From 39d73e2420be17cc7db16353e1a51a5d2123f9f1 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 5 Jan 2012 11:16:24 +1100
Subject: krb5: Require krb5_get_renewed_creds be available to build with krb5

---
 source3/configure.in                    |  7 ++++-
 source3/libsmb/clikrb5.c                | 53 +++------------------------------
 source3/wscript                         |  5 +++-
 source4/heimdal_build/wscript_configure |  1 -
 4 files changed, 14 insertions(+), 52 deletions(-)

diff --git a/source3/configure.in b/source3/configure.in
index 0372490b26..53eaaf2bc5 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -3879,7 +3879,6 @@ if test x"$with_ads_support" != x"no"; then
   AC_CHECK_FUNC_EXT(krb5_princ_size, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_set_pac_request, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_get_renewed_creds, $KRB5_LIBS)
-  AC_CHECK_FUNC_EXT(krb5_get_kdc_cred, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_free_error_contents, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(initialize_krb5_error_table, $KRB5_LIBS)
   AC_CHECK_FUNC_EXT(krb5_get_init_creds_opt_alloc, $KRB5_LIBS)
@@ -4442,6 +4441,12 @@ if test x"$with_ads_support" != x"no"; then
     use_ads=no
   fi
 
+  if test x"$ac_cv_func_ext_krb5_get_renewed_creds" != x"yes"
+  then
+    AC_MSG_WARN(krb5_get_renewed_creds not found in -lkrb5)
+    use_ads=no
+  fi
+
   if test x"$ac_cv_func_ext_krb5_principal2salt" != x"yes" -a \
           x"$ac_cv_func_ext_krb5_get_pw_salt" != x"yes"
   then
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index adb9c9c6fb..c0d822e5da 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1156,56 +1156,11 @@ out:
 		}
 	}
 
-#ifdef HAVE_KRB5_GET_RENEWED_CREDS	/* MIT */
-	{
-		ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string));
-		if (ret) {
-			DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
-			goto done;
-		}
-	}
-#elif defined(HAVE_KRB5_GET_KDC_CRED)	/* Heimdal */
-	{
-		krb5_kdc_flags flags;
-		krb5_realm *client_realm = NULL;
-
-		ret = krb5_copy_principal(context, client, &creds_in.client);
-		if (ret) {
-			goto done;
-		}
-
-		if (service_string) {
-			ret = smb_krb5_parse_name(context, service_string, &creds_in.server);
-			if (ret) { 
-				goto done;
-			}
-		} else {
-			/* build tgt service by default */
-			client_realm = krb5_princ_realm(context, creds_in.client);
-			if (!client_realm) {
-				ret = ENOMEM;
-				goto done;
-			}
-			ret = krb5_make_principal(context, &creds_in.server, *client_realm, KRB5_TGS_NAME, *client_realm, NULL);
-			if (ret) {
-				goto done;
-			}
-		}
-
-		flags.i = 0;
-		flags.b.renewable = flags.b.renew = True;
-
-		ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, &creds_in, &creds_out);
-		if (ret) {
-			DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
-			goto done;
-		}
-
-		creds = *creds_out;
+	ret = krb5_get_renewed_creds(context, &creds, client, ccache, discard_const_p(char, service_string));
+	if (ret) {
+		DEBUG(10,("smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n", error_message(ret)));
+		goto done;
 	}
-#else
-#error NO_SUITABLE_KRB5_TICKET_RENEW_FUNCTION_AVAILABLE
-#endif
 
 	/* hm, doesn't that create a new one if the old one wasn't there? - Guenther */
 	ret = krb5_cc_initialize(context, ccache, client);
diff --git a/source3/wscript b/source3/wscript
index a5bb371466..7d6b708591 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -584,7 +584,7 @@ krb5_krbhst_get_addrinfo krb5_c_enctype_compare
 krb5_crypto_init krb5_crypto_destroy krb5_decode_ap_req free_AP_REQ
 krb5_c_verify_checksum krb5_principal_compare_any_realm
 krb5_parse_name_norealm krb5_princ_size krb5_get_init_creds_opt_set_pac_request
-krb5_get_renewed_creds krb5_get_kdc_cred krb5_free_error_contents
+krb5_get_renewed_creds krb5_free_error_contents
 initialize_krb5_error_table krb5_get_init_creds_opt_alloc
 krb5_get_init_creds_opt_free krb5_get_init_creds_opt_get_error
 krb5_enctype_to_string krb5_fwd_tgt_creds krb5_auth_con_set_req_cksumtype
@@ -765,6 +765,9 @@ return krb5_kt_resolve(context, "WRFILE:api", &keytab);
         if not conf.CONFIG_SET('KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT'):
             Logs.warn("krb5_get_init_creds_opt_free was not found or was too old in -lkrb5")
             use_ads=False
+        if not conf.CONFIG_SET('HAVE_KRB5_GET_RENEWED_CREDS'):
+            Logs.warn("krb5_get_renewed_creds not found in -lkrb5")
+            use_ads=False
         if not conf.CONFIG_SET('HAVE_KRB5_PRINCIPAL2SALT') and \
            not conf.CONFIG_SET('HAVE_KRB5_GET_PW_SALT'):
             Logs.warn("no CREATE_KEY_FUNCTIONS detected")
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 7fd557c017..8a34fddccd 100644
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -117,7 +117,6 @@ conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_FREE', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR', 1)
 conf.define('HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST', 1)
-conf.define('HAVE_KRB5_GET_KDC_CRED', 1)
 conf.define('HAVE_KRB5_GET_PW_SALT', 1)
 conf.define('HAVE_KRB5_GET_RENEWED_CREDS', 1)
 conf.define('HAVE_KRB5_KEYBLOCK_KEYVALUE', 1)
-- 
cgit