auth-krb: Move pac related util functions in a single place.

Signed-off-by: Andreas Schneider <asn@samba.org>

2 files changed, 0 insertions, 81 deletions

diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c
index c16b35dcee..2f877e7f0a 100644
--- a/libcli/auth/krb5_wrap.c
+++ b/libcli/auth/krb5_wrap.c
@@ -186,55 +186,6 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
 	return krb5_principal_compare_any_realm(context, princ1, princ2);
 }
 
- void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
-				     struct PAC_SIGNATURE_DATA *sig)
-{
-#ifdef HAVE_CHECKSUM_IN_KRB5_CHECKSUM
-	cksum->cksumtype	= (krb5_cksumtype)sig->type;
-	cksum->checksum.length	= sig->signature.length;
-	cksum->checksum.data	= sig->signature.data;
-#else
-	cksum->checksum_type	= (krb5_cksumtype)sig->type;
-	cksum->length		= sig->signature.length;
-	cksum->contents		= sig->signature.data;
-#endif
-}
-
- krb5_error_code smb_krb5_verify_checksum(krb5_context context,
-					  const krb5_keyblock *keyblock,
-					 krb5_keyusage usage,
-					 krb5_checksum *cksum,
-					 uint8_t *data,
-					 size_t length)
-{
-	krb5_error_code ret;
-
-	/* verify the checksum, heimdal 0.7 and MIT krb 1.4.2 and above */
-
-	krb5_boolean checksum_valid = false;
-	krb5_data input;
-	
-	input.data = (char *)data;
-	input.length = length;
-	
-	ret = krb5_c_verify_checksum(context, 
-				     keyblock, 
-				     usage,
-				     &input, 
-				     cksum,
-				     &checksum_valid);
-	if (ret) {
-		DEBUG(3,("smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n", 
-			 error_message(ret)));
-		return ret;
-	}
-	
-	if (!checksum_valid)
-		ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
-
-	return ret;
-}
-
 char *gssapi_error_string(TALLOC_CTX *mem_ctx, 
 			  OM_uint32 maj_stat, OM_uint32 min_stat, 
 			  const gss_OID mech)
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h
index 8723d2ddaa..4c0ef93e4c 100644
--- a/libcli/auth/krb5_wrap.h
+++ b/libcli/auth/krb5_wrap.h
@@ -21,8 +21,6 @@
 */
 
 #include "system/kerberos.h"
-struct PAC_SIGNATURE_DATA;
-struct PAC_DATA;
 
 #ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */
 #define KRB5_KEY_TYPE(k)	((k)->keytype)
@@ -57,38 +55,8 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
  bool smb_krb5_principal_compare_any_realm(krb5_context context, 
 					  krb5_const_principal princ1, 
 					   krb5_const_principal princ2);
- void smb_krb5_checksum_from_pac_sig(krb5_checksum *cksum,
-				     struct PAC_SIGNATURE_DATA *sig);
- krb5_error_code smb_krb5_verify_checksum(krb5_context context,
-					  const krb5_keyblock *keyblock,
-					 krb5_keyusage usage,
-					 krb5_checksum *cksum,
-					 uint8_t *data,
-					  size_t length);
 char *gssapi_error_string(TALLOC_CTX *mem_ctx, 
 			  OM_uint32 maj_stat, OM_uint32 min_stat, 
 			  const gss_OID mech);
 char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
 
-krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
-				   struct PAC_SIGNATURE_DATA *sig,
-				   krb5_context context,
-				   const krb5_keyblock *keyblock);
-
-NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
-			     DATA_BLOB pac_data_blob,
-			     krb5_context context,
-			     const krb5_keyblock *krbtgt_keyblock,
-			     const krb5_keyblock *service_keyblock,
-			     krb5_const_principal client_principal,
-			     time_t tgs_authtime,
-			     struct PAC_DATA **pac_data_out);
-
-NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
-				gss_ctx_id_t gssapi_context,
-				gss_name_t gss_client_name,
-				DATA_BLOB *pac_data);
-NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
-				gss_ctx_id_t gssapi_context,
-				DATA_BLOB *session_key, 
-				uint32_t *keytype);