LU-4307 kerberos: compile errors with gss/kerberos support

[fs/lustre-release.git] / lustre / utils / gss / context_lucid.c

diff --git a/lustre/utils/gss/context_lucid.c b/lustre/utils/gss/context_lucid.c
index c1f669f..e95d11e 100644 (file)
--- a/lustre/utils/gss/context_lucid.c
+++ b/lustre/utils/gss/context_lucid.c
@@ -85,7 +85,7 @@ prepare_krb5_rfc1964_buffer(gss_krb5_lucid_context_v1_t *lctx,
 {
        char *p, *end;
        static int constant_zero = 0;
-       unsigned char fakeseed[16];
+       unsigned char fakeseed[16] = { 0 };
        uint32_t word_send_seq;
        gss_krb5_lucid_key_t enc_key;
        int i;
@@ -204,11 +204,10 @@ enum seal_alg {
  * We don't have "legal" access to these MIT-only
  * structures located in libk5crypto
  */
-extern void krb5int_enc_arcfour;
-extern void krb5int_enc_des3;
-extern void krb5int_enc_aes128;
-extern void krb5int_enc_aes256;
-extern int krb5_derive_key();
+extern void *krb5int_enc_arcfour;
+extern void *krb5int_enc_des3;
+extern void *krb5int_enc_aes128;
+extern void *krb5int_enc_aes256;
 
 static void
 key_lucid_to_krb5(const gss_krb5_lucid_key_t *lin, krb5_keyblock *kout)
@@ -257,8 +256,13 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
        int keylength;
        void *enc;
        krb5_keyblock kin, kout;  /* must send krb5_keyblock, not lucid! */
-#ifdef HAVE_HEIMDAL
+#if defined(HAVE_HEIMDAL) || HAVE_KRB5INT_DERIVE_KEY
        krb5_context kcontext;
+#endif
+#if HAVE_KRB5INT_DERIVE_KEY
+       krb5_key key_in, key_out;
+#endif
+#ifdef HAVE_HEIMDAL
        krb5_keyblock *outkey;
 #endif
 
@@ -316,12 +320,35 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
        ((char *)(datain.data))[4] = (char) extra;
 
 #ifdef HAVE_KRB5
+#if HAVE_KRB5INT_DERIVE_KEY
+       code = krb5_init_context(&kcontext);
+       if (code) {
+               free(out->data);
+               out->data = NULL;
+               goto out;
+       }
+       code = krb5_k_create_key(kcontext, &kin, &key_in);
+       if (code) {
+               free(out->data);
+               out->data = NULL;
+               goto out;
+       }
+       code = krb5_k_create_key(kcontext, &kout, &key_out);
+       if (code) {
+               free(out->data);
+               out->data = NULL;
+               goto out;
+       }
+       code = krb5int_derive_key(enc, key_in, &key_out, &datain,
+                                 DERIVE_RFC3961);
+#else  /* !HAVE_KRB5INT_DERIVE_KEY */
        code = krb5_derive_key(enc, &kin, &kout, &datain);
-#else
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else  /* !defined(HAVE_KRB5) */
        if ((code = krb5_init_context(&kcontext))) {
        }
        code = krb5_derive_key(kcontext, &kin, in->type, constant_data, K5CLENGTH, &outkey);
-#endif
+#endif /* defined(HAVE_KRB5) */
        if (code) {
                free(out->data);
                out->data = NULL;
@@ -329,14 +356,17 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
        }
 #ifdef HAVE_KRB5
        key_krb5_to_lucid(&kout, out);
-#else
+#if HAVE_KRB5INT_DERIVE_KEY
+       krb5_free_context(kcontext);
+#endif /* HAVE_KRB5INT_DERIVE_KEY */
+#else  /* !defined(HAVE_KRB5) */
        key_krb5_to_lucid(outkey, out);
        krb5_free_keyblock(kcontext, outkey);
        krb5_free_context(kcontext);
-#endif
+#endif /* defined(HAVE_KRB5) */
 
   out:
-       if (code)
+       if (code)
                printerr(0, "ERROR: %s: returning error %d (%s)\n",
                         __FUNCTION__, code, error_message(code));
        return (code);