From 4d1d6ed7849b0532e44f2fd742d4e07b649d6f66 Mon Sep 17 00:00:00 2001
From: Sebastien Buisson <sbuisson@ddn.com>
Date: Tue, 11 Dec 2018 01:57:55 +0900
Subject: [PATCH] LU-11750 krb5: krb5int_derive_key has 'hash' extra parameter

From Kerberos 5 release 1.15, and introduction of support of
aes-sha2, krb5int_derive_key() groks an additional 'hash' parameter.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I7c6ea5ac2d6844371b254b7361d28c462afe5afa
Reviewed-on: https://review.whamcloud.com/33817
Tested-by: Jenkins
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Jeremy Filizetti <jeremy.filizetti@gmail.com>
Reviewed-by: Li Dongyang <dongyangli@ddn.com>
Reviewed-by: James Simmons <uja.ornl@yahoo.com>
---
 lustre/autoconf/kerberos5.m4     |  7 +++++++
 lustre/utils/gss/context.h       | 13 +++++++++++++
 lustre/utils/gss/context_lucid.c |  4 ++--
 3 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/lustre/autoconf/kerberos5.m4 b/lustre/autoconf/kerberos5.m4
index 9472de6..c88da67 100644
--- a/lustre/autoconf/kerberos5.m4
+++ b/lustre/autoconf/kerberos5.m4
@@ -114,6 +114,13 @@ Kerberos v5 with GSS support not found at $krb5_with
     AC_CHECK_LIB($gssapi_lib, krb5int_derive_key,
       [HAVE_KRB5INT_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5INT_DERIVE_KEY, 1, [Define this if the function krb5int_derive_key is available])], ,$KRBLIBS)
 
+    dnl Version 1.15 introduced aes-sha2 support, which changes the
+    dnl number of paramters of function krb5int_derive_key.
+    if test $K5VERS -ge 1150; then
+       AC_DEFINE(HAVE_AES_SHA2_SUPPORT, 1,
+		[aes-sha2 is supported by krb5])
+    fi
+
     dnl Check for krb5_derive_key
     AC_CHECK_LIB($gssapi_lib, krb5_derive_key,
       [HAVE_KRB5_DERIVE_KEY=1; AC_DEFINE(HAVE_KRB5_DERIVE_KEY, 1, [Define this if the function krb5_derive_key is available])], ,$KRBLIBS)
diff --git a/lustre/utils/gss/context.h b/lustre/utils/gss/context.h
index 69df2d8..d19c0fe 100644
--- a/lustre/utils/gss/context.h
+++ b/lustre/utils/gss/context.h
@@ -50,10 +50,23 @@ enum deriv_alg {
 #endif
 };
 
+#ifdef HAVE_AES_SHA2_SUPPORT
 extern krb5_error_code krb5int_derive_key(const void *enc,
+					  const void *hash,
 					  krb5_key inkey, krb5_key *outkey,
 					  const krb5_data *in_constant,
 					  enum deriv_alg alg);
+#define ll_krb5int_derive_key(enc, inkey, outkey, in_constant, alg)	    \
+	krb5int_derive_key((enc), (NULL), (inkey), (outkey), (in_constant), \
+			   (alg))
+#else
+extern krb5_error_code krb5int_derive_key(const void *enc,
+					  krb5_key inkey, krb5_key *outkey,
+					  const krb5_data *in_constant,
+					  enum deriv_alg alg);
+#define ll_krb5int_derive_key(enc, inkey, outkey, in_constant, alg)	    \
+	krb5int_derive_key((enc), (inkey), (outkey), (in_constant), (alg))
+#endif
 extern krb5_error_code krb5_k_create_key(krb5_context context,
 					 const krb5_keyblock *key_data,
 					 krb5_key *out);
diff --git a/lustre/utils/gss/context_lucid.c b/lustre/utils/gss/context_lucid.c
index 275eed3..a24eda1 100644
--- a/lustre/utils/gss/context_lucid.c
+++ b/lustre/utils/gss/context_lucid.c
@@ -330,8 +330,8 @@ derive_key_lucid(const gss_krb5_lucid_key_t *in, gss_krb5_lucid_key_t *out,
 	if (code)
 		goto out;
 
-	code = krb5int_derive_key(enc, key_in, &key_out, &datain,
-				  DERIVE_RFC3961);
+	code = ll_krb5int_derive_key(enc, key_in, &key_out, &datain,
+				     DERIVE_RFC3961);
 
 	krb5_k_free_key(kcontext, key_in);
 	if (code == 0) {
-- 
1.8.3.1