Use internal implementation of internal Kerberos functions

Don't use KRB5_PRIVATE.

The patch implements and uses the following krb5 functions that are
otherwise private in recent MIT Kerberos releases:
 * krb5_principal2salt_norealm
 * krb5_free_ktypes

Signed-off-by: Simo Sorce <ssorce@redhat.com>

daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am

@@ -1,11 +1,14 @@
 NULL =
 
 PLUGIN_COMMON_DIR=../common
+KRB5_UTIL_DIR= ../../../util
+KRB5_UTIL_SRCS=$(KRB5_UTIL_DIR)/ipa_krb5.c
 
 INCLUDES =							\
 	-I.							\
 	-I$(srcdir)						\
 	-I$(PLUGIN_COMMON_DIR)					\
+	-I$(KRB5_UTIL_DIR)					\
 	-DPREFIX=\""$(prefix)"\" 				\
 	-DBINDIR=\""$(bindir)"\"				\
 	-DLIBDIR=\""$(libdir)"\" 				\
@@ -28,6 +31,7 @@ libipa_pwd_extop_la_SOURCES = 		\
 	ipapwd_encoding.c		\
 	ipapwd_prepost.c		\
 	ipa_pwd_extop.c			\
+	$(KRB5_UTIL_SRCS)		\
 	$(NULL)
 
 libipa_pwd_extop_la_LDFLAGS = -avoid-version

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h

@@ -52,7 +52,6 @@
 #include <prio.h>
 #include <ssl.h>
 #include <dirsrv/slapi-plugin.h>
-#define KRB5_PRIVATE 1
 #include <krb5.h>
 #include <lber.h>
 #include <time.h>

daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c

@@ -54,6 +54,7 @@
 
 #include "ipapwd.h"
 #include "util.h"
+#include "ipa_krb5.h"
 
 /* krbTicketFlags */
 #define KTF_DISALLOW_POSTDATED        0x00000001
@@ -341,7 +342,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
 
         case KRB5_KDB_SALTTYPE_NOREALM:
 
-            krberr = krb5_principal2salt_norealm(krbctx, princ, &salt);
+            krberr = ipa_krb5_principal2salt_norealm(krbctx, princ, &salt);
             if (krberr) {
                 LOG_FATAL("krb5_principal2salt failed [%s]\n",
                           krb5_get_error_message(krbctx, krberr));