From 1ddf7efda0fa665d86431dfc2a57e90e892b81ab Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 13 Aug 2009 21:25:54 +0000
Subject: Remove kadmin v1 API support

The kadmin v1 API and the even older ovsec_kadm_* API were legacy when
kadmin was first incorporated in 1996, and compatibility with them is
no longer believed to be necessary.

The uninstalled kadmin/passwd has been removed (since it used the ovsec
API).  The test suite has been updated to use the v2 API where
appropriate, and the parts specifically designed to test the old API
have been excised.

ticket: 6544

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/kadmin/server/Makefile.in      |  4 +--
 src/kadmin/server/misc.h           |  8 -----
 src/kadmin/server/ovsec_kadmd.c    | 30 ++-----------------
 src/kadmin/server/server_glue_v1.c | 32 --------------------
 src/kadmin/server/server_stubs.c   | 60 ++++++++------------------------------
 5 files changed, 17 insertions(+), 117 deletions(-)
 delete mode 100644 src/kadmin/server/server_glue_v1.c

(limited to 'src/kadmin/server')

diff --git a/src/kadmin/server/Makefile.in b/src/kadmin/server/Makefile.in
index 21f3e7aea..67f6ba8f7 100644
--- a/src/kadmin/server/Makefile.in
+++ b/src/kadmin/server/Makefile.in
@@ -13,8 +13,8 @@ PROG_LIBPATH=-L$(TOPLIBD)
 PROG_RPATH=$(KRB5_LIBDIR)
 
 PROG = kadmind
-OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o server_glue_v1.o ipropd_svc.o network.o
-SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c server_glue_v1.c ipropd_svc.c network.c
+OBJS = kadm_rpc_svc.o server_stubs.o ovsec_kadmd.o schpw.o misc.o ipropd_svc.o network.o
+SRCS = kadm_rpc_svc.c server_stubs.c ovsec_kadmd.c schpw.c misc.c ipropd_svc.c network.c
 
 all:: $(PROG)
 
diff --git a/src/kadmin/server/misc.h b/src/kadmin/server/misc.h
index b8aef57f1..073f6ff10 100644
--- a/src/kadmin/server/misc.h
+++ b/src/kadmin/server/misc.h
@@ -45,14 +45,6 @@ schpw_util_wrapper(void *server_handle, krb5_principal client,
 kadm5_ret_t check_min_life(void *server_handle, krb5_principal principal,
 			   char *msg_ret, unsigned int msg_len);
 
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
-				   krb5_principal principal, 
-				   kadm5_principal_ent_t_v1 *ent);
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
-				kadm5_policy_ent_t *ent);
-
-
 krb5_error_code process_chpw_request(krb5_context context, 
 				     void *server_handle, 
 				     char *realm,
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 82ce71634..d2451f8ad 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -89,14 +89,6 @@ gss_name_t gss_changepw_name = NULL, gss_oldchangepw_name = NULL;
 gss_name_t gss_kadmin_name = NULL;
 void *global_server_handle;
 
-/*
- * This is a kludge, but the server needs these constants to be
- * compatible with old clients.  They are defined in <kadm5/admin.h>,
- * but only if USE_KADM5_API_VERSION == 1.
- */
-#define OVSEC_KADM_ADMIN_SERVICE	"ovsec_adm/admin"
-#define OVSEC_KADM_CHANGEPW_SERVICE	"ovsec_adm/changepw"
-
 extern krb5_keyblock master_keyblock;
 extern krb5_keylist_node  *master_keylist;
 
@@ -210,7 +202,7 @@ int main(int argc, char *argv[])
 {
      extern	char *optarg;
      extern	int optind, opterr;
-     int ret, oldnames = 0;
+     int ret;
      OM_uint32 OMret, major_status, minor_status;
      char *whoami;
      gss_buffer_desc in_buf;
@@ -365,11 +357,7 @@ int main(int argc, char *argv[])
 
      names[0].name = build_princ_name(KADM5_ADMIN_SERVICE, params.realm);
      names[1].name = build_princ_name(KADM5_CHANGEPW_SERVICE, params.realm);
-     names[2].name = build_princ_name(OVSEC_KADM_ADMIN_SERVICE, params.realm);
-     names[3].name = build_princ_name(OVSEC_KADM_CHANGEPW_SERVICE,
-				      params.realm); 
-     if (names[0].name == NULL || names[1].name == NULL ||
-	 names[2].name == NULL || names[3].name == NULL) {
+     if (names[0].name == NULL || names[1].name == NULL) {
 	  krb5_klog_syslog(LOG_ERR,
 			   "Cannot build GSS-API authentication names, "
 			   "failing.");
@@ -424,13 +412,7 @@ kterr:
 	  exit(1);
      }
 
-     /*
-      * Try to acquire creds for the old OV services as well as the
-      * new names, but if that fails just fall back on the new names.
-      */
-     if (svcauth_gssapi_set_names(names, 4) == TRUE)
-	  oldnames++;
-     if (!oldnames && svcauth_gssapi_set_names(names, 2) == FALSE) {
+     if (svcauth_gssapi_set_names(names, 2) == FALSE) {
 	  krb5_klog_syslog(LOG_ERR,
 			   "Cannot set GSS-API authentication names (keytab not present?), "
 			   "failing.");
@@ -447,12 +429,6 @@ kterr:
      in_buf.length = strlen(names[1].name) + 1;
      (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
 			    &gss_changepw_name);
-     if (oldnames) {
-	  in_buf.value = names[3].name;
-	  in_buf.length = strlen(names[3].name) + 1;
-	  (void) gss_import_name(&OMret, &in_buf, nt_krb5_name_oid,
-				 &gss_oldchangepw_name);
-     }
 
      svcauth_gssapi_set_log_badauth_func(log_badauth, NULL);
      svcauth_gssapi_set_log_badverf_func(log_badverf, NULL);
diff --git a/src/kadmin/server/server_glue_v1.c b/src/kadmin/server/server_glue_v1.c
deleted file mode 100644
index dfd6430f1..000000000
--- a/src/kadmin/server/server_glue_v1.c
+++ /dev/null
@@ -1,32 +0,0 @@
-#define USE_KADM5_API_VERSION 1
-#include <kadm5/admin.h>
-#include "misc.h"
-
-/*
- * In server_stubs.c, kadmind has to be able to call kadm5 functions
- * with the arguments appropriate for any api version.  Because of the
- * prototypes in admin.h, however, the compiler will only allow one
- * set of arguments to be passed.  This file exports the old api
- * definitions with a different name, so they can be called from
- * server_stubs.c, and just passes on the call to the real api
- * function; it uses the old api version, however, so it can actually
- * call the real api functions whereas server_stubs.c cannot.
- *
- * This is most useful for functions like kadm5_get_principal that
- * take a different number of arguments based on API version.  For
- * kadm5_get_policy, the same thing could be accomplished with
- * typecasts instead.
- */
-
-kadm5_ret_t kadm5_get_principal_v1(void *server_handle,
-				  krb5_principal principal, 
-				  kadm5_principal_ent_t_v1 *ent)
-{
-     return kadm5_get_principal(server_handle, principal, ent);
-}
-
-kadm5_ret_t kadm5_get_policy_v1(void *server_handle, kadm5_policy_t name,
-				kadm5_policy_ent_t *ent)
-{
-     return kadm5_get_policy(server_handle, name, ent);
-}
diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index 038a4a73f..ebef752ae 100644
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -641,7 +641,6 @@ gprinc_ret *
 get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 {
     static gprinc_ret		    ret;
-    kadm5_principal_ent_t_v1	    e;
     char			    *prime_arg, *funcname;
     gss_buffer_desc		    client_name,
 				    service_name;
@@ -659,8 +658,7 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-	 "kadm5_get_principal (V1)" : "kadm5_get_principal";
+    funcname = "kadm5_get_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
 	 ret.code = KADM5_FAILURE;
@@ -681,18 +679,8 @@ get_principal_2_svc(gprinc_arg *arg, struct svc_req *rqstp)
 	 log_unauth(funcname, prime_arg,
 		    &client_name, &service_name, rqstp);
     } else {
-	 if (handle->api_version == KADM5_API_VERSION_1) {
-	      ret.code  = kadm5_get_principal_v1((void *)handle,
-						 arg->princ, &e); 
-	      if(ret.code == KADM5_OK) {
-		   memcpy(&ret.rec, e, sizeof(kadm5_principal_ent_rec_v1));
-		   free(e);
-	      }
-	 } else {
-	      ret.code  = kadm5_get_principal((void *)handle,
-					      arg->princ, &ret.rec,
-					      arg->mask);
-	 }
+	 ret.code = kadm5_get_principal(handle, arg->princ, &ret.rec,
+					arg->mask);
 	 
 	 if( ret.code != 0 )
 	     errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1114,8 +1102,7 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-	 "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+    funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
 	 ret.code = KADM5_FAILURE;
@@ -1141,13 +1128,8 @@ chrand_principal_2_svc(chrand_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code == KADM5_OK) {
-	 if (handle->api_version == KADM5_API_VERSION_1) {
-	      krb5_copy_keyblock_contents(handle->context, k, &ret.key);
-	      krb5_free_keyblock(handle->context, k);
-	 } else {
-	      ret.keys = k;
-	      ret.n_keys = nkeys;
-	 }
+	 ret.keys = k;
+	 ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1191,8 +1173,7 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-	 "kadm5_randkey_principal (V1)" : "kadm5_randkey_principal";
+    funcname = "kadm5_randkey_principal";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
 	 ret.code = KADM5_FAILURE;
@@ -1224,13 +1205,8 @@ chrand_principal3_2_svc(chrand3_arg *arg, struct svc_req *rqstp)
     }
 
     if(ret.code == KADM5_OK) {
-	 if (handle->api_version == KADM5_API_VERSION_1) {
-	      krb5_copy_keyblock_contents(handle->context, k, &ret.key);
-	      krb5_free_keyblock(handle->context, k);
-	 } else {
-	      ret.keys = k;
-	      ret.n_keys = nkeys;
-	 }
+	 ret.keys = k;
+	 ret.n_keys = nkeys;
     }
 
     if(ret.code != KADM5_AUTH_CHANGEPW) {
@@ -1437,8 +1413,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
 
     ret.api_version = handle->api_version;
 
-    funcname = handle->api_version == KADM5_API_VERSION_1 ?
-	 "kadm5_get_policy (V1)" : "kadm5_get_policy";
+    funcname = "kadm5_get_policy";
 
     if (setup_gss_names(rqstp, &client_name, &service_name) < 0) {
 	 ret.code = KADM5_FAILURE;
@@ -1468,16 +1443,7 @@ get_policy_2_svc(gpol_arg *arg, struct svc_req *rqstp)
     }
     
     if (ret.code == KADM5_OK) {
-	 if (handle->api_version == KADM5_API_VERSION_1) {
-	      ret.code  = kadm5_get_policy_v1((void *)handle, arg->name, &e);
-	      if(ret.code == KADM5_OK) {
-		   memcpy(&ret.rec, e, sizeof(kadm5_policy_ent_rec));
-		   free(e);
-	      }
-	 } else {
-	      ret.code = kadm5_get_policy((void *)handle, arg->name,
-					  &ret.rec);
-	 }
+	 ret.code = kadm5_get_policy(handle, arg->name, &ret.rec);
 	 
 	 if( ret.code != 0 )
 	     errmsg = krb5_get_error_message(handle->context, ret.code);
@@ -1632,10 +1598,8 @@ generic_ret *init_2_svc(krb5_ui_4 *arg, struct svc_req *rqstp)
      slen = service_name.length;
      trunc_name(&slen, &sdots);
      /* okay to cast lengths to int because trunc_name limits max value */
-     krb5_klog_syslog(LOG_NOTICE, "Request: %s, %.*s%s, %s, "
+     krb5_klog_syslog(LOG_NOTICE, "Request: kadm5_init, %.*s%s, %s, "
 		      "client=%.*s%s, service=%.*s%s, addr=%s, flavor=%d",
-		      (ret.api_version == KADM5_API_VERSION_1 ?
-		       "kadm5_init (V1)" : "kadm5_init"),
 		      (int)clen, (char *)client_name.value, cdots,
 		      errmsg ? errmsg : "success",
 		      (int)clen, (char *)client_name.value, cdots,
-- 
cgit