libcli/auth Move krb5 wrapper functions from s3 into common

This requires a small rework of the build system to ensure that the
correct #define statements are made in both the s3 and top level
builds.  We now define the various HAVE_ macros in config.h at all
times, using heimdal_build/wscript_configure when that is in use.

Andrew Bartlett

4 files changed, 79 insertions, 113 deletions

diff --git a/source4/auth/kerberos/clikrb5.c b/source4/auth/kerberos/clikrb5.c
deleted file mode 100644
index 3314cbc591..0000000000
--- a/source4/auth/kerberos/clikrb5.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-   simple kerberos5 routines for active directory
-   Copyright (C) Andrew Tridgell 2001
-   Copyright (C) Luke Howard 2002-2003
-   Copyright (C) Andrew Bartlett <abartlet@samba.org> 2005
-  
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "system/network.h"
-#include "system/kerberos.h"
-#include "system/time.h"
-#include "auth/kerberos/kerberos.h"
-
-#ifdef HAVE_KRB5
-
-#if defined(HAVE_KRB5_PRINCIPAL2SALT) && defined(HAVE_KRB5_USE_ENCTYPE) && defined(HAVE_KRB5_STRING_TO_KEY) && defined(HAVE_KRB5_ENCRYPT_BLOCK)
- int create_kerberos_key_from_string(krb5_context context,
-					krb5_principal host_princ,
-					krb5_data *password,
-					krb5_keyblock *key,
-					krb5_enctype enctype)
-{
-	int ret;
-	krb5_data salt;
-	krb5_encrypt_block eblock;
-
-	ret = krb5_principal2salt(context, host_princ, &salt);
-	if (ret) {
-		DEBUG(1,("krb5_principal2salt failed (%s)\n", error_message(ret)));
-		return ret;
-	}
-	krb5_use_enctype(context, &eblock, enctype);
-	ret = krb5_string_to_key(context, &eblock, key, password, &salt);
-	SAFE_FREE(salt.data);
-	return ret;
-}
-#elif defined(HAVE_KRB5_GET_PW_SALT) && defined(HAVE_KRB5_STRING_TO_KEY_SALT)
- int create_kerberos_key_from_string(krb5_context context,
-					krb5_principal host_princ,
-					krb5_data *password,
-					krb5_keyblock *key,
-					krb5_enctype enctype)
-{
-	int ret;
-	krb5_salt salt;
-
-	ret = krb5_get_pw_salt(context, host_princ, &salt);
-	if (ret) {
-		DEBUG(1,("krb5_get_pw_salt failed (%s)\n", error_message(ret)));
-		return ret;
-	}
-	ret = krb5_string_to_key_salt(context, enctype, password->data,
-				      salt, key);
-	krb5_free_salt(context, salt);
-	return ret;
-}
-#else
-#error UNKNOWN_CREATE_KEY_FUNCTIONS
-#endif
-
- void kerberos_free_data_contents(krb5_context context, krb5_data *pdata)
-{
-	if (pdata->data) {
-		krb5_data_free(pdata);
-	}
-}
-
- krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry)
-{
-#if defined(HAVE_KRB5_KT_FREE_ENTRY)
-	return krb5_kt_free_entry(context, kt_entry);
-#elif defined(HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS)
-	return krb5_free_keytab_entry_contents(context, kt_entry);
-#else
-#error UNKNOWN_KT_FREE_FUNCTION
-#endif
-}
-
- char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx) 
-{
-	char *ret;
-	
-#if defined(HAVE_KRB5_GET_ERROR_MESSAGE) && defined(HAVE_KRB5_FREE_ERROR_MESSAGE) 	
-	const char *context_error = krb5_get_error_message(context, code);
-	if (context_error) {
-		ret = talloc_asprintf(mem_ctx, "%s: %s", error_message(code), context_error);
-		krb5_free_error_message(context, context_error);
-		return ret;
-	}
-#endif
-	ret = talloc_strdup(mem_ctx, error_message(code));
-	return ret;
-}
-
-#endif
diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index c5079123ef..9ac226390a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -542,8 +542,8 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx,
 
 		ZERO_STRUCT(entry);
 
-		ret = create_kerberos_key_from_string(smb_krb5_context->krb5_context, 
-						      salt_princ, &password, &entry.keyblock, enctypes[i]);
+		ret = create_kerberos_key_from_string_direct(smb_krb5_context->krb5_context,
+							     salt_princ, &password, &entry.keyblock, enctypes[i]);
 		if (ret != 0) {
 			return ret;
 		}
diff --git a/source4/auth/kerberos/wscript_build b/source4/auth/kerberos/wscript_build
index 1b4804e7cc..586366d422 100644
--- a/source4/auth/kerberos/wscript_build
+++ b/source4/auth/kerberos/wscript_build
@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 
 bld.SAMBA_LIBRARY('authkrb5',
-                  source='kerberos.c clikrb5.c kerberos_heimdal.c kerberos_pac.c gssapi_parse.c krb5_init_context.c keytab_copy.c',
+                  source='kerberos.c kerberos_heimdal.c kerberos_pac.c gssapi_parse.c krb5_init_context.c keytab_copy.c',
                   autoproto='proto.h',
                   public_deps='krb5 ndr-krb5pac samba_socket LIBCLI_RESOLVE com_err asn1',
-                  deps='asn1util auth_sam_reply tevent LIBPACKET ndr ldb',
+                  deps='asn1util auth_sam_reply tevent LIBPACKET ndr ldb KRB5_WRAP',
                   private_library=True
                   )
 
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 29def8bcaa..2e8896cdb5 100644
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -70,6 +70,81 @@ conf.CHECK_STRUCTURE_MEMBER('DIR', 'dd_fd', define='HAVE_DIR_DD_FD',  headers='d
 
 conf.DEFINE('SAMBA4_INTERNAL_HEIMDAL', 1)
 
+# setup the right defines for a in-tree heimdal build
+Logs.info("Using in-tree heimdal kerberos defines")
+conf.define('HAVE_GSSAPI_GSSAPI_H', 1)
+conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
+conf.define('HAVE_KRB5_ADDRESSES', 1)
+conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
+conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
+conf.define('HAVE_COM_ERR_H', 1)
+conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
+conf.define('HAVE_GSS_DISPLAY_STATUS', 1)
+conf.define('HAVE_LIBGSSAPI', 1)
+conf.define('HAVE_ADDR_TYPE_IN_KRB5_ADDRESS', 1)
+conf.define('HAVE_CHECKSUM_IN_KRB5_CHECKSUM', 1)
+conf.define('HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE', 0)
+conf.define('HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER', 0)
+conf.define('HAVE_E_DATA_POINTER_IN_KRB5_ERROR', 1)
+conf.define('HAVE_INITIALIZE_KRB5_ERROR_TABLE', 1)
+conf.define('HAVE_KRB5_ADDRESSES', 1)
+conf.define('HAVE_KRB5_AUTH_CON_SETKEY', 1)
+conf.define('HAVE_KRB5_CRYPTO', 1)
+conf.define('HAVE_KRB5_CRYPTO_DESTROY', 1)
+conf.define('HAVE_KRB5_CRYPTO_INIT', 1)
+conf.define('HAVE_KRB5_C_ENCTYPE_COMPARE', 1)
+conf.define('HAVE_KRB5_C_VERIFY_CHECKSUM', 1)
+conf.define('HAVE_FREE_AP_REQ', 1)
+conf.define('HAVE_KRB5_DECODE_AP_REQ', 1)
+conf.define('HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS', 1)
+conf.define('HAVE_KRB5_ENCTYPE_TO_STRING', 1)
+conf.define('HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG', 1)
+conf.define('HAVE_KRB5_FREE_ERROR_CONTENTS', 1)
+conf.define('HAVE_KRB5_FREE_HOST_REALM', 1)
+conf.define('HAVE_KRB5_FWD_TGT_CREDS', 1)
+conf.define('HAVE_KRB5_GET_CREDS', 1)
+conf.define('HAVE_KRB5_GET_CREDS_OPT_ALLOC', 1)
+conf.define('HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE', 1)
+conf.define('HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES', 1)
+conf.define('HAVE_KRB5_GET_HOST_REALM', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
+conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
+conf.define('HAVE_KRB5_GET_KDC_CRED', 1)
+conf.define('HAVE_KRB5_GET_PW_SALT', 1)
+conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
+conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
+conf.define('HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK', 1)
+conf.define('HAVE_KRB5_KRBHST_GET_ADDRINFO', 1)
+conf.define('HAVE_KRB5_KRBHST_INIT', 1)
+conf.define('HAVE_KRB5_KT_COMPARE', 1)
+conf.define('HAVE_KRB5_KT_FREE_ENTRY', 1)
+conf.define('HAVE_KRB5_KU_OTHER_CKSUM', 1)
+conf.define('HAVE_KRB5_LOCATE_PLUGIN_H', 1)
+conf.define('HAVE_KRB5_MK_REQ_EXTENDED', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_COMP_STRING', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
+conf.define('HAVE_KRB5_REALM_TYPE', 1)
+conf.define('HAVE_KRB5_SESSION_IN_CREDS', 1)
+conf.define('HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES', 1)
+conf.define('HAVE_KRB5_SET_REAL_TIME', 1)
+conf.define('HAVE_KRB5_STRING_TO_KEY', 1)
+conf.define('HAVE_KRB5_STRING_TO_KEY_SALT', 1)
+conf.define('HAVE_KRB5_VERIFY_CHECKSUM', 1)
+conf.define('HAVE_LIBKRB5', 1)
+conf.define('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT', 1)
+conf.define('KRB5_VERIFY_CHECKSUM_ARGS', 6)
+conf.define('HAVE_ETYPE_IN_ENCRYPTEDDATA', 1)
+conf.define('KRB5_PRINC_REALM_RETURNS_REALM', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_GET_REALM', 1)
+conf.define('HAVE_KRB5_H', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
+conf.define('HAVE_AP_OPTS_USE_SUBKEY', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC_MD5', 1)
+conf.define('HAVE_ENCTYPE_ARCFOUR_HMAC', 1)
+
 if conf.CHECK_BUNDLED_SYSTEM('com_err', checkfunctions='com_right_r com_err', headers='com_err.h'):
     conf.define('USING_SYSTEM_COM_ERR', 1)