Remove the set_master_key and get_master_key DAL interfaces and their
authorGreg Hudson <ghudson@mit.edu>
Fri, 2 Jul 2010 17:13:40 +0000 (17:13 +0000)
committerGreg Hudson <ghudson@mit.edu>
Fri, 2 Jul 2010 17:13:40 +0000 (17:13 +0000)
corresponding libkdb5 APIs, as they were not productively used.  In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.

ticket: 6749
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970

18 files changed:
src/include/kdb.h
src/kadmin/dbutil/kdb5_util.c
src/kadmin/server/ovsec_kadmd.c
src/kdc/main.c
src/lib/kadm5/srv/libkadm5srv_mit.exports
src/lib/kdb/kdb5.c
src/lib/kdb/kdb_default.c
src/lib/kdb/libkdb5.exports
src/plugins/kdb/db2/db2_exp.c
src/plugins/kdb/db2/kdb_db2.c
src/plugins/kdb/db2/kdb_db2.h
src/plugins/kdb/ldap/ldap_exp.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports

index e8e82eb5b8a2f4cab7c41fe8d95e9b8e20a505ae..31f2b1350996461dbaf4ae9c6cb071c6f5b02d02 100644 (file)
@@ -447,13 +447,6 @@ krb5_error_code krb5_db_iterate ( krb5_context kcontext,
                                   char *match_entry,
                                   int (*func) (krb5_pointer, krb5_db_entry *),
                                   krb5_pointer func_arg );
-krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
-                                             char *pwd,
-                                             krb5_keyblock *key );
-krb5_error_code krb5_db_set_mkey ( krb5_context context,
-                                   krb5_keyblock *key);
-krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key );
 
 krb5_error_code krb5_db_set_mkey_list( krb5_context context,
                                        krb5_keylist_node * keylist);
@@ -736,16 +729,9 @@ krb5_def_fetch_mkey_list( krb5_context            context,
                           krb5_kvno             mkvno,
                           krb5_keylist_node  **mkeys_list);
 
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
-                                   char *pwd,
-                                   krb5_keyblock *key );
-
 krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node *keylist );
 
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key );
-
 krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node **keylist );
 
@@ -1146,26 +1132,6 @@ typedef struct _kdb_vftabl {
      */
     void (*db_free)(krb5_context kcontext, void *ptr);
 
-    /*
-     * Optional with default: Inform the module of the master key.  The module
-     * may remember an alias to the provided memory.  This function is called
-     * at startup by the KDC and kadmind; both supply a NULL pwd argument.  The
-     * module should not need to use a remembered master key value, so current
-     * modules do nothing with it besides return it from get_master_key, which
-     * is never used.  The default implementation does nothing.
-     */
-    krb5_error_code (*set_master_key)(krb5_context kcontext, char *pwd,
-                                      krb5_keyblock *key);
-
-    /*
-     * Optional with default: Retrieve an alias to the master keyblock as
-     * previously set by set_master_key.  This function is not used.  The
-     * default implementation returns success without modifying *key, which
-     * would be an invalid implementation if it were ever used.
-     */
-    krb5_error_code (*get_master_key)(krb5_context kcontext,
-                                      krb5_keyblock **key);
-
     /*
      * Optional with default: Inform the module of the master key.  The module
      * may remember an alias to the provided memory.  This function is called
index 05db437b320005692db106ed54af7fdf9a920408..035a8c0ff5a467576f7a490fb1a4e3b84bb5b4d1 100644 (file)
@@ -106,7 +106,7 @@ void usage()
     exit(1);
 }
 
-extern krb5_keyblock master_keyblock;
+krb5_keyblock master_keyblock;
 krb5_kvno   master_kvno; /* fetched */
 extern krb5_keylist_node *master_keylist;
 extern krb5_principal master_princ;
index 417363794ce8d16d799f18a269cc9ad04eb3033b..6d25a0fab9f70fcc9a14757f4e64dcfb8480ed2a 100644 (file)
@@ -89,7 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
 gss_name_t gss_kadmin_name = NULL;
 void *global_server_handle;
 
-extern krb5_keyblock master_keyblock;
 extern krb5_keylist_node  *master_keylist;
 
 char *build_princ_name(char *name, char *realm);
@@ -431,12 +430,7 @@ int main(int argc, char *argv[])
         krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context.");
         goto kterr;
     }
-    /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */
-    ret = krb5_db_set_mkey(hctx, &master_keyblock);
-    if (ret) {
-        krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
-        goto kterr;
-    }
+    /* XXX master_keylist is in guts of lib/kadm5/server_kdb.c */
     ret = krb5_db_set_mkey_list(hctx, master_keylist);
     if (ret) {
         krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");
index 7cc64b80957b7a3dbf23e78faa9f7f43b4f86be9..c3270a9694172245c5ef0c37f23cc9add99401b2 100644 (file)
@@ -448,11 +448,6 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname,
         goto whoops;
     }
 
-    if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
-        kdc_err(rdp->realm_context, kret,
-                "while setting master key for realm %s", realm);
-        goto whoops;
-    }
     kret = krb5_db_set_mkey_list(rdp->realm_context, rdp->mkey_list);
     if (kret) {
         kdc_err(rdp->realm_context, kret,
index 7ba5c1a91c3cc517f0170ea8764e1e8e2771031e..fa8d69c51c265ec08b36d7b82db2dbf17542ae9c 100644 (file)
@@ -84,7 +84,6 @@ krb5_string_to_flags
 krb5_string_to_keysalts
 krb5_match_config_pattern
 master_db
-master_keyblock
 master_keylist
 master_princ
 osa_free_princ_ent
index 2be54c4acc637e081f630ca6928cdd55ea1ded28..bfcdbd6af97b3f9746defffb954e4db6fb1e13b9 100644 (file)
@@ -246,12 +246,8 @@ clean_n_exit:
 static void
 kdb_setup_opt_functions(db_library lib)
 {
-    if (lib->vftabl.set_master_key == NULL)
-        lib->vftabl.set_master_key = kdb_def_set_mkey;
     if (lib->vftabl.set_master_key_list == NULL)
         lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
-    if (lib->vftabl.get_master_key == NULL)
-        lib->vftabl.get_master_key = kdb_def_get_mkey;
     if (lib->vftabl.get_master_key_list == NULL)
         lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
     if (lib->vftabl.fetch_master_key == NULL)
@@ -1077,25 +1073,6 @@ krb5_db_iterate(krb5_context kcontext,
     return v->db_iterate(kcontext, match_entry, func, func_arg);
 }
 
-krb5_error_code
-krb5_db_set_master_key_ext(krb5_context kcontext,
-                           char *pwd, krb5_keyblock * key)
-{
-    krb5_error_code status = 0;
-    kdb_vftabl *v;
-
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        return status;
-    return v->set_master_key(kcontext, pwd, key);
-}
-
-krb5_error_code
-krb5_db_set_mkey(krb5_context context, krb5_keyblock * key)
-{
-    return krb5_db_set_master_key_ext(context, NULL, key);
-}
-
 krb5_error_code
 krb5_db_set_mkey_list(krb5_context kcontext,
                       krb5_keylist_node * keylist)
@@ -1109,18 +1086,6 @@ krb5_db_set_mkey_list(krb5_context kcontext,
     return v->set_master_key_list(kcontext, keylist);
 }
 
-krb5_error_code
-krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
-{
-    krb5_error_code status = 0;
-    kdb_vftabl *v;
-
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        return status;
-    return v->get_master_key(kcontext, key);
-}
-
 krb5_error_code
 krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist)
 {
index 225a5074e187dc4e4967b261dfb9cf5c2bbbe4b4..545d5036023e6fff850fe9b55eb384172768298b 100644 (file)
@@ -617,21 +617,6 @@ clean_n_exit:
     return retval;
 }
 
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
-                                   char *pwd,
-                                   krb5_keyblock *key )
-{
-    /* printf("default set master key\n"); */
-    return 0;
-}
-
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key )
-{
-    /* printf("default get master key\n"); */
-    return 0;
-}
-
 krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node *keylist )
 {
index 8f0644beffc5cd1b78e66169c0eb5f7b2177ae83..c9880982dd2c2a46ecdc1f753cc24b96f5a90f7a 100644 (file)
@@ -13,7 +13,6 @@ krb5_db_fini
 krb5_db_free_principal
 krb5_db_get_age
 krb5_db_get_key_data_kvno
-krb5_db_get_mkey
 krb5_db_get_mkey_list
 krb5_db_get_context
 krb5_db_get_principal
@@ -23,7 +22,6 @@ krb5_db_iterate
 krb5_db_lock
 krb5_db_put_principal
 krb5_db_set_context
-krb5_db_set_mkey
 krb5_db_set_mkey_list
 krb5_db_setup_mkey_name
 krb5_db_unlock
index 174c60aa828c81d1cc434f236ed6db4e8185bc3f..74963cdd8ade063981cdab6f7498b9087dfa6890 100644 (file)
@@ -174,13 +174,6 @@ WRAP_VOID (krb5_db2_free_policy,
            ( krb5_context kcontext, osa_policy_ent_t entry ),
            (kcontext, entry));
 
-WRAP_K (krb5_db2_set_master_key_ext,
-        ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
-        (kcontext, pwd, key));
-WRAP_K (krb5_db2_db_get_mkey,
-        ( krb5_context context, krb5_keyblock **key),
-        (context, key));
-
 WRAP_K (krb5_db2_db_set_mkey_list,
         ( krb5_context kcontext, krb5_keylist_node *keylist),
         (kcontext, keylist));
@@ -251,8 +244,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = {
     /* db_free_policy */                         wrap_krb5_db2_free_policy,
     /* db_alloc */                               krb5_db2_alloc,
     /* db_free */                                krb5_db2_free,
-    /* set_master_key */                         wrap_krb5_db2_set_master_key_ext,
-    /* get_master_key */                         wrap_krb5_db2_db_get_mkey,
     /* set_master_key_list */                    wrap_krb5_db2_db_set_mkey_list,
     /* get_master_key_list */                    wrap_krb5_db2_db_get_mkey_list,
     /* blah blah blah */ 0,0,0,0,0,0,0,0,
index 9c73c12dbcf2817a0e29f686ea31c521ee614688..684fcd99c4ec96fc70abd21f3d3db25f8468d8c5 100644 (file)
@@ -438,36 +438,6 @@ krb5_db2_db_fini(krb5_context context)
     return retval;
 }
 
-/*
- * Set/Get the master key associated with the database
- */
-krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key)
-{
-    krb5_db2_context *db_ctx;
-
-    if (!k5db2_inited(context))
-        return (KRB5_KDB_DBNOTINITED);
-
-    db_ctx = context->dal_handle->db_context;
-    db_ctx->db_master_key = key;
-    return 0;
-}
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key)
-{
-    krb5_db2_context *db_ctx;
-
-    if (!k5db2_inited(context))
-        return (KRB5_KDB_DBNOTINITED);
-
-    db_ctx = context->dal_handle->db_context;
-    *key = db_ctx->db_master_key;
-
-    return 0;
-}
-
 krb5_error_code
 krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
 {
@@ -1333,13 +1303,6 @@ krb5_db2_destroy(krb5_context context, char *conf_section, char **db_args)
     return destroy_db(context, db_ctx->db_name);
 }
 
-krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context context,
-                            char *pwd, krb5_keyblock * key)
-{
-    return krb5_db2_db_set_mkey(context, key);
-}
-
 void   *
 krb5_db2_alloc(krb5_context context, void *ptr, size_t size)
 {
index 7b4fcf405b17e6eb6bb481b61ed48015ca225e16..2c954487a968d154e7fd8f73d61550c2d1da0361 100644 (file)
@@ -43,7 +43,6 @@ typedef struct _krb5_db2_context {
     int                 db_locks_held;  /* Number of times locked       */
     int                 db_lock_mode;   /* Last lock mode, e.g. greatest*/
     krb5_boolean        db_nb_locks;    /* [Non]Blocking lock modes     */
-    krb5_keyblock      *db_master_key; /* Master key of database */
     krb5_keylist_node *db_master_key_list;  /* Master key list of database */
     osa_adb_policy_t    policy_db;
     krb5_boolean        tempdb;
@@ -80,16 +79,6 @@ krb5_boolean krb5_db2_db_set_lockmode(krb5_context, krb5_boolean);
 krb5_error_code krb5_db2_db_open_database(krb5_context);
 krb5_error_code krb5_db2_db_close_database(krb5_context);
 
-krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd,
-                            krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key);
-
 krb5_error_code
 krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist);
 
index 4d3b24929db5431f97a9a14b6e21b6abd1e2fc8d..1846d9240dd1cb77efeb4b25e94335451902feb5 100644 (file)
@@ -72,8 +72,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = {
     /* db_alloc */                          krb5_ldap_alloc,
     /* db_free */                           krb5_ldap_free,
     /* optional functions */
-    /* set_master_key */                    krb5_ldap_set_mkey,
-    /* get_master_key */                    krb5_ldap_get_mkey,
     /* set_master_key_list */               krb5_ldap_set_mkey_list,
     /* get_master_key_list */               krb5_ldap_get_mkey_list,
     /* setup_master_key_name */             NULL,
index d96ce0fb1ed2d142ed96c8976799db31158003ca..eb3dec74bd745338a410a4a5e03bc7776f81742e 100644 (file)
@@ -130,7 +130,9 @@ extern kadm5_config_params global_params;
 
 static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
 static int kdb_ldap_create_principal (krb5_context context, krb5_principal
-                                      princ, enum ap_op op, struct realm_info *pblock);
+                                      princ, enum ap_op op,
+                                      struct realm_info *pblock,
+                                      const krb5_keyblock *master_keyblock);
 
 
 static char *strdur(time_t duration);
@@ -511,15 +513,6 @@ kdb5_ldap_create(int argc, char *argv[])
         mkey_password = pw_str;
     }
 
-    rparams->mkey.enctype = global_params.enctype;
-    /* We are sure that 'mkey_password' is a regular string ... */
-    rparams->mkey.length = strlen(mkey_password) + 1;
-    rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
-    if (rparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
-    }
-
     rparams->realm_name = strdup(global_params.realm);
     if (rparams->realm_name == NULL) {
         retval = ENOMEM;
@@ -646,7 +639,7 @@ kdb5_ldap_create(int argc, char *argv[])
             goto err_nomsg;
         }
 
-        retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+        retval = krb5_c_string_to_key(util_context, global_params.enctype,
                                       &pwd, &master_salt, &master_keyblock);
 
         if (master_salt.data)
@@ -659,17 +652,6 @@ kdb5_ldap_create(int argc, char *argv[])
 
     }
 
-    rblock.key = &master_keyblock;
-    ldap_context->lrparams->mkey = master_keyblock;
-    ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
-        (master_keyblock.length);
-    if (ldap_context->lrparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
-    }
-    memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
-            master_keyblock.length);
-
     /* Create special principals inside the realm subtree */
     {
         char princ_name[MAX_PRINC_SIZE];
@@ -695,14 +677,18 @@ kdb5_ldap_create(int argc, char *argv[])
 
         /* Create 'K/M' ... */
         rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
-        if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, master_princ,
+                                                MASTER_KEY, &rblock,
+                                                &master_keyblock))) {
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
         }
 
         /* Create 'krbtgt' ... */
         rblock.flags = 0; /* reset the flags */
-        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ,
+                                                TGT_KEY, &rblock,
+                                                &master_keyblock))) {
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
         }
@@ -715,7 +701,8 @@ kdb5_ldap_create(int argc, char *argv[])
         }
         rblock.max_life = ADMIN_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -731,7 +718,8 @@ kdb5_ldap_create(int argc, char *argv[])
         rblock.max_life = CHANGEPW_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
             KRB5_KDB_PWCHANGE_SERVICE;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -746,7 +734,8 @@ kdb5_ldap_create(int argc, char *argv[])
         }
         rblock.max_life = global_params.max_life;
         rblock.flags = 0;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -775,7 +764,8 @@ kdb5_ldap_create(int argc, char *argv[])
 
         rblock.max_life = ADMIN_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -2352,7 +2342,8 @@ kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr)
  */
 static int
 kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
-                          enum ap_op op, struct realm_info *pblock)
+                          enum ap_op op, struct realm_info *pblock,
+                          const krb5_keyblock *master_keyblock)
 {
     int              retval=0, currlen=0, princtype = 2 /* Service Principal */;
     unsigned char    *curr=NULL;
@@ -2450,8 +2441,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
                 goto cleanup;
             }
             kvno = 1; /* New key is getting set */
-            retval = krb5_dbekd_encrypt_key_data(context,
-                                                 &ldap_context->lrparams->mkey,
+            retval = krb5_dbekd_encrypt_key_data(context, master_keyblock,
                                                  &key, NULL, kvno,
                                                  &entry.key_data[entry.n_key_data - 1]);
             krb5_free_keyblock_contents(context, &key);
@@ -2488,8 +2478,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
         entry.n_key_data++;
         kvno = 1; /* New key is getting set */
         retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-                                             &ldap_context->lrparams->mkey,
-                                             NULL, kvno,
+                                             master_keyblock, NULL, kvno,
                                              &entry.key_data[entry.n_key_data - 1]);
         if (retval) {
             goto cleanup;
index 168abdfb64808d1c918d1f4412250cc06e0a9dcd..72e25458775554da3d9708f6902ba26a79329846 100644 (file)
@@ -264,11 +264,6 @@ krb5_ldap_alloc( krb5_context kcontext,  void *ptr, size_t size );
 
 void
 krb5_ldap_free( krb5_context kcontext, void *ptr );
-krb5_error_code
-krb5_ldap_get_mkey(krb5_context, krb5_keyblock **);
-
-krb5_error_code
-krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *);
 
 krb5_error_code
 krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list);
index ca4fc7de657ff3a810858c2a351d666bccf2ca11..a61ebfcdf2f23e1bf56b84a4de2b3159038e555f 100644 (file)
 #include "ldap_main.h"
 #include "kdb_ldap.h"
 
-/*
- * get the master key from the database specific context
- */
-
-krb5_error_code
-krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key)
-{
-    kdb5_dal_handle             *dal_handle=NULL;
-    krb5_ldap_context           *ldap_context=NULL;
-
-    /* Clear the global error string */
-    krb5_clear_error_message(context);
-
-    dal_handle = context->dal_handle;
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
-    if (ldap_context == NULL || ldap_context->lrparams == NULL)
-        return KRB5_KDB_DBNOTINITED;
-
-    *key = &ldap_context->lrparams->mkey;
-    return 0;
-}
-
-
-/*
- * set the master key into the database specific context
- */
-
-krb5_error_code
-krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key)
-{
-    kdb5_dal_handle             *dal_handle=NULL;
-    krb5_ldap_context           *ldap_context=NULL;
-    krb5_ldap_realm_params      *r_params = NULL;
-
-    /* Clear the global error string */
-    krb5_clear_error_message(context);
-
-    dal_handle = context->dal_handle;
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
-    if (ldap_context == NULL || ldap_context->lrparams == NULL)
-        return KRB5_KDB_DBNOTINITED;
-
-    r_params = ldap_context->lrparams;
-
-    if (r_params->mkey.contents) {
-        free (r_params->mkey.contents);
-        r_params->mkey.contents=NULL;
-    }
-
-    r_params->mkey.magic = key->magic;
-    r_params->mkey.enctype = key->enctype;
-    r_params->mkey.length = key->length;
-    r_params->mkey.contents = malloc(key->length);
-    if (r_params->mkey.contents == NULL)
-        return ENOMEM;
-
-    memcpy(r_params->mkey.contents, key->contents, key->length);
-    return 0;
-}
-
 krb5_error_code
 krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
 {
index 7096c0b230f0ccb6a327334492fe67594bd5df72..81df6292cd444ae5e20645303d227c3ff9a10b21 100644 (file)
@@ -1458,11 +1458,6 @@ krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams)
             krb5_xfree(rparams->tl_data);
         }
 
-        if (rparams->mkey.contents) {
-            memset(rparams->mkey.contents, 0, rparams->mkey.length);
-            krb5_xfree(rparams->mkey.contents);
-        }
-
         krb5_xfree(rparams);
     }
     return;
index dcb3fcb3dcc0eb15c46c9a98ff98cf0d6970374f..6b54354956142f0d620f8ae3e05fdc0f4685a170 100644 (file)
@@ -68,7 +68,6 @@ typedef struct _krb5_ldap_realm_params {
     char          **adminservers;
     char          **passwdservers;
     krb5_tl_data  *tl_data;
-    krb5_keyblock mkey;
     krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
     long          mask;
 } krb5_ldap_realm_params;
index 97ff385e72d420bf5501415391ef3dad6d6ddd3d..0e8c081509c94eaf0223729bed3fd432d03b7b7f 100644 (file)
@@ -37,14 +37,10 @@ krb5_ldap_free_server_context_params
 krb5_ldap_free_krbcontainer_params
 krb5_ldap_alloc
 krb5_ldap_free
-krb5_ldap_set_mkey
-krb5_ldap_get_mkey
 disjoint_members
 krb5_ldap_delete_realm_1
 krb5_ldap_lock
 krb5_ldap_unlock
-krb5_ldap_errcode_2_string
-krb5_ldap_release_errcode_string
 krb5_ldap_create
 krb5_ldap_set_mkey_list
 krb5_ldap_get_mkey_list