Revert "s4:kdc: also provide cross-realm keys via samba_kdc_seq()"

This reverts commit c633aa9b023112e314ea95bd751e516e1db7e854.

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 195394b0eb46f3447d84d406457db2c3bd76256f..3b2757a9f4ec091f3dbf150a54597021f822c109 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -3109,10 +3109,6 @@ struct samba_kdc_seq {
        unsigned int index;
        unsigned int count;
        struct ldb_message **msgs;
-       enum trust_direction trust_direction;
-       unsigned int trust_index;
-       unsigned int trust_count;
-       struct ldb_message **trust_msgs;
        struct ldb_dn *realm_dn;
 };
 
@@ -3140,10 +3136,6 @@ static krb5_error_code samba_kdc_seq(krb5_context context,
                goto out;
        }
 
-       if (priv->index == priv->count) {
-               goto trusts;
-       }
-
        while (priv->index < priv->count) {
                msg = priv->msgs[priv->index++];
 
@@ -3154,13 +3146,8 @@ static krb5_error_code samba_kdc_seq(krb5_context context,
        }
 
        if (sAMAccountName == NULL) {
-               /*
-                * This is not really possible,
-                * but instead returning
-                * SDB_ERR_NOENTRY, we
-                * go on with trusts
-                */
-               goto trusts;
+               ret = SDB_ERR_NOENTRY;
+               goto out;
        }
 
        ret = smb_krb5_make_principal(context, &principal,
@@ -3185,40 +3172,6 @@ out:
        }
 
        return ret;
-
-trusts:
-       if (priv->trust_direction == UNKNOWN) {
-               ret = SDB_ERR_NOENTRY;
-               goto out;
-       }
-
-       while (priv->trust_index < priv->trust_count) {
-               msg = priv->trust_msgs[priv->trust_index++];
-
-               ret = samba_kdc_trust_message2entry(context,
-                                                   kdc_db_ctx,
-                                                   mem_ctx,
-                                                   priv->trust_direction,
-                                                   priv->realm_dn,
-                                                   SDB_F_ADMIN_DATA|SDB_F_GET_ANY,
-                                                   0, /* kvno */
-                                                   msg,
-                                                   entry);
-               if (ret == SDB_ERR_NOENTRY) {
-                       continue;
-               }
-               goto out;
-       }
-
-       if (priv->trust_direction == INBOUND) {
-               priv->trust_direction = OUTBOUND;
-               priv->trust_index = 0;
-       } else if (priv->trust_direction == OUTBOUND) {
-               priv->trust_direction = UNKNOWN;
-       } else {
-               smb_panic(__location__);
-       }
-       goto trusts;
 }
 
 krb5_error_code samba_kdc_firstkey(krb5_context context,
@@ -3231,21 +3184,23 @@ krb5_error_code samba_kdc_firstkey(krb5_context context,
        struct ldb_result *res = NULL;
        krb5_error_code ret;
        int lret;
-       NTSTATUS status;
 
        if (priv) {
                TALLOC_FREE(priv);
                kdc_db_ctx->seq_ctx = NULL;
        }
 
-       priv = talloc_zero(kdc_db_ctx, struct samba_kdc_seq);
+       priv = (struct samba_kdc_seq *) talloc(kdc_db_ctx, struct samba_kdc_seq);
        if (!priv) {
                ret = ENOMEM;
                krb5_set_error_message(context, ret, "talloc: out of memory");
                return ret;
        }
 
+       priv->index = 0;
+       priv->msgs = NULL;
        priv->realm_dn = ldb_get_default_basedn(ldb_ctx);
+       priv->count = 0;
 
        ret = krb5_get_default_realm(context, &realm);
        if (ret != 0) {
@@ -3265,25 +3220,8 @@ krb5_error_code samba_kdc_firstkey(krb5_context context,
        }
 
        priv->count = res->count;
-       priv->msgs = talloc_move(priv, &res->msgs);
-       TALLOC_FREE(res);
-
-       status = dsdb_trust_search_tdos(ldb_ctx,
-                                       NULL, /* exclude */
-                                       trust_attrs,
-                                       priv,
-                                       &res);
-       if (!NT_STATUS_IS_OK(status)) {
-               DBG_ERR("dsdb_trust_search_tdos() - %s\n",
-                       nt_errstr(status));
-               TALLOC_FREE(priv);
-               return SDB_ERR_NOENTRY;
-       }
-
-       priv->trust_direction = INBOUND;
-       priv->trust_count = res->count;
-       priv->trust_msgs = talloc_move(priv, &res->msgs);
-       TALLOC_FREE(res);
+       priv->msgs = talloc_steal(priv, res->msgs);
+       talloc_free(res);
 
        kdc_db_ctx->seq_ctx = priv;