Use internal implementation of internal Kerberos functions

Don't use KRB5_PRIVATE.

The patch implements and uses the following krb5 functions that are
otherwise private in recent MIT Kerberos releases:
 * krb5_principal2salt_norealm
 * krb5_free_ktypes

Signed-off-by: Simo Sorce <ssorce@redhat.com>

daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am

@@ -1,11 +1,14 @@
 NULL =
 
 PLUGIN_COMMON_DIR=../common
+KRB5_UTIL_DIR= ../../../util
+KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
 
 INCLUDES =							\
 	-I.							\
 	-I$(srcdir)						\
 	-I$(PLUGIN_COMMON_DIR)					\
+	-I$(KRB5_UTIL_DIR)					\
 	-DPREFIX=\""$(prefix)"\" 				\
 	-DBINDIR=\""$(bindir)"\"				\
 	-DLIBDIR=\""$(libdir)"\" 				\
@@ -28,6 +31,7 @@ libipa_pwd_extop_la_SOURCES = 		\
 	ipapwd_encoding.c		\
 	ipapwd_prepost.c		\
 	ipa_pwd_extop.c			\
+	$(KRB5_UTIL_SRCS)		\
 	$(NULL)
 
 libipa_pwd_extop_la_LDFLAGS = -avoid-version

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h

@@ -52,7 +52,6 @@
 #include <prio.h>
 #include <ssl.h>
 #include <dirsrv/slapi-plugin.h>
-#define KRB5_PRIVATE 1
 #include <krb5.h>
 #include <lber.h>
 #include <time.h>

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c

@@ -54,6 +54,7 @@
 
 #include "ipapwd.h"
 #include "util.h"
+#include "ipa_krb5.h"
 
 /* krbTicketFlags */
 #define KTF_DISALLOW_POSTDATED        0x00000001
@@ -341,7 +342,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
 
         case KRB5_KDB_SALTTYPE_NOREALM:
 
-            krberr = krb5_principal2salt_norealm(krbctx, princ, &salt);
+            krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &salt);
             if (krberr) {
                 LOG_FATAL("krb5_principal2salt failed [%s]\n",
                           krb5_get_error_message(krbctx, krberr));

ipa-client/Makefile.am

@@ -12,9 +12,13 @@ if HAVE_GCC
 endif
 export AM_CFLAGS
 
+KRB5_UTIL_DIR=../util
+KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
+
 INCLUDES =							\
 	-I.							\
 	-I$(srcdir)						\
+	-I$(KRB5_UTIL_DIR)					\
 	-DPREFIX=\""$(prefix)"\" 				\
 	-DBINDIR=\""$(bindir)"\"				\
 	-DLIBDIR=\""$(libdir)"\" 				\
@@ -38,6 +42,7 @@ sbin_PROGRAMS =			\
 
 ipa_getkeytab_SOURCES =		\
 	ipa-getkeytab.c		\
+	$(KRB5_UTIL_SRCS)	\
 	$(NULL)
 
 ipa_getkeytab_LDADD = 		\

ipa-client/ipa-getkeytab.c

@@ -27,10 +27,10 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdlib.h>
+#include <stdint.h>
 #include <string.h>
 #include <errno.h>
 #include <time.h>
-#define KRB5_PRIVATE 1
 #include <krb5.h>
 #ifdef WITH_MOZLDAP
 #include <mozldap/ldap.h>
@@ -44,6 +44,8 @@
 #include <libintl.h>
 #define _(STRING) gettext(STRING)
 
+#include "ipa_krb5.h"
+
 /* Salt types */
 #define NO_SALT                        -1
 #define KRB5_KDB_SALTTYPE_NORMAL        0
@@ -152,7 +154,7 @@ static int prep_ksdata(krb5_context krbctx, const char *str,
             ksdata[i].salttype = KRB5_KDB_SALTTYPE_NORMAL;
         }
 
-        krb5_free_ktypes(krbctx, ktypes);
+        ipa_krb5_free_ktypes(krbctx, ktypes);
 
         nkeys = i;
 
@@ -322,7 +324,7 @@ static int create_keys(krb5_context krbctx,
             break;
 
         case KRB5_KDB_SALTTYPE_NOREALM:
-            krberr = krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt);
+            krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &ksdata[i].salt);
             if (krberr) {
                 fprintf(stderr, _("Failed to create key!\n"));
                 return 0;
@@ -848,7 +850,7 @@ int main(int argc, char *argv[])
 			}
 			fprintf(stdout, "%s\n", enc);
 		}
-		krb5_free_ktypes(krbctx, ktypes);
+		ipa_krb5_free_ktypes(krbctx, ktypes);
 		exit (0);
 	}
 

util/ipa_krb5.c

@@ -0,0 +1,44 @@
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "ipa_krb5.h"
+
+void
+ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val)
+{
+    free(val);
+}
+
+/*
+ * Convert a krb5_principal into the default salt for that principal.
+ */
+krb5_error_code
+ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret)
+{
+    unsigned int size = 0, offset=0;
+    krb5_int32 nelem;
+    register int i;
+
+    if (pr == NULL) {
+        ret->length = 0;
+        ret->data = NULL;
+        return 0;
+    }
+
+    nelem = krb5_princ_size(context, pr);
+
+    for (i = 0; i < (int) nelem; i++)
+        size += krb5_princ_component(context, pr, i)->length;
+
+    ret->length = size;
+    if (!(ret->data = malloc (size)))
+        return ENOMEM;
+
+    for (i = 0; i < (int) nelem; i++) {
+        memcpy(&ret->data[offset], krb5_princ_component(context, pr, i)->data,
+               krb5_princ_component(context, pr, i)->length);
+        offset += krb5_princ_component(context, pr, i)->length;
+    }
+    return 0;
+}

util/ipa_krb5.h

@@ -0,0 +1,12 @@
+#ifndef __IPA_KRB5_H_
+#define __IPA_KRB5_H_
+
+#include <krb5.h>
+
+void
+ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
+
+krb5_error_code
+ipa_krb5_principal2salt_norealm(krb5_context context, krb5_const_principal pr, krb5_data *ret);
+
+#endif /* __IPA_KRB5_H_ */