]> git.decadent.org.uk Git - nfs-utils.git/commitdiff
Remove the now unused functions
authorKevin Coffman <kwc@citi.umich.edu>
Fri, 30 Mar 2007 22:32:19 +0000 (18:32 -0400)
committerNeil Brown <neilb@suse.de>
Fri, 30 Mar 2007 23:08:02 +0000 (09:08 +1000)
Remove functions that are no longer used when when obtaining
machine credentials.

Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Neil Brown <neilb@suse.de>
utils/gssd/krb5_util.c
utils/gssd/krb5_util.h

index 5d433b121ee26b96f2319fec04eda6eca638dc18..50773b1cdd1c215d5ec32c9b58d9267e578c9741 100644 (file)
@@ -134,9 +134,6 @@ static int select_krb5_ccache(const struct dirent *d);
 static int gssd_find_existing_krb5_ccache(uid_t uid, struct dirent **d);
 static int gssd_get_single_krb5_cred(krb5_context context,
                krb5_keytab kt, struct gssd_k5_kt_princ *ple);
-static int gssd_have_realm_ple(void *realm);
-static int gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt,
-               char *kt_name);
 
 
 /*
@@ -421,147 +418,6 @@ gssd_get_single_krb5_cred(krb5_context context,
        return (code);
 }
 
-/*
- * Determine if we already have a ple for the given realm
- *
- * Returns:
- *     0 => no ple found for given realm
- *     1 => found ple for given realm
- */
-static int
-gssd_have_realm_ple(void *r)
-{
-       struct gssd_k5_kt_princ *ple;
-#ifdef HAVE_KRB5
-       krb5_data *realm = (krb5_data *)r;
-#else
-       char *realm = (char *)r;
-#endif
-
-       for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) {
-#ifdef HAVE_KRB5
-               if ((realm->length == strlen(ple->realm)) &&
-                   (strncmp(realm->data, ple->realm, realm->length) == 0)) {
-#else
-               if (strcmp(realm, ple->realm) == 0) {
-#endif
-                   return 1;
-               }
-       }
-       return 0;
-}
-
-/*
- * Process the given keytab file and create a list of principals we
- * might use as machine credentials.
- *
- * Returns:
- *     0 => Sucess
- *     nonzero => Error
- */
-static int
-gssd_process_krb5_keytab(krb5_context context, krb5_keytab kt, char *kt_name)
-{
-       krb5_kt_cursor cursor;
-       krb5_keytab_entry kte;
-       krb5_error_code code;
-       struct gssd_k5_kt_princ *ple;
-       int retval = -1;
-
-       /*
-        * Look through each entry in the keytab file and determine
-        * if we might want to use it as machine credentials.  If so,
-        * save info in the global principal list (gssd_k5_kt_princ_list).
-        * Note: (ple == principal list entry)
-        */
-       if ((code = krb5_kt_start_seq_get(context, kt, &cursor))) {
-               printerr(0, "ERROR: %s while beginning keytab scan "
-                           "for keytab '%s'\n",
-                       error_message(code), kt_name);
-               retval = code;
-               goto out;
-       }
-
-       while ((code = krb5_kt_next_entry(context, kt, &kte, &cursor)) == 0) {
-               char *pname;
-               if ((code = krb5_unparse_name(context, kte.principal,
-                                             &pname))) {
-                       printerr(0, "WARNING: Skipping keytab entry because "
-                                   "we failed to unparse principal name: %s\n",
-                                error_message(code));
-                       krb5_kt_free_entry(context, &kte);
-                       continue;
-               }
-               printerr(2, "Processing keytab entry for principal '%s'\n",
-                        pname);
-               /* Just use the first keytab entry found for each realm */
-               if ((!gssd_have_realm_ple((void *)&kte.principal->realm)) ) {
-                       printerr(2, "We WILL use this entry (%s)\n", pname);
-                       ple = malloc(sizeof(struct gssd_k5_kt_princ));
-                       if (ple == NULL) {
-                               printerr(0, "ERROR: could not allocate storage "
-                                           "for principal list entry\n");
-                               k5_free_unparsed_name(context, pname);
-                               krb5_kt_free_entry(context, &kte);
-                               retval = ENOMEM;
-                               goto out;
-                       }
-                       /* These will be filled in later */
-                       ple->next = NULL;
-                       ple->ccname = NULL;
-                       ple->endtime = 0;
-                       if ((ple->realm =
-#ifdef HAVE_KRB5
-                               strndup(kte.principal->realm.data,
-                                       kte.principal->realm.length))
-#else
-                               strdup(kte.principal->realm))
-#endif
-                                       == NULL) {
-                               printerr(0, "ERROR: %s while copying realm to "
-                                           "principal list entry\n",
-                                        "not enough memory");
-                               k5_free_unparsed_name(context, pname);
-                               krb5_kt_free_entry(context, &kte);
-                               retval = ENOMEM;
-                               goto out;
-                       }
-                       if ((code = krb5_copy_principal(context,
-                                       kte.principal, &ple->princ))) {
-                               printerr(0, "ERROR: %s while copying principal "
-                                           "to principal list entry\n",
-                                       error_message(code));
-                               k5_free_unparsed_name(context, pname);
-                               krb5_kt_free_entry(context, &kte);
-                               retval = code;
-                               goto out;
-                       }
-                       if (gssd_k5_kt_princ_list == NULL)
-                               gssd_k5_kt_princ_list = ple;
-                       else {
-                               ple->next = gssd_k5_kt_princ_list;
-                               gssd_k5_kt_princ_list = ple;
-                       }
-               }
-               else {
-                       printerr(2, "We will NOT use this entry (%s)\n",
-                               pname);
-               }
-               k5_free_unparsed_name(context, pname);
-               krb5_kt_free_entry(context, &kte);
-       }
-
-       if ((code = krb5_kt_end_seq_get(context, kt, &cursor))) {
-               printerr(0, "WARNING: %s while ending keytab scan for "
-                           "keytab '%s'\n",
-                        error_message(code), kt_name);
-       }
-
-       retval = 0;
-  out:
-       return retval;
-}
-
 /*
  * Depending on the version of Kerberos, we either need to use
  * a private function, or simply set the environment variable.
@@ -1038,96 +894,6 @@ gssd_setup_krb5_machine_gss_ccache(char *ccname)
        gssd_set_krb5_ccache_name(ccname);
 }
 
-/*
- * The first time through this routine, go through the keytab and
- * determine which keys we will try to use as machine credentials.
- * Every time through this routine, try to obtain credentials using
- * the keytab entries selected the first time through.
- *
- * Returns:
- *     0 => obtained one or more credentials
- *     nonzero => error
- *
- */
-
-int
-gssd_refresh_krb5_machine_creds(void)
-{
-       krb5_context context = NULL;
-       krb5_keytab kt = NULL;;
-       krb5_error_code code;
-       int retval = -1;
-       struct gssd_k5_kt_princ *ple;
-       int gotone = 0;
-       static int processed_keytab = 0;
-
-
-       code = krb5_init_context(&context);
-       if (code) {
-               printerr(0, "ERROR: %s while initializing krb5 in "
-                           "gssd_refresh_krb5_machine_creds\n",
-                        error_message(code));
-               retval = code;
-               goto out;
-       }
-
-       printerr(1, "Using keytab file '%s'\n", keytabfile);
-
-       if ((code = krb5_kt_resolve(context, keytabfile, &kt))) {
-               printerr(0, "ERROR: %s while resolving keytab '%s'\n",
-                        error_message(code), keytabfile);
-               goto out;
-       }
-
-       /* Only go through the keytab file once.  Only print messages once. */
-       if (gssd_k5_kt_princ_list == NULL && !processed_keytab) {
-               processed_keytab = 1;
-               gssd_process_krb5_keytab(context, kt, keytabfile);
-               if (gssd_k5_kt_princ_list == NULL) {
-                       printerr(0, "ERROR: No usable keytab entries found in "
-                                   "keytab '%s'\n", keytabfile);
-                       printerr(0, "Do you have a valid keytab entry for "
-                                   "%s/<your.host>@<YOUR.REALM> in "
-                                   "keytab file %s ?\n",
-                                   GSSD_SERVICE_NAME, keytabfile);
-                       printerr(0, "Continuing without (machine) credentials "
-                                   "- nfs4 mounts with Kerberos will fail\n");
-               }
-       }
-
-       /*
-        * If we don't have any keytab entries we liked, then we have a problem
-        */
-       if (gssd_k5_kt_princ_list == NULL) {
-               retval = ENOENT;
-               goto out;
-       }
-
-       /*
-        * Now go through the list of saved entries and get initial
-        * credentials for them (We can't do this while making the
-        * list because it messes up the keytab iteration cursor
-        * when we use the keytab to get credentials.)
-        */
-       for (ple = gssd_k5_kt_princ_list; ple; ple = ple->next) {
-               if ((gssd_get_single_krb5_cred(context, kt, ple)) == 0) {
-                       gotone++;
-               }
-       }
-       if (!gotone) {
-               printerr(0, "ERROR: No usable machine credentials obtained\n");
-               goto out;
-       }
-
-       retval = 0;
-  out:
-       if (kt) krb5_kt_close(context, kt);
-       krb5_free_context(context);
-
-       return retval;
-}
-
-
 /*
  * Return an array of pointers to names of credential cache files
  * which can be used to try to create gss contexts with a server.
index ce7cb5786dbb2477fb7571c5aeaaa605cb23ed18..6041048d07dc95f6be820ceef6d158cce6277b9c 100644 (file)
@@ -19,7 +19,6 @@ struct gssd_k5_kt_princ {
 
 void gssd_setup_krb5_user_gss_ccache(uid_t uid, char *servername);
 int  gssd_get_krb5_machine_cred_list(char ***list);
-int  gssd_refresh_krb5_machine_creds(void);
 void gssd_free_krb5_machine_cred_list(char **list);
 void gssd_setup_krb5_machine_gss_ccache(char *servername);
 void gssd_destroy_krb5_machine_creds(void);