auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()
authorStefan Metzmacher <metze@samba.org>
Fri, 7 Jul 2017 08:57:52 +0000 (10:57 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Tue, 25 Jul 2017 11:51:09 +0000 (13:51 +0200)
Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/gensec/spnego.c

index f943463..17cf911 100644 (file)
@@ -325,91 +325,6 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       /* Having tried any optimistic token from the client (if we
-        * were the server), if we didn't get anywhere, walk our list
-        * in our preference order */
-       unwrapped_in = data_blob_null;
-
-       if (!spnego_state->sub_sec_security) {
-               for (i=0; all_sec && all_sec[i].op; i++) {
-                       nt_status = gensec_subcontext_start(spnego_state,
-                                                           gensec_security,
-                                                           &spnego_state->sub_sec_security);
-                       if (!NT_STATUS_IS_OK(nt_status)) {
-                               return nt_status;
-                       }
-                       /* select the sub context */
-                       nt_status = gensec_start_mech_by_ops(spnego_state->sub_sec_security,
-                                                            all_sec[i].op);
-                       if (!NT_STATUS_IS_OK(nt_status)) {
-                               /*
-                                * Pretend we never started it.
-                                */
-                               gensec_spnego_update_sub_abort(spnego_state);
-                               continue;
-                       }
-
-                       spnego_state->neg_oid = all_sec[i].oid;
-
-                       /* only get the helping start blob for the first OID */
-                       nt_status = gensec_update_ev(spnego_state->sub_sec_security,
-                                                 out_mem_ctx, 
-                                                 ev,
-                                                 unwrapped_in,
-                                                 unwrapped_out);
-                       if (NT_STATUS_IS_OK(nt_status)) {
-                               spnego_state->sub_sec_ready = true;
-                       }
-
-                       /* it is likely that a NULL input token will
-                        * not be liked by most server mechs, but if
-                        * we are in the client, we want the first
-                        * update packet to be able to abort the use
-                        * of this mech */
-                       if (spnego_state->state_position != SPNEGO_SERVER_START) {
-                               if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 
-                                   NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) ||
-                                   NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
-                                   NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
-                                       const char *next = NULL;
-                                       const char *principal = NULL;
-                                       int dbg_level = DBGLVL_WARNING;
-
-                                       if (all_sec[i+1].op != NULL) {
-                                               next = all_sec[i+1].op->name;
-                                               dbg_level = DBGLVL_NOTICE;
-                                       }
-
-                                       if (gensec_security->target.principal != NULL) {
-                                               principal = gensec_security->target.principal;
-                                       } else if (gensec_security->target.service != NULL &&
-                                                  gensec_security->target.hostname != NULL)
-                                       {
-                                               principal = talloc_asprintf(spnego_state->sub_sec_security,
-                                                                           "%s/%s",
-                                                                           gensec_security->target.service,
-                                                                           gensec_security->target.hostname);
-                                       } else {
-                                               principal = gensec_security->target.hostname;
-                                       }
-
-                                       DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n",
-                                                         spnego_state->sub_sec_security->ops->name,
-                                                         principal,
-                                                         next, nt_errstr(nt_status)));
-
-                                       /*
-                                        * Pretend we never started it.
-                                        */
-                                       gensec_spnego_update_sub_abort(spnego_state);
-                                       continue;
-                               }
-                       }
-
-                       break;
-               }
-       }
-
        if (spnego_state->sub_sec_security) {
                /* it is likely that a NULL input token will
                 * not be liked by most server mechs, but this