From: Olga Kornievskaia <kolga@xxxxxxxxxx>
In preparation for using rpc_gss_seccreate() function, revert commit
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials"
Signed-off-by: Olga Kornievskaia <kolga@xxxxxxxxxx>
---
utils/gssd/gssd_proc.c | 2 --
utils/gssd/krb5_util.c | 42 ------------------------------------------
utils/gssd/krb5_util.h | 1 -
3 files changed, 45 deletions(-)
diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index a96647df..e5cc1d98 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
if (cred == GSS_C_NO_CREDENTIAL)
retval = gssd_refresh_krb5_machine_credential(clp->servername,
"*", NULL, 1);
- else
- retval = gssd_k5_remove_bad_service_cred(clp->servername);
if (!retval) {
auth = authgss_create_default(rpc_clnt, tgtname,
&sec);
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4f..f6ce1fec 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
return ret;
}
-/* Removed a service ticket for nfs/<name> from the ticket cache
- */
-int
-gssd_k5_remove_bad_service_cred(char *name)
-{
- krb5_creds in_creds, out_creds;
- krb5_error_code ret;
- krb5_context context;
- krb5_ccache cache;
- krb5_principal principal;
- int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
- char srvname[1024];
-
- ret = krb5_init_context(&context);
- if (ret)
- goto out_cred;
- ret = krb5_cc_default(context, &cache);
- if (ret)
- goto out_free_context;
- ret = krb5_cc_get_principal(context, cache, &principal);
- if (ret)
- goto out_close_cache;
- memset(&in_creds, 0, sizeof(in_creds));
- in_creds.client = principal;
- sprintf(srvname, "nfs/%s", name);
- ret = krb5_parse_name(context, srvname, &in_creds.server);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
- if (ret)
- goto out_free_principal;
- ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
-out_free_principal:
- krb5_free_principal(context, principal);
-out_close_cache:
- krb5_cc_close(context, cache);
-out_free_context:
- krb5_free_context(context);
-out_cred:
- return ret;
-}
-
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
/*
* this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef87018..62c91a0e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
void gssd_k5_get_default_realm(char **def_realm);
int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
-int gssd_k5_remove_bad_service_cred(char *srvname);
#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
extern int limit_to_legacy_enctypes;
--
2.39.1
