From f03913e2ccfcd75a9d569a5b6e9152b091e0014f Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 23 Sep 2010 17:01:44 +1000
Subject: s4-kerberos Move 'set key into keytab' code out of credentials.

This code never really belonged in the credentials layer, and
is easier done with direct access to the ldb_message that is
in secrets.ldb.

Andrew Bartlett
---
 source4/auth/credentials/credentials_krb5.c | 56 +----------------------------
 1 file changed, 1 insertion(+), 55 deletions(-)

(limited to 'source4/auth/credentials/credentials_krb5.c')

diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 4021146821..6e11a5fb02 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -595,7 +595,6 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
 	krb5_error_code ret;
 	struct keytab_container *ktc;
 	struct smb_krb5_context *smb_krb5_context;
-	const char **enctype_strings;
 	TALLOC_CTX *mem_ctx;
 
 	if (cred->keytab_obtained >= (MAX(cred->principal_obtained, 
@@ -619,11 +618,8 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	enctype_strings = cli_credentials_get_enctype_strings(cred);
-	
 	ret = smb_krb5_create_memory_keytab(mem_ctx, cred, 
-					    smb_krb5_context, 
-					    enctype_strings, &ktc);
+					    smb_krb5_context, &ktc);
 	if (ret) {
 		talloc_free(mem_ctx);
 		return ret;
@@ -682,41 +678,6 @@ _PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
 	return ret;
 }
 
-_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, 
-					   struct tevent_context *event_ctx,
-				  struct loadparm_context *lp_ctx)
-{
-	krb5_error_code ret;
-	struct keytab_container *ktc;
-	struct smb_krb5_context *smb_krb5_context;
-	const char **enctype_strings;
-	TALLOC_CTX *mem_ctx;
-	
-	mem_ctx = talloc_new(cred);
-	if (!mem_ctx) {
-		return ENOMEM;
-	}
-
-	ret = cli_credentials_get_krb5_context(cred, event_ctx, lp_ctx, &smb_krb5_context);
-	if (ret) {
-		talloc_free(mem_ctx);
-		return ret;
-	}
-
-	enctype_strings = cli_credentials_get_enctype_strings(cred);
-	
-	ret = cli_credentials_get_keytab(cred, event_ctx, lp_ctx, &ktc);
-	if (ret != 0) {
-		talloc_free(mem_ctx);
-		return ret;
-	}
-
-	ret = smb_krb5_update_keytab(mem_ctx, cred, smb_krb5_context, enctype_strings, ktc);
-
-	talloc_free(mem_ctx);
-	return ret;
-}
-
 /* Get server gss credentials (in gsskrb5, this means the keytab) */
 
 _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
@@ -810,21 +771,6 @@ _PUBLIC_ int cli_credentials_get_kvno(struct cli_credentials *cred)
 }
 
 
-const char **cli_credentials_get_enctype_strings(struct cli_credentials *cred) 
-{
-	/* If this is ever made user-configurable, we need to add code
-	 * to remove/hide the other entries from the generated
-	 * keytab */
-	static const char *default_enctypes[] = {
-		"des-cbc-md5",
-		"aes256-cts-hmac-sha1-96",
-		"des3-cbc-sha1",
-		"arcfour-hmac-md5",
-		NULL
-	};
-	return default_enctypes;
-}
-
 const char *cli_credentials_get_salt_principal(struct cli_credentials *cred) 
 {
 	return cred->salt_principal;
-- 
cgit