r15210: Add wrapper functions smb_krb5_parse_name, smb_krb5_unparse_name,

smb_krb5_parse_name_norealm_conv that pull/push from unix charset
to utf8 (which krb5 uses on the wire). This should fix issues when
the unix charset is not compatible with or set to utf8.
Jeremy.
(This used to be commit 37ab42afbc9a79cf5b04ce6a1bf4060e9c961199)

5 files changed, 37 insertions, 41 deletions

diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index e5211813d3..960709a5f0 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -90,7 +90,7 @@ int kerberos_kinit_password_ext(const char *principal,
 		return code;
 	}
 	
-	if ((code = krb5_parse_name(ctx, principal, &me))) {
+	if ((code = smb_krb5_parse_name(ctx, principal, &me))) {
 		krb5_free_context(ctx);	
 		return code;
 	}
@@ -260,21 +260,21 @@ krb5_principal kerberos_fetch_salt_princ_for_host_princ(krb5_context context,
 	char *unparsed_name = NULL, *salt_princ_s = NULL;
 	krb5_principal ret_princ = NULL;
 
-	if (krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
+	if (smb_krb5_unparse_name(context, host_princ, &unparsed_name) != 0) {
 		return (krb5_principal)NULL;
 	}
 
 	if ((salt_princ_s = kerberos_secrets_fetch_salting_principal(unparsed_name, enctype)) == NULL) {
-		krb5_free_unparsed_name(context, unparsed_name);
+		SAFE_FREE(unparsed_name);
 		return (krb5_principal)NULL;
 	}
 
-	if (krb5_parse_name(context, salt_princ_s, &ret_princ) != 0) {
-		krb5_free_unparsed_name(context, unparsed_name);
+	if (smb_krb5_parse_name(context, salt_princ_s, &ret_princ) != 0) {
+		SAFE_FREE(unparsed_name);
 		SAFE_FREE(salt_princ_s);
 		return (krb5_principal)NULL;
 	}
-	krb5_free_unparsed_name(context, unparsed_name);
+	SAFE_FREE(unparsed_name);
 	SAFE_FREE(salt_princ_s);
 	return ret_princ;
 }
@@ -308,11 +308,11 @@ BOOL kerberos_secrets_store_salting_principal(const char *service,
 		asprintf(&princ_s, "%s@%s", service, lp_realm());
 	}
 
-	if (krb5_parse_name(context, princ_s, &princ) != 0) {
+	if (smb_krb5_parse_name(context, princ_s, &princ) != 0) {
 		goto out;
 		
 	}
-	if (krb5_unparse_name(context, princ, &unparsed_name) != 0) {
+	if (smb_krb5_unparse_name(context, princ, &unparsed_name) != 0) {
 		goto out;
 	}
 
@@ -331,10 +331,8 @@ BOOL kerberos_secrets_store_salting_principal(const char *service,
 
 	SAFE_FREE(key);
 	SAFE_FREE(princ_s);
+	SAFE_FREE(unparsed_name);
 
-	if (unparsed_name) {
-		krb5_free_unparsed_name(context, unparsed_name);
-	}
 	if (context) {
 		krb5_free_context(context);
 	}
@@ -396,8 +394,8 @@ static krb5_error_code get_service_ticket(krb5_context ctx,
 		asprintf(&service_s, "%s@%s", service_principal, lp_realm());
 	}
 
-	if ((err = krb5_parse_name(ctx, service_s, &creds.server))) {
-		DEBUG(0,("get_service_ticket: krb5_parse_name %s failed: %s\n", 
+	if ((err = smb_krb5_parse_name(ctx, service_s, &creds.server))) {
+		DEBUG(0,("get_service_ticket: smb_krb5_parse_name %s failed: %s\n", 
 			service_s, error_message(err)));
 		goto out;
 	}
@@ -476,8 +474,8 @@ static BOOL verify_service_password(krb5_context ctx,
 		asprintf(&salting_s, "%s@%s", salting_principal, lp_realm());
 	}
 
-	if ((err = krb5_parse_name(ctx, salting_s, &salting_kprinc))) {
-		DEBUG(0,("verify_service_password: krb5_parse_name %s failed: %s\n", 
+	if ((err = smb_krb5_parse_name(ctx, salting_s, &salting_kprinc))) {
+		DEBUG(0,("verify_service_password: smb_krb5_parse_name %s failed: %s\n", 
 			salting_s, error_message(err)));
 		goto out;
 	}
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index f6ed107ee0..fc87b687d1 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -130,9 +130,9 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 	/* Guess at how the KDC is salting keys for this principal. */
 	kerberos_derive_salting_principal(princ_s);
 
-	ret = krb5_parse_name(context, princ_s, &princ);
+	ret = smb_krb5_parse_name(context, princ_s, &princ);
 	if (ret) {
-		DEBUG(1,("ads_keytab_add_entry: krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
+		DEBUG(1,("ads_keytab_add_entry: smb_krb5_parse_name(%s) failed (%s)\n", princ_s, error_message(ret)));
 		goto out;
 	}
 
@@ -150,9 +150,10 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 		while(!krb5_kt_next_entry(context, keytab, &kt_entry, &cursor)) {
 			BOOL compare_name_ok = False;
 
-			ret = krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+			ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
 			if (ret) {
-				DEBUG(1,("ads_keytab_add_entry: krb5_unparse_name failed (%s)\n", error_message(ret)));
+				DEBUG(1,("ads_keytab_add_entry: smb_krb5_unparse_name failed (%s)\n",
+					error_message(ret)));
 				goto out;
 			}
 
@@ -176,8 +177,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 					ktprinc, kt_entry.vno));
 			}
 
-			krb5_free_unparsed_name(context, ktprinc);
-			ktprinc = NULL;
+			SAFE_FREE(ktprinc);
 
 			if (compare_name_ok) {
 				if (kt_entry.vno == kvno - 1) {
@@ -581,9 +581,9 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 				char *p;
 
 				/* This returns a malloc'ed string in ktprinc. */
-				ret = krb5_unparse_name(context, kt_entry.principal, &ktprinc);
+				ret = smb_krb5_unparse_name(context, kt_entry.principal, &ktprinc);
 				if (ret) {
-					DEBUG(1,("krb5_unparse_name failed (%s)\n", error_message(ret)));
+					DEBUG(1,("smb_krb5_unparse_name failed (%s)\n", error_message(ret)));
 					goto done;
 				}
 				/*
@@ -606,12 +606,12 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 						break;
 					}
 					if (!strcmp(oldEntries[i], ktprinc)) {
-						krb5_free_unparsed_name(context, ktprinc);
+						SAFE_FREE(ktprinc);
 						break;
 					}
 				}
 				if (i == found) {
-					krb5_free_unparsed_name(context, ktprinc);
+					SAFE_FREE(ktprinc);
 				}
 			}
 			smb_krb5_kt_free_entry(context, &kt_entry);
@@ -620,7 +620,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		ret = 0;
 		for (i = 0; oldEntries[i]; i++) {
 			ret |= ads_keytab_add_entry(ads, oldEntries[i]);
-			krb5_free_unparsed_name(context, oldEntries[i]);
+			SAFE_FREE(oldEntries[i]);
 		}
 		krb5_kt_end_seq_get(context, keytab, &cursor);
 	}
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 934c1131eb..fa957aa9c0 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -90,9 +90,10 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
   
 	if (ret != KRB5_KT_END && ret != ENOENT ) {
 		while (!auth_ok && (krb5_kt_next_entry(context, keytab, &kt_entry, &kt_cursor) == 0)) {
-			ret = krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
+			ret = smb_krb5_unparse_name(context, kt_entry.principal, &entry_princ_s);
 			if (ret) {
-				DEBUG(1, ("ads_keytab_verify_ticket: krb5_unparse_name failed (%s)\n", error_message(ret)));
+				DEBUG(1, ("ads_keytab_verify_ticket: smb_krb5_unparse_name failed (%s)\n",
+					error_message(ret)));
 				goto out;
 			}
 
@@ -138,8 +139,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
 			}
 
 			/* Free the name we parsed. */
-			krb5_free_unparsed_name(context, entry_princ_s);
-			entry_princ_s = NULL;
+			SAFE_FREE(entry_princ_s);
 
 			/* Free the entry we just read. */
 			smb_krb5_kt_free_entry(context, &kt_entry);
@@ -165,9 +165,7 @@ static BOOL ads_keytab_verify_ticket(krb5_context context, krb5_auth_context aut
 		}
 	}
 
-	if (entry_princ_s) {
-		krb5_free_unparsed_name(context, entry_princ_s);
-	}
+	SAFE_FREE(entry_princ_s);
 
 	{
 		krb5_keytab_entry zero_kt_entry;
@@ -343,9 +341,9 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 
 	asprintf(&host_princ_s, "%s$", global_myname());
 	strlower_m(host_princ_s);
-	ret = krb5_parse_name(context, host_princ_s, &host_princ);
+	ret = smb_krb5_parse_name(context, host_princ_s, &host_princ);
 	if (ret) {
-		DEBUG(1,("ads_verify_ticket: krb5_parse_name(%s) failed (%s)\n",
+		DEBUG(1,("ads_verify_ticket: smb_krb5_parse_name(%s) failed (%s)\n",
 					host_princ_s, error_message(ret)));
 		goto out;
 	}
@@ -459,8 +457,8 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 #endif
 #endif
 
-	if ((ret = krb5_unparse_name(context, client_principal, principal))) {
-		DEBUG(3,("ads_verify_ticket: krb5_unparse_name failed (%s)\n", 
+	if ((ret = smb_krb5_unparse_name(context, client_principal, principal))) {
+		DEBUG(3,("ads_verify_ticket: smb_krb5_unparse_name failed (%s)\n", 
 			 error_message(ret)));
 		sret = NT_STATUS_LOGON_FAILURE;
 		goto out;
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 415c1e9229..254ca7b2a3 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -521,7 +521,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	realm++;
 
 	asprintf(&princ_name, "kadmin/changepw@%s", realm);
-	ret = krb5_parse_name(context, princ_name, &creds.server);
+	ret = smb_krb5_parse_name(context, princ_name, &creds.server);
 	if (ret) {
 		krb5_cc_close(context, ccache);
                 krb5_free_context(context);
@@ -531,7 +531,7 @@ ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
 	free(princ_name);
 
 	/* parse the principal we got as a function argument */
-	ret = krb5_parse_name(context, princ, &principal);
+	ret = smb_krb5_parse_name(context, princ, &principal);
 	if (ret) {
 		krb5_cc_close(context, ccache);
 	        krb5_free_principal(context, creds.server);
@@ -633,7 +633,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host,
 	return ADS_ERROR_KRB5(ret);
     }
 
-    if ((ret = krb5_parse_name(context, principal,
+    if ((ret = smb_krb5_parse_name(context, principal,
                                     &princ))) {
 	krb5_free_context(context);
 	DEBUG(1,("Failed to parse %s (%s)\n", principal, error_message(ret)));
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index d8d33a924f..a12af43eb3 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -304,7 +304,7 @@ static ADS_STATUS ads_sasl_gssapi_bind(ADS_STRUCT *ads)
 	if (!ADS_ERR_OK(status)) {
 		return status;
 	}
-	status = ADS_ERROR_KRB5(krb5_parse_name(ctx, sname, &principal));
+	status = ADS_ERROR_KRB5(smb_krb5_parse_name(ctx, sname, &principal));
 	if (!ADS_ERR_OK(status)) {
 		return status;
 	}