s3-librpc Remove unused dcesrv_gssapi.[ch] functions

The code from dcesrv_gssapi.c is now
in source3/auth/auth_generic.c as an auth callback.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>

5 files changed, 1 insertions, 268 deletions

diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c
deleted file mode 100644
index be97a64cb4..0000000000
--- a/source3/rpc_server/dcesrv_gssapi.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- *  GSSAPI Acceptor
- *  DCERPC Server functions
- *  Copyright (C) Simo Sorce 2010.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include "includes.h"
-#include "rpc_server/dcesrv_gssapi.h"
-#include "../librpc/gen_ndr/ndr_krb5pac.h"
-#include "../lib/tsocket/tsocket.h"
-#include "librpc/crypto/gse.h"
-#include "auth.h"
-#ifdef HAVE_KRB5
-#include "libcli/auth/krb5_wrap.h"
-#endif
-NTSTATUS gssapi_server_auth_start(TALLOC_CTX *mem_ctx,
-				  bool do_sign,
-				  bool do_seal,
-				  bool is_dcerpc,
-				  DATA_BLOB *token_in,
-				  DATA_BLOB *token_out,
-				  struct gse_context **ctx)
-{
-	struct gse_context *gse_ctx = NULL;
-	uint32_t add_flags = 0;
-        NTSTATUS status;
-
-	if (is_dcerpc) {
-		add_flags = GSS_C_DCE_STYLE;
-	}
-
-	/* Let's init the gssapi machinery for this connection */
-	status = gse_init_server(mem_ctx, do_sign, do_seal,
-				 add_flags, &gse_ctx);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("Failed to init dcerpc gssapi server (%s)\n",
-			  nt_errstr(status)));
-		return status;
-	}
-
-	status = gse_get_server_auth_token(mem_ctx, gse_ctx,
-					   token_in, token_out);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(0, ("Failed to parse initial client token (%s)\n",
-			  nt_errstr(status)));
-		goto done;
-	}
-
-	*ctx = gse_ctx;
-	status = NT_STATUS_OK;
-
-done:
-	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(gse_ctx);
-	}
-
-	return status;
-}
-
-NTSTATUS gssapi_server_step(struct gse_context *gse_ctx,
-			    TALLOC_CTX *mem_ctx,
-			    DATA_BLOB *token_in,
-			    DATA_BLOB *token_out)
-{
-	NTSTATUS status;
-
-	status = gse_get_server_auth_token(mem_ctx, gse_ctx,
-					   token_in, token_out);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
-	if (gse_require_more_processing(gse_ctx)) {
-		/* ask for next leg */
-		return NT_STATUS_MORE_PROCESSING_REQUIRED;
-	}
-
-	return NT_STATUS_OK;
-}
-
-NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx)
-{
-	return gse_verify_server_auth_flags(gse_ctx);
-}
-
-NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
-				     TALLOC_CTX *mem_ctx,
-				     const struct tsocket_address *remote_address,
-				     struct auth_session_info **session_info)
-{
-	TALLOC_CTX *tmp_ctx;
-	DATA_BLOB pac_blob;
-	struct PAC_DATA *pac_data = NULL;
-	struct PAC_LOGON_INFO *logon_info = NULL;
-	unsigned int i;
-	bool is_mapped;
-	bool is_guest;
-	char *princ_name;
-	char *ntuser;
-	char *ntdomain;
-	char *username;
-	char *rhost;
-	struct passwd *pw;
-	NTSTATUS status;
-	int rc;
-
-	tmp_ctx = talloc_new(mem_ctx);
-	if (!tmp_ctx) {
-		return NT_STATUS_NO_MEMORY;
-	}
-
-	status = gse_get_pac_blob(gse_ctx, tmp_ctx, &pac_blob);
-	if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
-		/* TODO: Fetch user by principal name ? */
-		status = NT_STATUS_ACCESS_DENIED;
-		goto done;
-	}
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-#ifdef HAVE_KRB5
-	status = kerberos_decode_pac(tmp_ctx,
-				     pac_blob,
-				     NULL, NULL, NULL, NULL, 0, &pac_data);
-#else
-	status = NT_STATUS_ACCESS_DENIED;
-#endif
-	data_blob_free(&pac_blob);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	status = gse_get_client_name(gse_ctx, tmp_ctx, &princ_name);
-	if (!NT_STATUS_IS_OK(status)) {
-		goto done;
-	}
-
-	/* get logon name and logon info */
-	for (i = 0; i < pac_data->num_buffers; i++) {
-		struct PAC_BUFFER *data_buf = &pac_data->buffers[i];
-
-		switch (data_buf->type) {
-		case PAC_TYPE_LOGON_INFO:
-			if (!data_buf->info) {
-				break;
-			}
-			logon_info = data_buf->info->logon_info.info;
-			break;
-		default:
-			break;
-		}
-	}
-	if (!logon_info) {
-		DEBUG(1, ("Invalid PAC data, missing logon info!\n"));
-		status = NT_STATUS_NOT_FOUND;
-		goto done;
-	}
-
-	rc = get_remote_hostname(remote_address,
-				 &rhost,
-				 tmp_ctx);
-	if (rc < 0) {
-		status = NT_STATUS_NO_MEMORY;
-		goto done;
-	}
-	if (strequal(rhost, "UNKNOWN")) {
-		rhost = tsocket_address_inet_addr_string(remote_address,
-							 tmp_ctx);
-		if (rhost == NULL) {
-			status = NT_STATUS_NO_MEMORY;
-			goto done;
-		}
-	}
-
-	status = get_user_from_kerberos_info(tmp_ctx, rhost,
-					     princ_name, logon_info,
-					     &is_mapped, &is_guest,
-					     &ntuser, &ntdomain,
-					     &username, &pw);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("Failed to map kerberos principal to system user "
-			  "(%s)\n", nt_errstr(status)));
-		status = NT_STATUS_ACCESS_DENIED;
-		goto done;
-	}
-
-	/* TODO: save PAC data in netsamlogon cache ? */
-
-	status = make_session_info_krb5(mem_ctx,
-					ntuser, ntdomain, username, pw,
-					logon_info, is_guest, is_mapped, NULL /* No session key for now */,
-					session_info);
-	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
-			  nt_errstr(status)));
-		status = NT_STATUS_ACCESS_DENIED;
-		goto done;
-	}
-
-	DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n",
-		  ntuser, ntdomain, rhost));
-
-	status = NT_STATUS_OK;
-
-done:
-	TALLOC_FREE(tmp_ctx);
-	return status;
-}
diff --git a/source3/rpc_server/dcesrv_gssapi.h b/source3/rpc_server/dcesrv_gssapi.h
deleted file mode 100644
index 8d787b5c8d..0000000000
--- a/source3/rpc_server/dcesrv_gssapi.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- *  GSSAPI Acceptor
- *  DCERPC Server functions
- *  Copyright (C) Simo Sorce 2010.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#ifndef _DCESRV_GSSAPI_H_
-#define _DCESRV_GSSAPI_H_
-
-struct gse_context;
-
-NTSTATUS gssapi_server_auth_start(TALLOC_CTX *mem_ctx,
-				  bool do_sign,
-				  bool do_seal,
-				  bool is_dcerpc,
-				  DATA_BLOB *token_in,
-				  DATA_BLOB *token_out,
-				  struct gse_context **ctx);
-NTSTATUS gssapi_server_step(struct gse_context *gse_ctx,
-			    TALLOC_CTX *mem_ctx,
-			    DATA_BLOB *token_in,
-			    DATA_BLOB *token_out);
-NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx);
-NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
-				     TALLOC_CTX *mem_ctx,
-				     const struct tsocket_address *remote_address,
-				     struct auth_session_info **session_info);
-
-#endif /* _DCESRV_GSSAPI_H_ */
diff --git a/source3/rpc_server/dcesrv_spnego.c b/source3/rpc_server/dcesrv_spnego.c
index 37d6209d65..ed7d772d59 100644
--- a/source3/rpc_server/dcesrv_spnego.c
+++ b/source3/rpc_server/dcesrv_spnego.c
@@ -21,7 +21,6 @@
 #include "../libcli/auth/spnego.h"
 #include "../lib/tsocket/tsocket.h"
 #include "dcesrv_auth_generic.h"
-#include "dcesrv_gssapi.h"
 #include "dcesrv_spnego.h"
 #include "auth/gensec/gensec.h"
 
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 8731a28d82..879b6deabd 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -34,7 +34,6 @@
 #include "../libcli/auth/schannel.h"
 #include "../libcli/auth/spnego.h"
 #include "dcesrv_auth_generic.h"
-#include "dcesrv_gssapi.h"
 #include "dcesrv_spnego.h"
 #include "rpc_server.h"
 #include "rpc_dce.h"
diff --git a/source3/rpc_server/wscript_build b/source3/rpc_server/wscript_build
index d22d6eb14d..b06fcd20fb 100755
--- a/source3/rpc_server/wscript_build
+++ b/source3/rpc_server/wscript_build
@@ -37,7 +37,7 @@ bld.SAMBA3_SUBSYSTEM('RPC_SERVICE',
                     deps='samba-util')
 
 bld.SAMBA3_SUBSYSTEM('RPC_CRYPTO',
-                     source='dcesrv_auth_generic.c dcesrv_gssapi.c dcesrv_spnego.c',
+                     source='dcesrv_auth_generic.c dcesrv_spnego.c',
                      deps = 'KRB5_PAC')
 
 bld.SAMBA3_SUBSYSTEM('RPC_PIPE_REGISTER',