Make krb5 context initialization not heimdal specific

Turn the logging data to an opaque pointer.
Ifdef code and use MIT logging function when built against system MIT.

diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index fbcaad29d96981f7e69bdf1bd712bad592c08501..e3c0876f1a6945b4414c8a873e987de0a8db3dff 100644 (file)
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -30,7 +30,7 @@
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
 #include "../lib/tsocket/tsocket.h"
-
+#include "krb5_init_context.h"
 /*
   context structure for operations on cldap packets
 */
@@ -52,9 +52,17 @@ struct smb_krb5_socket {
 
 static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
 {
-       /* Otherwise krb5_free_context will try and close what we have already free()ed */
-       krb5_set_warn_dest(ctx->krb5_context, NULL);
-       krb5_closelog(ctx->krb5_context, ctx->logf);
+#ifdef SAMBA4_USES_HEIMDAL
+       if (ctx->pvt_log_data) {
+               /* Otherwise krb5_free_context will try and close what we
+                * have already free()ed */
+               krb5_set_warn_dest(ctx->krb5_context, NULL);
+               krb5_closelog(ctx->krb5_context,
+                               (krb5_log_facility *)ctx->pvt_log_data);
+       }
+#else
+       krb5_set_trace_callback(ctx->krb5_context, NULL, NULL);
+#endif
        krb5_free_context(ctx->krb5_context);
        return 0;
 }
@@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) {
        return;
 }
 
+#ifdef SAMBA4_USES_HEIMDAL
 static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
 {
        DEBUG(3, ("Kerberos: %s\n", msg));
 }
+#else
+static void smb_krb5_debug_wrapper(krb5_context context,
+                                  const struct krb5_trace_info *info,
+                                  void *cb_data)
+{
+       DEBUG(3, ("Kerberos: %s\n", info->message));
+}
+#endif
 
 /*
   handle recv events on a smb_krb5 socket
@@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 {
        krb5_error_code ret;
        TALLOC_CTX *tmp_ctx;
+       krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+       krb5_log_facility *logf;
+#endif
 
        initialize_krb5_error_table();
 
@@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
                return ENOMEM;
        }
 
-       ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx,
-                                         &(*smb_krb5_context)->krb5_context);
+       ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
        if (ret) {
                DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
                         error_message(ret)));
                talloc_free(tmp_ctx);
                return ret;
        }
+       (*smb_krb5_context)->krb5_context = kctx;
 
+       talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
+
+#ifdef SAMBA4_USES_HEIMDAL
        /* TODO: Should we have a different name here? */
-       ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
+       ret = krb5_initlog(kctx, "Samba", &logf);
 
        if (ret) {
                DEBUG(1,("krb5_initlog failed (%s)\n",
-                        smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
-               krb5_free_context((*smb_krb5_context)->krb5_context);
+                        smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
                talloc_free(tmp_ctx);
                return ret;
        }
+       (*smb_krb5_context)->pvt_log_data = logf;
 
-       talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
-
-       ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
-                              smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+       ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+                              smb_krb5_debug_wrapper,
+                               smb_krb5_debug_close, NULL);
        if (ret) {
                DEBUG(1,("krb5_addlog_func failed (%s)\n",
-                        smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+                        smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
                talloc_free(tmp_ctx);
                return ret;
        }
-       krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+       krb5_set_warn_dest(kctx, logf);
 
        /* Set use of our socket lib */
        if (ev) {
@@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
                }
        }
 
-       talloc_steal(parent_ctx, *smb_krb5_context);
-       talloc_free(tmp_ctx);
-
        /* Set options in kerberos */
 
-       krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
-                                          lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+       krb5_set_dns_canonicalize_hostname(kctx,
+                       lpcfg_parm_bool(lp_ctx, NULL, "krb5",
+                                       "set_dns_canonicalize", false));
+#else
+       ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL);
+       if (ret && ret != KRB5_TRACE_NOSUPP) {
+               DEBUG(1, ("krb5_set_trace_callback failed (%s)\n"
+                         smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+               talloc_free(tmp_ctx);
+               return ret;
+       }
+#endif
+       talloc_steal(parent_ctx, *smb_krb5_context);
+       talloc_free(tmp_ctx);
 
        return 0;
 }

diff --git a/source4/auth/kerberos/krb5_init_context.h b/source4/auth/kerberos/krb5_init_context.h
index 835438cc5b1c4bf8ed24e1d976d04df221aa3486..24ae374cd71f851cc3d2a055550177be71f7e734 100644 (file)
--- a/source4/auth/kerberos/krb5_init_context.h
+++ b/source4/auth/kerberos/krb5_init_context.h
@@ -22,10 +22,10 @@
 
 struct smb_krb5_context {
        krb5_context krb5_context;
-       krb5_log_facility *logf;
+       void *pvt_log_data;
        struct tevent_context *current_ev;
 };
-       
+
 struct tevent_context;
 struct loadparm_context;
 

diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index d1ce527b24a73f3ddb05729e8d5ce7f69446ce43..5424d213e89f55ee4bea00cccf6960f5d4f0bcff 100644 (file)
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -932,7 +932,7 @@ static void kdc_task_init(struct task_server *task)
                return;
        }
 
-       kdc->config->logf = kdc->smb_krb5_context->logf;
+       kdc->config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data;
        kdc->config->db = talloc(kdc, struct HDB *);
        if (!kdc->config->db) {
                task_server_terminate(task, "kdc: out of memory", true);