Remove verify_master_key from the DAL table, as well as its associated

libkdb5 interface. Callers can (and mostly already do) use krb5_fetch_mkey_list to verify master keyblocks. Adjust tests/create, tests/verify, and kdb5_util dump to do so. ticket: 6749 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24166 dc483132-0cff-0310-8789-dd5450dbe970
author: Greg Hudson <ghudson@mit.edu> 2010-07-02 19:09:20 +0000
committer: Greg Hudson <ghudson@mit.edu> 2010-07-02 19:09:20 +0000
commit: b119d362e2e195a61488737511be2ca7b37138b5 (patch)
tree: 7645a1671f6d5497f0ef8a82ee4299b2490406d2 /src/lib/kdb
parent: 323fa3f74a84ee28115c4df7c7c0ea9b5b231a76 (diff)
download: krb5-b119d362e2e195a61488737511be2ca7b37138b5.tar.gz
krb5-b119d362e2e195a61488737511be2ca7b37138b5.tar.xz
krb5-b119d362e2e195a61488737511be2ca7b37138b5.zip
3 files changed, 0 insertions, 77 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index f1bd58119a..8a19984577 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -252,8 +252,6 @@ kdb_setup_opt_functions(db_library lib)
         lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
     if (lib->vftabl.fetch_master_key == NULL)
         lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
-    if (lib->vftabl.verify_master_key == NULL)
-        lib->vftabl.verify_master_key = krb5_def_verify_master_key;
     if (lib->vftabl.fetch_master_key_list == NULL)
         lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
     if (lib->vftabl.store_master_key_list == NULL)
@@ -1278,23 +1276,6 @@ clean_n_exit:
 }
 
 krb5_error_code
-krb5_db_verify_master_key(krb5_context     kcontext,
-                          krb5_principal   mprinc,
-                          krb5_kvno        kvno,
-                          krb5_keyblock  * mkey)
-{
-    krb5_error_code status = 0;
-    kdb_vftabl *v;
-
-    status = get_vftabl(kcontext, &v);
-    if (status)
-        return status;
-    if (v->verify_master_key == NULL)
-        return KRB5_KDB_DBTYPE_NOSUP;
-    return v->verify_master_key(kcontext, mprinc, kvno, mkey);
-}
-
-krb5_error_code
 krb5_dbe_fetch_act_key_list(krb5_context         context,
                             krb5_principal       princ,
                             krb5_actkvno_node  **act_key_list)
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index e8fe54ff1f..d78c13cb1b 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -434,63 +434,6 @@ krb5_db_def_fetch_mkey(krb5_context   context,
         return 0;
 }
 
-/*
- * Note, this verifies that the input mkey is currently protecting all the mkeys
- */
-krb5_error_code
-krb5_def_verify_master_key(krb5_context    context,
-                           krb5_principal  mprinc,
-                           krb5_kvno       kvno,
-                           krb5_keyblock   *mkey)
-{
-    krb5_error_code retval;
-    krb5_db_entry master_entry;
-    int nprinc;
-    krb5_boolean more;
-    krb5_keyblock tempkey;
-
-    nprinc = 1;
-    if ((retval = krb5_db_get_principal(context, mprinc,
-                                        &master_entry, &nprinc, &more)))
-        return(retval);
-
-    if (nprinc != 1) {
-        if (nprinc)
-            krb5_db_free_principal(context, &master_entry, nprinc);
-        return(KRB5_KDB_NOMASTERKEY);
-    } else if (more) {
-        krb5_db_free_principal(context, &master_entry, nprinc);
-        return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
-    }
-
-    if ((retval = krb5_dbe_decrypt_key_data(context, mkey,
-                                            &master_entry.key_data[0],
-                                            &tempkey, NULL))) {
-        krb5_db_free_principal(context, &master_entry, nprinc);
-        return retval;
-    }
-
-    if (mkey->length != tempkey.length ||
-        memcmp((char *)mkey->contents,
-               (char *)tempkey.contents,mkey->length)) {
-        retval = KRB5_KDB_BADMASTERKEY;
-    }
-
-    if (kvno != IGNORE_VNO &&
-        kvno != (krb5_kvno) master_entry.key_data->key_data_kvno) {
-        retval = KRB5_KDB_BADMASTERKEY;
-        krb5_set_error_message (context, retval,
-                                "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)",
-                                kvno, master_entry.key_data->key_data_kvno);
-    }
-
-    zap((char *)tempkey.contents, tempkey.length);
-    free(tempkey.contents);
-    krb5_db_free_principal(context, &master_entry, nprinc);
-
-    return retval;
-}
-
 krb5_error_code
 krb5_def_fetch_mkey_list(krb5_context        context,
                          krb5_principal        mprinc,
diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports
index c32a8db5ed..4111ef0f09 100644
--- a/src/lib/kdb/libkdb5.exports
+++ b/src/lib/kdb/libkdb5.exports
@@ -27,7 +27,6 @@ krb5_db_setup_mkey_name
 krb5_db_unlock
 krb5_db_store_master_key
 krb5_db_store_master_key_list
-krb5_db_verify_master_key
 krb5_dbe_apw
 krb5_dbe_ark
 krb5_dbe_cpw
author	Greg Hudson <ghudson@mit.edu>	2010-07-02 19:09:20 +0000
committer	Greg Hudson <ghudson@mit.edu>	2010-07-02 19:09:20 +0000
commit	b119d362e2e195a61488737511be2ca7b37138b5 (patch)
tree	7645a1671f6d5497f0ef8a82ee4299b2490406d2 /src/lib/kdb
parent	323fa3f74a84ee28115c4df7c7c0ea9b5b231a76 (diff)
download	krb5-b119d362e2e195a61488737511be2ca7b37138b5.tar.gz krb5-b119d362e2e195a61488737511be2ca7b37138b5.tar.xz krb5-b119d362e2e195a61488737511be2ca7b37138b5.zip