auth/spnego: remove dead code from gensec_spnego_parse_negTokenInit()

Check with git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

1 files changed, 0 insertions, 85 deletions

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index f943463ba30..17cf911e4aa 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -325,91 +325,6 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	/* Having tried any optimistic token from the client (if we
-	 * were the server), if we didn't get anywhere, walk our list
-	 * in our preference order */
-	unwrapped_in = data_blob_null;
-
-	if (!spnego_state->sub_sec_security) {
-		for (i=0; all_sec && all_sec[i].op; i++) {
-			nt_status = gensec_subcontext_start(spnego_state,
-							    gensec_security,
-							    &spnego_state->sub_sec_security);
-			if (!NT_STATUS_IS_OK(nt_status)) {
-				return nt_status;
-			}
-			/* select the sub context */
-			nt_status = gensec_start_mech_by_ops(spnego_state->sub_sec_security,
-							     all_sec[i].op);
-			if (!NT_STATUS_IS_OK(nt_status)) {
-				/*
-				 * Pretend we never started it.
-				 */
-				gensec_spnego_update_sub_abort(spnego_state);
-				continue;
-			}
-
-			spnego_state->neg_oid = all_sec[i].oid;
-
-			/* only get the helping start blob for the first OID */
-			nt_status = gensec_update_ev(spnego_state->sub_sec_security,
-						  out_mem_ctx, 
-						  ev,
-						  unwrapped_in,
-						  unwrapped_out);
-			if (NT_STATUS_IS_OK(nt_status)) {
-				spnego_state->sub_sec_ready = true;
-			}
-
-			/* it is likely that a NULL input token will
-			 * not be liked by most server mechs, but if
-			 * we are in the client, we want the first
-			 * update packet to be able to abort the use
-			 * of this mech */
-			if (spnego_state->state_position != SPNEGO_SERVER_START) {
-				if (NT_STATUS_EQUAL(nt_status, NT_STATUS_INVALID_PARAMETER) || 
-				    NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_LOGON_SERVERS) ||
-				    NT_STATUS_EQUAL(nt_status, NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
-				    NT_STATUS_EQUAL(nt_status, NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
-					const char *next = NULL;
-					const char *principal = NULL;
-					int dbg_level = DBGLVL_WARNING;
-
-					if (all_sec[i+1].op != NULL) {
-						next = all_sec[i+1].op->name;
-						dbg_level = DBGLVL_NOTICE;
-					}
-
-					if (gensec_security->target.principal != NULL) {
-						principal = gensec_security->target.principal;
-					} else if (gensec_security->target.service != NULL &&
-						   gensec_security->target.hostname != NULL)
-					{
-						principal = talloc_asprintf(spnego_state->sub_sec_security,
-									    "%s/%s",
-									    gensec_security->target.service,
-									    gensec_security->target.hostname);
-					} else {
-						principal = gensec_security->target.hostname;
-					}
-
-					DEBUG(dbg_level, ("SPNEGO(%s) creating NEG_TOKEN_INIT for %s failed (next[%s]): %s\n",
-							  spnego_state->sub_sec_security->ops->name,
-							  principal,
-							  next, nt_errstr(nt_status)));
-
-					/*
-					 * Pretend we never started it.
-					 */
-					gensec_spnego_update_sub_abort(spnego_state);
-					continue;
-				}
-			}
-
-			break;
-		}
-	}
-
 	if (spnego_state->sub_sec_security) {
 		/* it is likely that a NULL input token will
 		 * not be liked by most server mechs, but this