summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/kadm5/srv/server_kdb.c12
-rw-r--r--src/lib/kdb/kdb5.c19
-rw-r--r--src/lib/kdb/kdb_default.c57
-rw-r--r--src/lib/kdb/libkdb5.exports1
4 files changed, 0 insertions, 89 deletions
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index 768c8f739..d986b626e 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -72,18 +72,6 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle,
if (ret)
goto done;
-#if 0 /************** Begin IFDEF'ed OUT *******************************/
- /*
- * krb5_db_fetch_mkey_list will verify mkey so don't call
- * krb5_db_verify_master_key()
- */
- if ((ret = krb5_db_verify_master_key(handle->context, master_princ,
- IGNORE_VNO, &master_keyblock))) {
- krb5_db_fini(handle->context);
- return ret;
- }
-#endif /**************** END IFDEF'ed OUT *******************************/
-
if ((ret = krb5_db_fetch_mkey_list(handle->context, master_princ,
&master_keyblock, mkvno, &master_keylist))) {
krb5_db_fini(handle->context);
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index f1bd58119..8a1998457 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -252,8 +252,6 @@ kdb_setup_opt_functions(db_library lib)
lib->vftabl.get_master_key_list = kdb_def_get_mkey_list;
if (lib->vftabl.fetch_master_key == NULL)
lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey;
- if (lib->vftabl.verify_master_key == NULL)
- lib->vftabl.verify_master_key = krb5_def_verify_master_key;
if (lib->vftabl.fetch_master_key_list == NULL)
lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list;
if (lib->vftabl.store_master_key_list == NULL)
@@ -1278,23 +1276,6 @@ clean_n_exit:
}
krb5_error_code
-krb5_db_verify_master_key(krb5_context kcontext,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock * mkey)
-{
- krb5_error_code status = 0;
- kdb_vftabl *v;
-
- status = get_vftabl(kcontext, &v);
- if (status)
- return status;
- if (v->verify_master_key == NULL)
- return KRB5_KDB_DBTYPE_NOSUP;
- return v->verify_master_key(kcontext, mprinc, kvno, mkey);
-}
-
-krb5_error_code
krb5_dbe_fetch_act_key_list(krb5_context context,
krb5_principal princ,
krb5_actkvno_node **act_key_list)
diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index e8fe54ff1..d78c13cb1 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -434,63 +434,6 @@ krb5_db_def_fetch_mkey(krb5_context context,
return 0;
}
-/*
- * Note, this verifies that the input mkey is currently protecting all the mkeys
- */
-krb5_error_code
-krb5_def_verify_master_key(krb5_context context,
- krb5_principal mprinc,
- krb5_kvno kvno,
- krb5_keyblock *mkey)
-{
- krb5_error_code retval;
- krb5_db_entry master_entry;
- int nprinc;
- krb5_boolean more;
- krb5_keyblock tempkey;
-
- nprinc = 1;
- if ((retval = krb5_db_get_principal(context, mprinc,
- &master_entry, &nprinc, &more)))
- return(retval);
-
- if (nprinc != 1) {
- if (nprinc)
- krb5_db_free_principal(context, &master_entry, nprinc);
- return(KRB5_KDB_NOMASTERKEY);
- } else if (more) {
- krb5_db_free_principal(context, &master_entry, nprinc);
- return(KRB5KDC_ERR_PRINCIPAL_NOT_UNIQUE);
- }
-
- if ((retval = krb5_dbe_decrypt_key_data(context, mkey,
- &master_entry.key_data[0],
- &tempkey, NULL))) {
- krb5_db_free_principal(context, &master_entry, nprinc);
- return retval;
- }
-
- if (mkey->length != tempkey.length ||
- memcmp((char *)mkey->contents,
- (char *)tempkey.contents,mkey->length)) {
- retval = KRB5_KDB_BADMASTERKEY;
- }
-
- if (kvno != IGNORE_VNO &&
- kvno != (krb5_kvno) master_entry.key_data->key_data_kvno) {
- retval = KRB5_KDB_BADMASTERKEY;
- krb5_set_error_message (context, retval,
- "User specified mkeyVNO (%u) does not match master key princ's KVNO (%u)",
- kvno, master_entry.key_data->key_data_kvno);
- }
-
- zap((char *)tempkey.contents, tempkey.length);
- free(tempkey.contents);
- krb5_db_free_principal(context, &master_entry, nprinc);
-
- return retval;
-}
-
krb5_error_code
krb5_def_fetch_mkey_list(krb5_context context,
krb5_principal mprinc,
diff --git a/src/lib/kdb/libkdb5.exports b/src/lib/kdb/libkdb5.exports
index c32a8db5e..4111ef0f0 100644
--- a/src/lib/kdb/libkdb5.exports
+++ b/src/lib/kdb/libkdb5.exports
@@ -27,7 +27,6 @@ krb5_db_setup_mkey_name
krb5_db_unlock
krb5_db_store_master_key
krb5_db_store_master_key_list
-krb5_db_verify_master_key
krb5_dbe_apw
krb5_dbe_ark
krb5_dbe_cpw
generated by cgit (git 2.34.1) at 2026-04-14 03:12:31 +0000