Remove LDAP realm krbTicketPolicyReference code

ldap_realm.c had some code intended to handle a krbTicketPolicyReference from a krbRealmContainer object, but there wasn't enough of it to ever do anything. Remove it.
author: Greg Hudson <ghudson@mit.edu> 2012-11-18 15:48:08 -0500
committer: Greg Hudson <ghudson@mit.edu> 2012-12-20 11:35:42 -0500
commit: 653da3f97138a1a7aae5b8c95f8548d60995e53f (patch)
tree: 90f7f634f7ff22cb12643db6bf9bc065e282a182 /src
parent: f0a14b5be4954559e1174e268bbfe097c1ab873c (diff)
download: krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.zip
krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.gz
krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.bz2
2 files changed, 1 insertions, 51 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index 35daf5f..1e3d535 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -43,7 +43,6 @@
 char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
                              "krbMaxTicketLife", "krbMaxRenewableAge",
                              "krbTicketFlags", "krbUpEnabled",
-                             "krbTicketPolicyReference",
                              "krbLdapServers",
                              "krbKdcServers",  "krbAdmServers",
                              "krbPwdServers", NULL};
@@ -611,7 +610,6 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
         rparams->realm_name == NULL ||
         ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
         ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-        ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
         0) {
         st = EINVAL;
         return st;
@@ -862,53 +860,6 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
     }
     ldap_msgfree(result);
 
-    /*
-     * If all of maxtktlife, maxrenewlife and ticketflags are not directly
-     * available, use the policy dn from the policy reference attribute, if
-     * available, to fetch the missing.
-     */
-
-    if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE &&
-           *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
-
-        LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-            int ost = st;
-            st = translate_ldap_error (st, OP_SEARCH);
-            krb5_set_error_message(context, st,
-                                   _("Policy object read failed: %s"),
-                                   ldap_err2string(ost));
-            goto cleanup;
-        }
-        ent = ldap_first_entry (ld, result);
-        if (ent != NULL) {
-            if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
-                    rlparams->max_life = atoi(values[0]);
-                    *mask |= LDAP_REALM_MAXTICKETLIFE;
-                    ldap_value_free(values);
-                }
-            }
-
-            if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
-                    rlparams->max_renewable_life = atoi(values[0]);
-                    *mask |= LDAP_REALM_MAXRENEWLIFE;
-                    ldap_value_free(values);
-                }
-            }
-
-            if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
-                    rlparams->tktflags = atoi(values[0]);
-                    *mask |= LDAP_REALM_KRBTICKETFLAGS;
-                    ldap_value_free(values);
-                }
-            }
-        }
-        ldap_msgfree(result);
-    }
-
     rlparams->mask = *mask;
     *rlparamp = rlparams;
     st = store_tl_data(rlparams->tl_data, KDB_TL_MASK, mask);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
index b0bc579..2f1b7aa 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -34,7 +34,7 @@
 /* realm specific mask */
 #define LDAP_REALM_SUBTREE            0x0001
 #define LDAP_REALM_SEARCHSCOPE        0x0002
-#define LDAP_REALM_POLICYREFERENCE    0x0004
+/* 0x0004 was LDAP_REALM_POLICYREFERENCE but it was unused */
 #define LDAP_REALM_UPENABLED          0x0008
 #define LDAP_REALM_LDAPSERVERS        0x0010
 #define LDAP_REALM_KDCSERVERS         0x0020
@@ -56,7 +56,6 @@ typedef struct _krb5_ldap_realm_params {
     char          *realm_name;
     char          **subtree;
     char          *containerref;
-    char          *policyreference;
     int           search_scope;
     int           upenabled;
     int           subtreecount;
author	Greg Hudson <ghudson@mit.edu>	2012-11-18 15:48:08 -0500
committer	Greg Hudson <ghudson@mit.edu>	2012-12-20 11:35:42 -0500
commit	653da3f97138a1a7aae5b8c95f8548d60995e53f (patch)
tree	90f7f634f7ff22cb12643db6bf9bc065e282a182 /src
parent	f0a14b5be4954559e1174e268bbfe097c1ab873c (diff)
download	krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.zip krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.gz krb5-653da3f97138a1a7aae5b8c95f8548d60995e53f.tar.bz2