From 1f1e4275b5fafbad1b5719f5efba7ee66f6d3037 Mon Sep 17 00:00:00 2001
From: Simo Sorce <idra@samba.org>
Date: Mon, 2 Apr 2012 23:41:32 -0400
Subject: [PATCH] clikrb5: Move pure krb wrapper functions from libads to
 clikrb5.

Signed-off-by: Andreas Schneider <asn@samba.org>
---
 source3/include/krb5_protos.h   |   3 +
 source3/libads/kerberos.c       | 140 ---------------------------------------
 source3/libads/kerberos_proto.h |   3 -
 source3/libsmb/clikrb5.c        | 142 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 145 insertions(+), 143 deletions(-)

diff --git a/source3/include/krb5_protos.h b/source3/include/krb5_protos.h
index c2d4517665d..99569998a16 100644
--- a/source3/include/krb5_protos.h
+++ b/source3/include/krb5_protos.h
@@ -121,6 +121,9 @@ krb5_error_code smb_krb5_get_creds(const char *server_s,
 char *smb_krb5_principal_get_realm(krb5_context context,
 				   krb5_principal principal);
 
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+						   const char *service,
+						   const char *remote_name);
 
 #endif /* HAVE_KRB5 */
 
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index a43c7b167c2..f1df31ca4fa 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -424,146 +424,6 @@ char* kerberos_secrets_fetch_des_salt( void )
 }
 
 /************************************************************************
- Routine to get the default realm from the kerberos credentials cache.
- Caller must free if the return value is not NULL.
-************************************************************************/
-
-char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
-{
-	char *realm = NULL;
-	krb5_context ctx = NULL;
-	krb5_ccache cc = NULL;
-	krb5_principal princ = NULL;
-
-	initialize_krb5_error_table();
-	if (krb5_init_context(&ctx)) {
-		return NULL;
-	}
-
-	DEBUG(5,("kerberos_get_default_realm_from_ccache: "
-		"Trying to read krb5 cache: %s\n",
-		krb5_cc_default_name(ctx)));
-	if (krb5_cc_default(ctx, &cc)) {
-		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
-			"failed to read default cache\n"));
-		goto out;
-	}
-	if (krb5_cc_get_principal(ctx, cc, &princ)) {
-		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
-			"failed to get default principal\n"));
-		goto out;
-	}
-
-#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
-	realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
-#elif defined(HAVE_KRB5_PRINC_REALM)
-	{
-		krb5_data *realm_data = krb5_princ_realm(ctx, princ);
-		realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
-	}
-#endif
-
-  out:
-
-	if (ctx) {
-		if (princ) {
-			krb5_free_principal(ctx, princ);
-		}
-		if (cc) {
-			krb5_cc_close(ctx, cc);
-		}
-		krb5_free_context(ctx);
-	}
-
-	return realm;
-}
-
-/************************************************************************
- Routine to get the realm from a given DNS name.
-************************************************************************/
-
-char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname)
-{
-#if defined(HAVE_KRB5_REALM_TYPE)
-	/* Heimdal. */
-	krb5_realm *realm_list = NULL;
-#else
-	/* MIT */
-	char **realm_list = NULL;
-#endif
-	char *realm = NULL;
-	krb5_error_code kerr;
-	krb5_context ctx = NULL;
-
-	initialize_krb5_error_table();
-	if (krb5_init_context(&ctx)) {
-		return NULL;
-	}
-
-	kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
-	if (kerr != 0) {
-		DEBUG(3,("kerberos_get_realm_from_hostname %s: "
-			"failed %s\n",
-			hostname ? hostname : "(NULL)",
-			error_message(kerr) ));
-		goto out;
-	}
-
-	if (realm_list && realm_list[0]) {
-		realm = talloc_strdup(mem_ctx, realm_list[0]);
-	}
-
-  out:
-
-	if (ctx) {
-		if (realm_list) {
-			krb5_free_host_realm(ctx, realm_list);
-			realm_list = NULL;
-		}
-		krb5_free_context(ctx);
-		ctx = NULL;
-	}
-	return realm;
-}
-
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
-						   const char *service,
-						   const char *remote_name)
-{
-	char *realm = NULL;
-	char *host = NULL;
-	char *principal;
-	host = strchr_m(remote_name, '.');
-	if (host) {
-		/* DNS name. */
-		realm = kerberos_get_realm_from_hostname(talloc_tos(), remote_name);
-	} else {
-		/* NetBIOS name - use our realm. */
-		realm = kerberos_get_default_realm_from_ccache(talloc_tos());
-	}
-
-	if (realm == NULL || *realm == '\0') {
-		realm = talloc_strdup(talloc_tos(), lp_realm());
-		if (!realm) {
-			return NULL;
-		}
-		DEBUG(3,("kerberos_get_principal_from_service_hostname: "
-			 "cannot get realm from, "
-			 "desthost %s or default ccache. Using default "
-			 "smb.conf realm %s\n",
-			 remote_name,
-			 realm));
-	}
-
-	principal = talloc_asprintf(mem_ctx,
-				    "%s/%s@%s",
-				    service, remote_name,
-				    realm);
-	TALLOC_FREE(realm);
-	return principal;
-}
-
-/************************************************************************
  Routine to get the salting principal for this service.  This is 
  maintained for backwards compatibilty with releases prior to 3.0.24.
  Since we store the salting principal string only at join, we may have 
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index 6a7811d6525..50c56dc0813 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -52,9 +52,6 @@ bool kerberos_secrets_store_des_salt( const char* salt );
 char* kerberos_secrets_fetch_des_salt( void );
 char *kerberos_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx);
 char *kerberos_get_realm_from_hostname(TALLOC_CTX *mem_ctx, const char *hostname);
-char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
-						   const char *service,
-						   const char *remote_name);
 
 bool kerberos_secrets_store_salting_principal(const char *service,
 					      int enctype,
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 9e03b30c35c..792400b3ce2 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1439,6 +1439,148 @@ char *smb_krb5_principal_get_realm(krb5_context context,
 #endif
 }
 
+/************************************************************************
+ Routine to get the default realm from the kerberos credentials cache.
+ Caller must free if the return value is not NULL.
+************************************************************************/
+
+static char *smb_krb5_get_default_realm_from_ccache(TALLOC_CTX *mem_ctx)
+{
+	char *realm = NULL;
+	krb5_context ctx = NULL;
+	krb5_ccache cc = NULL;
+	krb5_principal princ = NULL;
+
+	initialize_krb5_error_table();
+	if (krb5_init_context(&ctx)) {
+		return NULL;
+	}
+
+	DEBUG(5,("kerberos_get_default_realm_from_ccache: "
+		"Trying to read krb5 cache: %s\n",
+		krb5_cc_default_name(ctx)));
+	if (krb5_cc_default(ctx, &cc)) {
+		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+			"failed to read default cache\n"));
+		goto out;
+	}
+	if (krb5_cc_get_principal(ctx, cc, &princ)) {
+		DEBUG(0,("kerberos_get_default_realm_from_ccache: "
+			"failed to get default principal\n"));
+		goto out;
+	}
+
+#if defined(HAVE_KRB5_PRINCIPAL_GET_REALM)
+	realm = talloc_strdup(mem_ctx, krb5_principal_get_realm(ctx, princ));
+#elif defined(HAVE_KRB5_PRINC_REALM)
+	{
+		krb5_data *realm_data = krb5_princ_realm(ctx, princ);
+		realm = talloc_strndup(mem_ctx, realm_data->data, realm_data->length);
+	}
+#endif
+
+  out:
+
+	if (ctx) {
+		if (princ) {
+			krb5_free_principal(ctx, princ);
+		}
+		if (cc) {
+			krb5_cc_close(ctx, cc);
+		}
+		krb5_free_context(ctx);
+	}
+
+	return realm;
+}
+
+/************************************************************************
+ Routine to get the realm from a given DNS name.
+************************************************************************/
+
+static char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
+						const char *hostname)
+{
+#if defined(HAVE_KRB5_REALM_TYPE)
+	/* Heimdal. */
+	krb5_realm *realm_list = NULL;
+#else
+	/* MIT */
+	char **realm_list = NULL;
+#endif
+	char *realm = NULL;
+	krb5_error_code kerr;
+	krb5_context ctx = NULL;
+
+	initialize_krb5_error_table();
+	if (krb5_init_context(&ctx)) {
+		return NULL;
+	}
+
+	kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
+	if (kerr != 0) {
+		DEBUG(3,("kerberos_get_realm_from_hostname %s: "
+			"failed %s\n",
+			hostname ? hostname : "(NULL)",
+			error_message(kerr) ));
+		goto out;
+	}
+
+	if (realm_list && realm_list[0]) {
+		realm = talloc_strdup(mem_ctx, realm_list[0]);
+	}
+
+  out:
+
+	if (ctx) {
+		if (realm_list) {
+			krb5_free_host_realm(ctx, realm_list);
+			realm_list = NULL;
+		}
+		krb5_free_context(ctx);
+		ctx = NULL;
+	}
+	return realm;
+}
+
+char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
+						   const char *service,
+						   const char *remote_name)
+{
+	char *realm = NULL;
+	char *host = NULL;
+	char *principal;
+	host = strchr_m(remote_name, '.');
+	if (host) {
+		/* DNS name. */
+		realm = smb_krb5_get_realm_from_hostname(talloc_tos(),
+							 remote_name);
+	} else {
+		/* NetBIOS name - use our realm. */
+		realm = smb_krb5_get_default_realm_from_ccache(talloc_tos());
+	}
+
+	if (realm == NULL || *realm == '\0') {
+		realm = talloc_strdup(talloc_tos(), lp_realm());
+		if (!realm) {
+			return NULL;
+		}
+		DEBUG(3,("kerberos_get_principal_from_service_hostname: "
+			 "cannot get realm from, "
+			 "desthost %s or default ccache. Using default "
+			 "smb.conf realm %s\n",
+			 remote_name,
+			 realm));
+	}
+
+	principal = talloc_asprintf(mem_ctx,
+				    "%s/%s@%s",
+				    service, remote_name,
+				    realm);
+	TALLOC_FREE(realm);
+	return principal;
+}
+
 #else /* HAVE_KRB5 */
  /* this saves a few linking headaches */
  int cli_krb5_get_ticket(TALLOC_CTX *mem_ctx,
-- 
2.11.4.GIT