Re: [SSSD] Properly wrap #include

Wed, 04 Nov 2009 10:37:44 -0800 

On Wed, Nov 04, 2009 at 12:24:40PM -0500, Stephen Gallagher wrote:
> Depending on the platform, krb5.h may be available as
>  #include <krb5.h>
> or
>  #include <krb5/krb5.h>
> 
> We were properly testing for this in krb5_common.h, but not in
> sdap_async.c
> 

Sorry, I forgot to post the attached patch, it fixes the includes, but
also add substitutions for missing API calls in older version of MIT
Kerberos.

bye,
Sumit

>From 31f99c1177d8f18ef44874bcccbedfc6014274e1 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 13 Oct 2009 13:53:32 +0200
Subject: [PATCH] add replacements for missing Kerberos calls

---
 server/Makefile.am                  |    8 ++-
 server/providers/krb5/krb5_auth.h   |    1 +
 server/providers/krb5/krb5_child.c  |   40 +++------------
 server/providers/krb5/krb5_common.h |    6 +--
 server/providers/ldap/sdap_async.c  |   16 +++---
 server/util/sss_krb5.c              |   92 +++++++++++++++++++++++++++++++++++
 server/util/sss_krb5.h              |   45 +++++++++++++++++
 7 files changed, 160 insertions(+), 48 deletions(-)
 create mode 100644 server/util/sss_krb5.c
 create mode 100644 server/util/sss_krb5.h

diff --git a/server/Makefile.am b/server/Makefile.am
index 81223f4..2173b17 100644
--- a/server/Makefile.am
+++ b/server/Makefile.am
@@ -247,6 +247,7 @@ dist_noinst_HEADERS = \
     util/util.h \
     util/strtonum.h \
     util/sss_ldap.h \
+    util/sss_krb5.h \
     config.h \
     monitor/monitor.h \
     monitor/monitor_interfaces.h \
@@ -469,7 +470,8 @@ libsss_ldap_la_SOURCES = \
     providers/ldap/ldap_common.c \
     providers/ldap/sdap_async.c \
     providers/ldap/sdap.c \
-    util/sss_ldap.c
+    util/sss_ldap.c \
+    util/sss_krb5.c
 libsss_ldap_la_CFLAGS = \
     $(AM_CFLAGS) \
     $(LDAP_CFLAGS) \
@@ -514,6 +516,7 @@ libsss_ipa_la_SOURCES = \
     providers/ldap/sdap_async.c \
     providers/ldap/sdap.c \
     util/sss_ldap.c \
+    util/sss_krb5.c \
     providers/krb5/krb5_utils.c \
     providers/krb5/krb5_common.c \
     providers/krb5/krb5_auth.c
@@ -530,7 +533,8 @@ libsss_ipa_la_LDFLAGS = \
 
 krb5_child_SOURCES = \
     $(SSSD_DEBUG_OBJ) \
-    providers/krb5/krb5_child.c
+    providers/krb5/krb5_child.c \
+    util/sss_krb5.c
 krb5_child_CFLAGS = \
     $(AM_CFLAGS) \
     $(POPT_CFLAGS) \
diff --git a/server/providers/krb5/krb5_auth.h 
b/server/providers/krb5/krb5_auth.h
index 95647e3..84eafec 100644
--- a/server/providers/krb5/krb5_auth.h
+++ b/server/providers/krb5/krb5_auth.h
@@ -26,6 +26,7 @@
 #ifndef __KRB5_AUTH_H__
 #define __KRB5_AUTH_H__
 
+#include "util/sss_krb5.h"
 #include "providers/dp_backend.h"
 #include "providers/krb5/krb5_common.h"
 
diff --git a/server/providers/krb5/krb5_child.c 
b/server/providers/krb5/krb5_child.c
index e67ff88..319775a 100644
--- a/server/providers/krb5/krb5_child.c
+++ b/server/providers/krb5/krb5_child.c
@@ -90,19 +90,13 @@ struct krb5_req {
     char *ccname;
 };
 
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
 static krb5_context krb5_error_ctx;
 static const char *__krb5_error_msg;
 #define KRB5_DEBUG(level, krb5_error) do { \
-    __krb5_error_msg = krb5_get_error_message(krb5_error_ctx, krb5_error); \
+    __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); 
\
     DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
-    krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
+    sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
 } while(0);
-#else
-#define KRB5_DEBUG(level, krb5_error) do { \
-    DEBUG(level, ("%d: kerberos error [%d]\n", __LINE__, krb5_error)); \
-} while(0);
-#endif
 
 struct response {
     size_t max_size;
@@ -181,20 +175,14 @@ static struct response *prepare_response_message(struct 
krb5_req *kr,
         ret = pack_response_packet(resp, PAM_SUCCESS, PAM_ENV_ITEM, msg);
         talloc_zfree(msg);
     } else {
-#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
-        krb5_msg = krb5_get_error_message(krb5_error_ctx, kerr);
+        krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr);
         if (krb5_msg == NULL) {
-            DEBUG(1, ("krb5_get_error_message failed.\n"));
+            DEBUG(1, ("sss_krb5_get_error_message failed.\n"));
             return NULL;
         }
 
         ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, krb5_msg);
-        krb5_free_error_message(krb5_error_ctx, krb5_msg);
-#else
-        msg = talloc_asprintf(kr, "Kerberos error [%d]", kerr);
-        ret = pack_response_packet(resp, pam_status, PAM_USER_INFO, msg);
-        talloc_zfree(msg);
-#endif
+        sss_krb5_free_error_message(krb5_error_ctx, krb5_msg);
     }
 
     if (ret != EOK) {
@@ -536,11 +524,7 @@ static int krb5_cleanup(void *ptr)
     if (kr == NULL) return EOK;
 
     if (kr->options != NULL) {
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
-        krb5_get_init_creds_opt_free(kr->ctx, kr->options);
-#else
-        free(kr->options);
-#endif
+        sss_krb5_get_init_creds_opt_free(kr->ctx, kr->options);
     }
 
     if (kr->creds != NULL) {
@@ -639,21 +623,11 @@ static int krb5_setup(struct pam_data *pd, const char 
*user_princ_str,
         goto failed;
     }
 
-#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
-    kerr = krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
+    kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
     if (kerr != 0) {
         KRB5_DEBUG(1, kerr);
         goto failed;
     }
-#else
-    kr->options = calloc(1, sizeof(krb5_get_init_creds_opt));
-    if (kr->options == NULL) {
-        DEBUG(1, ("calloc failed.\n"));
-        kerr = ENOMEM;
-        goto failed;
-    }
-    krb5_get_init_creds_opt_init(&kr->options);
-#endif
 
 /* TODO: set options, e.g.
  *  krb5_get_init_creds_opt_set_tkt_life
diff --git a/server/providers/krb5/krb5_common.h 
b/server/providers/krb5/krb5_common.h
index 5d784a5..60f6a82 100644
--- a/server/providers/krb5/krb5_common.h
+++ b/server/providers/krb5/krb5_common.h
@@ -28,14 +28,10 @@
 
 #include "config.h"
 #include <stdbool.h>
-#ifdef HAVE_KRB5_KRB5_H
-#include <krb5/krb5.h>
-#else
-#include <krb5.h>
-#endif
 
 #include "providers/dp_backend.h"
 #include "util/util.h"
+#include "util/sss_krb5.h"
 
 #define SSSD_KRB5_KDC "SSSD_KRB5_KDC"
 #define SSSD_KRB5_REALM "SSSD_KRB5_REALM"
diff --git a/server/providers/ldap/sdap_async.c 
b/server/providers/ldap/sdap_async.c
index dfdd267..bce2541 100644
--- a/server/providers/ldap/sdap_async.c
+++ b/server/providers/ldap/sdap_async.c
@@ -20,11 +20,11 @@
 */
 #include <ctype.h>
 #include <sasl/sasl.h>
-#include <krb5/krb5.h>
 
 #include "db/sysdb.h"
 #include "providers/ldap/sdap_async.h"
 #include "util/util.h"
+#include "util/sss_krb5.h"
 
 #define REALM_SEPARATOR '@'
 
@@ -991,7 +991,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
         krberr = krb5_get_default_realm(context, &realm_name);
         if (krberr) {
             DEBUG(2, ("Failed to get default realm name: %s\n",
-                      krb5_get_error_message(context, krberr)));
+                      sss_krb5_get_error_message(context, krberr)));
             ret = EFAULT;
             goto done;
         }
@@ -1032,7 +1032,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
     krberr = krb5_parse_name(context, full_princ, &kprinc);
     if (krberr) {
         DEBUG(2, ("Unable to build principal: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
@@ -1044,7 +1044,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
     }
     if (krberr) {
         DEBUG(2, ("Failed to read keytab file: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
@@ -1065,7 +1065,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
     krberr = krb5_cc_resolve(context, ccname, &ccache);
     if (krberr) {
         DEBUG(2, ("Failed to set cache name: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
@@ -1084,7 +1084,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
 
     if (krberr) {
         DEBUG(2, ("Failed to init credentials: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
@@ -1092,7 +1092,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
     krberr = krb5_cc_initialize(context, ccache, kprinc);
     if (krberr) {
         DEBUG(2, ("Failed to init ccache: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
@@ -1100,7 +1100,7 @@ static int sdap_krb5_get_tgt_sync(TALLOC_CTX *memctx,
     krberr = krb5_cc_store_cred(context, ccache, &my_creds);
     if (krberr) {
         DEBUG(2, ("Failed to store creds: %s\n",
-                  krb5_get_error_message(context, krberr)));
+                  sss_krb5_get_error_message(context, krberr)));
         ret = EFAULT;
         goto done;
     }
diff --git a/server/util/sss_krb5.c b/server/util/sss_krb5.c
new file mode 100644
index 0000000..59e278e
--- /dev/null
+++ b/server/util/sss_krb5.c
@@ -0,0 +1,92 @@
+/*
+    Authors:
+        Sumit Bose <sb...@redhat.com>
+
+    Copyright (C) 2009 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+#include <stdio.h>
+#include <errno.h>
+
+#include "config.h"
+
+#include "util/sss_krb5.h"
+
+
+
+const char *KRB5_CALLCONV sss_krb5_get_error_message(krb5_context ctx,
+                                               krb5_error_code ec)
+{
+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
+    return krb5_get_error_message(ctx, ec);
+#else
+    int ret;
+    char *s = NULL;
+    int size = sizeof("Kerberos error [XXXXXXXXXXXX]");
+
+    s = malloc(sizeof(char) * (size));
+    if (s == NULL) {
+        return NULL;
+    }
+
+    ret = snprintf(s, size, "Kerberos error [%12d]", ec);
+
+    if (ret < 0 || ret >= size) {
+        return NULL;
+    }
+
+    return s;
+#endif
+}
+
+void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s)
+{
+#ifdef HAVE_KRB5_GET_ERROR_MESSAGE
+    krb5_free_error_message(ctx, s);
+#else
+    free(s);
+#endif
+
+    return;
+}
+
+krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc(
+                                                  krb5_context context,
+                                                  krb5_get_init_creds_opt 
**opt)
+{
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+    return krb5_get_init_creds_opt_alloc(context, opt);
+#else
+    *opt = calloc(1, sizeof(krb5_get_init_creds_opt));
+    if (*opt == NULL) {
+        return ENOMEM;
+    }
+    krb5_get_init_creds_opt_init(*opt);
+
+    return 0;
+#endif
+}
+
+void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+                                                   krb5_get_init_creds_opt 
*opt)
+{
+#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
+        krb5_get_init_creds_opt_free(context, opt);
+#else
+        free(opt);
+#endif
+
+    return;
+}
diff --git a/server/util/sss_krb5.h b/server/util/sss_krb5.h
new file mode 100644
index 0000000..755cf81
--- /dev/null
+++ b/server/util/sss_krb5.h
@@ -0,0 +1,45 @@
+/*
+    Authors:
+        Sumit Bose <sb...@redhat.com>
+
+    Copyright (C) 2009 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SSS_KRB5_H__
+#define __SSS_KRB5_H__
+
+#include "config.h"
+
+#include <stdbool.h>
+
+#ifdef HAVE_KRB5_KRB5_H
+#include <krb5/krb5.h>
+#else
+#include <krb5.h>
+#endif
+
+const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context,
+                                                   krb5_error_code);
+
+void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context, const char *);
+
+krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_alloc(
+                                                 krb5_context context,
+                                                 krb5_get_init_creds_opt 
**opt);
+
+void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+                                                  krb5_get_init_creds_opt 
*opt);
+#endif /* __SSS_KRB5_H__ */
-- 
1.6.2.5


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to