From 1f1e4275b5fafbad1b5719f5efba7ee66f6d3037 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 2 Apr 2012 23:41:32 -0400
Subject: clikrb5: Move pure krb wrapper functions from libads to clikrb5.

Signed-off-by: Andreas Schneider <asn@samba.org>
---
 source3/include/krb5_protos.h   |   3 +
 source3/libads/kerberos.c       | 140 ---------------------------------------
 source3/libads/kerberos_proto.h |   3 -
 source3/libsmb/clikrb5.c        | 142 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 145 insertions(+), 143 deletions(-)

diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index c2d4517665..99569998a1 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -121,6 +121,9 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
 char *smb_krb5_principal_get_realm(krb5_context context,
 				   krb5_principal principal);
 
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+						   const char *service,
+						   const char *remote_name);
 
 #endif /* HAVE_KRB5 */
 
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index a43c7b167c..f1df31ca4f 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -423,146 +423,6 @@ char* kerberos_secrets_fetch_des_salt( void )
 	return salt;
 }
 
-/************************************************************************
- Routine to get the default realm from the kerberos credentials cache.
- Caller must free if the return value is not NULL.
-************************************************************************/
-
-char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
-{
-	char *realm = NULL;
-	krb5_context ctx = NULL;
-	krb5_ccache cc = NULL;
-	krb5_principal princ = NULL;
-
-	initialize_krb5_error_table();
-	if (krb5_init_context(&ctx)) {
-		return NULL;
-	}
-
-	DEBUG(5,("kerberos_get_default_realm_from_ccache: "
-		"Trying to read krb5 cache: %s\n",
-		krb5_cc_default_name(ctx)));
-	if (krb5_cc_default(ctx, &cc)) {
-		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
-			"failed to read default cache\n"));
-		goto out;
-	}
-	if (krb5_cc_get_principal(ctx, cc, &princ)) {
-		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
-			"failed to get default principal\n"));
-		goto out;
-	}
-
-#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
-	realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
-#elif defined(HAVE_KRB5_PRINC_REALM)
-	{
-		krb5_data *realm_data = krb5_princ_realm(ctx, princ);
-		realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
-	}
-#endif
-
-  out:
-
-	if (ctx) {
-		if (princ) {
-			krb5_free_principal(ctx, princ);
-		}
-		if (cc) {
-			krb5_cc_close(ctx, cc);
-		}
-		krb5_free_context(ctx);
-	}
-
-	return realm;
-}
-
-/************************************************************************
- Routine to get the realm from a given DNS name.
-************************************************************************/
-
-char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname)
-{
-#if defined(HAVE_KRB5_REALM_TYPE)
-	/* Heimdal. */
-	krb5_realm *realm_list = NULL;
-#else
-	/* MIT */
-	char **realm_list = NULL;
-#endif
-	char *realm = NULL;
-	krb5_error_code kerr;
-	krb5_context ctx = NULL;
-
-	initialize_krb5_error_table();
-	if (krb5_init_context(&ctx)) {
-		return NULL;
-	}
-
-	kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
-	if (kerr != 0) {
-		DEBUG(3,("kerberos_get_realm_from_hostname %s: "
-			"failed %s\n",
-			hostname ? hostname : "(NULL)",
-			error_message(kerr) ));
-		goto out;
-	}
-
-	if (realm_list && realm_list[0]) {
-		realm = talloc_strdup(mem_ctx, realm_list[0]);
-	}
-
-  out:
-
-	if (ctx) {
-		if (realm_list) {
-			krb5_free_host_realm(ctx, realm_list);
-			realm_list = NULL;
-		}
-		krb5_free_context(ctx);
-		ctx = NULL;
-	}
-	return realm;
-}
-
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
-						   const char *service,
-						   const char *remote_name)
-{
-	char *realm = NULL;
-	char *host = NULL;
-	char *principal;
-	host = strchr_m(remote_name, '.');
-	if (host) {
-		/* DNS name. */
-		realm = kerberos_get_realm_from_hostname(talloc_tos(), remote_name);
-	} else {
-		/* NetBIOS name - use our realm. */
-		realm = kerberos_get_default_realm_from_ccache(talloc_tos());
-	}
-
-	if (realm == NULL || *realm == '\0') {
-		realm = talloc_strdup(talloc_tos(), lp_realm());
-		if (!realm) {
-			return NULL;
-		}
-		DEBUG(3,("kerberos_get_principal_from_service_hostname: "
-			 "cannot get realm from, "
-			 "desthost %s or default ccache. Using default "
-			 "smb.conf realm %s\n",
-			 remote_name,
-			 realm));
-	}
-
-	principal = talloc_asprintf(mem_ctx,
-				    "%s/%s@%s",
-				    service, remote_name,
-				    realm);
-	TALLOC_FREE(realm);
-	return principal;
-}
-
 /************************************************************************
  Routine to get the salting principal for this service.  This is 
  maintained for backwards compatibilty with releases prior to 3.0.24.
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 6a7811d652..50c56dc081 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -52,9 +52,6 @@ bool kerberos_secrets_store_des_salt( const char* salt );
 char* kerberos_secrets_fetch_des_salt( void );
 char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx);
 char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname);
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
-						   const char *service,
-						   const char *remote_name);
 
 bool kerberos_secrets_store_salting_principal(const char *service,
 					      int enctype,
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 9e03b30c35..792400b3ce 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1439,6 +1439,148 @@ char *smb_krb5_principal_get_realm(krb5_context context,
 #endif
 }
 
+/************************************************************************
+ Routine to get the default realm from the kerberos credentials cache.
+ Caller must free if the return value is not NULL.
+************************************************************************/
+
+static char *smb_krb5_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
+{
+	char *realm = NULL;
+	krb5_context ctx = NULL;
+	krb5_ccache cc = NULL;
+	krb5_principal princ = NULL;
+
+	initialize_krb5_error_table();
+	if (krb5_init_context(&ctx)) {
+		return NULL;
+	}
+
+	DEBUG(5,("kerberos_get_default_realm_from_ccache: "
+		"Trying to read krb5 cache: %s\n",
+		krb5_cc_default_name(ctx)));
+	if (krb5_cc_default(ctx, &cc)) {
+		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+			"failed to read default cache\n"));
+		goto out;
+	}
+	if (krb5_cc_get_principal(ctx, cc, &princ)) {
+		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+			"failed to get default principal\n"));
+		goto out;
+	}
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
+	realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
+#elif defined(HAVE_KRB5_PRINC_REALM)
+	{
+		krb5_data *realm_data = krb5_princ_realm(ctx, princ);
+		realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
+	}
+#endif
+
+  out:
+
+	if (ctx) {
+		if (princ) {
+			krb5_free_principal(ctx, princ);
+		}
+		if (cc) {
+			krb5_cc_close(ctx, cc);
+		}
+		krb5_free_context(ctx);
+	}
+
+	return realm;
+}
+
+/************************************************************************
+ Routine to get the realm from a given DNS name.
+************************************************************************/
+
+static char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
+						const char *hostname)
+{
+#if defined(HAVE_KRB5_REALM_TYPE)
+	/* Heimdal. */
+	krb5_realm *realm_list = NULL;
+#else
+	/* MIT */
+	char **realm_list = NULL;
+#endif
+	char *realm = NULL;
+	krb5_error_code kerr;
+	krb5_context ctx = NULL;
+
+	initialize_krb5_error_table();
+	if (krb5_init_context(&ctx)) {
+		return NULL;
+	}
+
+	kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
+	if (kerr != 0) {
+		DEBUG(3,("kerberos_get_realm_from_hostname %s: "
+			"failed %s\n",
+			hostname ? hostname : "(NULL)",
+			error_message(kerr) ));
+		goto out;
+	}
+
+	if (realm_list && realm_list[0]) {
+		realm = talloc_strdup(mem_ctx, realm_list[0]);
+	}
+
+  out:
+
+	if (ctx) {
+		if (realm_list) {
+			krb5_free_host_realm(ctx, realm_list);
+			realm_list = NULL;
+		}
+		krb5_free_context(ctx);
+		ctx = NULL;
+	}
+	return realm;
+}
+
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+						   const char *service,
+						   const char *remote_name)
+{
+	char *realm = NULL;
+	char *host = NULL;
+	char *principal;
+	host = strchr_m(remote_name, '.');
+	if (host) {
+		/* DNS name. */
+		realm = smb_krb5_get_realm_from_hostname(talloc_tos(),
+							 remote_name);
+	} else {
+		/* NetBIOS name - use our realm. */
+		realm = smb_krb5_get_default_realm_from_ccache(talloc_tos());
+	}
+
+	if (realm == NULL || *realm == '\0') {
+		realm = talloc_strdup(talloc_tos(), lp_realm());
+		if (!realm) {
+			return NULL;
+		}
+		DEBUG(3,("kerberos_get_principal_from_service_hostname: "
+			 "cannot get realm from, "
+			 "desthost %s or default ccache. Using default "
+			 "smb.conf realm %s\n",
+			 remote_name,
+			 realm));
+	}
+
+	principal = talloc_asprintf(mem_ctx,
+				    "%s/%s@%s",
+				    service, remote_name,
+				    realm);
+	TALLOC_FREE(realm);
+	return principal;
+}
+
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
-- 
cgit