mit-samba: Remove obsolete mit_samba_update_pac_data()
authorAndreas Schneider <asn@samba.org>
Thu, 26 Jan 2017 16:07:14 +0000 (17:07 +0100)
committerAndreas Schneider <asn@cryptomilk.org>
Sat, 29 Apr 2017 21:31:12 +0000 (23:31 +0200)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source4/kdc/mit_samba.c
source4/kdc/mit_samba.h

index 333714e..aa999e4 100644 (file)
@@ -400,75 +400,6 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
        return code;
 }
 
-int mit_samba_update_pac_data(struct mit_samba_context *ctx,
-                             krb5_db_entry *client,
-                             DATA_BLOB *pac_data,
-                             DATA_BLOB *logon_data)
-{
-       TALLOC_CTX *tmp_ctx;
-       DATA_BLOB *logon_blob;
-       krb5_error_code code;
-       NTSTATUS nt_status;
-       krb5_pac pac = NULL;
-       int ret;
-       struct samba_kdc_entry *skdc_entry = NULL;
-
-       if (client) {
-               skdc_entry = talloc_get_type_abort(client->e_data,
-                                                  struct samba_kdc_entry);
-       }
-
-       /* The user account may be set not to want the PAC */
-       if (client && !samba_princ_needs_pac(skdc_entry)) {
-               return EINVAL;
-       }
-
-       tmp_ctx = talloc_named(ctx, 0, "mit_samba_update_pac_data context");
-       if (!tmp_ctx) {
-               return ENOMEM;
-       }
-
-       logon_blob = talloc_zero(tmp_ctx, DATA_BLOB);
-       if (!logon_blob) {
-               ret = ENOMEM;
-               goto done;
-       }
-
-       code = krb5_pac_parse(ctx->context,
-                             pac_data->data, pac_data->length, &pac);
-       if (code) {
-               ret = EINVAL;
-               goto done;
-       }
-
-       /* TODO: An implementation-specific decision will need to be
-        * made as to when to check the KDC pac signature, and how to
-        * untrust untrusted RODCs */
-       nt_status = samba_kdc_update_pac_blob(tmp_ctx, ctx->context,
-                                             pac, logon_blob, NULL, NULL);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               DEBUG(0, ("Building PAC failed: %s\n",
-                         nt_errstr(nt_status)));
-               ret = EINVAL;
-               goto done;
-       }
-
-       logon_data->data = (uint8_t *)malloc(logon_blob->length);
-       if (!logon_data->data) {
-               ret = ENOMEM;
-               goto done;
-       }
-       memcpy(logon_data->data, logon_blob->data, logon_blob->length);
-       logon_data->length = logon_blob->length;
-
-       ret = 0;
-
-done:
-       if (pac) krb5_pac_free(ctx->context, pac);
-       talloc_free(tmp_ctx);
-       return ret;
-}
-
 krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
                                    krb5_context context,
                                    int flags,
index 036e77a..ba82455 100644 (file)
@@ -63,16 +63,6 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
                                    krb5_keyblock *krbtgt_keyblock,
                                    krb5_pac *pac);
 
-int mit_samba_update_pac_data(struct mit_samba_context *ctx,
-                             krb5_db_entry *client,
-                             DATA_BLOB *pac_data,
-                             DATA_BLOB *logon_data);
-
-int mit_samba_update_pac_data(struct mit_samba_context *ctx,
-                             krb5_db_entry *client,
-                             DATA_BLOB *pac_data,
-                             DATA_BLOB *logon_data);
-
 int mit_samba_check_client_access(struct mit_samba_context *ctx,
                                  krb5_db_entry *client,
                                  const char *client_name,