krb5 commit: Remove unused _gssd_keyring_ids_ feature
Greg Hudson
ghudson at MIT.EDU
Fri Aug 16 13:38:15 EDT 2013
https://github.com/krb5/krb5/commit/9246c6f5bde8ed82eb3bec101c61a5c16806269b
commit 9246c6f5bde8ed82eb3bec101c61a5c16806269b
Author: Simo Sorce <simo at redhat.com>
Date: Thu Aug 8 15:43:54 2013 -0400
Remove unused _gssd_keyring_ids_ feature
This feature was intended to be used by gssd to access users' keyring
credentials, but it was never used.
[ghudson at mit.edu: clarified commit message]
src/lib/krb5/ccache/cc_keyring.c | 88 +------------------------------------
1 files changed, 3 insertions(+), 85 deletions(-)
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index 059e9ee..55e219d 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -117,20 +117,6 @@ debug_print(char *fmt, ...)
#define KRCC_SPEC_PRINC_KEYNAME "__krb5_princ__"
/*
- * XXX The following two really belong in some external
- * header since outside programs will need to use these
- * same names.
- */
-/*
- * Special name for key to communicate key serial numbers
- * This is used by the Linux gssd process to pass the
- * user's keyring values it gets in an upcall.
- * The format of the contents should be
- * <session_key>:<process_key>:<thread_key>
- */
-#define KRCC_SPEC_IDS_KEYNAME "_gssd_keyring_ids_"
-
-/*
* Special name for the key to communicate the name(s)
* of credentials caches to be used for requests.
* This should currently contain a single name, but
@@ -148,12 +134,6 @@ debug_print(char *fmt, ...)
#define CHECK(ret) if (ret != KRB5_OK) goto errout
#define CHECK_OUT(ret) if (ret != KRB5_OK) return ret
-typedef struct krb5_krcc_ring_ids {
- key_serial_t session;
- key_serial_t process;
- key_serial_t thread;
-} krb5_krcc_ring_ids_t;
-
typedef struct _krb5_krcc_cursor
{
int numkeys;
@@ -271,8 +251,6 @@ static krb5_error_code krb5_krcc_save_principal
static krb5_error_code krb5_krcc_retrieve_principal
(krb5_context context, krb5_ccache id, krb5_principal * princ);
-static int krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p);
-
/* Routines to parse a key from a keyring into a cred structure */
static krb5_error_code krb5_krcc_parse
(krb5_context, krb5_pointer buf, unsigned int len, krb5_krcc_bc * bc);
@@ -527,30 +505,21 @@ krb5_krcc_resolve(krb5_context context, krb5_ccache * id, const char *full_resid
key_serial_t key;
key_serial_t pkey = 0;
int nkeys = 0;
- int res;
- krb5_krcc_ring_ids_t ids;
key_serial_t ring_id;
const char *residual;
DEBUG_PRINT(("krb5_krcc_resolve: entered with name '%s'\n",
full_residual));
- res = krb5_krcc_get_ring_ids(&ids);
- if (res) {
- kret = EINVAL;
- DEBUG_PRINT(("krb5_krcc_resolve: Error getting ring id values!\n"));
- return kret;
- }
-
if (strncmp(full_residual, "thread:", 7) == 0) {
residual = full_residual + 7;
- ring_id = ids.thread;
+ ring_id = KEY_SPEC_THREAD_KEYRING;
} else if (strncmp(full_residual, "process:", 8) == 0) {
residual = full_residual + 8;
- ring_id = ids.process;
+ ring_id = KEY_SPEC_PROCESS_KEYRING;
} else {
residual = full_residual;
- ring_id = ids.session;
+ ring_id = KEY_SPEC_SESSION_KEYRING;
}
DEBUG_PRINT(("krb5_krcc_resolve: searching ring %d for residual '%s'\n",
@@ -1169,57 +1138,6 @@ errout:
return kret;
}
-static int
-krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p)
-{
- key_serial_t ids_key;
- char ids_buf[128];
- key_serial_t session, process, thread;
- long val;
-
- DEBUG_PRINT(("krb5_krcc_get_ring_ids: entered\n"));
-
- if (!p)
- return EINVAL;
-
- /* Use the defaults in case we find no ids key */
- p->session = KEY_SPEC_SESSION_KEYRING;
- p->process = KEY_SPEC_PROCESS_KEYRING;
- p->thread = KEY_SPEC_THREAD_KEYRING;
-
- /*
- * Note that in the "normal" case, this will not be found.
- * The Linux gssd creates this key while creating a
- * context to communicate the user's key serial numbers.
- */
- ids_key = request_key(KRCC_KEY_TYPE_USER, KRCC_SPEC_IDS_KEYNAME, NULL, 0);
- if (ids_key < 0)
- goto out;
-
- DEBUG_PRINT(("krb5_krcc_get_ring_ids: processing '%s' key %d\n",
- KRCC_SPEC_IDS_KEYNAME, ids_key));
- /*
- * Read and parse the ids file
- */
- memset(ids_buf, '\0', sizeof(ids_buf));
- val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf));
- if (val < 0 || (size_t)val > sizeof(ids_buf))
- goto out;
-
- val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread);
- if (val != 3)
- goto out;
-
- p->session = session;
- p->process = process;
- p->thread = thread;
-
-out:
- DEBUG_PRINT(("krb5_krcc_get_ring_ids: returning %d:%d:%d\n",
- p->session, p->process, p->thread));
- return 0;
-}
-
/*
* ===============================================================
* INTERNAL functions to parse a credential from a key payload
More information about the cvs-krb5
mailing list