Make krb5 context initialization not heimdal specific

Turn the logging data to an opaque pointer.
Ifdef code and use MIT logging function when built against system MIT.

source4/auth/kerberos/krb5_init_context.c

@@ -30,7 +30,7 @@
 #include "param/param.h"
 #include "libcli/resolve/resolve.h"
 #include "../lib/tsocket/tsocket.h"
-
+#include "krb5_init_context.h"
 /*
   context structure for operations on cldap packets
 */
@@ -52,9 +52,17 @@ struct smb_krb5_socket {
 
 static krb5_error_code smb_krb5_context_destroy(struct smb_krb5_context *ctx)
 {
-	/* Otherwise krb5_free_context will try and close what we have already free()ed */
-	krb5_set_warn_dest(ctx->krb5_context, NULL);
-	krb5_closelog(ctx->krb5_context, ctx->logf);
+#ifdef SAMBA4_USES_HEIMDAL
+	if (ctx->pvt_log_data) {
+		/* Otherwise krb5_free_context will try and close what we
+		 * have already free()ed */
+		krb5_set_warn_dest(ctx->krb5_context, NULL);
+		krb5_closelog(ctx->krb5_context,
+				(krb5_log_facility *)ctx->pvt_log_data);
+	}
+#else
+	krb5_set_trace_callback(ctx->krb5_context, NULL, NULL);
+#endif
 	krb5_free_context(ctx->krb5_context);
 	return 0;
 }
@@ -64,10 +72,19 @@ static void smb_krb5_debug_close(void *private_data) {
 	return;
 }
 
+#ifdef SAMBA4_USES_HEIMDAL
 static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
 {
 	DEBUG(3, ("Kerberos: %s\n", msg));
 }
+#else
+static void smb_krb5_debug_wrapper(krb5_context context,
+				   const struct krb5_trace_info *info,
+				   void *cb_data)
+{
+	DEBUG(3, ("Kerberos: %s\n", info->message));
+}
+#endif
 
 /*
   handle recv events on a smb_krb5 socket
@@ -461,6 +478,10 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 {
 	krb5_error_code ret;
 	TALLOC_CTX *tmp_ctx;
+	krb5_context kctx;
+#ifdef SAMBA4_USES_HEIMDAL
+	krb5_log_facility *logf;
+#endif
 
 	initialize_krb5_error_table();
 
@@ -472,37 +493,39 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 		return ENOMEM;
 	}
 
-	ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx,
-					  &(*smb_krb5_context)->krb5_context);
+	ret = smb_krb5_init_context_basic(tmp_ctx, lp_ctx, &kctx);
 	if (ret) {
 		DEBUG(1,("smb_krb5_context_init_basic failed (%s)\n",
 			 error_message(ret)));
 		talloc_free(tmp_ctx);
 		return ret;
 	}
-
-	/* TODO: Should we have a different name here? */
-	ret = krb5_initlog((*smb_krb5_context)->krb5_context, "Samba", &(*smb_krb5_context)->logf);
-
-	if (ret) {
-		DEBUG(1,("krb5_initlog failed (%s)\n",
-			 smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
-		krb5_free_context((*smb_krb5_context)->krb5_context);
-		talloc_free(tmp_ctx);
-		return ret;
-	}
+	(*smb_krb5_context)->krb5_context = kctx;
 
 	talloc_set_destructor(*smb_krb5_context, smb_krb5_context_destroy);
 
-	ret = krb5_addlog_func((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf, 0 /* min */, -1 /* max */,
-			       smb_krb5_debug_wrapper, smb_krb5_debug_close, NULL);
+#ifdef SAMBA4_USES_HEIMDAL
+	/* TODO: Should we have a different name here? */
+	ret = krb5_initlog(kctx, "Samba", &logf);
+
 	if (ret) {
-		DEBUG(1,("krb5_addlog_func failed (%s)\n",
-			 smb_get_krb5_error_message((*smb_krb5_context)->krb5_context, ret, tmp_ctx)));
+		DEBUG(1,("krb5_initlog failed (%s)\n",
+			 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
 		talloc_free(tmp_ctx);
 		return ret;
 	}
-	krb5_set_warn_dest((*smb_krb5_context)->krb5_context, (*smb_krb5_context)->logf);
+	(*smb_krb5_context)->pvt_log_data = logf;
+
+	ret = krb5_addlog_func(kctx, logf, 0 /* min */, -1 /* max */,
+			       smb_krb5_debug_wrapper,
+				smb_krb5_debug_close, NULL);
+	if (ret) {
+		DEBUG(1,("krb5_addlog_func failed (%s)\n",
+			 smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+	krb5_set_warn_dest(kctx, logf);
 
 	/* Set use of our socket lib */
 	if (ev) {
@@ -515,13 +538,22 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
 		}
 	}
 
-	talloc_steal(parent_ctx, *smb_krb5_context);
-	talloc_free(tmp_ctx);
-
 	/* Set options in kerberos */
 
-	krb5_set_dns_canonicalize_hostname((*smb_krb5_context)->krb5_context,
-					   lpcfg_parm_bool(lp_ctx, NULL, "krb5", "set_dns_canonicalize", false));
+	krb5_set_dns_canonicalize_hostname(kctx,
+			lpcfg_parm_bool(lp_ctx, NULL, "krb5",
+					"set_dns_canonicalize", false));
+#else
+	ret = krb5_set_trace_callback(kctx, smb_krb5_debug_wrapper, NULL);
+	if (ret && ret != KRB5_TRACE_NOSUPP) {
+		DEBUG(1, ("krb5_set_trace_callback failed (%s)\n"
+			  smb_get_krb5_error_message(kctx, ret, tmp_ctx)));
+		talloc_free(tmp_ctx);
+		return ret;
+	}
+#endif
+	talloc_steal(parent_ctx, *smb_krb5_context);
+	talloc_free(tmp_ctx);
 
 	return 0;
 }

source4/auth/kerberos/krb5_init_context.h

@@ -22,10 +22,10 @@
 
 struct smb_krb5_context {
 	krb5_context krb5_context;
-	krb5_log_facility *logf;
+	void *pvt_log_data;
 	struct tevent_context *current_ev;
 };
-	
+
 struct tevent_context;
 struct loadparm_context;
 

source4/kdc/kdc.c

@@ -932,7 +932,7 @@ static void kdc_task_init(struct task_server *task)
 		return;
 	}
 
-	kdc->config->logf = kdc->smb_krb5_context->logf;
+	kdc->config->logf = (krb5_log_facility *)kdc->smb_krb5_context->pvt_log_data;
 	kdc->config->db = talloc(kdc, struct HDB *);
 	if (!kdc->config->db) {
 		task_server_terminate(task, "kdc: out of memory", true);