s4-auth-krb: smb_rd_req_return_stuff is used only in gensec_krb5

Make it clearly a gensec_krb5 accessory file.
This function should never be used anywhere else.
This function was copied out from the Heimdal tree and is kept in a separate
file for clarity and to keep the original license boilerplate.

4 files changed, 114 insertions, 1 deletions

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 8dde8373a8..6209c2ec4e 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -41,6 +41,7 @@
 #include "lib/util/util_net.h"
 #include "../lib/util/asn1.h"
 #include "auth/kerberos/pac_utils.h"
+#include "gensec_krb5_util.h"
 
 _PUBLIC_ NTSTATUS gensec_krb5_init(void);
 
diff --git a/source4/auth/gensec/gensec_krb5_util.c b/source4/auth/gensec/gensec_krb5_util.c
new file mode 100644
index 0000000000..44cb39c518
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_util.c
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 1997 - 2006 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden). 
+ * All rights reserved. 
+ *
+ * Redistribution and use in source and binary forms, with or without 
+ * modification, are permitted provided that the following conditions 
+ * are met: 
+ *
+ * 1. Redistributions of source code must retain the above copyright 
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright 
+ *    notice, this list of conditions and the following disclaimer in the 
+ *    documentation and/or other materials provided with the distribution. 
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors 
+ *    may be used to endorse or promote products derived from this software 
+ *    without specific prior written permission. 
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
+ * SUCH DAMAGE. 
+ */
+
+/* This file for code taken from the Heimdal code, to preserve licence */
+/* Modified by Andrew Bartlett <abartlet@samba.org> */
+
+#include "includes.h"
+#include "system/kerberos.h"
+#include "auth/kerberos/kerberos.h"
+
+/* Taken from  accept_sec_context.c,v 1.65 */
+krb5_error_code smb_rd_req_return_stuff(krb5_context context, 
+					krb5_auth_context *auth_context,
+					const krb5_data *inbuf,
+					krb5_keytab keytab, 
+					krb5_principal acceptor_principal,
+					krb5_data *outbuf, 
+					krb5_ticket **ticket, 
+					krb5_keyblock **keyblock)
+{
+	krb5_rd_req_in_ctx in = NULL;
+	krb5_rd_req_out_ctx out = NULL;
+	krb5_error_code kret;
+
+	*keyblock = NULL;
+	*ticket = NULL;
+	outbuf->length = 0;
+	outbuf->data = NULL;
+
+	kret = krb5_rd_req_in_ctx_alloc(context, &in);
+	if (kret == 0)
+	    kret = krb5_rd_req_in_set_keytab(context, in, keytab);
+	if (kret) {
+	    if (in)
+		krb5_rd_req_in_ctx_free(context, in);
+	    return kret;
+	}
+
+	kret = krb5_rd_req_ctx(context,
+			       auth_context,
+			       inbuf,
+			       acceptor_principal,
+			       in, &out);
+	krb5_rd_req_in_ctx_free(context, in);
+	if (kret) {
+	    return kret;
+	}
+
+	/*
+	 * We need to remember some data on the context_handle.
+	 */
+	kret = krb5_rd_req_out_get_ticket(context, out, 
+					  ticket);
+	if (kret == 0) {
+	    kret = krb5_rd_req_out_get_keyblock(context, out,
+						keyblock);
+	}
+	krb5_rd_req_out_ctx_free(context, out);
+
+	if (kret == 0) {
+		kret = krb5_mk_rep(context, *auth_context, outbuf);
+	}
+
+	if (kret) {
+		krb5_free_ticket(context, *ticket);
+		krb5_free_keyblock(context, *keyblock);
+		krb5_data_free(outbuf);
+	}
+
+	return kret;
+}
+    
diff --git a/source4/auth/gensec/gensec_krb5_util.h b/source4/auth/gensec/gensec_krb5_util.h
new file mode 100644
index 0000000000..09be3ff6a7
--- /dev/null
+++ b/source4/auth/gensec/gensec_krb5_util.h
@@ -0,0 +1,10 @@
+/* See gensec_krb5_util.c for the license */
+
+krb5_error_code smb_rd_req_return_stuff(krb5_context context, 
+					krb5_auth_context *auth_context,
+					const krb5_data *inbuf,
+					krb5_keytab keytab, 
+					krb5_principal acceptor_principal,
+					krb5_data *outbuf, 
+					krb5_ticket **ticket, 
+					krb5_keyblock **keyblock);
diff --git a/source4/auth/gensec/wscript_build b/source4/auth/gensec/wscript_build
index dd25b23fdb..e7bc021963 100644..100755
--- a/source4/auth/gensec/wscript_build
+++ b/source4/auth/gensec/wscript_build
@@ -6,7 +6,7 @@ bld.SAMBA_SUBSYSTEM('gensec_util',
                     autoproto='gensec_proto.h')
 
 bld.SAMBA_MODULE('gensec_krb5',
-	source='gensec_krb5.c',
+	source='gensec_krb5.c gensec_krb5_util.c',
 	subsystem='gensec',
 	init_function='gensec_krb5_init',
 	deps='samba-credentials authkrb5 com_err gensec_util',