diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-11 17:39:21 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-11-05 19:54:52 +0100 |
| commit | 0348c74bad010d35f92400c749a7acc2fea8b2cb (patch) | |
| tree | 8bcaa44684c0e6b58e0ec4dca6f19997c7a8521d /src/util | |
| parent | 45414c12aa933a33d9a635cc212c448c858c6bab (diff) | |
| download | sssd-0348c74bad010d35f92400c749a7acc2fea8b2cb.tar.gz sssd-0348c74bad010d35f92400c749a7acc2fea8b2cb.tar.xz sssd-0348c74bad010d35f92400c749a7acc2fea8b2cb.zip | |
LDAP: Move sss_krb5_verify_keytab_ex to ldap_child
The function was called from one place only, so it makes no sense to
keep it in a shared module. Moreover, the function should only be
called from code that runs as root.
Reviewed-by: Michal Židek <mzidek@redhat.com>
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/sss_krb5.c | 76 | ||||
| -rw-r--r-- | src/util/sss_krb5.h | 3 |
2 files changed, 0 insertions, 79 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index b4012593d..9eb34e17d 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -247,82 +247,6 @@ done: return ret; } -int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, - krb5_context context, krb5_keytab keytab) -{ - bool found; - char *kt_principal; - krb5_error_code krberr; - krb5_kt_cursor cursor; - krb5_keytab_entry entry; - - krberr = krb5_kt_start_seq_get(context, keytab, &cursor); - if (krberr) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Cannot read keytab [%s].\n", KEYTAB_CLEAN_NAME); - - sss_log(SSS_LOG_ERR, "Error reading keytab file [%s]: [%d][%s]. " - "Unable to create GSSAPI-encrypted LDAP " - "connection.", - KEYTAB_CLEAN_NAME, krberr, - sss_krb5_get_error_message(context, krberr)); - - return EIO; - } - - found = false; - while((krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0){ - krberr = krb5_unparse_name(context, entry.principal, &kt_principal); - if (krberr) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Could not parse keytab entry\n"); - sss_log(SSS_LOG_ERR, "Could not parse keytab entry\n"); - return EIO; - } - - if (strcmp(principal, kt_principal) == 0) { - found = true; - } - free(kt_principal); - krberr = sss_krb5_free_keytab_entry_contents(context, &entry); - if (krberr) { - /* This should never happen. The API docs for this function - * specify only success for this function - */ - DEBUG(SSSDBG_CRIT_FAILURE,"Could not free keytab entry contents\n"); - /* This is non-fatal, so we'll continue here */ - } - - if (found) { - break; - } - } - - krberr = krb5_kt_end_seq_get(context, keytab, &cursor); - if (krberr) { - DEBUG(SSSDBG_FATAL_FAILURE, "Could not close keytab.\n"); - sss_log(SSS_LOG_ERR, "Could not close keytab file [%s].", - KEYTAB_CLEAN_NAME); - return EIO; - } - - if (!found) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Principal [%s] not found in keytab [%s]\n", - principal, - KEYTAB_CLEAN_NAME); - sss_log(SSS_LOG_ERR, "Error processing keytab file [%s]: " - "Principal [%s] was not found. " - "Unable to create GSSAPI-encrypted LDAP connection.", - KEYTAB_CLEAN_NAME, principal); - - return EFAULT; - } - - return EOK; -} - - enum matching_mode {MODE_NORMAL, MODE_PREFIX, MODE_POSTFIX}; /** * We only have primary and instances stored separately, we need to diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index 83c720975..afa0d1943 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h @@ -70,9 +70,6 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name); -int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, - krb5_context context, krb5_keytab keytab); - krb5_error_code find_principal_in_keytab(krb5_context ctx, krb5_keytab keytab, const char *pattern_primary, |