svn rev #24162: trunk/src/ include/ kadmin/dbutil/ kadmin/server/ kdc/ lib/kadm5/srv/ ...
ghudson@MIT.EDU
ghudson at MIT.EDU
Fri Jul 2 13:13:40 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24162
Commit By: ghudson
Log Message:
ticket: 6749
status: open
Remove the set_master_key and get_master_key DAL interfaces and their
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
Changed Files:
U trunk/src/include/kdb.h
U trunk/src/kadmin/dbutil/kdb5_util.c
U trunk/src/kadmin/server/ovsec_kadmd.c
U trunk/src/kdc/main.c
U trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports
U trunk/src/lib/kdb/kdb5.c
U trunk/src/lib/kdb/kdb_default.c
U trunk/src/lib/kdb/libkdb5.exports
U trunk/src/plugins/kdb/db2/db2_exp.c
U trunk/src/plugins/kdb/db2/kdb_db2.c
U trunk/src/plugins/kdb/db2/kdb_db2.h
U trunk/src/plugins/kdb/ldap/ldap_exp.c
U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
U trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
Modified: trunk/src/include/kdb.h
===================================================================
--- trunk/src/include/kdb.h 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/include/kdb.h 2010-07-02 17:13:40 UTC (rev 24162)
@@ -447,13 +447,6 @@
char *match_entry,
int (*func) (krb5_pointer, krb5_db_entry *),
krb5_pointer func_arg );
-krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key );
-krb5_error_code krb5_db_set_mkey ( krb5_context context,
- krb5_keyblock *key);
-krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
- krb5_keyblock **key );
krb5_error_code krb5_db_set_mkey_list( krb5_context context,
krb5_keylist_node * keylist);
@@ -736,16 +729,9 @@
krb5_kvno mkvno,
krb5_keylist_node **mkeys_list);
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key );
-
krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
krb5_keylist_node *keylist );
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
- krb5_keyblock **key );
-
krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
krb5_keylist_node **keylist );
@@ -1149,26 +1135,6 @@
/*
* Optional with default: Inform the module of the master key. The module
* may remember an alias to the provided memory. This function is called
- * at startup by the KDC and kadmind; both supply a NULL pwd argument. The
- * module should not need to use a remembered master key value, so current
- * modules do nothing with it besides return it from get_master_key, which
- * is never used. The default implementation does nothing.
- */
- krb5_error_code (*set_master_key)(krb5_context kcontext, char *pwd,
- krb5_keyblock *key);
-
- /*
- * Optional with default: Retrieve an alias to the master keyblock as
- * previously set by set_master_key. This function is not used. The
- * default implementation returns success without modifying *key, which
- * would be an invalid implementation if it were ever used.
- */
- krb5_error_code (*get_master_key)(krb5_context kcontext,
- krb5_keyblock **key);
-
- /*
- * Optional with default: Inform the module of the master key. The module
- * may remember an alias to the provided memory. This function is called
* at startup by the KDC and kadmind with the value returned by
* fetch_master_key_list. The default implementation does nothing.
*/
Modified: trunk/src/kadmin/dbutil/kdb5_util.c
===================================================================
--- trunk/src/kadmin/dbutil/kdb5_util.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kadmin/dbutil/kdb5_util.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -106,7 +106,7 @@
exit(1);
}
-extern krb5_keyblock master_keyblock;
+krb5_keyblock master_keyblock;
krb5_kvno master_kvno; /* fetched */
extern krb5_keylist_node *master_keylist;
extern krb5_principal master_princ;
Modified: trunk/src/kadmin/server/ovsec_kadmd.c
===================================================================
--- trunk/src/kadmin/server/ovsec_kadmd.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kadmin/server/ovsec_kadmd.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -89,7 +89,6 @@
gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
-extern krb5_keyblock master_keyblock;
extern krb5_keylist_node *master_keylist;
char *build_princ_name(char *name, char *realm);
@@ -431,12 +430,7 @@
krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context.");
goto kterr;
}
- /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */
- ret = krb5_db_set_mkey(hctx, &master_keyblock);
- if (ret) {
- krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
- goto kterr;
- }
+ /* XXX master_keylist is in guts of lib/kadm5/server_kdb.c */
ret = krb5_db_set_mkey_list(hctx, master_keylist);
if (ret) {
krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");
Modified: trunk/src/kdc/main.c
===================================================================
--- trunk/src/kdc/main.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kdc/main.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -448,11 +448,6 @@
goto whoops;
}
- if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
- kdc_err(rdp->realm_context, kret,
- "while setting master key for realm %s", realm);
- goto whoops;
- }
kret = krb5_db_set_mkey_list(rdp->realm_context, rdp->mkey_list);
if (kret) {
kdc_err(rdp->realm_context, kret,
Modified: trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports
===================================================================
--- trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports 2010-07-02 17:13:40 UTC (rev 24162)
@@ -84,7 +84,6 @@
krb5_string_to_keysalts
krb5_match_config_pattern
master_db
-master_keyblock
master_keylist
master_princ
osa_free_princ_ent
Modified: trunk/src/lib/kdb/kdb5.c
===================================================================
--- trunk/src/lib/kdb/kdb5.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/kdb5.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -246,12 +246,8 @@
static void
kdb_setup_opt_functions(db_library lib)
{
- if (lib->vftabl.set_master_key == NULL)
- lib->vftabl.set_master_key = kdb_def_set_mkey;
if (lib->vftabl.set_master_key_list == NULL)
lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
- if (lib->vftabl.get_master_key == NULL)
- lib->vftabl.get_master_key = kdb_def_get_mkey;
if (lib->vftabl.get_master_key_list == NULL)
lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
if (lib->vftabl.fetch_master_key == NULL)
@@ -1078,25 +1074,6 @@
}
krb5_error_code
-krb5_db_set_master_key_ext(krb5_context kcontext,
- char *pwd, krb5_keyblock * key)
-{
- krb5_error_code status = 0;
- kdb_vftabl *v;
-
- status = get_vftabl(kcontext, &v);
- if (status)
- return status;
- return v->set_master_key(kcontext, pwd, key);
-}
-
-krb5_error_code
-krb5_db_set_mkey(krb5_context context, krb5_keyblock * key)
-{
- return krb5_db_set_master_key_ext(context, NULL, key);
-}
-
-krb5_error_code
krb5_db_set_mkey_list(krb5_context kcontext,
krb5_keylist_node * keylist)
{
@@ -1110,18 +1087,6 @@
}
krb5_error_code
-krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
-{
- krb5_error_code status = 0;
- kdb_vftabl *v;
-
- status = get_vftabl(kcontext, &v);
- if (status)
- return status;
- return v->get_master_key(kcontext, key);
-}
-
-krb5_error_code
krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist)
{
krb5_error_code status = 0;
Modified: trunk/src/lib/kdb/kdb_default.c
===================================================================
--- trunk/src/lib/kdb/kdb_default.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/kdb_default.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -617,21 +617,6 @@
return retval;
}
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
- char *pwd,
- krb5_keyblock *key )
-{
- /* printf("default set master key\n"); */
- return 0;
-}
-
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
- krb5_keyblock **key )
-{
- /* printf("default get master key\n"); */
- return 0;
-}
-
krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
krb5_keylist_node *keylist )
{
Modified: trunk/src/lib/kdb/libkdb5.exports
===================================================================
--- trunk/src/lib/kdb/libkdb5.exports 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/libkdb5.exports 2010-07-02 17:13:40 UTC (rev 24162)
@@ -13,7 +13,6 @@
krb5_db_free_principal
krb5_db_get_age
krb5_db_get_key_data_kvno
-krb5_db_get_mkey
krb5_db_get_mkey_list
krb5_db_get_context
krb5_db_get_principal
@@ -23,7 +22,6 @@
krb5_db_lock
krb5_db_put_principal
krb5_db_set_context
-krb5_db_set_mkey
krb5_db_set_mkey_list
krb5_db_setup_mkey_name
krb5_db_unlock
Modified: trunk/src/plugins/kdb/db2/db2_exp.c
===================================================================
--- trunk/src/plugins/kdb/db2/db2_exp.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/db2_exp.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -174,13 +174,6 @@
( krb5_context kcontext, osa_policy_ent_t entry ),
(kcontext, entry));
-WRAP_K (krb5_db2_set_master_key_ext,
- ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
- (kcontext, pwd, key));
-WRAP_K (krb5_db2_db_get_mkey,
- ( krb5_context context, krb5_keyblock **key),
- (context, key));
-
WRAP_K (krb5_db2_db_set_mkey_list,
( krb5_context kcontext, krb5_keylist_node *keylist),
(kcontext, keylist));
@@ -251,8 +244,6 @@
/* db_free_policy */ wrap_krb5_db2_free_policy,
/* db_alloc */ krb5_db2_alloc,
/* db_free */ krb5_db2_free,
- /* set_master_key */ wrap_krb5_db2_set_master_key_ext,
- /* get_master_key */ wrap_krb5_db2_db_get_mkey,
/* set_master_key_list */ wrap_krb5_db2_db_set_mkey_list,
/* get_master_key_list */ wrap_krb5_db2_db_get_mkey_list,
/* blah blah blah */ 0,0,0,0,0,0,0,0,
Modified: trunk/src/plugins/kdb/db2/kdb_db2.c
===================================================================
--- trunk/src/plugins/kdb/db2/kdb_db2.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/kdb_db2.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -438,37 +438,7 @@
return retval;
}
-/*
- * Set/Get the master key associated with the database
- */
krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key)
-{
- krb5_db2_context *db_ctx;
-
- if (!k5db2_inited(context))
- return (KRB5_KDB_DBNOTINITED);
-
- db_ctx = context->dal_handle->db_context;
- db_ctx->db_master_key = key;
- return 0;
-}
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key)
-{
- krb5_db2_context *db_ctx;
-
- if (!k5db2_inited(context))
- return (KRB5_KDB_DBNOTINITED);
-
- db_ctx = context->dal_handle->db_context;
- *key = db_ctx->db_master_key;
-
- return 0;
-}
-
-krb5_error_code
krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
{
krb5_db2_context *db_ctx;
@@ -1333,13 +1303,6 @@
return destroy_db(context, db_ctx->db_name);
}
-krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context context,
- char *pwd, krb5_keyblock * key)
-{
- return krb5_db2_db_set_mkey(context, key);
-}
-
void *
krb5_db2_alloc(krb5_context context, void *ptr, size_t size)
{
Modified: trunk/src/plugins/kdb/db2/kdb_db2.h
===================================================================
--- trunk/src/plugins/kdb/db2/kdb_db2.h 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/kdb_db2.h 2010-07-02 17:13:40 UTC (rev 24162)
@@ -43,7 +43,6 @@
int db_locks_held; /* Number of times locked */
int db_lock_mode; /* Last lock mode, e.g. greatest*/
krb5_boolean db_nb_locks; /* [Non]Blocking lock modes */
- krb5_keyblock *db_master_key; /* Master key of database */
krb5_keylist_node *db_master_key_list; /* Master key list of database */
osa_adb_policy_t policy_db;
krb5_boolean tempdb;
@@ -81,16 +80,6 @@
krb5_error_code krb5_db2_db_close_database(krb5_context);
krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd,
- krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key);
-
-krb5_error_code
krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist);
krb5_error_code
Modified: trunk/src/plugins/kdb/ldap/ldap_exp.c
===================================================================
--- trunk/src/plugins/kdb/ldap/ldap_exp.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/ldap_exp.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -72,8 +72,6 @@
/* db_alloc */ krb5_ldap_alloc,
/* db_free */ krb5_ldap_free,
/* optional functions */
- /* set_master_key */ krb5_ldap_set_mkey,
- /* get_master_key */ krb5_ldap_get_mkey,
/* set_master_key_list */ krb5_ldap_set_mkey_list,
/* get_master_key_list */ krb5_ldap_get_mkey_list,
/* setup_master_key_name */ NULL,
Modified: trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
===================================================================
--- trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -130,7 +130,9 @@
static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
static int kdb_ldap_create_principal (krb5_context context, krb5_principal
- princ, enum ap_op op, struct realm_info *pblock);
+ princ, enum ap_op op,
+ struct realm_info *pblock,
+ const krb5_keyblock *master_keyblock);
static char *strdur(time_t duration);
@@ -511,15 +513,6 @@
mkey_password = pw_str;
}
- rparams->mkey.enctype = global_params.enctype;
- /* We are sure that 'mkey_password' is a regular string ... */
- rparams->mkey.length = strlen(mkey_password) + 1;
- rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
- if (rparams->mkey.contents == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
-
rparams->realm_name = strdup(global_params.realm);
if (rparams->realm_name == NULL) {
retval = ENOMEM;
@@ -646,7 +639,7 @@
goto err_nomsg;
}
- retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+ retval = krb5_c_string_to_key(util_context, global_params.enctype,
&pwd, &master_salt, &master_keyblock);
if (master_salt.data)
@@ -659,17 +652,6 @@
}
- rblock.key = &master_keyblock;
- ldap_context->lrparams->mkey = master_keyblock;
- ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
- (master_keyblock.length);
- if (ldap_context->lrparams->mkey.contents == NULL) {
- retval = ENOMEM;
- goto cleanup;
- }
- memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
- master_keyblock.length);
-
/* Create special principals inside the realm subtree */
{
char princ_name[MAX_PRINC_SIZE];
@@ -695,14 +677,18 @@
/* Create 'K/M' ... */
rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
- if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, master_princ,
+ MASTER_KEY, &rblock,
+ &master_keyblock))) {
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
/* Create 'krbtgt' ... */
rblock.flags = 0; /* reset the flags */
- if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ,
+ TGT_KEY, &rblock,
+ &master_keyblock))) {
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
}
@@ -715,7 +701,8 @@
}
rblock.max_life = ADMIN_LIFETIME;
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
- if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+ &rblock, &master_keyblock))) {
krb5_free_principal(util_context, p);
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
@@ -731,7 +718,8 @@
rblock.max_life = CHANGEPW_LIFETIME;
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
KRB5_KDB_PWCHANGE_SERVICE;
- if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+ &rblock, &master_keyblock))) {
krb5_free_principal(util_context, p);
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
@@ -746,7 +734,8 @@
}
rblock.max_life = global_params.max_life;
rblock.flags = 0;
- if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+ &rblock, &master_keyblock))) {
krb5_free_principal(util_context, p);
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
@@ -775,7 +764,8 @@
rblock.max_life = ADMIN_LIFETIME;
rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
- if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
+ if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY,
+ &rblock, &master_keyblock))) {
krb5_free_principal(util_context, p);
com_err(progname, retval, "while adding entries to the database");
goto err_nomsg;
@@ -2352,7 +2342,8 @@
*/
static int
kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
- enum ap_op op, struct realm_info *pblock)
+ enum ap_op op, struct realm_info *pblock,
+ const krb5_keyblock *master_keyblock)
{
int retval=0, currlen=0, princtype = 2 /* Service Principal */;
unsigned char *curr=NULL;
@@ -2450,8 +2441,7 @@
goto cleanup;
}
kvno = 1; /* New key is getting set */
- retval = krb5_dbekd_encrypt_key_data(context,
- &ldap_context->lrparams->mkey,
+ retval = krb5_dbekd_encrypt_key_data(context, master_keyblock,
&key, NULL, kvno,
&entry.key_data[entry.n_key_data - 1]);
krb5_free_keyblock_contents(context, &key);
@@ -2488,8 +2478,7 @@
entry.n_key_data++;
kvno = 1; /* New key is getting set */
retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
- &ldap_context->lrparams->mkey,
- NULL, kvno,
+ master_keyblock, NULL, kvno,
&entry.key_data[entry.n_key_data - 1]);
if (retval) {
goto cleanup;
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h 2010-07-02 17:13:40 UTC (rev 24162)
@@ -264,13 +264,8 @@
void
krb5_ldap_free( krb5_context kcontext, void *ptr );
-krb5_error_code
-krb5_ldap_get_mkey(krb5_context, krb5_keyblock **);
krb5_error_code
-krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *);
-
-krb5_error_code
krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list);
krb5_error_code
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -32,69 +32,7 @@
#include "ldap_main.h"
#include "kdb_ldap.h"
-/*
- * get the master key from the database specific context
- */
-
krb5_error_code
-krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key)
-{
- kdb5_dal_handle *dal_handle=NULL;
- krb5_ldap_context *ldap_context=NULL;
-
- /* Clear the global error string */
- krb5_clear_error_message(context);
-
- dal_handle = context->dal_handle;
- ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
- if (ldap_context == NULL || ldap_context->lrparams == NULL)
- return KRB5_KDB_DBNOTINITED;
-
- *key = &ldap_context->lrparams->mkey;
- return 0;
-}
-
-
-/*
- * set the master key into the database specific context
- */
-
-krb5_error_code
-krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key)
-{
- kdb5_dal_handle *dal_handle=NULL;
- krb5_ldap_context *ldap_context=NULL;
- krb5_ldap_realm_params *r_params = NULL;
-
- /* Clear the global error string */
- krb5_clear_error_message(context);
-
- dal_handle = context->dal_handle;
- ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
- if (ldap_context == NULL || ldap_context->lrparams == NULL)
- return KRB5_KDB_DBNOTINITED;
-
- r_params = ldap_context->lrparams;
-
- if (r_params->mkey.contents) {
- free (r_params->mkey.contents);
- r_params->mkey.contents=NULL;
- }
-
- r_params->mkey.magic = key->magic;
- r_params->mkey.enctype = key->enctype;
- r_params->mkey.length = key->length;
- r_params->mkey.contents = malloc(key->length);
- if (r_params->mkey.contents == NULL)
- return ENOMEM;
-
- memcpy(r_params->mkey.contents, key->contents, key->length);
- return 0;
-}
-
-krb5_error_code
krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
{
kdb5_dal_handle *dal_handle=NULL;
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c 2010-07-02 17:13:40 UTC (rev 24162)
@@ -1458,11 +1458,6 @@
krb5_xfree(rparams->tl_data);
}
- if (rparams->mkey.contents) {
- memset(rparams->mkey.contents, 0, rparams->mkey.length);
- krb5_xfree(rparams->mkey.contents);
- }
-
krb5_xfree(rparams);
}
return;
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h 2010-07-02 17:13:40 UTC (rev 24162)
@@ -68,7 +68,6 @@
char **adminservers;
char **passwdservers;
krb5_tl_data *tl_data;
- krb5_keyblock mkey;
krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
long mask;
} krb5_ldap_realm_params;
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports 2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports 2010-07-02 17:13:40 UTC (rev 24162)
@@ -37,14 +37,10 @@
krb5_ldap_free_krbcontainer_params
krb5_ldap_alloc
krb5_ldap_free
-krb5_ldap_set_mkey
-krb5_ldap_get_mkey
disjoint_members
krb5_ldap_delete_realm_1
krb5_ldap_lock
krb5_ldap_unlock
-krb5_ldap_errcode_2_string
-krb5_ldap_release_errcode_string
krb5_ldap_create
krb5_ldap_set_mkey_list
krb5_ldap_get_mkey_list
More information about the cvs-krb5
mailing list