diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-07-02 17:13:40 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-07-02 17:13:40 +0000 |
commit | 3dd263c9e18f52a115ab16213c37ee4132d56961 (patch) | |
tree | d2606d63e2c0cb4a87d33e9bab7eb75ce0ae8dc5 /src/plugins | |
parent | cd332f86e3559fa13eaad7b33485fd1047fcd16c (diff) | |
download | krb5-3dd263c9e18f52a115ab16213c37ee4132d56961.zip krb5-3dd263c9e18f52a115ab16213c37ee4132d56961.tar.gz krb5-3dd263c9e18f52a115ab16213c37ee4132d56961.tar.bz2 |
Remove the set_master_key and get_master_key DAL interfaces and their
corresponding libkdb5 APIs, as they were not productively used. In
kdb5_ldap_util, stop using the realm data's mkey field as a container
to communicate the master key to static helper functions, since the
field no longer exists.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24162 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/kdb/db2/db2_exp.c | 9 | ||||
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.c | 37 | ||||
-rw-r--r-- | src/plugins/kdb/db2/kdb_db2.h | 11 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/ldap_exp.c | 2 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c | 55 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h | 5 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c | 62 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 5 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h | 1 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports | 4 |
10 files changed, 22 insertions, 169 deletions
diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c index 174c60a..74963cd 100644 --- a/src/plugins/kdb/db2/db2_exp.c +++ b/src/plugins/kdb/db2/db2_exp.c @@ -174,13 +174,6 @@ WRAP_VOID (krb5_db2_free_policy, ( krb5_context kcontext, osa_policy_ent_t entry ), (kcontext, entry)); -WRAP_K (krb5_db2_set_master_key_ext, - ( krb5_context kcontext, char *pwd, krb5_keyblock *key), - (kcontext, pwd, key)); -WRAP_K (krb5_db2_db_get_mkey, - ( krb5_context context, krb5_keyblock **key), - (context, key)); - WRAP_K (krb5_db2_db_set_mkey_list, ( krb5_context kcontext, krb5_keylist_node *keylist), (kcontext, keylist)); @@ -251,8 +244,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_db2, kdb_function_table) = { /* db_free_policy */ wrap_krb5_db2_free_policy, /* db_alloc */ krb5_db2_alloc, /* db_free */ krb5_db2_free, - /* set_master_key */ wrap_krb5_db2_set_master_key_ext, - /* get_master_key */ wrap_krb5_db2_db_get_mkey, /* set_master_key_list */ wrap_krb5_db2_db_set_mkey_list, /* get_master_key_list */ wrap_krb5_db2_db_get_mkey_list, /* blah blah blah */ 0,0,0,0,0,0,0,0, diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index 9c73c12..684fcd9 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -438,36 +438,6 @@ krb5_db2_db_fini(krb5_context context) return retval; } -/* - * Set/Get the master key associated with the database - */ -krb5_error_code -krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key) -{ - krb5_db2_context *db_ctx; - - if (!k5db2_inited(context)) - return (KRB5_KDB_DBNOTINITED); - - db_ctx = context->dal_handle->db_context; - db_ctx->db_master_key = key; - return 0; -} - -krb5_error_code -krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key) -{ - krb5_db2_context *db_ctx; - - if (!k5db2_inited(context)) - return (KRB5_KDB_DBNOTINITED); - - db_ctx = context->dal_handle->db_context; - *key = db_ctx->db_master_key; - - return 0; -} - krb5_error_code krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *key_list) { @@ -1333,13 +1303,6 @@ krb5_db2_destroy(krb5_context context, char *conf_section, char **db_args) return destroy_db(context, db_ctx->db_name); } -krb5_error_code -krb5_db2_set_master_key_ext(krb5_context context, - char *pwd, krb5_keyblock * key) -{ - return krb5_db2_db_set_mkey(context, key); -} - void * krb5_db2_alloc(krb5_context context, void *ptr, size_t size) { diff --git a/src/plugins/kdb/db2/kdb_db2.h b/src/plugins/kdb/db2/kdb_db2.h index 7b4fcf4..2c95448 100644 --- a/src/plugins/kdb/db2/kdb_db2.h +++ b/src/plugins/kdb/db2/kdb_db2.h @@ -43,7 +43,6 @@ typedef struct _krb5_db2_context { int db_locks_held; /* Number of times locked */ int db_lock_mode; /* Last lock mode, e.g. greatest*/ krb5_boolean db_nb_locks; /* [Non]Blocking lock modes */ - krb5_keyblock *db_master_key; /* Master key of database */ krb5_keylist_node *db_master_key_list; /* Master key list of database */ osa_adb_policy_t policy_db; krb5_boolean tempdb; @@ -81,16 +80,6 @@ krb5_error_code krb5_db2_db_open_database(krb5_context); krb5_error_code krb5_db2_db_close_database(krb5_context); krb5_error_code -krb5_db2_set_master_key_ext(krb5_context kcontext, char *pwd, - krb5_keyblock *key); - -krb5_error_code -krb5_db2_db_set_mkey(krb5_context context, krb5_keyblock *key); - -krb5_error_code -krb5_db2_db_get_mkey(krb5_context context, krb5_keyblock **key); - -krb5_error_code krb5_db2_db_set_mkey_list(krb5_context context, krb5_keylist_node *keylist); krb5_error_code diff --git a/src/plugins/kdb/ldap/ldap_exp.c b/src/plugins/kdb/ldap/ldap_exp.c index 4d3b249..1846d92 100644 --- a/src/plugins/kdb/ldap/ldap_exp.c +++ b/src/plugins/kdb/ldap/ldap_exp.c @@ -72,8 +72,6 @@ kdb_vftabl PLUGIN_SYMBOL_NAME(krb5_ldap, kdb_function_table) = { /* db_alloc */ krb5_ldap_alloc, /* db_free */ krb5_ldap_free, /* optional functions */ - /* set_master_key */ krb5_ldap_set_mkey, - /* get_master_key */ krb5_ldap_get_mkey, /* set_master_key_list */ krb5_ldap_set_mkey_list, /* get_master_key_list */ krb5_ldap_get_mkey_list, /* setup_master_key_name */ NULL, diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index d96ce0f..eb3dec7 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -130,7 +130,9 @@ extern kadm5_config_params global_params; static void print_realm_params(krb5_ldap_realm_params *rparams, int mask); static int kdb_ldap_create_principal (krb5_context context, krb5_principal - princ, enum ap_op op, struct realm_info *pblock); + princ, enum ap_op op, + struct realm_info *pblock, + const krb5_keyblock *master_keyblock); static char *strdur(time_t duration); @@ -511,15 +513,6 @@ kdb5_ldap_create(int argc, char *argv[]) mkey_password = pw_str; } - rparams->mkey.enctype = global_params.enctype; - /* We are sure that 'mkey_password' is a regular string ... */ - rparams->mkey.length = strlen(mkey_password) + 1; - rparams->mkey.contents = (krb5_octet *)strdup(mkey_password); - if (rparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; - } - rparams->realm_name = strdup(global_params.realm); if (rparams->realm_name == NULL) { retval = ENOMEM; @@ -646,7 +639,7 @@ kdb5_ldap_create(int argc, char *argv[]) goto err_nomsg; } - retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype, + retval = krb5_c_string_to_key(util_context, global_params.enctype, &pwd, &master_salt, &master_keyblock); if (master_salt.data) @@ -659,17 +652,6 @@ kdb5_ldap_create(int argc, char *argv[]) } - rblock.key = &master_keyblock; - ldap_context->lrparams->mkey = master_keyblock; - ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc - (master_keyblock.length); - if (ldap_context->lrparams->mkey.contents == NULL) { - retval = ENOMEM; - goto cleanup; - } - memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents, - master_keyblock.length); - /* Create special principals inside the realm subtree */ { char princ_name[MAX_PRINC_SIZE]; @@ -695,14 +677,18 @@ kdb5_ldap_create(int argc, char *argv[]) /* Create 'K/M' ... */ rblock.flags |= KRB5_KDB_DISALLOW_ALL_TIX; - if ((retval = kdb_ldap_create_principal(util_context, master_princ, MASTER_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, master_princ, + MASTER_KEY, &rblock, + &master_keyblock))) { com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; } /* Create 'krbtgt' ... */ rblock.flags = 0; /* reset the flags */ - if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, &tgt_princ, + TGT_KEY, &rblock, + &master_keyblock))) { com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; } @@ -715,7 +701,8 @@ kdb5_ldap_create(int argc, char *argv[]) } rblock.max_life = ADMIN_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -731,7 +718,8 @@ kdb5_ldap_create(int argc, char *argv[]) rblock.max_life = CHANGEPW_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED | KRB5_KDB_PWCHANGE_SERVICE; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -746,7 +734,8 @@ kdb5_ldap_create(int argc, char *argv[]) } rblock.max_life = global_params.max_life; rblock.flags = 0; - if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -775,7 +764,8 @@ kdb5_ldap_create(int argc, char *argv[]) rblock.max_life = ADMIN_LIFETIME; rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED; - if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, &rblock))) { + if ((retval = kdb_ldap_create_principal(util_context, temp_p, TGT_KEY, + &rblock, &master_keyblock))) { krb5_free_principal(util_context, p); com_err(progname, retval, "while adding entries to the database"); goto err_nomsg; @@ -2352,7 +2342,8 @@ kdb_ldap_tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr) */ static int kdb_ldap_create_principal(krb5_context context, krb5_principal princ, - enum ap_op op, struct realm_info *pblock) + enum ap_op op, struct realm_info *pblock, + const krb5_keyblock *master_keyblock) { int retval=0, currlen=0, princtype = 2 /* Service Principal */; unsigned char *curr=NULL; @@ -2450,8 +2441,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, goto cleanup; } kvno = 1; /* New key is getting set */ - retval = krb5_dbekd_encrypt_key_data(context, - &ldap_context->lrparams->mkey, + retval = krb5_dbekd_encrypt_key_data(context, master_keyblock, &key, NULL, kvno, &entry.key_data[entry.n_key_data - 1]); krb5_free_keyblock_contents(context, &key); @@ -2488,8 +2478,7 @@ kdb_ldap_create_principal(krb5_context context, krb5_principal princ, entry.n_key_data++; kvno = 1; /* New key is getting set */ retval = krb5_dbekd_encrypt_key_data(context, pblock->key, - &ldap_context->lrparams->mkey, - NULL, kvno, + master_keyblock, NULL, kvno, &entry.key_data[entry.n_key_data - 1]); if (retval) { goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index 168abdf..72e2545 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -264,11 +264,6 @@ krb5_ldap_alloc( krb5_context kcontext, void *ptr, size_t size ); void krb5_ldap_free( krb5_context kcontext, void *ptr ); -krb5_error_code -krb5_ldap_get_mkey(krb5_context, krb5_keyblock **); - -krb5_error_code -krb5_ldap_set_mkey(krb5_context, char *, krb5_keyblock *); krb5_error_code krb5_ldap_get_mkey_list (krb5_context context, krb5_keylist_node **key_list); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c index ca4fc7d..a61ebfc 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_fetch_mkey.c @@ -32,68 +32,6 @@ #include "ldap_main.h" #include "kdb_ldap.h" -/* - * get the master key from the database specific context - */ - -krb5_error_code -krb5_ldap_get_mkey(krb5_context context, krb5_keyblock **key) -{ - kdb5_dal_handle *dal_handle=NULL; - krb5_ldap_context *ldap_context=NULL; - - /* Clear the global error string */ - krb5_clear_error_message(context); - - dal_handle = context->dal_handle; - ldap_context = (krb5_ldap_context *) dal_handle->db_context; - - if (ldap_context == NULL || ldap_context->lrparams == NULL) - return KRB5_KDB_DBNOTINITED; - - *key = &ldap_context->lrparams->mkey; - return 0; -} - - -/* - * set the master key into the database specific context - */ - -krb5_error_code -krb5_ldap_set_mkey(krb5_context context, char *pwd, krb5_keyblock *key) -{ - kdb5_dal_handle *dal_handle=NULL; - krb5_ldap_context *ldap_context=NULL; - krb5_ldap_realm_params *r_params = NULL; - - /* Clear the global error string */ - krb5_clear_error_message(context); - - dal_handle = context->dal_handle; - ldap_context = (krb5_ldap_context *) dal_handle->db_context; - - if (ldap_context == NULL || ldap_context->lrparams == NULL) - return KRB5_KDB_DBNOTINITED; - - r_params = ldap_context->lrparams; - - if (r_params->mkey.contents) { - free (r_params->mkey.contents); - r_params->mkey.contents=NULL; - } - - r_params->mkey.magic = key->magic; - r_params->mkey.enctype = key->enctype; - r_params->mkey.length = key->length; - r_params->mkey.contents = malloc(key->length); - if (r_params->mkey.contents == NULL) - return ENOMEM; - - memcpy(r_params->mkey.contents, key->contents, key->length); - return 0; -} - krb5_error_code krb5_ldap_get_mkey_list(krb5_context context, krb5_keylist_node **key_list) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 7096c0b..81df629 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -1458,11 +1458,6 @@ krb5_ldap_free_realm_params(krb5_ldap_realm_params *rparams) krb5_xfree(rparams->tl_data); } - if (rparams->mkey.contents) { - memset(rparams->mkey.contents, 0, rparams->mkey.length); - krb5_xfree(rparams->mkey.contents); - } - krb5_xfree(rparams); } return; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h index dcb3fcb..6b54354 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h @@ -68,7 +68,6 @@ typedef struct _krb5_ldap_realm_params { char **adminservers; char **passwdservers; krb5_tl_data *tl_data; - krb5_keyblock mkey; krb5_keylist_node *mkey_list; /* all master keys in use for the realm */ long mask; } krb5_ldap_realm_params; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports index 97ff385..0e8c081 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports +++ b/src/plugins/kdb/ldap/libkdb_ldap/libkdb_ldap.exports @@ -37,14 +37,10 @@ krb5_ldap_free_server_context_params krb5_ldap_free_krbcontainer_params krb5_ldap_alloc krb5_ldap_free -krb5_ldap_set_mkey -krb5_ldap_get_mkey disjoint_members krb5_ldap_delete_realm_1 krb5_ldap_lock krb5_ldap_unlock -krb5_ldap_errcode_2_string -krb5_ldap_release_errcode_string krb5_ldap_create krb5_ldap_set_mkey_list krb5_ldap_get_mkey_list |