svn rev #24162: trunk/src/ include/ kadmin/dbutil/ kadmin/server/ kdc/ lib/kadm5/srv/ ...

ghudson@MIT.EDU ghudson at MIT.EDU
Fri Jul 2 13:13:40 EDT 2010


http://src.mit.edu/fisheye/changelog/krb5/?cs=24162
Commit By: ghudson
Log Message:
ticket: 6749
status: open

Remove the set_master_key and get_master_key DAL interfaces and their
corresponding libkdb5 APIs, as they were not productively used.  In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.



Changed Files:
U   trunk/src/include/kdb.h
U   trunk/src/kadmin/dbutil/kdb5_util.c
U   trunk/src/kadmin/server/ovsec_kadmd.c
U   trunk/src/kdc/main.c
U   trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports
U   trunk/src/lib/kdb/kdb5.c
U   trunk/src/lib/kdb/kdb_default.c
U   trunk/src/lib/kdb/libkdb5.exports
U   trunk/src/plugins/kdb/db2/db2_exp.c
U   trunk/src/plugins/kdb/db2/kdb_db2.c
U   trunk/src/plugins/kdb/db2/kdb_db2.h
U   trunk/src/plugins/kdb/ldap/ldap_exp.c
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
Modified: trunk/src/include/kdb.h
===================================================================
--- trunk/src/include/kdb.h	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/include/kdb.h	2010-07-02 17:13:40 UTC (rev 24162)
@@ -447,13 +447,6 @@
                                   char *match_entry,
                                   int (*func) (krb5_pointer, krb5_db_entry *),
                                   krb5_pointer func_arg );
-krb5_error_code krb5_db_set_master_key_ext ( krb5_context kcontext,
-                                             char *pwd,
-                                             krb5_keyblock *key );
-krb5_error_code krb5_db_set_mkey ( krb5_context context,
-                                   krb5_keyblock *key);
-krb5_error_code krb5_db_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key );
 
 krb5_error_code krb5_db_set_mkey_list( krb5_context context,
                                        krb5_keylist_node * keylist);
@@ -736,16 +729,9 @@
                           krb5_kvno             mkvno,
                           krb5_keylist_node  **mkeys_list);
 
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
-                                   char *pwd,
-                                   krb5_keyblock *key );
-
 krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node *keylist );
 
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key );
-
 krb5_error_code kdb_def_get_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node **keylist );
 
@@ -1149,26 +1135,6 @@
     /*
      * Optional with default: Inform the module of the master key.  The module
      * may remember an alias to the provided memory.  This function is called
-     * at startup by the KDC and kadmind; both supply a NULL pwd argument.  The
-     * module should not need to use a remembered master key value, so current
-     * modules do nothing with it besides return it from get_master_key, which
-     * is never used.  The default implementation does nothing.
-     */
-    krb5_error_code (*set_master_key)(krb5_context kcontext, char *pwd,
-                                      krb5_keyblock *key);
-
-    /*
-     * Optional with default: Retrieve an alias to the master keyblock as
-     * previously set by set_master_key.  This function is not used.  The
-     * default implementation returns success without modifying *key, which
-     * would be an invalid implementation if it were ever used.
-     */
-    krb5_error_code (*get_master_key)(krb5_context kcontext,
-                                      krb5_keyblock **key);
-
-    /*
-     * Optional with default: Inform the module of the master key.  The module
-     * may remember an alias to the provided memory.  This function is called
      * at startup by the KDC and kadmind with the value returned by
      * fetch_master_key_list.  The default implementation does nothing.
      */

Modified: trunk/src/kadmin/dbutil/kdb5_util.c
===================================================================
--- trunk/src/kadmin/dbutil/kdb5_util.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kadmin/dbutil/kdb5_util.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -106,7 +106,7 @@
     exit(1);
 }
 
-extern krb5_keyblock master_keyblock;
+krb5_keyblock master_keyblock;
 krb5_kvno   master_kvno; /* fetched */
 extern krb5_keylist_node *master_keylist;
 extern krb5_principal master_princ;

Modified: trunk/src/kadmin/server/ovsec_kadmd.c
===================================================================
--- trunk/src/kadmin/server/ovsec_kadmd.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kadmin/server/ovsec_kadmd.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -89,7 +89,6 @@
 gss_name_t gss_kadmin_name = NULL;
 void *global_server_handle;
 
-extern krb5_keyblock master_keyblock;
 extern krb5_keylist_node  *master_keylist;
 
 char *build_princ_name(char *name, char *realm);
@@ -431,12 +430,7 @@
         krb5_klog_syslog(LOG_ERR, "Can't set kdb keytab's internal context.");
         goto kterr;
     }
-    /* XXX master_keyblock is in guts of lib/kadm5/server_kdb.c */
-    ret = krb5_db_set_mkey(hctx, &master_keyblock);
-    if (ret) {
-        krb5_klog_syslog(LOG_ERR, "Can't set master key for kdb keytab.");
-        goto kterr;
-    }
+    /* XXX master_keylist is in guts of lib/kadm5/server_kdb.c */
     ret = krb5_db_set_mkey_list(hctx, master_keylist);
     if (ret) {
         krb5_klog_syslog(LOG_ERR, "Can't set master key list for kdb keytab.");

Modified: trunk/src/kdc/main.c
===================================================================
--- trunk/src/kdc/main.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/kdc/main.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -448,11 +448,6 @@
         goto whoops;
     }
 
-    if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) {
-        kdc_err(rdp->realm_context, kret,
-                "while setting master key for realm %s", realm);
-        goto whoops;
-    }
     kret = krb5_db_set_mkey_list(rdp->realm_context, rdp->mkey_list);
     if (kret) {
         kdc_err(rdp->realm_context, kret,

Modified: trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports
===================================================================
--- trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kadm5/srv/libkadm5srv_mit.exports	2010-07-02 17:13:40 UTC (rev 24162)
@@ -84,7 +84,6 @@
 krb5_string_to_keysalts
 krb5_match_config_pattern
 master_db
-master_keyblock
 master_keylist
 master_princ
 osa_free_princ_ent

Modified: trunk/src/lib/kdb/kdb5.c
===================================================================
--- trunk/src/lib/kdb/kdb5.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/kdb5.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -246,12 +246,8 @@
 static void
 kdb_setup_opt_functions(db_library lib)
 {
-    if (lib->vftabl.set_master_key == NULL)
-        lib->vftabl.set_master_key = kdb_def_set_mkey;
     if (lib->vftabl.set_master_key_list == NULL)
         lib->vftabl.set_master_key_list = kdb_def_set_mkey_list;
-    if (lib->vftabl.get_master_key == NULL)
-        lib->vftabl.get_master_key = kdb_def_get_mkey;
     if (lib->vftabl.get_master_key_list == NULL)
         lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
     if (lib->vftabl.fetch_master_key == NULL)
@@ -1078,25 +1074,6 @@
 }
 
 krb5_error_code
-krb5_db_set_master_key_ext(krb5_context kcontext,
-                           char *pwd, krb5_keyblock * key)
-{
-    krb5_error_code status = 0;
-    kdb_vftabl *v;
-
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        return status;
-    return v->set_master_key(kcontext, pwd, key);
-}
-
-krb5_error_code
-krb5_db_set_mkey(krb5_context context, krb5_keyblock * key)
-{
-    return krb5_db_set_master_key_ext(context, NULL, key);
-}
-
-krb5_error_code
 krb5_db_set_mkey_list(krb5_context kcontext,
                       krb5_keylist_node * keylist)
 {
@@ -1110,18 +1087,6 @@
 }
 
 krb5_error_code
-krb5_db_get_mkey(krb5_context kcontext, krb5_keyblock ** key)
-{
-    krb5_error_code status = 0;
-    kdb_vftabl *v;
-
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        return status;
-    return v->get_master_key(kcontext, key);
-}
-
-krb5_error_code
 krb5_db_get_mkey_list(krb5_context kcontext, krb5_keylist_node ** keylist)
 {
     krb5_error_code status = 0;

Modified: trunk/src/lib/kdb/kdb_default.c
===================================================================
--- trunk/src/lib/kdb/kdb_default.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/kdb_default.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -617,21 +617,6 @@
     return retval;
 }
 
-krb5_error_code kdb_def_set_mkey ( krb5_context kcontext,
-                                   char *pwd,
-                                   krb5_keyblock *key )
-{
-    /* printf("default set master key\n"); */
-    return 0;
-}
-
-krb5_error_code kdb_def_get_mkey ( krb5_context kcontext,
-                                   krb5_keyblock **key )
-{
-    /* printf("default get master key\n"); */
-    return 0;
-}
-
 krb5_error_code kdb_def_set_mkey_list ( krb5_context kcontext,
                                         krb5_keylist_node *keylist )
 {

Modified: trunk/src/lib/kdb/libkdb5.exports
===================================================================
--- trunk/src/lib/kdb/libkdb5.exports	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/lib/kdb/libkdb5.exports	2010-07-02 17:13:40 UTC (rev 24162)
@@ -13,7 +13,6 @@
 krb5_db_free_principal
 krb5_db_get_age
 krb5_db_get_key_data_kvno
-krb5_db_get_mkey
 krb5_db_get_mkey_list
 krb5_db_get_context
 krb5_db_get_principal
@@ -23,7 +22,6 @@
 krb5_db_lock
 krb5_db_put_principal
 krb5_db_set_context
-krb5_db_set_mkey
 krb5_db_set_mkey_list
 krb5_db_setup_mkey_name
 krb5_db_unlock

Modified: trunk/src/plugins/kdb/db2/db2_exp.c
===================================================================
--- trunk/src/plugins/kdb/db2/db2_exp.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/db2_exp.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -174,13 +174,6 @@
            ( krb5_context kcontext, osa_policy_ent_t entry ),
            (kcontext, entry));
 
-WRAP_K (krb5_db2_set_master_key_ext,
-        ( krb5_context kcontext, char *pwd, krb5_keyblock *key),
-        (kcontext, pwd, key));
-WRAP_K (krb5_db2_db_get_mkey,
-        ( krb5_context context, krb5_keyblock **key),
-        (context, key));
-
 WRAP_K (krb5_db2_db_set_mkey_list,
         ( krb5_context kcontext, krb5_keylist_node *keylist),
         (kcontext, keylist));
@@ -251,8 +244,6 @@
     /* db_free_policy */                         wrap_krb5_db2_free_policy,
     /* db_alloc */                               krb5_db2_alloc,
     /* db_free */                                krb5_db2_free,
-    /* set_master_key */                         wrap_krb5_db2_set_master_key_ext,
-    /* get_master_key */                         wrap_krb5_db2_db_get_mkey,
     /* set_master_key_list */                    wrap_krb5_db2_db_set_mkey_list,
     /* get_master_key_list */                    wrap_krb5_db2_db_get_mkey_list,
     /* blah blah blah */ 0,0,0,0,0,0,0,0,

Modified: trunk/src/plugins/kdb/db2/kdb_db2.c
===================================================================
--- trunk/src/plugins/kdb/db2/kdb_db2.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/kdb_db2.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -438,37 +438,7 @@
     return retval;
 }
 
-/*
- * Set/Get the master key associated with the database
- */
 krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key)
-{
-    krb5_db2_context *db_ctx;
-
-    if (!k5db2_inited(context))
-        return (KRB5_KDB_DBNOTINITED);
-
-    db_ctx = context->dal_handle->db_context;
-    db_ctx->db_master_key = key;
-    return 0;
-}
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key)
-{
-    krb5_db2_context *db_ctx;
-
-    if (!k5db2_inited(context))
-        return (KRB5_KDB_DBNOTINITED);
-
-    db_ctx = context->dal_handle->db_context;
-    *key = db_ctx->db_master_key;
-
-    return 0;
-}
-
-krb5_error_code
 krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list)
 {
     krb5_db2_context *db_ctx;
@@ -1333,13 +1303,6 @@
     return destroy_db(context, db_ctx->db_name);
 }
 
-krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context context,
-                            char *pwd, krb5_keyblock * key)
-{
-    return krb5_db2_db_set_mkey(context, key);
-}
-
 void   *
 krb5_db2_alloc(krb5_context context, void *ptr, size_t size)
 {

Modified: trunk/src/plugins/kdb/db2/kdb_db2.h
===================================================================
--- trunk/src/plugins/kdb/db2/kdb_db2.h	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/db2/kdb_db2.h	2010-07-02 17:13:40 UTC (rev 24162)
@@ -43,7 +43,6 @@
     int                 db_locks_held;  /* Number of times locked       */
     int                 db_lock_mode;   /* Last lock mode, e.g. greatest*/
     krb5_boolean        db_nb_locks;    /* [Non]Blocking lock modes     */
-    krb5_keyblock      *db_master_key; /* Master key of database */
     krb5_keylist_node *db_master_key_list;  /* Master key list of database */
     osa_adb_policy_t    policy_db;
     krb5_boolean        tempdb;
@@ -81,16 +80,6 @@
 krb5_error_code krb5_db2_db_close_database(krb5_context);
 
 krb5_error_code
-krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd,
-                            krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key);
-
-krb5_error_code
-krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key);
-
-krb5_error_code
 krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist);
 
 krb5_error_code

Modified: trunk/src/plugins/kdb/ldap/ldap_exp.c
===================================================================
--- trunk/src/plugins/kdb/ldap/ldap_exp.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/ldap_exp.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -72,8 +72,6 @@
     /* db_alloc */                          krb5_ldap_alloc,
     /* db_free */                           krb5_ldap_free,
     /* optional functions */
-    /* set_master_key */                    krb5_ldap_set_mkey,
-    /* get_master_key */                    krb5_ldap_get_mkey,
     /* set_master_key_list */               krb5_ldap_set_mkey_list,
     /* get_master_key_list */               krb5_ldap_get_mkey_list,
     /* setup_master_key_name */             NULL,

Modified: trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
===================================================================
--- trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -130,7 +130,9 @@
 
 static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
 static int kdb_ldap_create_principal (krb5_context context, krb5_principal
-                                      princ, enum ap_op op, struct realm_info *pblock);
+                                      princ, enum ap_op op,
+                                      struct realm_info *pblock,
+                                      const krb5_keyblock *master_keyblock);
 
 
 static char *strdur(time_t duration);
@@ -511,15 +513,6 @@
         mkey_password = pw_str;
     }
 
-    rparams->mkey.enctype = global_params.enctype;
-    /* We are sure that 'mkey_password' is a regular string ... */
-    rparams->mkey.length = strlen(mkey_password) + 1;
-    rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
-    if (rparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
-    }
-
     rparams->realm_name = strdup(global_params.realm);
     if (rparams->realm_name == NULL) {
         retval = ENOMEM;
@@ -646,7 +639,7 @@
             goto err_nomsg;
         }
 
-        retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+        retval = krb5_c_string_to_key(util_context, global_params.enctype,
                                       &pwd, &master_salt, &master_keyblock);
 
         if (master_salt.data)
@@ -659,17 +652,6 @@
 
     }
 
-    rblock.key = &master_keyblock;
-    ldap_context->lrparams->mkey = master_keyblock;
-    ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
-        (master_keyblock.length);
-    if (ldap_context->lrparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
-    }
-    memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
-            master_keyblock.length);
-
     /* Create special principals inside the realm subtree */
     {
         char princ_name[MAX_PRINC_SIZE];
@@ -695,14 +677,18 @@
 
         /* Create 'K/M' ... */
         rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX;
-        if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, master_princ,
+                                                MASTER_KEY, &rblock,
+                                                &master_keyblock))) {
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
         }
 
         /* Create 'krbtgt' ... */
         rblock.flags = 0; /* reset the flags */
-        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ,
+                                                TGT_KEY, &rblock,
+                                                &master_keyblock))) {
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
         }
@@ -715,7 +701,8 @@
         }
         rblock.max_life = ADMIN_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -731,7 +718,8 @@
         rblock.max_life = CHANGEPW_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED |
             KRB5_KDB_PWCHANGE_SERVICE;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -746,7 +734,8 @@
         }
         rblock.max_life = global_params.max_life;
         rblock.flags = 0;
-        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -775,7 +764,8 @@
 
         rblock.max_life = ADMIN_LIFETIME;
         rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
-        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) {
+        if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY,
+                                                &rblock, &master_keyblock))) {
             krb5_free_principal(util_context, p);
             com_err(progname, retval, "while adding entries to the database");
             goto err_nomsg;
@@ -2352,7 +2342,8 @@
  */
 static int
 kdb_ldap_create_principal(krb5_context context, krb5_principal princ,
-                          enum ap_op op, struct realm_info *pblock)
+                          enum ap_op op, struct realm_info *pblock,
+                          const krb5_keyblock *master_keyblock)
 {
     int              retval=0, currlen=0, princtype = 2 /* Service Principal */;
     unsigned char    *curr=NULL;
@@ -2450,8 +2441,7 @@
                 goto cleanup;
             }
             kvno = 1; /* New key is getting set */
-            retval = krb5_dbekd_encrypt_key_data(context,
-                                                 &ldap_context->lrparams->mkey,
+            retval = krb5_dbekd_encrypt_key_data(context, master_keyblock,
                                                  &key, NULL, kvno,
                                                  &entry.key_data[entry.n_key_data - 1]);
             krb5_free_keyblock_contents(context, &key);
@@ -2488,8 +2478,7 @@
         entry.n_key_data++;
         kvno = 1; /* New key is getting set */
         retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-                                             &ldap_context->lrparams->mkey,
-                                             NULL, kvno,
+                                             master_keyblock, NULL, kvno,
                                              &entry.key_data[entry.n_key_data - 1]);
         if (retval) {
             goto cleanup;

Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h	2010-07-02 17:13:40 UTC (rev 24162)
@@ -264,13 +264,8 @@
 
 void
 krb5_ldap_free( krb5_context kcontext, void *ptr );
-krb5_error_code
-krb5_ldap_get_mkey(krb5_context, krb5_keyblock **);
 
 krb5_error_code
-krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *);
-
-krb5_error_code
 krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list);
 
 krb5_error_code

Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -32,69 +32,7 @@
 #include "ldap_main.h"
 #include "kdb_ldap.h"
 
-/*
- * get the master key from the database specific context
- */
-
 krb5_error_code
-krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key)
-{
-    kdb5_dal_handle             *dal_handle=NULL;
-    krb5_ldap_context           *ldap_context=NULL;
-
-    /* Clear the global error string */
-    krb5_clear_error_message(context);
-
-    dal_handle = context->dal_handle;
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
-    if (ldap_context == NULL || ldap_context->lrparams == NULL)
-        return KRB5_KDB_DBNOTINITED;
-
-    *key = &ldap_context->lrparams->mkey;
-    return 0;
-}
-
-
-/*
- * set the master key into the database specific context
- */
-
-krb5_error_code
-krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key)
-{
-    kdb5_dal_handle             *dal_handle=NULL;
-    krb5_ldap_context           *ldap_context=NULL;
-    krb5_ldap_realm_params      *r_params = NULL;
-
-    /* Clear the global error string */
-    krb5_clear_error_message(context);
-
-    dal_handle = context->dal_handle;
-    ldap_context = (krb5_ldap_context *) dal_handle->db_context;
-
-    if (ldap_context == NULL || ldap_context->lrparams == NULL)
-        return KRB5_KDB_DBNOTINITED;
-
-    r_params = ldap_context->lrparams;
-
-    if (r_params->mkey.contents) {
-        free (r_params->mkey.contents);
-        r_params->mkey.contents=NULL;
-    }
-
-    r_params->mkey.magic = key->magic;
-    r_params->mkey.enctype = key->enctype;
-    r_params->mkey.length = key->length;
-    r_params->mkey.contents = malloc(key->length);
-    if (r_params->mkey.contents == NULL)
-        return ENOMEM;
-
-    memcpy(r_params->mkey.contents, key->contents, key->length);
-    return 0;
-}
-
-krb5_error_code
 krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list)
 {
     kdb5_dal_handle             *dal_handle=NULL;

Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c	2010-07-02 17:13:40 UTC (rev 24162)
@@ -1458,11 +1458,6 @@
             krb5_xfree(rparams->tl_data);
         }
 
-        if (rparams->mkey.contents) {
-            memset(rparams->mkey.contents, 0, rparams->mkey.length);
-            krb5_xfree(rparams->mkey.contents);
-        }
-
         krb5_xfree(rparams);
     }
     return;

Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h	2010-07-02 17:13:40 UTC (rev 24162)
@@ -68,7 +68,6 @@
     char          **adminservers;
     char          **passwdservers;
     krb5_tl_data  *tl_data;
-    krb5_keyblock mkey;
     krb5_keylist_node *mkey_list; /* all master keys in use for the realm */
     long          mask;
 } krb5_ldap_realm_params;

Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports	2010-07-02 16:59:33 UTC (rev 24161)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports	2010-07-02 17:13:40 UTC (rev 24162)
@@ -37,14 +37,10 @@
 krb5_ldap_free_krbcontainer_params
 krb5_ldap_alloc
 krb5_ldap_free
-krb5_ldap_set_mkey
-krb5_ldap_get_mkey
 disjoint_members
 krb5_ldap_delete_realm_1
 krb5_ldap_lock
 krb5_ldap_unlock
-krb5_ldap_errcode_2_string
-krb5_ldap_release_errcode_string
 krb5_ldap_create
 krb5_ldap_set_mkey_list
 krb5_ldap_get_mkey_list




More information about the cvs-krb5 mailing list