Remove LDAP realm krbTicketPolicyReference code

author Greg Hudson <ghudson@mit.edu>

Sun, 18 Nov 2012 20:48:08 +0000 (15:48 -0500)

committer Greg Hudson <ghudson@mit.edu>

Thu, 20 Dec 2012 16:35:42 +0000 (11:35 -0500)
author Greg Hudson <ghudson@mit.edu>
Sun, 18 Nov 2012 20:48:08 +0000 (15:48 -0500)
committer Greg Hudson <ghudson@mit.edu>
Thu, 20 Dec 2012 16:35:42 +0000 (11:35 -0500)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c

index 35daf5f6351392fb9b34cb528a140abb184b64d7..1e3d5354b1204ff0213cbd6920cfbf7b73e1ed09 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -43,7 +43,6 @@
  char  *realm_attributes[] = {"krbSearchScope","krbSubTrees", "krbPrincContainerRef",
                               "krbMaxTicketLife", "krbMaxRenewableAge",
                               "krbTicketFlags", "krbUpEnabled",
-                             "krbTicketPolicyReference",
                               "krbLdapServers",
                               "krbKdcServers",  "krbAdmServers",
                               "krbPwdServers", NULL};
@@ -611,7 +610,6 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
          rparams->realm_name == NULL ||
          ((mask & LDAP_REALM_SUBTREE) && rparams->subtree  == NULL) ||
          ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
-        ((mask & LDAP_REALM_POLICYREFERENCE) && rparams->policyreference == NULL) ||
          0) {
          st = EINVAL;
          return st;
@@ -862,53 +860,6 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
      }
      ldap_msgfree(result);
  
-    /*
-     * If all of maxtktlife, maxrenewlife and ticketflags are not directly
-     * available, use the policy dn from the policy reference attribute, if
-     * available, to fetch the missing.
-     */
-
-    if ((!(*mask & LDAP_REALM_MAXTICKETLIFE && *mask & LDAP_REALM_MAXRENEWLIFE &&
-           *mask & LDAP_REALM_KRBTICKETFLAGS)) && rlparams->policyreference) {
-
-        LDAP_SEARCH_1(rlparams->policyreference, LDAP_SCOPE_BASE, NULL, policy_attributes, IGNORE_STATUS);
-        if (st != LDAP_SUCCESS && st != LDAP_NO_SUCH_OBJECT) {
-            int ost = st;
-            st = translate_ldap_error (st, OP_SEARCH);
-            krb5_set_error_message(context, st,
-                                   _("Policy object read failed: %s"),
-                                   ldap_err2string(ost));
-            goto cleanup;
-        }
-        ent = ldap_first_entry (ld, result);
-        if (ent != NULL) {
-            if ((*mask & LDAP_REALM_MAXTICKETLIFE) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbmaxticketlife")) != NULL) {
-                    rlparams->max_life = atoi(values[0]);
-                    *mask |= LDAP_REALM_MAXTICKETLIFE;
-                    ldap_value_free(values);
-                }
-            }
-
-            if ((*mask & LDAP_REALM_MAXRENEWLIFE) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbmaxrenewableage")) != NULL) {
-                    rlparams->max_renewable_life = atoi(values[0]);
-                    *mask |= LDAP_REALM_MAXRENEWLIFE;
-                    ldap_value_free(values);
-                }
-            }
-
-            if ((*mask & LDAP_REALM_KRBTICKETFLAGS) == 0) {
-                if ((values=ldap_get_values(ld, ent, "krbticketflags")) != NULL) {
-                    rlparams->tktflags = atoi(values[0]);
-                    *mask |= LDAP_REALM_KRBTICKETFLAGS;
-                    ldap_value_free(values);
-                }
-            }
-        }
-        ldap_msgfree(result);
-    }
-
      rlparams->mask = *mask;
      *rlparamp = rlparams;
      st = store_tl_data(rlparams->tl_data, KDB_TL_MASK, mask);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h

index b0bc579ed9f5afe91603c845099cc8e4f2ed9aee..2f1b7aaf9a32f1f62152100892c9931f8a2bd76d 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h
@@ -34,7 +34,7 @@
  /* realm specific mask */
  #define LDAP_REALM_SUBTREE            0x0001
  #define LDAP_REALM_SEARCHSCOPE        0x0002
-#define LDAP_REALM_POLICYREFERENCE    0x0004
+/* 0x0004 was LDAP_REALM_POLICYREFERENCE but it was unused */
  #define LDAP_REALM_UPENABLED          0x0008
  #define LDAP_REALM_LDAPSERVERS        0x0010
  #define LDAP_REALM_KDCSERVERS         0x0020
@@ -56,7 +56,6 @@ typedef struct _krb5_ldap_realm_params {
      char          *realm_name;
      char          **subtree;
      char          *containerref;
-    char          *policyreference;
      int           search_scope;
      int           upenabled;
      int           subtreecount;
author	Greg Hudson <ghudson@mit.edu>
	Sun, 18 Nov 2012 20:48:08 +0000 (15:48 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Thu, 20 Dec 2012 16:35:42 +0000 (11:35 -0500)
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c		patch \| blob \| blame \| history
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.h		patch \| blob \| blame \| history