diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-11-18 15:48:08 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-12-20 11:35:42 -0500 |
commit | 653da3f97138a1a7aae5b8c95f8548d60995e53f (patch) | |
tree | 90f7f634f7ff22cb12643db6bf9bc065e282a182 /src | |
parent | f0a14b5be4954559e1174e268bbfe097c1ab873c (diff) | |
download | krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.zip krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.gz krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.bz2 |
Remove LDAP realm krbTicketPolicyReference code
ldap_realm.c had some code intended to handle a
krbTicketPolicyReference from a krbRealmContainer object, but there
wasn't enough of it to ever do anything. Remove it.
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 49 | ||||
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h | 3 |
2 files changed, 1 insertions, 51 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index 35daf5f..1e3d535 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -43,7 +43,6 @@ char *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef", "krbMaxTicketLife", "krbMaxRenewableAge", "krbTicketFlags", "krbUpEnabled", - "krbTicketPolicyReference", "krbLdapServers", "krbKdcServers", "krbAdmServers", "krbPwdServers", NULL}; @@ -611,7 +610,6 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams, rparams->realm_name == NULL || ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || - ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) || 0) { st = EINVAL; return st; @@ -862,53 +860,6 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm, } ldap_msgfree(result); - /* - * If all of maxtktlife, maxrenewlife and ticketflags are not directly - * available, use the policy dn from the policy reference attribute, if - * available, to fetch the missing. - */ - - if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE && - *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) { - - LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS); - if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) { - int ost = st; - st = translate_ldap_error (st, OP_SEARCH); - krb5_set_error_message(context, st, - _("Policy object read failed: %s"), - ldap_err2string(ost)); - goto cleanup; - } - ent = ldap_first_entry (ld, result); - if (ent != NULL) { - if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) { - if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) { - rlparams->max_life = atoi(values[0]); - *mask |= LDAP_REALM_MAXTICKETLIFE; - ldap_value_free(values); - } - } - - if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) { - if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) { - rlparams->max_renewable_life = atoi(values[0]); - *mask |= LDAP_REALM_MAXRENEWLIFE; - ldap_value_free(values); - } - } - - if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) { - if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) { - rlparams->tktflags = atoi(values[0]); - *mask |= LDAP_REALM_KRBTICKETFLAGS; - ldap_value_free(values); - } - } - } - ldap_msgfree(result); - } - rlparams->mask = *mask; *rlparamp = rlparams; st = store_tl_data(rlparams->tl_data, KDB_TL_MASK, mask); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h index b0bc579..2f1b7aa 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h @@ -34,7 +34,7 @@ /* realm specific mask */ #define LDAP_REALM_SUBTREE 0x0001 #define LDAP_REALM_SEARCHSCOPE 0x0002 -#define LDAP_REALM_POLICYREFERENCE 0x0004 +/* 0x0004 was LDAP_REALM_POLICYREFERENCE but it was unused */ #define LDAP_REALM_UPENABLED 0x0008 #define LDAP_REALM_LDAPSERVERS 0x0010 #define LDAP_REALM_KDCSERVERS 0x0020 @@ -56,7 +56,6 @@ typedef struct _krb5_ldap_realm_params { char *realm_name; char **subtree; char *containerref; - char *policyreference; int search_scope; int upenabled; int subtreecount; |