Received-SPF: pass (google.com: domain of linux-nfs+bounces-372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
From: Olga Kornievskaia <olga.kornievskaia@gmail.com>
To: steved@redhat.com
Cc: linux-nfs@vger.kernel.org,
	chuck.lever@oracle.com
Subject: [PATCH 1/6] gssd: revert commit a5f3b7ccb01c
Date: Wed,  6 Dec 2023 16:33:27 -0500
Message-Id: <20231206213332.55565-2-olga.kornievskaia@gmail.com>
In-Reply-To: <20231206213332.55565-1-olga.kornievskaia@gmail.com>
References: <20231206213332.55565-1-olga.kornievskaia@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

From: Olga Kornievskaia <kolga@netapp.com>

In preparation for using rpc_gss_seccreate() function, revert commit
a5f3b7ccb01c "gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user
credentials"

Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
---
 utils/gssd/gssd_proc.c |  2 --
 utils/gssd/krb5_util.c | 42 ------------------------------------------
 utils/gssd/krb5_util.h |  1 -
 3 files changed, 45 deletions(-)

diff --git a/utils/gssd/gssd_proc.c b/utils/gssd/gssd_proc.c
index a96647df..e5cc1d98 100644
--- a/utils/gssd/gssd_proc.c
+++ b/utils/gssd/gssd_proc.c
@@ -419,8 +419,6 @@ create_auth_rpc_client(struct clnt_info *clp,
 			if (cred == GSS_C_NO_CREDENTIAL)
 				retval = gssd_refresh_krb5_machine_credential(clp->servername,
 					"*", NULL, 1);
-			else
-				retval = gssd_k5_remove_bad_service_cred(clp->servername);
 			if (!retval) {
 				auth = authgss_create_default(rpc_clnt, tgtname,
 						&sec);
diff --git a/utils/gssd/krb5_util.c b/utils/gssd/krb5_util.c
index 6f66ef4f..f6ce1fec 100644
--- a/utils/gssd/krb5_util.c
+++ b/utils/gssd/krb5_util.c
@@ -1553,48 +1553,6 @@ gssd_acquire_user_cred(gss_cred_id_t *gss_cred)
 	return ret;
 }
 
-/* Removed a service ticket for nfs/<name> from the ticket cache
- */
-int
-gssd_k5_remove_bad_service_cred(char *name)
-{
-        krb5_creds in_creds, out_creds;
-        krb5_error_code ret;
-        krb5_context context;
-        krb5_ccache cache;
-        krb5_principal principal;
-        int retflags = KRB5_TC_MATCH_SRV_NAMEONLY;
-        char srvname[1024];
-
-        ret = krb5_init_context(&context);
-        if (ret)
-                goto out_cred;
-        ret = krb5_cc_default(context, &cache);
-        if (ret)
-                goto out_free_context;
-        ret = krb5_cc_get_principal(context, cache, &principal);
-        if (ret)
-                goto out_close_cache;
-        memset(&in_creds, 0, sizeof(in_creds));
-        in_creds.client = principal;
-        sprintf(srvname, "nfs/%s", name);
-        ret = krb5_parse_name(context, srvname, &in_creds.server);
-        if (ret)
-                goto out_free_principal;
-        ret = krb5_cc_retrieve_cred(context, cache, retflags, &in_creds, &out_creds);
-        if (ret)
-                goto out_free_principal;
-        ret = krb5_cc_remove_cred(context, cache, 0, &out_creds);
-out_free_principal:
-        krb5_free_principal(context, principal);
-out_close_cache:
-        krb5_cc_close(context, cache);
-out_free_context:
-        krb5_free_context(context);
-out_cred:
-        return ret;
-}
-
 #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
 /*
  * this routine obtains a credentials handle via gss_acquire_cred()
diff --git a/utils/gssd/krb5_util.h b/utils/gssd/krb5_util.h
index 7ef87018..62c91a0e 100644
--- a/utils/gssd/krb5_util.h
+++ b/utils/gssd/krb5_util.h
@@ -22,7 +22,6 @@ char *gssd_k5_err_msg(krb5_context context, krb5_error_code code);
 void gssd_k5_get_default_realm(char **def_realm);
 
 int gssd_acquire_user_cred(gss_cred_id_t *gss_cred);
-int gssd_k5_remove_bad_service_cred(char *srvname);
 
 #ifdef HAVE_SET_ALLOWABLE_ENCTYPES
 extern int limit_to_legacy_enctypes;
-- 
2.39.1