Remove kadmin RPC support for setting v4 key

ticket: 8794 (new)

diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c
index 41fc88ac812d01f26eb66f81a2744c047383261b..d343e2c2579e2e59bbfc6457815a7d87cfb50ec4 100644 (file)
--- a/src/kadmin/server/kadm_rpc_svc.c
+++ b/src/kadmin/server/kadm_rpc_svc.c
@@ -53,7 +53,6 @@ void kadm_1(rqstp, transp)
          mpol_arg modify_policy_2_arg;
          gpol_arg get_policy_2_arg;
          setkey_arg setkey_principal_2_arg;
-         setv4key_arg setv4key_principal_2_arg;
          cprinc3_arg create_principal3_2_arg;
          chpass3_arg chpass_principal3_2_arg;
          chrand3_arg chrand_principal3_2_arg;
@@ -134,12 +133,6 @@ void kadm_1(rqstp, transp)
          local = (bool_t (*)()) chpass_principal_2_svc;
          break;
 
-     case SETV4KEY_PRINCIPAL:
-         xdr_argument = xdr_setv4key_arg;
-         xdr_result = xdr_generic_ret;
-         local = (bool_t (*)()) setv4key_principal_2_svc;
-         break;
-
      case SETKEY_PRINCIPAL:
          xdr_argument = xdr_setkey_arg;
          xdr_result = xdr_generic_ret;

diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index 6a6b21401ef333bcb579ab4210bcbd302fb86d46..3737791b6632d180dc6dff271fa8a369ae67c735 100644 (file)
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -227,7 +227,7 @@ log_badverf(gss_name_t client_name, gss_name_t server_name,
         {14, "GET_PRINCS"},
         {15, "GET_POLS"},
         {16, "SETKEY_PRINCIPAL"},
-        {17, "SETV4KEY_PRINCIPAL"},
+        /* 17 was "SETV4KEY_PRINCIPAL" */
         {18, "CREATE_PRINCIPAL3"},
         {19, "CHPASS_PRINCIPAL3"},
         {20, "CHRAND_PRINCIPAL3"},

diff --git a/src/kadmin/server/server_stubs.c b/src/kadmin/server/server_stubs.c
index cfef97fec14751ee1f303f9c88cac4192e7d3b4a..d5a25e502b59af6fab52f9f13808fb11388d2aa3 100644 (file)
--- a/src/kadmin/server/server_stubs.c
+++ b/src/kadmin/server/server_stubs.c
@@ -893,56 +893,6 @@ exit_func:
     return TRUE;
 }
 
-bool_t
-setv4key_principal_2_svc(setv4key_arg *arg, generic_ret *ret,
-                         struct svc_req *rqstp)
-{
-    char                            *prime_arg = NULL;
-    gss_buffer_desc                 client_name = GSS_C_EMPTY_BUFFER;
-    gss_buffer_desc                 service_name = GSS_C_EMPTY_BUFFER;
-    kadm5_server_handle_t           handle;
-    const char                      *errmsg = NULL;
-
-    ret->code = stub_setup(arg->api_version, rqstp, arg->princ, &handle,
-                           &ret->api_version, &client_name, &service_name,
-                           &prime_arg);
-    if (ret->code)
-        goto exit_func;
-
-    ret->code = check_lockdown_keys(handle, arg->princ);
-    if (ret->code != KADM5_OK) {
-        if (ret->code == KADM5_PROTECT_KEYS) {
-            log_unauth("kadm5_setv4key_principal", prime_arg, &client_name,
-                       &service_name, rqstp);
-            ret->code = KADM5_AUTH_SETKEY;
-        }
-    } else if (!(CHANGEPW_SERVICE(rqstp)) &&
-               stub_auth(handle, OP_SETKEY, arg->princ, NULL, NULL, NULL)) {
-        ret->code = kadm5_setv4key_principal(handle, arg->princ,
-                                             arg->keyblock);
-    } else {
-        log_unauth("kadm5_setv4key_principal", prime_arg,
-                   &client_name, &service_name, rqstp);
-        ret->code = KADM5_AUTH_SETKEY;
-    }
-
-    if (ret->code != KADM5_AUTH_SETKEY) {
-        if (ret->code != 0)
-            errmsg = krb5_get_error_message(handle->context, ret->code);
-
-        log_done("kadm5_setv4key_principal", prime_arg, errmsg,
-                 &client_name, &service_name, rqstp);
-
-        if (errmsg != NULL)
-            krb5_free_error_message(handle->context, errmsg);
-    }
-
-exit_func:
-    stub_cleanup(handle, prime_arg, &client_name, &service_name);
-    return TRUE;
-}
-
-
 bool_t
 setkey_principal_2_svc(setkey_arg *arg, generic_ret *ret,
                        struct svc_req *rqstp)

diff --git a/src/lib/kadm5/admin.h b/src/lib/kadm5/admin.h
index b765148b360c7995b806a5563897728984930b71..7268be44ed9d45e845a88a0bfe94eb531247abfa 100644 (file)
--- a/src/lib/kadm5/admin.h
+++ b/src/lib/kadm5/admin.h
@@ -394,9 +394,6 @@ kadm5_ret_t    kadm5_randkey_principal_3(void *server_handle,
                                          krb5_key_salt_tuple *ks_tuple,
                                          krb5_keyblock **keyblocks,
                                          int *n_keys);
-kadm5_ret_t    kadm5_setv4key_principal(void *server_handle,
-                                        krb5_principal principal,
-                                        krb5_keyblock *keyblock);
 
 kadm5_ret_t    kadm5_setkey_principal(void *server_handle,
                                       krb5_principal principal,

diff --git a/src/lib/kadm5/admin_xdr.h b/src/lib/kadm5/admin_xdr.h
index 2d22611e7df85d96d6682e892442986753ab67bc..9da98451e4ba57a13587466471dfe07ec1d8e920 100644 (file)
--- a/src/lib/kadm5/admin_xdr.h
+++ b/src/lib/kadm5/admin_xdr.h
@@ -37,7 +37,6 @@ bool_t            xdr_mprinc_arg(XDR *xdrs, mprinc_arg *objp);
 bool_t     xdr_rprinc_arg(XDR *xdrs, rprinc_arg *objp);
 bool_t     xdr_chpass_arg(XDR *xdrs, chpass_arg *objp);
 bool_t      xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp);
-bool_t      xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp);
 bool_t      xdr_setkey_arg(XDR *xdrs, setkey_arg *objp);
 bool_t      xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp);
 bool_t      xdr_setkey4_arg(XDR *xdrs, setkey4_arg *objp);

diff --git a/src/lib/kadm5/clnt/Makefile.in b/src/lib/kadm5/clnt/Makefile.in
index a180e85cdd94018a0bc0827487e92ec089165b84..2bc385afee53885c838f0cf116af62d832f8ee03 100644 (file)
--- a/src/lib/kadm5/clnt/Makefile.in
+++ b/src/lib/kadm5/clnt/Makefile.in
@@ -3,7 +3,7 @@ BUILDTOP=$(REL)..$(S)..$(S)..
 LOCALINCLUDES = -I$(BUILDTOP)/include/kadm5
 
 LIBBASE=kadm5clnt_mit
-LIBMAJOR=11
+LIBMAJOR=12
 LIBMINOR=0
 STOBJLISTS=../OBJS.ST OBJS.ST
 SHLIB_EXPDEPS=\

diff --git a/src/lib/kadm5/clnt/client_principal.c b/src/lib/kadm5/clnt/client_principal.c
index 18714bf3753c18db9c0a2bd9905d4b58a101f116..96d9d19322da388ca31c31184b7225fc95ef2ccc 100644 (file)
--- a/src/lib/kadm5/clnt/client_principal.c
+++ b/src/lib/kadm5/clnt/client_principal.c
@@ -273,28 +273,6 @@ kadm5_chpass_principal_3(void *server_handle,
     return r.code;
 }
 
-kadm5_ret_t
-kadm5_setv4key_principal(void *server_handle,
-                         krb5_principal princ,
-                         krb5_keyblock *keyblock)
-{
-    setv4key_arg        arg;
-    generic_ret         r = { 0, 0 };
-    kadm5_server_handle_t handle = server_handle;
-
-    CHECK_HANDLE(server_handle);
-
-    arg.princ = princ;
-    arg.keyblock = keyblock;
-    arg.api_version = handle->api_version;
-
-    if(princ == NULL || keyblock == NULL)
-        return EINVAL;
-    if (setv4key_principal_2(&arg, &r, handle->clnt))
-        eret();
-    return r.code;
-}
-
 kadm5_ret_t
 kadm5_setkey_principal(void *server_handle,
                        krb5_principal princ,

diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c
index df5455fd86b4bf4c656fa7b49138578d18ca24b6..d84d158b4601f3bfc19840f93589b037615aabda 100644 (file)
--- a/src/lib/kadm5/clnt/client_rpc.c
+++ b/src/lib/kadm5/clnt/client_rpc.c
@@ -84,14 +84,6 @@ chpass_principal3_2(chpass3_arg *argp, generic_ret *res, CLIENT *clnt)
                         (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
 }
 
-enum clnt_stat
-setv4key_principal_2(setv4key_arg *argp, generic_ret *res, CLIENT *clnt)
-{
-       return clnt_call(clnt, SETV4KEY_PRINCIPAL,
-                        (xdrproc_t)xdr_setv4key_arg, (caddr_t)argp,
-                        (xdrproc_t)xdr_generic_ret, (caddr_t)res, TIMEOUT);
-}
-
 enum clnt_stat
 setkey_principal_2(setkey_arg *argp, generic_ret *res, CLIENT *clnt)
 {

diff --git a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
index f122b31ab96adf6fd9bf4caaeb9c2b0d04588660..e41c8e4f76b5c1f8c8a5b191450adb18f03f2aab 100644 (file)
--- a/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
+++ b/src/lib/kadm5/clnt/libkadm5clnt_mit.exports
@@ -44,7 +44,6 @@ kadm5_set_string
 kadm5_setkey_principal
 kadm5_setkey_principal_3
 kadm5_setkey_principal_4
-kadm5_setv4key_principal
 kadm5_unlock
 krb5_aprof_finish
 krb5_aprof_get_boolean
@@ -114,6 +113,5 @@ xdr_rprinc_arg
 xdr_setkey3_arg
 xdr_setkey4_arg
 xdr_setkey_arg
-xdr_setv4key_arg
 xdr_ui_4
 kadm5_init_iprop

diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h
index 8d7cf3b36f07d6f4e06e3e4fe8a7e2881632dbc5..5099c6c145ed8cfcb4e16df3dde75d6e785cfcc3 100644 (file)
--- a/src/lib/kadm5/kadm_rpc.h
+++ b/src/lib/kadm5/kadm_rpc.h
@@ -82,13 +82,6 @@ struct chpass3_arg {
 };
 typedef struct chpass3_arg chpass3_arg;
 
-struct setv4key_arg {
-       krb5_ui_4 api_version;
-       krb5_principal princ;
-       krb5_keyblock *keyblock;
-};
-typedef struct setv4key_arg setv4key_arg;
-
 struct setkey_arg {
        krb5_ui_4 api_version;
        krb5_principal princ;
@@ -322,11 +315,9 @@ extern  enum clnt_stat setkey_principal_2(setkey_arg *, generic_ret *,
                                          CLIENT *);
 extern  bool_t setkey_principal_2_svc(setkey_arg *, generic_ret *,
                                      struct svc_req *);
-#define SETV4KEY_PRINCIPAL 17
-extern  enum clnt_stat setv4key_principal_2(setv4key_arg *, generic_ret *,
-                                           CLIENT *);
-extern  bool_t setv4key_principal_2_svc(setv4key_arg *, generic_ret *,
-                                       struct svc_req *);
+
+/* 17 was SETV4KEY_PRINCIPAL (removed in 1.18). */
+
 #define CREATE_PRINCIPAL3 18
 extern  enum clnt_stat create_principal3_2(cprinc3_arg *, generic_ret *,
                                           CLIENT *);
@@ -380,7 +371,6 @@ extern bool_t xdr_gprincs_arg ();
 extern bool_t xdr_gprincs_ret ();
 extern bool_t xdr_chpass_arg ();
 extern bool_t xdr_chpass3_arg ();
-extern bool_t xdr_setv4key_arg ();
 extern bool_t xdr_setkey_arg ();
 extern bool_t xdr_setkey3_arg ();
 extern bool_t xdr_setkey4_arg ();

diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 2892d4147b58bd3fb0693c0e99b4d860212be559..745ee857ebf3e08bda95b9e2663ee130e9f41cda 100644 (file)
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -710,25 +710,6 @@ xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp)
        return (TRUE);
 }
 
-bool_t
-xdr_setv4key_arg(XDR *xdrs, setv4key_arg *objp)
-{
-       unsigned int n_keys = 1;
-
-       if (!xdr_ui_4(xdrs, &objp->api_version)) {
-               return (FALSE);
-       }
-       if (!xdr_krb5_principal(xdrs, &objp->princ)) {
-               return (FALSE);
-       }
-       if (!xdr_array(xdrs, (caddr_t *) &objp->keyblock,
-                      &n_keys, ~0,
-                      sizeof(krb5_keyblock), xdr_krb5_keyblock)) {
-               return (FALSE);
-       }
-       return (TRUE);
-}
-
 bool_t
 xdr_setkey_arg(XDR *xdrs, setkey_arg *objp)
 {

diff --git a/src/lib/kadm5/srv/Makefile.in b/src/lib/kadm5/srv/Makefile.in
index 617d6566665f38ff8bdb7cea08d81934cf60df66..89e6097cfecd5110071ed3b21b03f63643f9fdd1 100644 (file)
--- a/src/lib/kadm5/srv/Makefile.in
+++ b/src/lib/kadm5/srv/Makefile.in
@@ -9,7 +9,7 @@ DEFINES = @HESIOD_DEFS@
 ##DOSLIBNAME = libkadm5srv.lib
 
 LIBBASE=kadm5srv_mit
-LIBMAJOR=11
+LIBMAJOR=12
 LIBMINOR=0
 STOBJLISTS=../OBJS.ST OBJS.ST
 

diff --git a/src/lib/kadm5/srv/libkadm5srv_mit.exports b/src/lib/kadm5/srv/libkadm5srv_mit.exports
index 64ad5dd69ec7f6902f5589dd7403c848f2059638..e3c04e690abc24a3b1a5e863869a06b5ac989b3a 100644 (file)
--- a/src/lib/kadm5/srv/libkadm5srv_mit.exports
+++ b/src/lib/kadm5/srv/libkadm5srv_mit.exports
@@ -45,7 +45,6 @@ kadm5_set_string
 kadm5_setkey_principal
 kadm5_setkey_principal_3
 kadm5_setkey_principal_4
-kadm5_setv4key_principal
 kadm5_unlock
 kdb_delete_entry
 kdb_free_entry
@@ -133,7 +132,6 @@ xdr_rprinc_arg
 xdr_setkey3_arg
 xdr_setkey4_arg
 xdr_setkey_arg
-xdr_setv4key_arg
 xdr_sstring_arg
 xdr_ui_4
 kadm5_init_iprop

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 9ab2c5a74eeaf7fdcfca92918a4d50494b3c7901..48cac0c1120a2def1ce57164c2a19d86c8a390c2 100644 (file)
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1645,124 +1645,6 @@ done:
     return ret;
 }
 
-/*
- * kadm5_setv4key_principal:
- *
- * Set only ONE key of the principal, removing all others.  This key
- * must have the DES_CBC_CRC enctype and is entered as having the
- * krb4 salttype.  This is to enable things like kadmind4 to work.
- */
-kadm5_ret_t
-kadm5_setv4key_principal(void *server_handle,
-                         krb5_principal principal,
-                         krb5_keyblock *keyblock)
-{
-    krb5_db_entry               *kdb;
-    osa_princ_ent_rec           adb;
-    krb5_timestamp              now;
-    kadm5_policy_ent_rec        pol;
-    krb5_keysalt                keysalt;
-    int                         i, kvno, ret;
-    krb5_boolean                have_pol = FALSE;
-    kadm5_server_handle_t       handle = server_handle;
-    krb5_key_data               tmp_key_data;
-    krb5_keyblock               *act_mkey;
-
-    memset( &tmp_key_data, 0, sizeof(tmp_key_data));
-
-    CHECK_HANDLE(server_handle);
-
-    krb5_clear_error_message(handle->context);
-
-    if (principal == NULL || keyblock == NULL)
-        return EINVAL;
-    if (hist_princ && /* this will be NULL when initializing the databse */
-        ((krb5_principal_compare(handle->context,
-                                 principal, hist_princ)) == TRUE))
-        return KADM5_PROTECT_PRINCIPAL;
-
-    if (keyblock->enctype != ENCTYPE_DES_CBC_CRC)
-        return KADM5_SETV4KEY_INVAL_ENCTYPE;
-
-    if ((ret = kdb_get_entry(handle, principal, &kdb, &adb)))
-        return(ret);
-
-    for (kvno = 0, i=0; i<kdb->n_key_data; i++)
-        if (kdb->key_data[i].key_data_kvno > kvno)
-            kvno = kdb->key_data[i].key_data_kvno;
-
-    if (kdb->key_data != NULL)
-        cleanup_key_data(handle->context, kdb->n_key_data, kdb->key_data);
-
-    kdb->key_data = calloc(1, sizeof(krb5_key_data));
-    if (kdb->key_data == NULL)
-        return ENOMEM;
-    kdb->n_key_data = 1;
-    keysalt.type = KRB5_KDB_SALTTYPE_V4;
-    /* XXX data.magic? */
-    keysalt.data.length = 0;
-    keysalt.data.data = NULL;
-
-    ret = kdb_get_active_mkey(handle, NULL, &act_mkey);
-    if (ret)
-        goto done;
-
-    /* use tmp_key_data as temporary location and reallocate later */
-    ret = krb5_dbe_encrypt_key_data(handle->context, act_mkey, keyblock,
-                                    &keysalt, kvno + 1, kdb->key_data);
-    if (ret) {
-        goto done;
-    }
-
-    kdb->attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE;
-
-    ret = krb5_timeofday(handle->context, &now);
-    if (ret)
-        goto done;
-
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-        ret = get_policy(handle, adb.policy, &pol, &have_pol);
-        if (ret)
-            goto done;
-    }
-    if (have_pol) {
-        if (pol.pw_max_life)
-            kdb->pw_expiration = ts_incr(now, pol.pw_max_life);
-        else
-            kdb->pw_expiration = 0;
-    } else {
-        kdb->pw_expiration = 0;
-    }
-
-    ret = krb5_dbe_update_last_pwd_change(handle->context, kdb, now);
-    if (ret)
-        goto done;
-
-    /* unlock principal on this KDC */
-    kdb->fail_auth_count = 0;
-
-    /* key data changed, let the database provider know */
-    kdb->mask = KADM5_KEY_DATA | KADM5_FAIL_AUTH_COUNT;
-
-    if ((ret = kdb_put_entry(handle, kdb, &adb)))
-        goto done;
-
-    ret = KADM5_OK;
-done:
-    for (i = 0; i < tmp_key_data.key_data_ver; i++) {
-        if (tmp_key_data.key_data_contents[i]) {
-            memset (tmp_key_data.key_data_contents[i], 0, tmp_key_data.key_data_length[i]);
-            free (tmp_key_data.key_data_contents[i]);
-        }
-    }
-
-    kdb_free_entry(handle, kdb, &adb);
-    if (have_pol)
-        kadm5_free_policy_ent(handle->lhandle, &pol);
-
-    return ret;
-}
-
 kadm5_ret_t
 kadm5_setkey_principal(void *server_handle,
                        krb5_principal principal,