Use internal implementation of internal Kerberos functions

Don't use KRB5_PRIVATE. The patch implements and uses the following krb5 functions that are otherwise private in recent MIT Kerberos releases: * krb5_principal2salt_norealm * krb5_free_ktypes Signed-off-by: Simo Sorce <ssorce@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2010-11-04 19:29:01 +0100
committer: Simo Sorce <ssorce@redhat.com> 2010-11-22 16:01:35 -0500
commit: 3b7a86024b53fd0ac1a98e92bd93a170a1979aec (patch)
tree: c3fb64a3896c46f6822ac63d786320c0f7ec2e9b
parent: ce75d1c6d6595bcb26dbacf7393098a8f9accb3f (diff)
download: freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.gz
freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.xz
freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.zip
7 files changed, 73 insertions, 6 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
index 6f6092d2..41d9f237 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
@@ -1,11 +1,14 @@
 NULL =
 
 PLUGIN_COMMON_DIR=../common
+KRB5_UTIL_DIR= ../../../util
+KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
 
 INCLUDES =							\
 	-I.							\
 	-I$(srcdir)						\
 	-I$(PLUGIN_COMMON_DIR)					\
+	-I$(KRB5_UTIL_DIR)					\
 	-DPREFIX=\""$(prefix)"\" 				\
 	-DBINDIR=\""$(bindir)"\"				\
 	-DLIBDIR=\""$(libdir)"\" 				\
@@ -28,6 +31,7 @@ libipa_pwd_extop_la_SOURCES = 		\
 	ipapwd_encoding.c		\
 	ipapwd_prepost.c		\
 	ipa_pwd_extop.c			\
+	$(KRB5_UTIL_SRCS)		\
 	$(NULL)
 
 libipa_pwd_extop_la_LDFLAGS = -avoid-version
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index 523934cc..bc521071 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -52,7 +52,6 @@
 #include <prio.h>
 #include <ssl.h>
 #include <dirsrv/slapi-plugin.h>
-#define KRB5_PRIVATE 1
 #include <krb5.h>
 #include <lber.h>
 #include <time.h>
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
index 45135016..bba63677 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
@@ -54,6 +54,7 @@
 
 #include "ipapwd.h"
 #include "util.h"
+#include "ipa_krb5.h"
 
 /* krbTicketFlags */
 #define KTF_DISALLOW_POSTDATED        0x00000001
@@ -341,7 +342,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
 
         case KRB5_KDB_SALTTYPE_NOREALM:
 
-            krberr = krb5_principal2salt_norealm(krbctx, princ, &salt);
+            krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &salt);
             if (krberr) {
                 LOG_FATAL("krb5_principal2salt failed [%s]\n",
                           krb5_get_error_message(krbctx, krberr));
diff --git a/ipa-client/Makefile.am b/ipa-client/Makefile.am
index 655a6866..ebb9a839 100644
--- a/ipa-client/Makefile.am
+++ b/ipa-client/Makefile.am
@@ -12,9 +12,13 @@ if HAVE_GCC
 endif
 export AM_CFLAGS
 
+KRB5_UTIL_DIR=../util
+KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
+
 INCLUDES =							\
 	-I.							\
 	-I$(srcdir)						\
+	-I$(KRB5_UTIL_DIR)					\
 	-DPREFIX=\""$(prefix)"\" 				\
 	-DBINDIR=\""$(bindir)"\"				\
 	-DLIBDIR=\""$(libdir)"\" 				\
@@ -38,6 +42,7 @@ sbin_PROGRAMS =			\
 
 ipa_getkeytab_SOURCES =		\
 	ipa-getkeytab.c		\
+	$(KRB5_UTIL_SRCS)	\
 	$(NULL)
 
 ipa_getkeytab_LDADD = 		\
diff --git a/ipa-client/ipa-getkeytab.c b/ipa-client/ipa-getkeytab.c
index a54c57c7..85886526 100644
--- a/ipa-client/ipa-getkeytab.c
+++ b/ipa-client/ipa-getkeytab.c
@@ -27,10 +27,10 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#define KRB5_PRIVATE 1
 #include <krb5.h>
 #ifdef WITH_MOZLDAP
 #include <mozldap/ldap.h>
@@ -44,6 +44,8 @@
 #include <libintl.h>
 #define _(STRING) gettext(STRING)
 
+#include "ipa_krb5.h"
+
 /* Salt types */
 #define NO_SALT                        -1
 #define KRB5_KDB_SALTTYPE_NORMAL        0
@@ -152,7 +154,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
             ksdata[i].salttype = KRB5_KDB_SALTTYPE_NORMAL;
         }
 
-        krb5_free_ktypes(krbctx, ktypes);
+        ipa_krb5_free_ktypes(krbctx, ktypes);
 
         nkeys = i;
 
@@ -322,7 +324,7 @@ static int create_keys(krb5_context krbctx,
             break;
 
         case KRB5_KDB_SALTTYPE_NOREALM:
-            krberr = krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt);
+            krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt);
             if (krberr) {
                 fprintf(stderr, _("Failed to create key!\n"));
                 return 0;
@@ -848,7 +850,7 @@ int main(int argc, char *argv[])
 			}
 			fprintf(stdout, "%s\n", enc);
 		}
-		krb5_free_ktypes(krbctx, ktypes);
+		ipa_krb5_free_ktypes(krbctx, ktypes);
 		exit (0);
 	}
 
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
new file mode 100644
index 00000000..5765087c
--- /dev/null
+++ b/util/ipa_krb5.c
@@ -0,0 +1,44 @@
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "ipa_krb5.h"
+
+void
+ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val)
+{
+    free(val);
+}
+
+/*
+ * Convert a krb5_principal into the default salt for that principal.
+ */
+krb5_error_code
+ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret)
+{
+    unsigned int size = 0, offset=0;
+    krb5_int32 nelem;
+    register int i;
+
+    if (pr == NULL) {
+        ret->length = 0;
+        ret->data = NULL;
+        return 0;
+    }
+
+    nelem = krb5_princ_size(context, pr);
+
+    for (i = 0; i < (int) nelem; i++)
+        size += krb5_princ_component(context, pr, i)->length;
+
+    ret->length = size;
+    if (!(ret->data = malloc (size)))
+        return ENOMEM;
+
+    for (i = 0; i < (int) nelem; i++) {
+        memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data,
+               krb5_princ_component(context, pr, i)->length);
+        offset += krb5_princ_component(context, pr, i)->length;
+    }
+    return 0;
+}
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
new file mode 100644
index 00000000..09f492ea
--- /dev/null
+++ b/util/ipa_krb5.h
@@ -0,0 +1,12 @@
+#ifndef __IPA_KRB5_H_
+#define __IPA_KRB5_H_
+
+#include <krb5.h>
+
+void
+ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
+
+krb5_error_code
+ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret);
+
+#endif /* __IPA_KRB5_H_ */
author	Jakub Hrozek <jhrozek@redhat.com>	2010-11-04 19:29:01 +0100
committer	Simo Sorce <ssorce@redhat.com>	2010-11-22 16:01:35 -0500
commit	3b7a86024b53fd0ac1a98e92bd93a170a1979aec (patch)
tree	c3fb64a3896c46f6822ac63d786320c0f7ec2e9b
parent	ce75d1c6d6595bcb26dbacf7393098a8f9accb3f (diff)
download	freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.gz freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.tar.xz freeipa-3b7a86024b53fd0ac1a98e92bd93a170a1979aec.zip