ITS#4799 remove all references to kbind

2025-01-06 10:46:21 +08:00 · 2007-01-09 23:48:28 +00:00 · 2007-01-09 23:48:28 +00:00 · 9ece06c8f5
commit 9ece06c8f5
parent 0f6b4bd167
5 changed files with 5 additions and 330 deletions
--- a/libraries/libldap/Makefile.in
+++ b/libraries/libldap/Makefile.in
@ -20,7 +20,7 @@ PROGRAMS = apitest dntest ftest ltest urltest
 SRCS	= bind.c open.c result.c error.c compare.c search.c \
 	controls.c messages.c references.c extended.c cyrus.c \
 	modify.c add.c modrdn.c delete.c abandon.c \
-	sasl.c sbind.c kbind.c unbind.c cancel.c  \
+	sasl.c sbind.c unbind.c cancel.c  \
 	filter.c free.c sort.c passwd.c whoami.c \
 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
 	request.c os-ip.c url.c pagectrl.c sortctrl.c vlvctrl.c \
@ -31,7 +31,7 @@ SRCS	= bind.c open.c result.c error.c compare.c search.c \
 OBJS	= bind.lo open.lo result.lo error.lo compare.lo search.lo \
 	controls.lo messages.lo references.lo extended.lo cyrus.lo \
 	modify.lo add.lo modrdn.lo delete.lo abandon.lo \
-	sasl.lo sbind.lo kbind.lo unbind.lo cancel.lo \
+	sasl.lo sbind.lo unbind.lo cancel.lo \
 	filter.lo free.lo sort.lo passwd.lo whoami.lo \
 	getdn.lo getentry.lo getattr.lo getvalues.lo addentry.lo \
 	request.lo os-ip.lo url.lo pagectrl.lo sortctrl.lo vlvctrl.lo \
--- a/libraries/libldap/bind.c
+++ b/libraries/libldap/bind.c
@ -56,8 +56,7 @@
 * ldap_bind - bind to the ldap server (and X.500).  The dn and password
 * of the entry to which to bind are supplied, along with the authentication
 * method to use.  The msgid of the bind request is returned on success,
- * -1 if there's trouble.  Note, the kerberos support assumes the user already
- * has a valid tgt for now.  ldap_result() should be called to find out the
+ * -1 if there's trouble.  ldap_result() should be called to find out the
 * outcome of the bind request.
 *
 * Example:
@ -74,14 +73,6 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
 	case LDAP_AUTH_SIMPLE:
 		return( ldap_simple_bind( ld, dn, passwd ) );

-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-	case LDAP_AUTH_KRBV41:
-		return( ldap_kerberos_bind1( ld, dn ) );
-
-	case LDAP_AUTH_KRBV42:
-		return( ldap_kerberos_bind2( ld, dn ) );
-#endif
-
 	case LDAP_AUTH_SASL:
 		/* user must use ldap_sasl_bind */
 		/* FALL-THRU */
@ -97,8 +88,7 @@ ldap_bind( LDAP *ld, LDAP_CONST char *dn, LDAP_CONST char *passwd, int authmetho
 * of the entry to which to bind are supplied, along with the authentication
 * method to use.  This routine just calls whichever bind routine is
 * appropriate and returns the result of the bind (e.g. LDAP_SUCCESS or
- * some other error indication).  Note, the kerberos support assumes the
- * user already has a valid tgt for now.
+ * some other error indication).
 *
 * Examples:
 *	ldap_bind_s( ld, "cn=manager, o=university of michigan, c=us",
@ -119,17 +109,6 @@ ldap_bind_s(
 	case LDAP_AUTH_SIMPLE:
 		return( ldap_simple_bind_s( ld, dn, passwd ) );

-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-	case LDAP_AUTH_KRBV4:
-		return( ldap_kerberos_bind_s( ld, dn ) );
-
-	case LDAP_AUTH_KRBV41:
-		return( ldap_kerberos_bind1_s( ld, dn ) );
-
-	case LDAP_AUTH_KRBV42:
-		return( ldap_kerberos_bind2_s( ld, dn ) );
-#endif
-
 	case LDAP_AUTH_SASL:
 		/* user must use ldap_sasl_bind */
 		/* FALL-THRU */
--- a/libraries/libldap/kbind.c
+++ b/libraries/libldap/kbind.c
@ -1,291 +0,0 @@
-/* $OpenLDAP$ */
-/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
- *
- * Copyright 1998-2007 The OpenLDAP Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted only as authorized by the OpenLDAP
- * Public License.
- *
- * A copy of this license is available in the file LICENSE in the
- * top-level directory of the distribution or, alternatively, at
- * <http://www.OpenLDAP.org/license.html>.
- */
-/* Portions Copyright (c) 1993 Regents of the University of Michigan.
- * All rights reserved.
- */
-
-#include "portable.h"
-
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-
-#include <stdio.h>
-#include <ac/stdlib.h>
-
-#include <ac/krb.h>
-#include <ac/socket.h>
-#include <ac/string.h>
-#include <ac/time.h>
-
-#include "ldap-int.h"
-
-/*
- *	BindRequest ::= SEQUENCE {
- *		version		INTEGER,
- *		name		DistinguishedName,	 -- who
- *		authentication	CHOICE {
- *			simple		[0] OCTET STRING -- passwd
-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
- *			krbv42ldap	[1] OCTET STRING
- *			krbv42dsa	[2] OCTET STRING
-#endif
- *			sasl		[3] SaslCredentials	-- LDAPv3
- *		}
- *	}
- *
- *	BindResponse ::= SEQUENCE {
- *		COMPONENTS OF LDAPResult,
- *		serverSaslCreds		OCTET STRING OPTIONAL -- LDAPv3
- *	}
- *
- */
-
-/*
- * ldap_kerberos_bind1 - initiate a bind to the ldap server using
- * kerberos authentication.  The dn is supplied.  It is assumed the user
- * already has a valid ticket granting ticket.  The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- *	ldap_kerberos_bind1( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind1( LDAP *ld, LDAP_CONST char *dn )
-{
-	BerElement	*ber;
-	char		*cred;
-	int		rc;
-	ber_len_t credlen;
-	ber_int_t	id;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1\n", 0, 0, 0 );
-
-	if( ld->ld_version > LDAP_VERSION2 ) {
-		ld->ld_errno = LDAP_NOT_SUPPORTED;
-		return -1;
-	}
-
-	if ( dn == NULL )
-		dn = "";
-
-	if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "ldapserver",
-	    &credlen )) == NULL ) {
-		return( -1 );	/* ld_errno should already be set */
-	}
-
-	/* create a message to send */
-	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
-		LDAP_FREE( cred );
-		return( -1 );
-	}
-
-	LDAP_NEXT_MSGID( ld, id );
-	/* fill it in */
-	rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
-	    ld->ld_version, dn, LDAP_AUTH_KRBV41, cred, credlen );
-
-	if ( rc == -1 ) {
-		LDAP_FREE( cred );
-		ber_free( ber, 1 );
-		ld->ld_errno = LDAP_ENCODING_ERROR;
-		return( -1 );
-	}
-
-	LDAP_FREE( cred );
-
-
-	/* send the message */
-	return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
-}
-
-int
-ldap_kerberos_bind1_s( LDAP *ld, LDAP_CONST char *dn )
-{
-	int		msgid;
-	LDAPMessage	*res;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind1_s\n", 0, 0, 0 );
-
-	/* initiate the bind */
-	if ( (msgid = ldap_kerberos_bind1( ld, dn )) == -1 )
-		return( ld->ld_errno );
-
-	/* wait for a result */
-	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res )
-	    == -1 ) {
-		return( ld->ld_errno );	/* ldap_result sets ld_errno */
-	}
-
-	return( ldap_result2error( ld, res, 1 ) );
-}
-
-/*
- * ldap_kerberos_bind2 - initiate a bind to the X.500 server using
- * kerberos authentication.  The dn is supplied.  It is assumed the user
- * already has a valid ticket granting ticket.  The msgid of the
- * request is returned on success (suitable for passing to ldap_result()),
- * -1 is returned if there's trouble.
- *
- * Example:
- *	ldap_kerberos_bind2( ld, "cn=manager, o=university of michigan, c=us" )
- */
-int
-ldap_kerberos_bind2( LDAP *ld, LDAP_CONST char *dn )
-{
-	BerElement	*ber;
-	char		*cred;
-	int		rc;
-	ber_len_t credlen;
-	ber_int_t id;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2\n", 0, 0, 0 );
-
-	if( ld->ld_version > LDAP_VERSION2 ) {
-		ld->ld_errno = LDAP_NOT_SUPPORTED;
-		return -1;
-	}
-
-	if ( dn == NULL )
-		dn = "";
-
-	if ( (cred = ldap_get_kerberosv4_credentials( ld, dn, "x500dsa", &credlen ))
-	    == NULL ) {
-		return( -1 );	/* ld_errno should already be set */
-	}
-
-	/* create a message to send */
-	if ( (ber = ldap_alloc_ber_with_options( ld )) == NULL ) {
-		LDAP_FREE( cred );
-		return( -1 );
-	}
-
-	LDAP_NEXT_MSGID( ld, id );
-	/* fill it in */
-	rc = ber_printf( ber, "{it{istoN}N}", id, LDAP_REQ_BIND,
-	    ld->ld_version, dn, LDAP_AUTH_KRBV42, cred, credlen );
-
-	LDAP_FREE( cred );
-
-	if ( rc == -1 ) {
-		ber_free( ber, 1 );
-		ld->ld_errno = LDAP_ENCODING_ERROR;
-		return( -1 );
-	}
-
-	/* send the message */
-	return ( ldap_send_initial_request( ld, LDAP_REQ_BIND, dn, ber, id ));
-}
-
-/* synchronous bind to DSA using kerberos */
-int
-ldap_kerberos_bind2_s( LDAP *ld, LDAP_CONST char *dn )
-{
-	int		msgid;
-	LDAPMessage	*res;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind2_s\n", 0, 0, 0 );
-
-	/* initiate the bind */
-	if ( (msgid = ldap_kerberos_bind2( ld, dn )) == -1 )
-		return( ld->ld_errno );
-
-	/* wait for a result */
-	if ( ldap_result( ld, msgid, LDAP_MSG_ALL, (struct timeval *) 0, &res )
-	    == -1 ) {
-		return( ld->ld_errno );	/* ldap_result sets ld_errno */
-	}
-
-	return( ldap_result2error( ld, res, 1 ) );
-}
-
-/* synchronous bind to ldap and DSA using kerberos */
-int
-ldap_kerberos_bind_s( LDAP *ld, LDAP_CONST char *dn )
-{
-	int	err;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_kerberos_bind_s\n", 0, 0, 0 );
-
-	if ( (err = ldap_kerberos_bind1_s( ld, dn )) != LDAP_SUCCESS )
-		return( err );
-
-	return( ldap_kerberos_bind2_s( ld, dn ) );
-}
-
-
-#ifndef AUTHMAN
-/*
- * ldap_get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
- * The dn of the entry to which to bind is supplied.  It's assumed the
- * user already has a tgt.
- */
-
-char *
-ldap_get_kerberosv4_credentials(
-	LDAP *ld,
-	LDAP_CONST char *who,
-	LDAP_CONST char *service,
-	ber_len_t *len )
-{
-	KTEXT_ST	ktxt;
-	int		err;
-	char		realm[REALM_SZ], *cred, *krbinstance;
-
-	Debug( LDAP_DEBUG_TRACE, "ldap_get_kerberosv4_credentials\n", 0, 0, 0 );
-
-	if ( (err = krb_get_tf_realm( tkt_string(), realm )) != KSUCCESS ) {
-		Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
-			"krb_get_tf_realm failed: %s\n", krb_err_txt[err], 0, 0 );
-		ld->ld_errno = LDAP_AUTH_UNKNOWN;
-		return( NULL );
-	}
-
-	err = 0;
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_lock( &ld->ld_req_mutex );
-#endif
-	if ( ber_sockbuf_ctrl( ld->ld_sb, LBER_SB_OPT_GET_FD, NULL ) == -1 ) {
-		/* not connected yet */
-		err = ldap_open_defconn( ld );
-	}
-#ifdef LDAP_R_COMPILE
-	ldap_pvt_thread_mutex_unlock( &ld->ld_req_mutex );
-#endif
-	if ( err < 0 ) return NULL;
-
-	krbinstance = ld->ld_defconn->lconn_krbinstance;
-
-	if ( (err = krb_mk_req( &ktxt, service, krbinstance, realm, 0 ))
-	    != KSUCCESS )
-	{
-		Debug( LDAP_DEBUG_ANY, "ldap_get_kerberosv4_credentials: "
-			"krb_mk_req failed (%s)\n", krb_err_txt[err], 0, 0 );
-		ld->ld_errno = LDAP_AUTH_UNKNOWN;
-		return( NULL );
-	}
-
-	if ( ( cred = LDAP_MALLOC( ktxt.length )) == NULL ) {
-		ld->ld_errno = LDAP_NO_MEMORY;
-		return( NULL );
-	}
-
-	*len = ktxt.length;
-	AC_MEMCPY( cred, ktxt.dat, ktxt.length );
-
-	return( cred );
-}
-
-#endif /* !AUTHMAN */
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -480,18 +480,6 @@ LDAP_F (int) ldap_int_client_controls LDAP_P((
 */
 LDAP_F (int) ldap_int_next_line_tokens LDAP_P(( char **bufp, ber_len_t *blenp, char ***toksp ));

-#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
-/*
- * in kerberos.c
- */
-LDAP_F (char *) ldap_get_kerberosv4_credentials LDAP_P((
-	LDAP *ld,
-	LDAP_CONST char *who,
-	LDAP_CONST char *service,
-	ber_len_t *len ));
-
-#endif /* LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND */
-

 /*
 * in open.c
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@ -705,8 +705,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
 	return rc;
 }

-#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
-	defined( HAVE_CYRUS_SASL )
+#if defined( HAVE_CYRUS_SASL )
 char *
 ldap_host_connected_to( Sockbuf *sb, const char *host )
 {