krb5_free_context(context);
}
-#if 0
-#ifdef HAVE_SET_ALLOWABLE_ENCTYPES
-/*
- * this routine obtains a credentials handle via gss_acquire_cred()
- * then calls gss_krb5_set_allowable_enctypes() to limit the encryption
- * types negotiated.
- *
- * Returns:
- * 0 => all went well
- * -1 => there was an error
- */
-
-int
-limit_krb5_enctypes(struct rpc_gss_sec *sec, uid_t uid)
-{
- unsigned int maj_stat, min_stat;
- gss_cred_id_t credh;
- gss_OID_set_desc desired_mechs;
- krb5_enctype enctypes[] = {ENCTYPE_DES_CBC_CRC};
- int num_enctypes = sizeof(enctypes) / sizeof(enctypes[0]);
-
- /* We only care about getting a krb5 cred */
- desired_mechs.count = 1;
- desired_mechs.elements = &krb5oid;
-
- maj_stat = gss_acquire_cred(&min_stat, NULL, 0,
- &desired_mechs, GSS_C_INITIATE,
- &credh, NULL, NULL);
-
- if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_acquire_cred",
- maj_stat, min_stat, &krb5oid);
- return -1;
- }
-
- /*
- * If we failed for any reason to produce global
- * list of supported enctypes, use local default here.
- */
- if (krb5_enctypes == NULL)
- maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
- &krb5oid, num_enctypes, &enctypes);
- else
- maj_stat = gss_set_allowable_enctypes(&min_stat, credh,
- &krb5oid, num_krb5_enctypes,
- krb5_enctypes);
- if (maj_stat != GSS_S_COMPLETE) {
- pgsserr("gss_set_allowable_enctypes",
- maj_stat, min_stat, &krb5oid);
- return -1;
- }
- sec->cred = credh;
- return 0;
-}
-#endif /* HAVE_SET_ALLOWABLE_ENCTYPES */
-#endif
-
-#if 0
-/*
- * Obtain supported enctypes from kernel.
- * Set defaults if info is not available.
- */
-void
-gssd_obtain_kernel_krb5_info(void)
-{
- char enctype_file_name[128];
- char buf[1024];
- char enctypes[128];
- int nscanned;
- int fd;
- int use_default_enctypes = 0;
- int nbytes, numfields;
- char default_enctypes[] = "1,3,2";
- int code;
-
- snprintf(enctype_file_name, sizeof(enctype_file_name),
- "%s/%s", pipefs_dir, "krb5_info");
-
- if ((fd = open(enctype_file_name, O_RDONLY)) == -1) {
- printerr(1, "WARNING: gssd_obtain_kernel_krb5_info: "
- "Unable to open '%s'. Unable to determine "
- "Kerberos encryption types supported by the "
- "kernel; using defaults (%s).\n",
- enctype_file_name, default_enctypes);
- use_default_enctypes = 1;
- goto do_the_parse;
- }
- memset(buf, 0, sizeof(buf));
- if ((nbytes = read(fd, buf, sizeof(buf)-1)) == -1) {
- printerr(0, "WARNING: gssd_obtain_kernel_krb5_info: "
- "Error reading Kerberos encryption type "
- "information file '%s'; using defaults (%s).\n",
- enctype_file_name, default_enctypes);
- use_default_enctypes = 1;
- close(fd);
- goto do_the_parse;
- }
- close(fd);
- numfields = sscanf(buf, "enctypes: %s\n%n", enctypes, &nscanned);
- if (numfields < 1) {
- printerr(0, "WARNING: gssd_obtain_kernel_krb5_info: "
- "error parsing Kerberos encryption type "
- "information from file '%s'; using defaults (%s).\n",
- enctype_file_name, default_enctypes);
- use_default_enctypes = 1;
- goto do_the_parse;
- }
- if (nbytes > nscanned) {
- printerr(2, "gssd_obtain_kernel_krb5_info: "
- "Ignoring extra information, '%s', from '%s'\n",
- buf+nscanned, enctype_file_name);
- goto do_the_parse;
- }
- do_the_parse:
- if (use_default_enctypes)
- strcpy(enctypes, default_enctypes);
-
- if ((code = parse_enctypes(enctypes)) != 0) {
- printerr(0, "ERROR: gssd_obtain_kernel_krb5_info: "
- "parse_enctypes%s failed with code %d\n",
- use_default_enctypes ? " (with default enctypes)" : "",
- code);
- }
-}
-#endif