From: Tom Yu Date: Tue, 3 Jun 2003 04:32:41 +0000 (+0000) Subject: Drop default_kdc_enctypes and all related code X-Git-Tag: krb5-1.4-beta1~891 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=ee998b15a82702e78ef0a6a1020ef2c0df2517d2;p=krb5.git Drop default_kdc_enctypes and all related code ticket: 1553 target_version: 1.3 status: open tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 04d96173b..e4d7a9d9a 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,15 @@ +2003-06-03 Tom Yu + + * extern.h (master_princ): Remove realm_mkvno, realm_tgskey, + realm_tgskvno, realm_kstypes, realm_nkstypes. They're not needed + anymore. + + * main.c (finish_realm): Remove references to realm_kstypes, + realm_tgskey. + (init_realm): Don't bother with realm_kstypes. Don't bother + looking up the master kvno. Don't bother caching the TGS key. + None of these were being used. + 2003-05-30 Ken Raeburn * main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not diff --git a/src/kdc/extern.h b/src/kdc/extern.h index ad06674b8..d4db86aac 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -49,13 +49,10 @@ typedef struct __kdc_realm_data { char * realm_mpname; /* Master principal name for realm */ krb5_principal realm_mprinc; /* Master principal for realm */ krb5_keyblock realm_mkey; /* Master key for this realm */ - krb5_kvno realm_mkvno; /* Master key vno for this realm */ /* * TGS per-realm data. */ krb5_principal realm_tgsprinc; /* TGS principal for this realm */ - krb5_keyblock realm_tgskey; /* TGS' key for this realm */ - krb5_kvno realm_tgskvno; /* TGS' key vno for this realm */ /* * Other per-realm data. */ @@ -66,8 +63,6 @@ typedef struct __kdc_realm_data { */ krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ - void *realm_kstypes; /* Key/Salts supported for realm */ - krb5_int32 realm_nkstypes; /* Number of key/salts */ krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ } kdc_realm_t; @@ -87,8 +82,6 @@ kdc_realm_t *find_realm_data (char *, krb5_ui_4); #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife #define master_keyblock kdc_active_realm->realm_mkey #define master_princ kdc_active_realm->realm_mprinc -#define tgs_key kdc_active_realm->realm_tgskey -#define tgs_kvno kdc_active_realm->realm_tgskvno #define tgs_server_struct *(kdc_active_realm->realm_tgsprinc) #define tgs_server kdc_active_realm->realm_tgsprinc #define dbm_db_name kdc_active_realm->realm_dbname diff --git a/src/kdc/main.c b/src/kdc/main.c index 32616cf5e..849c9293e 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -121,8 +121,6 @@ finish_realm(kdc_realm_t *rdp) free(rdp->realm_ports); if (rdp->realm_tcp_ports) free(rdp->realm_tcp_ports); - if (rdp->realm_kstypes) - free(rdp->realm_kstypes); if (rdp->realm_keytab) krb5_kt_close(rdp->realm_context, rdp->realm_keytab); if (rdp->realm_context) { @@ -132,10 +130,6 @@ finish_realm(kdc_realm_t *rdp) memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length); free(rdp->realm_mkey.contents); } - if (rdp->realm_tgskey.length && rdp->realm_tgskey.contents) { - memset(rdp->realm_tgskey.contents, 0, rdp->realm_tgskey.length); - free(rdp->realm_tgskey.contents); - } krb5_db_fini(rdp->realm_context); if (rdp->realm_tgsprinc) krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); @@ -159,14 +153,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, { krb5_error_code kret; krb5_boolean manual; - krb5_db_entry db_entry; - int num2get; - krb5_boolean more; krb5_realm_params *rparams; - krb5_key_data *kdata; - krb5_key_salt_tuple *kslist; - krb5_int32 nkslist; - int i; memset((char *) rdp, 0, sizeof(kdc_realm_t)); if (!realm) { @@ -244,34 +231,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ? rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE; - /* Handle key/salt list */ - if (rparams && rparams->realm_num_keysalts) { - rdp->realm_kstypes = rparams->realm_keysalts; - rdp->realm_nkstypes = rparams->realm_num_keysalts; - rparams->realm_keysalts = NULL; - rparams->realm_num_keysalts = 0; - kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes; - nkslist = rdp->realm_nkstypes; - } else { - /* - * XXX Initialize default key/salt list. - */ - if ((kslist = (krb5_key_salt_tuple *) - malloc(sizeof(krb5_key_salt_tuple)))) { - kslist->ks_enctype = ENCTYPE_DES_CBC_CRC; - kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; - rdp->realm_kstypes = kslist; - rdp->realm_nkstypes = 1; - nkslist = 1; - } - else { - com_err(progname, ENOMEM, - "while setting up key/salt list for realm %s", - realm); - exit(1); - } - } - if (rparams) krb5_free_realm_params(rdp->realm_context, rparams); @@ -332,51 +291,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } - /* Fetch the master key and get its version number */ - num2get = 1; - kret = krb5_db_get_principal(rdp->realm_context, rdp->realm_mprinc, - &db_entry, &num2get, &more); - if (!kret) { - if (num2get != 1) - kret = KRB5_KDB_NOMASTERKEY; - else { - if (more) { - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; - } - } - } - if (kret) { - com_err(progname, kret, - "while fetching master entry for realm %s", realm); - goto whoops; - } - - /* - * Get the most recent master key. Search the key list in - * the order specified by the key/salt list. - */ - kdata = (krb5_key_data *) NULL; - for (i=0; irealm_context, - &db_entry, - kslist[i].ks_enctype, - -1, - -1, - &kdata))) - break; - } - if (!kdata) { - com_err(progname, kret, - "while finding master key for realm %s", - realm); - goto whoops; - } - rdp->realm_mkvno = kdata->key_data_kvno; - krb5_db_free_principal(rdp->realm_context, &db_entry, num2get); - if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) { com_err(progname, kret, "while setting master key for realm %s", realm); @@ -400,63 +314,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } - /* Get the TGS database entry */ - num2get = 1; - if (!(kret = krb5_db_get_principal(rdp->realm_context, - rdp->realm_tgsprinc, - &db_entry, - &num2get, - &more))) { - if (num2get != 1) - kret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - else { - if (more) { - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; - } - } - } - if (kret) { - com_err(progname, kret, - "while fetching TGS entry for realm %s", realm); - goto whoops; - } - /* - * Get the most recent TGS key. Search the key list in - * the order specified by the key/salt list. - */ - kdata = (krb5_key_data *) NULL; - for (i=0; irealm_context, - &db_entry, - kslist[i].ks_enctype, - -1, - -1, - &kdata))) - break; - } - if (!kdata) { - com_err(progname, kret, "while finding TGS key for realm %s", - realm); - goto whoops; - } - if (!(kret = krb5_dbekd_decrypt_key_data(rdp->realm_context, - &rdp->realm_mkey, - kdata, - &rdp->realm_tgskey, NULL))){ - rdp->realm_tgskvno = kdata->key_data_kvno; - } - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - if (kret) { - com_err(progname, kret, - "while decrypting TGS key for realm %s", realm); - goto whoops; - } - if (!rkey_init_done) { krb5_data seed; #ifdef KRB5_KRB4_COMPAT diff --git a/src/lib/kadm5/ChangeLog b/src/lib/kadm5/ChangeLog index e8173106f..cff723bba 100644 --- a/src/lib/kadm5/ChangeLog +++ b/src/lib/kadm5/ChangeLog @@ -1,3 +1,8 @@ +2003-06-03 Tom Yu + + * alt_prof.c (krb5_read_realm_params): Don't bother reading in + realm_keysalts or realm_num_keysalts, as they're no longer used. + 2003-05-30 Ken Raeburn * alt_prof.c (kadm5_get_config_params): Change default max_life to diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 84786ea0f..659068bad 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -936,27 +936,8 @@ krb5_read_realm_params(kcontext, realm, kdcprofile, kdcenv, rparamp) krb5_xfree(svalue); } - /* Get the value for the supported enctype/salttype matrix */ - /* XXX This is so that the kdc will search a different - enctype list than kadmind */ - if (!kret) { - hierarchy[2] = "kdc_supported_enctypes"; - kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); - if (kret) { - hierarchy[2] = "supported_enctypes"; - kret = krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue); - } - if (!kret) { - krb5_string_to_keysalts(svalue, - ", \t", /* Tuple separators */ - ":.-", /* Key/salt separators */ - 0, /* No duplicates */ - &rparams->realm_keysalts, - &rparams->realm_num_keysalts); - krb5_xfree(svalue); - } - kret = 0; - } + rparams->realm_keysalts = NULL; + rparams->realm_num_keysalts = 0; cleanup: if (aprofile)