Move kerberos_kinit_keyblock_cc to krb5samba lib

Make it also work with MIT where krb5_get_in_tkt_with_keyblock is not
available.

3 files changed, 1 insertions, 55 deletions

diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c
index 0fc9d143ab..b4e989d2ae 100644
--- a/source4/auth/kerberos/kerberos.c
+++ b/source4/auth/kerberos/kerberos.c
@@ -30,54 +30,6 @@
 /*
   simulate a kinit, putting the tgt in the given credentials cache. 
   Orignally by remus@snapserver.com
- 
-  This version is built to use a keyblock, rather than needing the
-  original password.
-
-  The impersonate_principal is the principal if NULL, or the principal to impersonate
-
-  The target_service defaults to the krbtgt if NULL, but could be kpasswd/realm or the local service (if we are doing s4u2self)
-*/
- krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, 
-					    krb5_principal principal, krb5_keyblock *keyblock,
-					    const char *target_service,
-					    krb5_get_init_creds_opt *krb_options,
-					    time_t *expire_time, time_t *kdc_time)
-{
-	krb5_error_code code = 0;
-	krb5_creds my_creds;
-
-	if ((code = krb5_get_init_creds_keyblock(ctx, &my_creds, principal, keyblock,
-						 0, target_service, krb_options))) {
-		return code;
-	}
-	
-	if ((code = krb5_cc_initialize(ctx, cc, principal))) {
-		krb5_free_cred_contents(ctx, &my_creds);
-		return code;
-	}
-	
-	if ((code = krb5_cc_store_cred(ctx, cc, &my_creds))) {
-		krb5_free_cred_contents(ctx, &my_creds);
-		return code;
-	}
-	
-	if (expire_time) {
-		*expire_time = (time_t) my_creds.times.endtime;
-	}
-
-	if (kdc_time) {
-		*kdc_time = (time_t) my_creds.times.starttime;
-	}
-
-	krb5_free_cred_contents(ctx, &my_creds);
-	
-	return 0;
-}
-
-/*
-  simulate a kinit, putting the tgt in the given credentials cache. 
-  Orignally by remus@snapserver.com
 
   The impersonate_principal is the principal if NULL, or the principal to impersonate
 
diff --git a/source4/auth/kerberos/kerberos.h b/source4/auth/kerberos/kerberos.h
index cc02aee27f..018f6b80b1 100644
--- a/source4/auth/kerberos/kerberos.h
+++ b/source4/auth/kerberos/kerberos.h
@@ -74,13 +74,6 @@ const krb5_data *krb5_princ_component(krb5_context context, krb5_principal princ
 #endif
 
 /* Samba wrapper function for krb5 functionality. */
-krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
-					   krb5_principal principal, const char *password,
-					   krb5_principal impersonate_principal,
-					   const char *self_service,
-					   const char *target_service,
-					   krb5_get_init_creds_opt *krb_options,
-					   time_t *expire_time, time_t *kdc_time);
 krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
 					   krb5_principal principal, krb5_keyblock *keyblock,
 					   const char *target_service,
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 1c03b34106..6383880229 100644..100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -114,6 +114,7 @@ conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK', 1)
 conf.define('HAVE_KRB5_GET_PW_SALT', 1)
 conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
 conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)