From 3dd263c9e18f52a115ab16213c37ee4132d56961 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 2 Jul 2010 17:13:40 +0000 Subject: [PATCH] Remove the set_master_key and get_master_key DAL interfaces and their corresponding libkdb5 APIs, as they were not productively used. In kdb5_ldap_util, stop using the realm data's mkey field as a container to communicate the master key to static helper functions, since the field no longer exists. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970 --- src/include/kdb.h | 34 ---------- src/kadmin/dbutil/kdb5_util.c | 2 +- src/kadmin/server/ovsec_kadmd.c | 8 +-- src/kdc/main.c | 5 -- src/lib/kadm5/srv/libkadm5srv_mit.exports | 1 - src/lib/kdb/kdb5.c | 35 ----------- src/lib/kdb/kdb_default.c | 15 ----- src/lib/kdb/libkdb5.exports | 2 - src/plugins/kdb/db2/db2_exp.c | 9 --- src/plugins/kdb/db2/kdb_db2.c | 37 ----------- src/plugins/kdb/db2/kdb_db2.h | 11 ---- src/plugins/kdb/ldap/ldap_exp.c | 2 - .../kdb/ldap/ldap_util/kdb5_ldap_realm.c | 55 +++++++--------- src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 5 -- .../kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c | 62 ------------------- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 5 -- src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h | 1 - .../kdb/ldap/libkdb_ldap/libkdb_ldap.exports | 4 -- 18 files changed, 24 insertions(+), 269 deletions(-) diff --git a/src/include/kdb.h b/src/include/kdb.h index e8e82eb5b..31f2b1350 100644 --- a/src/include/kdb.h +++ b/src/include/kdb.h @@ -447,13 +447,6 @@ krb5_error_code krb5_db_iterate ( krb5_context kcontext, char *match_entry, int (*func) (krb5_pointer, krb5_db_entry *), krb5_pointer func_arg ); -krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ); -krb5_error_code krb5_db_set_mkey ( krb5_context context, - krb5_keyblock *key); -krb5_error_code krb5_db_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ); krb5_error_code krb5_db_set_mkey_list( krb5_context context, krb5_keylist_node * keylist); @@ -736,16 +729,9 @@ krb5_def_fetch_mkey_list( krb5_context context, krb5_kvno mkvno, krb5_keylist_node **mkeys_list); -krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ); - krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, krb5_keylist_node *keylist ); -krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ); - krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext, krb5_keylist_node **keylist ); @@ -1146,26 +1132,6 @@ typedef struct _kdb_vftabl { */ void (*db_free)(krb5_context kcontext, void *ptr); - /* - * Optional with default: Inform the module of the master key. The module - * may remember an alias to the provided memory. This function is called - * at startup by the KDC and kadmind; both supply a NULL pwd argument. The - * module should not need to use a remembered master key value, so current - * modules do nothing with it besides return it from get_master_key, which - * is never used. The default implementation does nothing. - */ - krb5_error_code (*set_master_key)(krb5_context kcontext, char *pwd, - krb5_keyblock *key); - - /* - * Optional with default: Retrieve an alias to the master keyblock as - * previously set by set_master_key. This function is not used. The - * default implementation returns success without modifying *key, which - * would be an invalid implementation if it were ever used. - */ - krb5_error_code (*get_master_key)(krb5_context kcontext, - krb5_keyblock **key); - /* * Optional with default: Inform the module of the master key. The module * may remember an alias to the provided memory. This function is called diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c index 05db437b3..035a8c0ff 100644 --- a/src/kadmin/dbutil/kdb5_util.c +++ b/src/kadmin/dbutil/kdb5_util.c @@ -106,7 +106,7 @@ void usage() exit(1); } -extern krb5_keyblock master_keyblock; +krb5_keyblock master_keyblock; krb5_kvno master_kvno; /* fetched */ extern krb5_keylist_node *master_keylist; extern krb5_principal master_princ; diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 417363794..6d25a0fab 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -89,7 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL; gss_name_t gss_kadmin_name = NULL; void *global_server_handle; -extern krb5_keyblock master_keyblock; extern krb5_keylist_node *master_keylist; char *build_princ_name(char *name, char *realm); @@ -431,12 +430,7 @@ int main(int argc, char *argv[]) krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context."); goto kterr; } - /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */ - ret = krb5_db_set_mkey(hctx, &master_keyblock); - if (ret) { - krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab."); - goto kterr; - } + /* XXX master_keylist is in guts of lib/kadm5/server_kdb.c */ ret = krb5_db_set_mkey_list(hctx, master_keylist); if (ret) { krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab."); diff --git a/src/kdc/main.c b/src/kdc/main.c index 7cc64b809..c3270a969 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -448,11 +448,6 @@ init_realm(kdc_realm_t *rdp, char *realm, char *def_mpname, goto whoops; } - if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) { - kdc_err(rdp->realm_context, kret, - "while setting master key for realm %s", realm); - goto whoops; - } kret = krb5_db_set_mkey_list(rdp->realm_context, rdp->mkey_list); if (kret) { kdc_err(rdp->realm_context, kret, diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports index 7ba5c1a91..fa8d69c51 100644 --- a/src/lib/kadm5/srv/libkadm5srv_mit.exports +++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports @@ -84,7 +84,6 @@ krb5_string_to_flags krb5_string_to_keysalts krb5_match_config_pattern master_db -master_keyblock master_keylist master_princ osa_free_princ_ent diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 2be54c4ac..bfcdbd6af 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -246,12 +246,8 @@ clean_n_exit: static void kdb_setup_opt_functions(db_library lib) { - if (lib->vftabl.set_master_key == NULL) - lib->vftabl.set_master_key = kdb_def_set_mkey; if (lib->vftabl.set_master_key_list == NULL) lib->vftabl.set_master_key_list = kdb_def_set_mkey_list; - if (lib->vftabl.get_master_key == NULL) - lib->vftabl.get_master_key = kdb_def_get_mkey; if (lib->vftabl.get_master_key_list == NULL) lib->vftabl.get_master_key_list = kdb_def_get_mkey_list; if (lib->vftabl.fetch_master_key == NULL) @@ -1077,25 +1073,6 @@ krb5_db_iterate(krb5_context kcontext, return v->db_iterate(kcontext, match_entry, func, func_arg); } -krb5_error_code -krb5_db_set_master_key_ext(krb5_context kcontext, - char *pwd, krb5_keyblock * key) -{ - krb5_error_code status = 0; - kdb_vftabl *v; - - status = get_vftabl(kcontext, &v); - if (status) - return status; - return v->set_master_key(kcontext, pwd, key); -} - -krb5_error_code -krb5_db_set_mkey(krb5_context context, krb5_keyblock * key) -{ - return krb5_db_set_master_key_ext(context, NULL, key); -} - krb5_error_code krb5_db_set_mkey_list(krb5_context kcontext, krb5_keylist_node * keylist) @@ -1109,18 +1086,6 @@ krb5_db_set_mkey_list(krb5_context kcontext, return v->set_master_key_list(kcontext, keylist); } -krb5_error_code -krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key) -{ - krb5_error_code status = 0; - kdb_vftabl *v; - - status = get_vftabl(kcontext, &v); - if (status) - return status; - return v->get_master_key(kcontext, key); -} - krb5_error_code krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist) { diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 225a5074e..545d50360 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -617,21 +617,6 @@ clean_n_exit: return retval; } -krb5_error_code kdb_def_set_mkey ( krb5_context kcontext, - char *pwd, - krb5_keyblock *key ) -{ - /* printf("default set master key\n"); */ - return 0; -} - -krb5_error_code kdb_def_get_mkey ( krb5_context kcontext, - krb5_keyblock **key ) -{ - /* printf("default get master key\n"); */ - return 0; -} - krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext, krb5_keylist_node *keylist ) { diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports index 8f0644bef..c9880982d 100644 --- a/src/lib/kdb/libkdb5.exports +++ b/src/lib/kdb/libkdb5.exports @@ -13,7 +13,6 @@ krb5_db_fini krb5_db_free_principal krb5_db_get_age krb5_db_get_key_data_kvno -krb5_db_get_mkey krb5_db_get_mkey_list krb5_db_get_context krb5_db_get_principal @@ -23,7 +22,6 @@ krb5_db_iterate krb5_db_lock krb5_db_put_principal krb5_db_set_context -krb5_db_set_mkey krb5_db_set_mkey_list krb5_db_setup_mkey_name krb5_db_unlock diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index 174c60aa8..74963cdd8 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -174,13 +174,6 @@ WRAP_VOID (krb5_db2_free_policy, ( krb5_context kcontext, osa_policy_ent_t entry ), (kcontext, entry)); -WRAP_K (krb5_db2_set_master_key_ext, - ( krb5_context kcontext, char *pwd, krb5_keyblock *key), - (kcontext, pwd, key)); -WRAP_K (krb5_db2_db_get_mkey, - ( krb5_context context, krb5_keyblock **key), - (context, key)); - WRAP_K (krb5_db2_db_set_mkey_list, ( krb5_context kcontext, krb5_keylist_node *keylist), (kcontext, keylist)); @@ -251,8 +244,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { /* db_free_policy */ wrap_krb5_db2_free_policy, /* db_alloc */ krb5_db2_alloc, /* db_free */ krb5_db2_free, - /* set_master_key */ wrap_krb5_db2_set_master_key_ext, - /* get_master_key */ wrap_krb5_db2_db_get_mkey, /* set_master_key_list */ wrap_krb5_db2_db_set_mkey_list, /* get_master_key_list */ wrap_krb5_db2_db_get_mkey_list, /* blah blah blah */ 0,0,0,0,0,0,0,0, diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 9c73c12db..684fcd99c 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -438,36 +438,6 @@ krb5_db2_db_fini(krb5_context context) return retval; } -/* - * Set/Get the master key associated with the database - */ -krb5_error_code -krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key) -{ - krb5_db2_context *db_ctx; - - if (!k5db2_inited(context)) - return (KRB5_KDB_DBNOTINITED); - - db_ctx = context->dal_handle->db_context; - db_ctx->db_master_key = key; - return 0; -} - -krb5_error_code -krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key) -{ - krb5_db2_context *db_ctx; - - if (!k5db2_inited(context)) - return (KRB5_KDB_DBNOTINITED); - - db_ctx = context->dal_handle->db_context; - *key = db_ctx->db_master_key; - - return 0; -} - krb5_error_code krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list) { @@ -1333,13 +1303,6 @@ krb5_db2_destroy(krb5_context context, char *conf_section, char **db_args) return destroy_db(context, db_ctx->db_name); } -krb5_error_code -krb5_db2_set_master_key_ext(krb5_context context, - char *pwd, krb5_keyblock * key) -{ - return krb5_db2_db_set_mkey(context, key); -} - void * krb5_db2_alloc(krb5_context context, void *ptr, size_t size) { diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index 7b4fcf405..2c954487a 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -43,7 +43,6 @@ typedef struct _krb5_db2_context { int db_locks_held; /* Number of times locked */ int db_lock_mode; /* Last lock mode, e.g. greatest*/ krb5_boolean db_nb_locks; /* [Non]Blocking lock modes */ - krb5_keyblock *db_master_key; /* Master key of database */ krb5_keylist_node *db_master_key_list; /* Master key list of database */ osa_adb_policy_t policy_db; krb5_boolean tempdb; @@ -80,16 +79,6 @@ krb5_boolean krb5_db2_db_set_lockmode(krb5_context, krb5_boolean); krb5_error_code krb5_db2_db_open_database(krb5_context); krb5_error_code krb5_db2_db_close_database(krb5_context); -krb5_error_code -krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd, - krb5_keyblock *key); - -krb5_error_code -krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key); - -krb5_error_code -krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key); - krb5_error_code krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist); diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c index 4d3b24929..1846d9240 100644 --- a/src/plugins/kdb/ldap/ldap_exp.c +++ b/src/plugins/kdb/ldap/ldap_exp.c @@ -72,8 +72,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = { /* db_alloc */ krb5_ldap_alloc, /* db_free */ krb5_ldap_free, /* optional functions */ - /* set_master_key */ krb5_ldap_set_mkey, - /* get_master_key */ krb5_ldap_get_mkey, /* set_master_key_list */ krb5_ldap_set_mkey_list, /* get_master_key_list */ krb5_ldap_get_mkey_list, /* setup_master_key_name */ NULL, diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index d96ce0fb1..eb3dec74b 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -130,7 +130,9 @@ extern kadm5_config_params global_params; static void print_realm_params(krb5_ldap_realm_params *rparams, int mask); static int kdb_ldap_create_principal (krb5_context context, krb5_principal - princ, enum ap_op op, struct realm_info *pblock); + princ, enum ap_op op, + struct realm_info *pblock, + const krb5_keyblock *master_keyblock); static char *strdur(time_t duration); @@ -511,15 +513,6 @@ kdb5_ldap_create(int argc, char *argv[]) mkey_password = pw_str; } - rparams->mkey.enctype = global_params.enctype; - /* We are sure that 'mkey_password' is a regular string ... */ - rparams->mkey.length = strlen(mkey_password) + 1; - rparams->mkey.contents = (krb5_octet *)strdup(mkey_password); - if (rparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; - } - rparams->realm_name = strdup(global_params.realm); if (rparams->realm_name == NULL) { retval = ENOMEM; @@ -646,7 +639,7 @@ kdb5_ldap_create(int argc, char *argv[]) goto err_nomsg; } - retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype, + retval = krb5_c_string_to_key(util_context, global_params.enctype, &pwd, &master_salt, &master_keyblock); if (master_salt.data) @@ -659,17 +652,6 @@ kdb5_ldap_create(int argc, char *argv[]) } - rblock.key = &master_keyblock; - ldap_context->lrparams->mkey = master_keyblock; - ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc - (master_keyblock.length); - if (ldap_context->lrparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; - } - memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents, - master_keyblock.length); - /* Create special principals inside the realm subtree */ { char princ_name[MAX_PRINC_SIZE]; @@ -695,14 +677,18 @@ kdb5_ldap_create(int argc, char *argv[]) /* Create 'K/M' ... */ rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX; - if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, master_princ, + MASTER_KEY, &rblock, + &master_keyblock))) { com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; } /* Create 'krbtgt' ... */ rblock.flags = 0; /* reset the flags */ - if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, + TGT_KEY, &rblock, + &master_keyblock))) { com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; } @@ -715,7 +701,8 @@ kdb5_ldap_create(int argc, char *argv[]) } rblock.max_life = ADMIN_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -731,7 +718,8 @@ kdb5_ldap_create(int argc, char *argv[]) rblock.max_life = CHANGEPW_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED | KRB5_KDB_PWCHANGE_SERVICE; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -746,7 +734,8 @@ kdb5_ldap_create(int argc, char *argv[]) } rblock.max_life = global_params.max_life; rblock.flags = 0; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -775,7 +764,8 @@ kdb5_ldap_create(int argc, char *argv[]) rblock.max_life = ADMIN_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED; - if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -2352,7 +2342,8 @@ kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr) */ static int kdb_ldap_create_principal(krb5_context context, krb5_principal princ, - enum ap_op op, struct realm_info *pblock) + enum ap_op op, struct realm_info *pblock, + const krb5_keyblock *master_keyblock) { int retval=0, currlen=0, princtype = 2 /* Service Principal */; unsigned char *curr=NULL; @@ -2450,8 +2441,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, goto cleanup; } kvno = 1; /* New key is getting set */ - retval = krb5_dbekd_encrypt_key_data(context, - &ldap_context->lrparams->mkey, + retval = krb5_dbekd_encrypt_key_data(context, master_keyblock, &key, NULL, kvno, &entry.key_data[entry.n_key_data - 1]); krb5_free_keyblock_contents(context, &key); @@ -2488,8 +2478,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, entry.n_key_data++; kvno = 1; /* New key is getting set */ retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &ldap_context->lrparams->mkey, - NULL, kvno, + master_keyblock, NULL, kvno, &entry.key_data[entry.n_key_data - 1]); if (retval) { goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 168abdfb6..72e254587 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -264,11 +264,6 @@ krb5_ldap_alloc( krb5_context kcontext, void *ptr, size_t size ); void krb5_ldap_free( krb5_context kcontext, void *ptr ); -krb5_error_code -krb5_ldap_get_mkey(krb5_context, krb5_keyblock **); - -krb5_error_code -krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *); krb5_error_code krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c index ca4fc7de6..a61ebfcdf 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c @@ -32,68 +32,6 @@ #include "ldap_main.h" #include "kdb_ldap.h" -/* - * get the master key from the database specific context - */ - -krb5_error_code -krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key) -{ - kdb5_dal_handle *dal_handle=NULL; - krb5_ldap_context *ldap_context=NULL; - - /* Clear the global error string */ - krb5_clear_error_message(context); - - dal_handle = context->dal_handle; - ldap_context = (krb5_ldap_context *) dal_handle->db_context; - - if (ldap_context == NULL || ldap_context->lrparams == NULL) - return KRB5_KDB_DBNOTINITED; - - *key = &ldap_context->lrparams->mkey; - return 0; -} - - -/* - * set the master key into the database specific context - */ - -krb5_error_code -krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key) -{ - kdb5_dal_handle *dal_handle=NULL; - krb5_ldap_context *ldap_context=NULL; - krb5_ldap_realm_params *r_params = NULL; - - /* Clear the global error string */ - krb5_clear_error_message(context); - - dal_handle = context->dal_handle; - ldap_context = (krb5_ldap_context *) dal_handle->db_context; - - if (ldap_context == NULL || ldap_context->lrparams == NULL) - return KRB5_KDB_DBNOTINITED; - - r_params = ldap_context->lrparams; - - if (r_params->mkey.contents) { - free (r_params->mkey.contents); - r_params->mkey.contents=NULL; - } - - r_params->mkey.magic = key->magic; - r_params->mkey.enctype = key->enctype; - r_params->mkey.length = key->length; - r_params->mkey.contents = malloc(key->length); - if (r_params->mkey.contents == NULL) - return ENOMEM; - - memcpy(r_params->mkey.contents, key->contents, key->length); - return 0; -} - krb5_error_code krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 7096c0b23..81df6292c 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -1458,11 +1458,6 @@ krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams) krb5_xfree(rparams->tl_data); } - if (rparams->mkey.contents) { - memset(rparams->mkey.contents, 0, rparams->mkey.length); - krb5_xfree(rparams->mkey.contents); - } - krb5_xfree(rparams); } return; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h index dcb3fcb3d..6b5435495 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h @@ -68,7 +68,6 @@ typedef struct _krb5_ldap_realm_params { char **adminservers; char **passwdservers; krb5_tl_data *tl_data; - krb5_keyblock mkey; krb5_keylist_node *mkey_list; /* all master keys in use for the realm */ long mask; } krb5_ldap_realm_params; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports index 97ff385e7..0e8c08150 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports +++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports @@ -37,14 +37,10 @@ krb5_ldap_free_server_context_params krb5_ldap_free_krbcontainer_params krb5_ldap_alloc krb5_ldap_free -krb5_ldap_set_mkey -krb5_ldap_get_mkey disjoint_members krb5_ldap_delete_realm_1 krb5_ldap_lock krb5_ldap_unlock -krb5_ldap_errcode_2_string -krb5_ldap_release_errcode_string krb5_ldap_create krb5_ldap_set_mkey_list krb5_ldap_get_mkey_list -- 2.26.2