From 798a227df11f49147fa43e515910ec11e21e0caa Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Tue, 25 Sep 2012 15:02:12 +0200 Subject: remove left over principal selection https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call. --- src/util/sss_krb5.c | 102 ---------------------------------------------------- 1 file changed, 102 deletions(-) (limited to 'src/util/sss_krb5.c') diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 24229f8b..cce8d902 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -200,108 +200,6 @@ done: return ret; } - -int sss_krb5_verify_keytab(const char *principal, - const char *realm_str, - const char *keytab_name) -{ - krb5_context context = NULL; - krb5_keytab keytab = NULL; - krb5_error_code krberr; - int ret; - char *full_princ = NULL; - char *realm_name = NULL; - char *default_realm = NULL; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - krberr = krb5_init_context(&context); - if (krberr) { - DEBUG(2, ("Failed to init kerberos context\n")); - ret = EFAULT; - goto done; - } - - if (keytab_name) { - krberr = krb5_kt_resolve(context, keytab_name, &keytab); - } else { - krberr = krb5_kt_default(context, &keytab); - } - - if (krberr) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("Failed to read keytab file: %s\n", - KEYTAB_CLEAN_NAME, - sss_krb5_get_error_message(context, krberr))); - ret = EFAULT; - goto done; - } - - if (!realm_str) { - krberr = krb5_get_default_realm(context, &default_realm); - if (krberr) { - DEBUG(2, ("Failed to get default realm name: %s\n", - sss_krb5_get_error_message(context, krberr))); - ret = EFAULT; - goto done; - } - - realm_name = talloc_strdup(tmp_ctx, default_realm); - krb5_free_default_realm(context, default_realm); - if (!realm_name) { - ret = ENOMEM; - goto done; - } - } else { - realm_name = talloc_strdup(tmp_ctx, realm_str); - if (!realm_name) { - ret = ENOMEM; - goto done; - } - } - - if (principal) { - if (!strchr(principal, '@')) { - full_princ = talloc_asprintf(tmp_ctx, "%s@%s", - principal, realm_name); - } else { - full_princ = talloc_strdup(tmp_ctx, principal); - } - } else { - char hostname[512]; - - ret = gethostname(hostname, 511); - if (ret == -1) { - ret = errno; - goto done; - } - hostname[511] = '\0'; - - ret = select_principal_from_keytab(tmp_ctx, hostname, realm_name, - keytab_name, &full_princ, NULL, NULL); - if (ret) goto done; - } - if (!full_princ) { - ret = ENOMEM; - goto done; - } - DEBUG(4, ("Principal name is: [%s]\n", full_princ)); - - ret = sss_krb5_verify_keytab_ex(full_princ, keytab_name, context, keytab); - if (ret) goto done; - - ret = EOK; -done: - if (keytab) krb5_kt_close(context, keytab); - if (context) krb5_free_context(context); - talloc_free(tmp_ctx); - return ret; -} - int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, krb5_context context, krb5_keytab keytab) { -- cgit