LU-11750 krb5: krb5int_derive_key has 'hash' extra parameter

From Kerberos 5 release 1.15, and introduction of support of
aes-sha2, krb5int_derive_key() groks an additional 'hash' parameter.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I7c6ea5ac2d6844371b254b7361d28c462afe5afa
Reviewed-on: https://review.whamcloud.com/33817
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Reviewed-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>

diff --git a/lustre/autoconf/kerberos5.m4 b/lustre/autoconf/kerberos5.m4
index 9472de6..c88da67 100644 (file)
--- a/lustre/autoconf/kerberos5.m4
+++ b/lustre/autoconf/kerberos5.m4
@@ -114,6 +114,13 @@ Kerberos v5 with GSS support not found at $krb5_with
     AC_CHECK_LIB($gssapi_lib, krb5int_derive_key,
       [HAVE_KRB5INT_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available])], ,$KRBLIBS)
 
+    dnl Version 1.15 introduced aes-sha2 support, which changes the
+    dnl number of paramters of function krb5int_derive_key.
+    if test $K5VERS -ge 1150; then
+       AC_DEFINE(HAVE_AES_SHA2_SUPPORT, 1,
+               [aes-sha2 is supported by krb5])
+    fi
+
     dnl Check for krb5_derive_key
     AC_CHECK_LIB($gssapi_lib, krb5_derive_key,
       [HAVE_KRB5_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available])], ,$KRBLIBS)

diff --git a/lustre/utils/gss/context.h b/lustre/utils/gss/context.h
index 69df2d8..d19c0fe 100644 (file)
--- a/lustre/utils/gss/context.h
+++ b/lustre/utils/gss/context.h
@@ -50,10 +50,23 @@ enum deriv_alg {
 #endif
 };
 
+#ifdef HAVE_AES_SHA2_SUPPORT
 extern krb5_error_code krb5int_derive_key(const void *enc,
+                                         const void *hash,
                                          krb5_key inkey, krb5_key *outkey,
                                          const krb5_data *in_constant,
                                          enum deriv_alg alg);
+#define ll_krb5int_derive_key(enc, inkey, outkey, in_constant, alg)        \
+       krb5int_derive_key((enc), (NULL), (inkey), (outkey), (in_constant), \
+                          (alg))
+#else
+extern krb5_error_code krb5int_derive_key(const void *enc,
+                                         krb5_key inkey, krb5_key *outkey,
+                                         const krb5_data *in_constant,
+                                         enum deriv_alg alg);
+#define ll_krb5int_derive_key(enc, inkey, outkey, in_constant, alg)        \
+       krb5int_derive_key((enc), (inkey), (outkey), (in_constant), (alg))
+#endif
 extern krb5_error_code krb5_k_create_key(krb5_context context,
                                         const krb5_keyblock *key_data,
                                         krb5_key *out);

diff --git a/lustre/utils/gss/context_lucid.c b/lustre/utils/gss/context_lucid.c
index 275eed3..a24eda1 100644 (file)
--- a/lustre/utils/gss/context_lucid.c
+++ b/lustre/utils/gss/context_lucid.c
@@ -330,8 +330,8 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
        if (code)
                goto out;
 
-       code = krb5int_derive_key(enc, key_in, &key_out, &datain,
-                                 DERIVE_RFC3961);
+       code = ll_krb5int_derive_key(enc, key_in, &key_out, &datain,
+                                    DERIVE_RFC3961);
 
        krb5_k_free_key(kcontext, key_in);
        if (code == 0) {