Stop tpot from trampling over my Heimdal fixes by moving some of them

to HEAD :-).
Jeremy.
(This used to be commit 1fec0f50ed0e750afec5cdf551fcd37ef4858e94)

1 files changed, 122 insertions, 0 deletions

diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 2047efd704..203d9d874b 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -70,6 +70,128 @@
  __ERROR__XX__UNKNOWN_ADDRTYPE
 #endif
 
+#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY)
+ int create_kerberos_key_from_string(krb5_context context,
+					krb5_principal host_princ,
+					krb5_data *password,
+					krb5_keyblock *key)
+{
+	int ret;
+	krb5_data salt;
+	krb5_encrypt_block eblock;
+
+	ret = krb5_principal2salt(context, host_princ, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
+		return ret;
+	}
+	krb5_use_enctype(context, &eblock, ENCTYPE_DES_CBC_MD5);
+	return krb5_string_to_key(context, &eblock, key, password, &salt);
+}
+#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
+ int create_kerberos_key_from_string(krb5_context context,
+					krb5_principal host_princ,
+					krb5_data *password,
+					krb5_keyblock *key)
+{
+	int ret;
+	krb5_salt salt;
+
+	ret = krb5_get_pw_salt(context, host_princ, &salt);
+	if (ret) {
+		DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
+		return ret;
+	}
+	return krb5_string_to_key_salt(context, ENCTYPE_DES_CBC_MD5, password->data,
+		salt, key);
+}
+#else
+ __ERROR_XX_UNKNOWN_CREATE_KEY_FUNCTIONS
+#endif
+
+#if defined(HAVE_KRB5_AUTH_CON_SETKEY) && !defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY)
+ krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context,
+					krb5_auth_context auth_context,
+					krb5_keyblock *keyblock)
+{
+	return krb5_auth_con_setkey(context, auth_context, keyblock);
+}
+#endif
+
+ void get_auth_data_from_tkt(DATA_BLOB *auth_data, krb5_ticket *tkt)
+{
+#if defined(HAVE_KRB5_TKT_ENC_PART2)
+	if (tkt->enc_part2)
+		*auth_data = data_blob(tkt->enc_part2->authorization_data[0]->contents,
+			tkt->enc_part2->authorization_data[0]->length);
+#else
+	if (tkt->ticket.authorization_data && tkt->ticket.authorization_data->len)
+		*auth_data = data_blob(tkt->ticket.authorization_data->val->ad_data.data,
+			tkt->ticket.authorization_data->val->ad_data.length);
+#endif
+}
+
+ krb5_const_principal get_principal_from_tkt(krb5_ticket *tkt)
+{
+#if defined(HAVE_KRB5_TKT_ENC_PART2)
+	return tkt->enc_part2->client;
+#else
+	return tkt->client;
+#endif
+}
+
+#if !defined(HAVE_KRB5_LOCATE_KDC)
+ krb5_error_code krb5_locate_kdc(krb5_context ctx, const krb5_data *realm, struct sockaddr **addr_pp, int *naddrs, int get_masters)
+{
+	krb5_krbhst_handle hnd;
+	krb5_krbhst_info *hinfo;
+	krb5_error_code rc;
+	int num_kdcs, i;
+	struct sockaddr *sa;
+
+	*addr_pp = NULL;
+	*naddrs = 0;
+
+	rc = krb5_krbhst_init(ctx, realm->data, KRB5_KRBHST_KDC, &hnd);
+	if (rc) {
+		DEBUG(0, ("krb5_locate_kdc: krb5_krbhst_init failed (%s)\n", error_message(rc)));
+		return rc;
+	}
+
+	for ( num_kdcs = 0; (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); num_kdcs++)
+		;
+
+	krb5_krbhst_reset(ctx, hnd);
+
+	if (!num_kdcs) {
+		DEBUG(0, ("krb5_locate_kdc: zero kdcs found !\n"));
+		krb5_krbhst_free(ctx, hnd);
+		return -1;
+	}
+
+	sa = malloc( sizeof(struct sockaddr) * num_kdcs );
+	if (!sa) {
+		DEBUG(0, ("krb5_locate_kdc: malloc failed\n"));
+		krb5_krbhst_free(ctx, hnd);
+		naddrs = 0;
+		return -1;
+	}
+
+	memset(*addr_pp, '\0', sizeof(struct sockaddr) * num_kdcs );
+
+	for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) {
+		if (hinfo->ai->ai_family == AF_INET)
+			memcpy(&sa[i], hinfo->ai->ai_addr, sizeof(struct sockaddr));
+	}
+
+	krb5_krbhst_free(ctx, hnd);
+
+	*naddrs = num_kdcs;
+	*addr_pp = sa;
+	return 0;
+}
+#endif
+
 /*
   we can't use krb5_mk_req because w2k wants the service to be in a particular format
 */