summaryrefslogtreecommitdiffstats
path: root/src/kadmin/server
diff options
context:
space:
mode:
Diffstat (limited to 'src/kadmin/server')
-rw-r--r--src/kadmin/server/Makefile.in4
-rw-r--r--src/kadmin/server/misc.h8
-rw-r--r--src/kadmin/server/ovsec_kadmd.c30
-rw-r--r--src/kadmin/server/server_glue_v1.c32
-rw-r--r--src/kadmin/server/server_stubs.c60
5 files changed, 17 insertions, 117 deletions
diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
index 21f3e7aea..67f6ba8f7 100644
--- a/src/kadmin/server/Makefile.in
+++ b/src/kadmin/server/Makefile.in
@@ -13,8 +13,8 @@ PROG_LIBPATH=-L$(TOPLIBD)
PROG_RPATH=$(KRB5_LIBDIR)
PROG = kadmind
-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o
-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c
+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o
+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c
all:: $(PROG)
diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h
index b8aef57f1..073f6ff10 100644
--- a/src/kadmin/server/misc.h
+++ b/src/kadmin/server/misc.h
@@ -45,14 +45,6 @@ schpw_util_wrapper(void *server_handle, krb5_principal client,
kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
char *msg_ret, unsigned int msg_len);
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 *ent);
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t *ent);
-
-
krb5_error_code process_chpw_request(krb5_context context,
void *server_handle,
char *realm,
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 82ce71634..d2451f8ad 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -89,14 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
gss_name_t gss_kadmin_name = NULL;
void *global_server_handle;
-/*
- * This is a kludge, but the server needs these constants to be
- * compatible with old clients. They are defined in <kadm5/admin.h>,
- * but only if USE_KADM5_API_VERSION == 1.
- */
-#define OVSEC_KADM_ADMIN_SERVICE "ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE "ovsec_adm/changepw"
-
extern krb5_keyblock master_keyblock;
extern krb5_keylist_node *master_keylist;
@@ -210,7 +202,7 @@ int main(int argc, char *argv[])
{
extern char *optarg;
extern int optind, opterr;
- int ret, oldnames = 0;
+ int ret;
OM_uint32 OMret, major_status, minor_status;
char *whoami;
gss_buffer_desc in_buf;
@@ -365,11 +357,7 @@ int main(int argc, char *argv[])
names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
- names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm);
- names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE,
- params.realm);
- if (names[0].name == NULL || names[1].name == NULL ||
- names[2].name == NULL || names[3].name == NULL) {
+ if (names[0].name == NULL || names[1].name == NULL) {
krb5_klog_syslog(LOG_ERR,
"Cannot build GSS-API authentication names, "
"failing.");
@@ -424,13 +412,7 @@ kterr:
exit(1);
}
- /*
- * Try to acquire creds for the old OV services as well as the
- * new names, but if that fails just fall back on the new names.
- */
- if (svcauth_gssapi_set_names(names, 4) == TRUE)
- oldnames++;
- if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
+ if (svcauth_gssapi_set_names(names, 2) == FALSE) {
krb5_klog_syslog(LOG_ERR,
"Cannot set GSS-API authentication names (keytab not present?), "
"failing.");
@@ -447,12 +429,6 @@ kterr:
in_buf.length = strlen(names[1].name) + 1;
(void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
&gss_changepw_name);
- if (oldnames) {
- in_buf.value = names[3].name;
- in_buf.length = strlen(names[3].name) + 1;
- (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
- &gss_oldchangepw_name);
- }
svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
diff --git a/src/kadmin/server/server_glue_v1.c b/src/kadmin/server/server_glue_v1.c
deleted file mode 100644
index dfd6430f1..000000000
--- a/src/kadmin/server/server_glue_v1.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include "misc.h"
-
-/*
- * In server_stubs.c, kadmind has to be able to call kadm5 functions
- * with the arguments appropriate for any api version. Because of the
- * prototypes in admin.h, however, the compiler will only allow one
- * set of arguments to be passed. This file exports the old api
- * definitions with a different name, so they can be called from
- * server_stubs.c, and just passes on the call to the real api
- * function; it uses the old api version, however, so it can actually
- * call the real api functions whereas server_stubs.c cannot.
- *
- * This is most useful for functions like kadm5_get_principal that
- * take a different number of arguments based on API version. For
- * kadm5_get_policy, the same thing could be accomplished with
- * typecasts instead.
- */
-
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
- krb5_principal principal,
- kadm5_principal_ent_t_v1 *ent)
-{
- return kadm5_get_principal(server_handle, principal, ent);
-}
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
- kadm5_policy_ent_t *ent)
-{
- return kadm5_get_policy(server_handle, name, ent);
-}
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index 038a4a73f..ebef752ae 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -641,7 +641,6 @@ gprinc_ret *
get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
{
static gprinc_ret ret;
- kadm5_principal_ent_t_v1 e;
char *prime_arg, *funcname;
gss_buffer_desc client_name,
service_name;
@@ -659,8 +658,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_principal (V1)" : "kadm5_get_principal";
+ funcname = "kadm5_get_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -681,18 +679,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
log_unauth(funcname, prime_arg,
&client_name, &service_name, rqstp);
} else {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_principal_v1((void *)handle,
- arg->princ, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
- free(e);
- }
- } else {
- ret.code = kadm5_get_principal((void *)handle,
- arg->princ, &ret.rec,
- arg->mask);
- }
+ ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+ arg->mask);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1114,8 +1102,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1141,13 +1128,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1191,8 +1173,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+ funcname = "kadm5_randkey_principal";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1224,13 +1205,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
}
if(ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- krb5_copy_keyblock_contents(handle->context, k, &ret.key);
- krb5_free_keyblock(handle->context, k);
- } else {
- ret.keys = k;
- ret.n_keys = nkeys;
- }
+ ret.keys = k;
+ ret.n_keys = nkeys;
}
if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1437,8 +1413,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
ret.api_version = handle->api_version;
- funcname = handle->api_version == KADM5_API_VERSION_1 ?
- "kadm5_get_policy (V1)" : "kadm5_get_policy";
+ funcname = "kadm5_get_policy";
if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
ret.code = KADM5_FAILURE;
@@ -1468,16 +1443,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
}
if (ret.code == KADM5_OK) {
- if (handle->api_version == KADM5_API_VERSION_1) {
- ret.code = kadm5_get_policy_v1((void *)handle, arg->name, &e);
- if(ret.code == KADM5_OK) {
- memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
- free(e);
- }
- } else {
- ret.code = kadm5_get_policy((void *)handle, arg->name,
- &ret.rec);
- }
+ ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
if( ret.code != 0 )
errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1632,10 +1598,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
slen = service_name.length;
trunc_name(&slen, &sdots);
/* okay to cast lengths to int because trunc_name limits max value */
- krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+ krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
"client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
- (ret.api_version == KADM5_API_VERSION_1 ?
- "kadm5_init (V1)" : "kadm5_init"),
(int)clen, (char *)client_name.value, cdots,
errmsg ? errmsg : "success",
(int)clen, (char *)client_name.value, cdots,
generated by cgit (git 2.34.1) at 2026-01-08 21:04:50 +0000