Michał Kępień 84b96df153 Remove "tkey-gssapi-credential" and related code ... Since the "tkey-gssapi-credential" statement has been previously deprecated, mark it as ancient and remove all code related to it: - The code processing the "tkey-gssapi-credential" statement in the configuration is the only user of the dst_gssapi_acquirecred() and dst_gssapi_releasecred() functions, so remove them along with their static helper functions and a backup definition of the GSS_KRB5_MECHANISM macro. - When calling gss_accept_sec_context(), pass GSS_C_NO_CREDENTIAL instead of the credential acquired by gss_acquire_cred(). (Previously, NULL was passed when "tkey-gssapi-credential" was not specified. Kerberos headers define GSS_C_NO_CREDENTIAL as (gss_cred_id_t) 0, so the logic was effectively the same, but using the GSS_C_NO_CREDENTIAL macro is more appropriate.) This renders the 'cred' parameter for dst_gssapi_acceptctx() redundant, so remove it from the prototype of the latter. (Contrary to what the documentation for dst_gssapi_acceptctx() claims, dst_gssapi_releasecred() does not need to subsequently be called to free the GSS-API context; a dst_gssapi_deletectx() call in gssapi_destroy() takes care of that when the dynamically generated TSIG key is destroyed.) - Remove the 'gsscred' member from struct dns_tkeyctx, along with its related dns_gss_cred_id_t typedef. Update the relevant sections of the ARM and code comments accordingly. This makes the "tkey-gssapi-keytab" statement the only way to set up GSS-TSIG in named. Remove redundant code from bin/named/tkeyconf.c while at it.		2025-10-06 13:19:50 +02:00
..
dst.h	Minor refactor of dst code	2025-10-01 12:25:53 +00:00
gssapi.h	Remove "tkey-gssapi-credential" and related code	2025-10-06 13:19:50 +02:00