mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-22 10:10:14 -04:00
84b96df153
Since the "tkey-gssapi-credential" statement has been previously
deprecated, mark it as ancient and remove all code related to it:
- The code processing the "tkey-gssapi-credential" statement in the
configuration is the only user of the dst_gssapi_acquirecred() and
dst_gssapi_releasecred() functions, so remove them along with their
static helper functions and a backup definition of the
GSS_KRB5_MECHANISM macro.
- When calling gss_accept_sec_context(), pass GSS_C_NO_CREDENTIAL
instead of the credential acquired by gss_acquire_cred().
(Previously, NULL was passed when "tkey-gssapi-credential" was not
specified. Kerberos headers define GSS_C_NO_CREDENTIAL as
(gss_cred_id_t) 0, so the logic was effectively the same, but using
the GSS_C_NO_CREDENTIAL macro is more appropriate.) This renders
the 'cred' parameter for dst_gssapi_acceptctx() redundant, so remove
it from the prototype of the latter. (Contrary to what the
documentation for dst_gssapi_acceptctx() claims,
dst_gssapi_releasecred() does not need to subsequently be called to
free the GSS-API context; a dst_gssapi_deletectx() call in
gssapi_destroy() takes care of that when the dynamically generated
TSIG key is destroyed.)
- Remove the 'gsscred' member from struct dns_tkeyctx, along with its
related dns_gss_cred_id_t typedef.
Update the relevant sections of the ARM and code comments accordingly.
This makes the "tkey-gssapi-keytab" statement the only way to set up
GSS-TSIG in named.
Remove redundant code from bin/named/tkeyconf.c while at it.
|
||
|---|---|---|
| .. | ||
| _ext | ||
| _static | ||
| .gitignore | ||
| advanced.inc.rst | ||
| build.inc.rst | ||
| catz.inc.rst | ||
| changelog.rst | ||
| chapter1.rst | ||
| chapter2.rst | ||
| chapter3.rst | ||
| chapter4.rst | ||
| chapter5.rst | ||
| chapter6.rst | ||
| chapter7.rst | ||
| chapter9.rst | ||
| chapter10.rst | ||
| conf.py | ||
| config-auth.inc.rst | ||
| config-intro.inc.rst | ||
| config-resolve.inc.rst | ||
| dlz.inc.rst | ||
| dns-ops.inc.rst | ||
| dns-security-overview.dia | ||
| dns-security-overview.png | ||
| dns-servers.dia | ||
| dns-servers.png | ||
| dns-tree.dia | ||
| dns-tree.png | ||
| dnssec-guide.rst | ||
| dnssec.inc.rst | ||
| dyndb.inc.rst | ||
| general.rst | ||
| history.rst | ||
| index.rst | ||
| intro-dns-bind.inc.rst | ||
| intro-security.inc.rst | ||
| introduction.inc.rst | ||
| isc-logo.pdf | ||
| logging-categories.inc.rst | ||
| managed-keys.inc.rst | ||
| manpages.rst | ||
| meson.build | ||
| name-resolution.dia | ||
| name-resolution.png | ||
| notes.rst | ||
| pkcs11.inc.rst | ||
| platforms.inc.rst | ||
| plugins.inc.rst | ||
| primary-secondary.dia | ||
| primary-secondary.png | ||
| recursive-query.dia | ||
| recursive-query.png | ||
| reference.rst | ||
| requirements.inc.rst | ||
| requirements.txt | ||
| resolver-forward.dia | ||
| resolver-forward.png | ||
| rpz.inc.rst | ||
| security.inc.rst | ||
| sig0.inc.rst | ||
| troubleshooting.inc.rst | ||
| tsig.inc.rst | ||
| zones.inc.rst | ||
