diff options
| author | Tom Yu <tlyu@mit.edu> | 2003-06-03 04:32:41 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2003-06-03 04:32:41 +0000 |
| commit | ee998b15a82702e78ef0a6a1020ef2c0df2517d2 (patch) | |
| tree | 3748acdd8978ae4664a7a68d4d1e4a7909836bad /src/kdc | |
| parent | 5d84be296d86bf6b13ab97887576cbc7209680a0 (diff) | |
| download | krb5-ee998b15a82702e78ef0a6a1020ef2c0df2517d2.zip krb5-ee998b15a82702e78ef0a6a1020ef2c0df2517d2.tar.gz krb5-ee998b15a82702e78ef0a6a1020ef2c0df2517d2.tar.bz2 | |
Drop default_kdc_enctypes and all related code
ticket: 1553
target_version: 1.3
status: open
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15544 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc')
| -rw-r--r-- | src/kdc/ChangeLog | 12 | ||||
| -rw-r--r-- | src/kdc/extern.h | 7 | ||||
| -rw-r--r-- | src/kdc/main.c | 143 |
3 files changed, 12 insertions, 150 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 04d9617..e4d7a9d 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,15 @@ +2003-06-03 Tom Yu <tlyu@mit.edu> + + * extern.h (master_princ): Remove realm_mkvno, realm_tgskey, + realm_tgskvno, realm_kstypes, realm_nkstypes. They're not needed + anymore. + + * main.c (finish_realm): Remove references to realm_kstypes, + realm_tgskey. + (init_realm): Don't bother with realm_kstypes. Don't bother + looking up the master kvno. Don't bother caching the TGS key. + None of these were being used. + 2003-05-30 Ken Raeburn <raeburn@mit.edu> * main.c (init_realm): Use KRB5_KDB_MAX_RLIFE, not diff --git a/src/kdc/extern.h b/src/kdc/extern.h index ad06674..d4db86a 100644 --- a/src/kdc/extern.h +++ b/src/kdc/extern.h @@ -49,13 +49,10 @@ typedef struct __kdc_realm_data { char * realm_mpname; /* Master principal name for realm */ krb5_principal realm_mprinc; /* Master principal for realm */ krb5_keyblock realm_mkey; /* Master key for this realm */ - krb5_kvno realm_mkvno; /* Master key vno for this realm */ /* * TGS per-realm data. */ krb5_principal realm_tgsprinc; /* TGS principal for this realm */ - krb5_keyblock realm_tgskey; /* TGS' key for this realm */ - krb5_kvno realm_tgskvno; /* TGS' key vno for this realm */ /* * Other per-realm data. */ @@ -66,8 +63,6 @@ typedef struct __kdc_realm_data { */ krb5_deltat realm_maxlife; /* Maximum ticket life for realm */ krb5_deltat realm_maxrlife; /* Maximum renewable life for realm */ - void *realm_kstypes; /* Key/Salts supported for realm */ - krb5_int32 realm_nkstypes; /* Number of key/salts */ krb5_boolean realm_reject_bad_transit; /* Accept unverifiable transited_realm ? */ } kdc_realm_t; @@ -87,8 +82,6 @@ kdc_realm_t *find_realm_data (char *, krb5_ui_4); #define max_renewable_life_for_realm kdc_active_realm->realm_maxrlife #define master_keyblock kdc_active_realm->realm_mkey #define master_princ kdc_active_realm->realm_mprinc -#define tgs_key kdc_active_realm->realm_tgskey -#define tgs_kvno kdc_active_realm->realm_tgskvno #define tgs_server_struct *(kdc_active_realm->realm_tgsprinc) #define tgs_server kdc_active_realm->realm_tgsprinc #define dbm_db_name kdc_active_realm->realm_dbname diff --git a/src/kdc/main.c b/src/kdc/main.c index 32616cf..849c929 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -121,8 +121,6 @@ finish_realm(kdc_realm_t *rdp) free(rdp->realm_ports); if (rdp->realm_tcp_ports) free(rdp->realm_tcp_ports); - if (rdp->realm_kstypes) - free(rdp->realm_kstypes); if (rdp->realm_keytab) krb5_kt_close(rdp->realm_context, rdp->realm_keytab); if (rdp->realm_context) { @@ -132,10 +130,6 @@ finish_realm(kdc_realm_t *rdp) memset(rdp->realm_mkey.contents, 0, rdp->realm_mkey.length); free(rdp->realm_mkey.contents); } - if (rdp->realm_tgskey.length && rdp->realm_tgskey.contents) { - memset(rdp->realm_tgskey.contents, 0, rdp->realm_tgskey.length); - free(rdp->realm_tgskey.contents); - } krb5_db_fini(rdp->realm_context); if (rdp->realm_tgsprinc) krb5_free_principal(rdp->realm_context, rdp->realm_tgsprinc); @@ -159,14 +153,7 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, { krb5_error_code kret; krb5_boolean manual; - krb5_db_entry db_entry; - int num2get; - krb5_boolean more; krb5_realm_params *rparams; - krb5_key_data *kdata; - krb5_key_salt_tuple *kslist; - krb5_int32 nkslist; - int i; memset((char *) rdp, 0, sizeof(kdc_realm_t)); if (!realm) { @@ -244,34 +231,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, rdp->realm_maxrlife = (rparams && rparams->realm_max_rlife_valid) ? rparams->realm_max_rlife : KRB5_KDB_MAX_RLIFE; - /* Handle key/salt list */ - if (rparams && rparams->realm_num_keysalts) { - rdp->realm_kstypes = rparams->realm_keysalts; - rdp->realm_nkstypes = rparams->realm_num_keysalts; - rparams->realm_keysalts = NULL; - rparams->realm_num_keysalts = 0; - kslist = (krb5_key_salt_tuple *) rdp->realm_kstypes; - nkslist = rdp->realm_nkstypes; - } else { - /* - * XXX Initialize default key/salt list. - */ - if ((kslist = (krb5_key_salt_tuple *) - malloc(sizeof(krb5_key_salt_tuple)))) { - kslist->ks_enctype = ENCTYPE_DES_CBC_CRC; - kslist->ks_salttype = KRB5_KDB_SALTTYPE_NORMAL; - rdp->realm_kstypes = kslist; - rdp->realm_nkstypes = 1; - nkslist = 1; - } - else { - com_err(progname, ENOMEM, - "while setting up key/salt list for realm %s", - realm); - exit(1); - } - } - if (rparams) krb5_free_realm_params(rdp->realm_context, rparams); @@ -332,51 +291,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } - /* Fetch the master key and get its version number */ - num2get = 1; - kret = krb5_db_get_principal(rdp->realm_context, rdp->realm_mprinc, - &db_entry, &num2get, &more); - if (!kret) { - if (num2get != 1) - kret = KRB5_KDB_NOMASTERKEY; - else { - if (more) { - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; - } - } - } - if (kret) { - com_err(progname, kret, - "while fetching master entry for realm %s", realm); - goto whoops; - } - - /* - * Get the most recent master key. Search the key list in - * the order specified by the key/salt list. - */ - kdata = (krb5_key_data *) NULL; - for (i=0; i<nkslist; i++) { - if (!(kret = krb5_dbe_find_enctype(rdp->realm_context, - &db_entry, - kslist[i].ks_enctype, - -1, - -1, - &kdata))) - break; - } - if (!kdata) { - com_err(progname, kret, - "while finding master key for realm %s", - realm); - goto whoops; - } - rdp->realm_mkvno = kdata->key_data_kvno; - krb5_db_free_principal(rdp->realm_context, &db_entry, num2get); - if ((kret = krb5_db_set_mkey(rdp->realm_context, &rdp->realm_mkey))) { com_err(progname, kret, "while setting master key for realm %s", realm); @@ -400,63 +314,6 @@ init_realm(char *progname, kdc_realm_t *rdp, char *realm, char *def_dbname, goto whoops; } - /* Get the TGS database entry */ - num2get = 1; - if (!(kret = krb5_db_get_principal(rdp->realm_context, - rdp->realm_tgsprinc, - &db_entry, - &num2get, - &more))) { - if (num2get != 1) - kret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN; - else { - if (more) { - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - kret = KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE; - } - } - } - if (kret) { - com_err(progname, kret, - "while fetching TGS entry for realm %s", realm); - goto whoops; - } - /* - * Get the most recent TGS key. Search the key list in - * the order specified by the key/salt list. - */ - kdata = (krb5_key_data *) NULL; - for (i=0; i<nkslist; i++) { - if (!(kret = krb5_dbe_find_enctype(rdp->realm_context, - &db_entry, - kslist[i].ks_enctype, - -1, - -1, - &kdata))) - break; - } - if (!kdata) { - com_err(progname, kret, "while finding TGS key for realm %s", - realm); - goto whoops; - } - if (!(kret = krb5_dbekd_decrypt_key_data(rdp->realm_context, - &rdp->realm_mkey, - kdata, - &rdp->realm_tgskey, NULL))){ - rdp->realm_tgskvno = kdata->key_data_kvno; - } - krb5_db_free_principal(rdp->realm_context, - &db_entry, - num2get); - if (kret) { - com_err(progname, kret, - "while decrypting TGS key for realm %s", realm); - goto whoops; - } - if (!rkey_init_done) { krb5_data seed; #ifdef KRB5_KRB4_COMPAT |