, SERVER_INSTANCE, 1,
-				(char *)KEYFILE);
-    if (retval) {
-	fprintf(stderr, "%s: can't get tickets: %s\n",
-		argv[0], krb_get_err_text(retval));
-	exit(1);
-    }
-#endif
-
     if ((retval = ZInitialize()) != ZERR_NONE) {
 	com_err(argv[0], retval, "while initializing");
 	exit(1);
@@ -131,9 +94,6 @@ main(int argc,
     notice.z_default_format = N_DEF_FORMAT;
 
     retval = ZSendList(&notice, msg, N_FIELD_CNT, ZAUTH);
-#ifdef HAVE_KRB4
-    (void) dest_tkt();
-#endif
 
     if (retval != ZERR_NONE) {
 	com_err(argv[0], retval, "while sending notice");

configure.ac

@@ -114,34 +114,6 @@ AC_SUBST(LIBICONV)
 AC_CHECK_LIB(curses, tgetstr, [TLIB=-lcurses], [TLIB=-ltermcap])
 AC_SUBST(TLIB)
 
-AC_ARG_WITH(krb4,
-	[  --with-krb4=PREFIX      Use Kerberos 4],
-	[krb4="$withval"], [krb4=no])
-if test "$krb4" != no; then
-	AC_CHECK_FUNC(gethostbyname, :, AC_CHECK_LIB(nsl, gethostbyname))
-	AC_CHECK_FUNC(socket, :, AC_CHECK_LIB(socket, socket))
-	AC_CHECK_LIB(gen, compile)
-	if test "$krb4" != yes; then
-	   CPPFLAGS="$CPPFLAGS -I$krb4/include"
-	   if test -d "$krb4/include/kerberosIV"; then
-	      CPPFLAGS="$CPPFLAGS -I$krb4/include/kerberosIV"
-	   fi
-	   LDFLAGS="$LDFLAGS -L$krb4/lib"
-	fi
-	AC_CHECK_LIB(krb4, krb_rd_req,
-	     [KRB4_LIBS="-lkrb4 -ldes425 -lkrb5 -lk5crypto -lcom_err"],
-	     [AC_CHECK_LIB(des, des_quad_cksum,
-			   [KRB4_DES_LIBS="-ldes"],,,)
-	     AC_CHECK_LIB(krb, krb_rd_req,
-			   [KRB4_LIBS="-lkrb $KRB4_DES_LIBS"],
-			   [AC_MSG_ERROR(Kerberos 4 libraries not found)],
-			   $KRB4_DES_LIBS)],
-	     -ldes425 -lkrb5 -lk5crypto -lcom_err)
-	AC_DEFINE(HAVE_KRB4, 1, [Define to compile with Kerberos support.])
-	LIBZEPHYR_LIBS="$LIBZEPHYR_LIBS $KRB4_LIBS"
-fi
-AC_SUBST(KRB4_LIBS)
-
 AC_ARG_WITH(krb5,
 	    [  --with-krb5=PREFIX      Use Kerberos 5],
 	    [krb5="$withval"], [krb5=no])
@@ -249,7 +221,7 @@ fi
 AC_SUBST(SS_LIBS)
 AC_SUBST(SS_OBJS)
 
-LIBS="$KRB5_LIBS $KRB4_LIBS $LIBS"
+LIBS="$KRB5_LIBS $LIBS"
 
 dnl Checks for library functions.
 #XXX more looking for res_send

h/internal.h

@@ -6,11 +6,6 @@
 #include <zephyr/zephyr.h>
 #include <netdb.h>
 
-#ifdef HAVE_KRB4
-#include <krb.h>
-#include <krb_err.h>
-#endif
-
 #ifdef HAVE_KRB5
 #include <krb5.h>
 #endif
@@ -181,9 +176,6 @@ unsigned long z_quad_cksum(const unsigned char *, uint32_t *, long,
 			   int, unsigned char *);
 Code_t ZFormatAuthenticNoticeV5(ZNotice_t*, char*, int, int*, krb5_keyblock *);
 #endif
-#ifdef HAVE_KRB4
-Code_t ZFormatAuthenticNotice(ZNotice_t*, char*, int, int*, C_Block);
-#endif
 
 #ifdef HAVE_KRB5_CREDS_KEYBLOCK_ENCTYPE
 #define Z_keydata(keyblock)	((keyblock)->contents)

h/sysdep.h

@@ -159,17 +159,6 @@ ZEPHYR_INT32 gethostid();
 #include <termios.h>
 
 /* Kerberos compatibility. */
-#ifdef HAVE_KRB4
-# include <krb.h>
-# include <krb_err.h>
-# include <des.h>
-# ifndef HAVE_KRB_GET_ERR_TEXT
-#  define krb_get_err_text(n)	krb_err_txt[n]
-# endif
-# ifndef HAVE_KRB_LOG
-#  define krb_log		log
-# endif
-#endif
 
 #ifdef HAVE_SYS_UTSNAME_H
 # include <sys/utsname.h>

lib/ZCkAuth.c

@@ -33,35 +33,5 @@ Code_t
 ZCheckAuthentication(ZNotice_t *notice,
 		     struct sockaddr_in *from)
 {
-#if defined(HAVE_KRB4) && !defined(HAVE_KRB5)
-    int result;
-    ZChecksum_t our_checksum;
-    C_Block *session;
-    CREDENTIALS cred;
-
-    /* If the value is already known, return it. */
-    if (notice->z_checked_auth != ZAUTH_UNSET)
-	return (notice->z_checked_auth);
-
-    if (!notice->z_auth)
-	return (ZAUTH_NO);
-
-    if ((result = krb_get_cred(SERVER_SERVICE, SERVER_INSTANCE, 
-			       __Zephyr_realm, &cred)) != 0)
-	return (ZAUTH_NO);
-
-    session = (C_Block *)cred.session;
-
-    our_checksum = des_quad_cksum((unsigned char *)notice->z_packet,
-				  NULL, 
-				  notice->z_default_format+
-				  strlen(notice->z_default_format) + 1
-				  - notice->z_packet,
-				  0, session);
-
-    /* if mismatched checksum, then the packet was corrupted */
-    return ((our_checksum == notice->z_checksum) ? ZAUTH_YES : ZAUTH_FAILED);
-#else
     return ZCheckZcodeAuthentication(notice, from);
-#endif
 } 

lib/ZExpnRlm.c

@@ -26,7 +26,6 @@ ZExpandRealm(char *realm)
 	result = krb5_free_host_realm(Z_krb5_ctx, list_realms);
 	return expand;
 #else
-#ifndef HAVE_KRB4
         struct hostent *he;
 
         he = gethostbyname(realm);
@@ -44,58 +43,5 @@ ZExpandRealm(char *realm)
         *cp1 = '\0';
 
         return(expand);
-#else
-	int retval;
-	FILE *rlm_file;
-	char krb_host[NS_MAXDNAME + 1];
-        static char krb_realm[REALM_SZ+1];
-	char linebuf[BUFSIZ];
-	char scratch[64];
-
-/* upcase what we got */
-	cp2 = realm;
-        cp1 = expand;
-        while (*cp2) {
-                *cp1++ = toupper(*cp2++);
-        }
-        *cp1 = '\0';
-
-	if ((rlm_file = fopen("/etc/krb.conf", "r")) == (FILE *) 0) {
-                return(expand);
-        }
-
-	if (fgets(linebuf, BUFSIZ, rlm_file) == NULL) {
-	  /* error reading */
-	  (void) fclose(rlm_file);
-	  return(expand);
-	}
-
-	if (sscanf(linebuf, "%s", krb_realm) < 1) {
-	  /* error reading */
-	  (void) fclose(rlm_file);
-	  return(expand);
-	}
-
-	if (!strncmp(krb_realm, expand, strlen(expand))) {
-	  (void) fclose(rlm_file);
-	  return(krb_realm);
-	}
-
-	while (1) {
-	  /* run through the file, looking for admin host */
-	  if (fgets(linebuf, BUFSIZ, rlm_file) == NULL) {
-            (void) fclose(rlm_file);
-            return(expand);
-	  }
-
-	  if (sscanf(linebuf, "%s %s admin %s", krb_realm, krb_host, scratch)
-	      < 2)
-            continue;
-	  if (!strncmp(krb_realm, expand, strlen(expand))) {
-	    (void) fclose(rlm_file);
-	    return(krb_realm);
-	  }
-	}
-#endif /* HAVE_KRB4 */
 #endif
 }

lib/ZFmtAuth.c

@@ -16,50 +16,6 @@ static const char rcsid_ZFormatAuthenticNotice_c[] = "$Id$";
 
 #include <internal.h>
 
-#ifdef HAVE_KRB4
-Code_t
-ZFormatAuthenticNotice(ZNotice_t *notice,
-		       char *buffer,
-		       int buffer_len,
-		       int *len,
-		       C_Block session)
-{
-    ZNotice_t newnotice;
-    char *ptr;
-    int retval, hdrlen;
-
-    newnotice = *notice;
-    newnotice.z_auth = 1;
-    newnotice.z_authent_len = 0;
-    newnotice.z_ascii_authent = "";
-
-    if ((retval = Z_FormatRawHeader(&newnotice, buffer, buffer_len,
-				    &hdrlen, &ptr, NULL)) != ZERR_NONE)
-	return (retval);
-
-    newnotice.z_checksum =
-	(ZChecksum_t)des_quad_cksum((void *)buffer, NULL, ptr - buffer, 0, (C_Block *)session);
-
-    if ((retval = Z_FormatRawHeader(&newnotice, buffer, buffer_len,
-				    &hdrlen, NULL, NULL)) != ZERR_NONE)
-	return (retval);
-
-    ptr = buffer+hdrlen;
-
-    if (newnotice.z_message_len+hdrlen > buffer_len)
-	return (ZERR_PKTLEN);
-
-    (void) memcpy(ptr, newnotice.z_message, newnotice.z_message_len);
-
-    *len = hdrlen+newnotice.z_message_len;
-
-    if (*len > Z_MAXPKTLEN)
-	return (ZERR_PKTLEN);
-
-    return (ZERR_NONE);
-}
-#endif
-
 #ifdef HAVE_KRB5
 Code_t
 ZFormatAuthenticNoticeV5(ZNotice_t *notice,
@@ -73,30 +29,13 @@ ZFormatAuthenticNoticeV5(ZNotice_t *notice,
     int retval, hdrlen, hdr_adj;
     krb5_enctype enctype;
     krb5_cksumtype cksumtype;
-#ifdef HAVE_KRB4
-    int key_len;
-#endif
     char *cksum_start, *cstart, *cend;
     int cksum_len;
 
-#ifdef HAVE_KRB4
-    key_len = Z_keylen(keyblock);
-#endif
     retval = Z_ExtractEncCksum(keyblock, &enctype, &cksumtype);
     if (retval)
 	return (ZAUTH_FAILED);
 
-#ifdef HAVE_KRB4
-    if (key_len == 8 && (enctype == (krb5_enctype)ENCTYPE_DES_CBC_CRC ||
-                         enctype == (krb5_enctype)ENCTYPE_DES_CBC_MD4 ||
-                         enctype == (krb5_enctype)ENCTYPE_DES_CBC_MD5)) {
-         C_Block tmp;
-         memcpy(&tmp, Z_keydata(keyblock), key_len);
-         return ZFormatAuthenticNotice(notice, buffer, buffer_len, len,
-                                       tmp);
-    }
-#endif
-
     newnotice = *notice;
     newnotice.z_auth = 1;
     newnotice.z_authent_len = 0;

lib/ZGetSender.c

@@ -29,10 +29,6 @@ ZGetSender(void)
     krb5_principal principal;
     char *prname;
     int result;
-#else    
-#ifdef HAVE_KRB4
-    char pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
-#endif 
 #endif
 
     /* Return it if already cached */
@@ -52,17 +48,6 @@ ZGetSender(void)
       }
       krb5_cc_close(Z_krb5_ctx, ccache);
     } 
-#else
-#ifdef HAVE_KRB4
-    if (krb_get_tf_fullname((char *)TKT_FILE, pname, pinst, prealm) == KSUCCESS)
-    {
-        sender = malloc(ANAME_SZ+INST_SZ+REALM_SZ+3);
-	if (sender)
-	  (void) sprintf(sender, "%s%s%s@%s", pname, (pinst[0]?".":""),
-			 pinst, prealm);
-	return (sender);
-    }
-#endif
 #endif
 
     /* XXX a uid_t is a u_short (now),  but getpwuid