remove some heimdal dependencies we dont really need

and prepare for gssapi mit support


svn path=/trunk/; revision=13849

3 files changed, 33 insertions, 19 deletions

diff --git a/epan/dissectors/packet-kerberos.c b/epan/dissectors/packet-kerberos.c
index 083045a255..796b80e723 100644
--- a/epan/dissectors/packet-kerberos.c
+++ b/epan/dissectors/packet-kerberos.c
@@ -471,10 +471,9 @@ printf("woohoo decrypted keytype:%d in frame:%d\n", keytype, pinfo->fd->num);
 }
 
 #elif defined(HAVE_HEIMDAL_KERBEROS)
-
+#include <krb5.h>
 enc_key_t *enc_key_list=NULL;
 
-
 static void
 add_encryption_key(packet_info *pinfo, int keytype, int keylength, const char *keyvalue, char *origin)
 {
@@ -489,6 +488,11 @@ printf("added key in %d\n",pinfo->fd->num);
 	sprintf(new_key->key_origin, "%s learnt from frame %d",origin,pinfo->fd->num);
 	new_key->next=enc_key_list;
 	enc_key_list=new_key;
+	new_key->keytype=keytype;
+	new_key->keylength=keylength;
+	/*XXX this needs to be freed later */
+	new_key->keyvalue=g_memdup(keyvalue, keylength);
+/*QQQ
 	new_key->key.principal=NULL;
 	new_key->key.vno=0;
 	new_key->key.keyblock.keytype=keytype;
@@ -496,12 +500,15 @@ printf("added key in %d\n",pinfo->fd->num);
 	new_key->key.keyblock.keyvalue.data=g_malloc(keylength);
 	memcpy(new_key->key.keyblock.keyvalue.data, keyvalue, keylength);
 	new_key->key.timestamp=0;
+*/
 }
 
+
 static void
 read_keytab_file(char *filename, krb5_context *context)
 {
 	krb5_keytab keytab;
+	krb5_keytab_entry key;
 	krb5_error_code ret;
 	krb5_kt_cursor cursor;
 	enc_key_t *new_key;
@@ -523,7 +530,7 @@ read_keytab_file(char *filename, krb5_context *context)
 	do{
 		new_key=g_malloc(sizeof(enc_key_t));
 		new_key->next=enc_key_list;
-		ret = krb5_kt_next_entry(*context, keytab, &(new_key->key), &cursor);
+		ret = krb5_kt_next_entry(*context, keytab, &key, &cursor);
 		if(ret==0){
 			unsigned int i;
 			char *pos;
@@ -531,12 +538,14 @@ read_keytab_file(char *filename, krb5_context *context)
 			/* generate origin string, describing where this key came from */
 			pos=new_key->key_origin;
 			pos+=sprintf(pos, "keytab principal ");
-			for(i=0;i<new_key->key.principal->name.name_string.len;i++){
-				pos+=sprintf(pos,"%s%s",(i?"/":""),new_key->key.principal->name.name_string.val[i]);
+			for(i=0;i<key.principal->name.name_string.len;i++){
+				pos+=sprintf(pos,"%s%s",(i?"/":""),key.principal->name.name_string.val[i]);
 			}
-			pos+=sprintf(pos,"@%s",new_key->key.principal->realm);
+			pos+=sprintf(pos,"@%s",key.principal->realm);
 			*pos=0;
-
+			new_key->keytype=key.keyblock.keytype;
+			new_key->keylength=key.keyblock.keyvalue.length;
+			new_key->keyvalue=g_memdup(key.keyblock.keyvalue.data, key.keyblock.keyvalue.length);
 			enc_key_list=new_key;
 		}
 	}while(ret==0);
@@ -581,15 +590,19 @@ decrypt_krb5_data(proto_tree *tree, packet_info *pinfo,
 	}
 
 	for(ek=enc_key_list;ek;ek=ek->next){
+		krb5_keytab_entry key;
 		krb5_crypto crypto;
 		guint8 *cryptocopy; /* workaround for pre-0.6.1 heimdal bug */
 
 		/* shortcircuit and bail out if enctypes are not matching */
-		if(ek->key.keyblock.keytype!=keytype){
+		if(ek->keytype!=keytype){
 			continue;
 		}
 
-		ret = krb5_crypto_init(context, &(ek->key.keyblock), 0, &crypto);
+		key.keyblock.keytype=ek->keytype;
+		key.keyblock.keyvalue.length=ek->keylength;
+		key.keyblock.keyvalue.data=ek->keyvalue;
+		ret = krb5_crypto_init(context, &(key.keyblock), 0, &crypto);
 		if(ret){
 			return NULL;
 		}
diff --git a/epan/dissectors/packet-kerberos.h b/epan/dissectors/packet-kerberos.h
index 188d9a3da0..ff81e6a7fa 100644
--- a/epan/dissectors/packet-kerberos.h
+++ b/epan/dissectors/packet-kerberos.h
@@ -57,10 +57,11 @@ int dissect_krb5_realm(packet_info *pinfo, proto_tree *tree, tvbuff_t *tvb, int
 #define KRB_MAX_ORIG_LEN	256
 
 #ifdef HAVE_HEIMDAL_KERBEROS
-#include <krb5.h>
 typedef struct _enc_key_t {
 	struct _enc_key_t	*next;
-	krb5_keytab_entry	key;
+	int keytype;
+	int keylength;
+	char *keyvalue;
 	char 			key_origin[KRB_MAX_ORIG_LEN+1];
 } enc_key_t;
 extern enc_key_t *enc_key_list;
diff --git a/epan/dissectors/packet-spnego.c b/epan/dissectors/packet-spnego.c
index 77ecf1a775..6b61d39bf3 100644
--- a/epan/dissectors/packet-spnego.c
+++ b/epan/dissectors/packet-spnego.c
@@ -407,11 +407,11 @@ dissect_spnego_krb5(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 #ifdef HAVE_KERBEROS
 #include <epan/crypt-md5.h>
 
-#ifndef HAVE_KEYTYPE_ARCFOUR_56
+#ifndef KEYTYPE_ARCFOUR_56
 # define KEYTYPE_ARCFOUR_56 24
 #endif
 /* XXX - We should probably do a configure-time check for this instead */
-#ifndef HAVE_HEIMDAL_KERBEROS
+#ifndef KRB5_KU_USAGE_SEAL
 # define KRB5_KU_USAGE_SEAL 22
 #endif
 
@@ -664,7 +664,7 @@ decrypt_arcfour(packet_info *pinfo,
 #ifdef HAVE_HEIMDAL_KERBEROS
 
 static void
-decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int keytype)
+decrypt_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, int keytype)
 {
 	int ret;
 	enc_key_t *ek;
@@ -708,7 +708,7 @@ decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tv
 
 	for(ek=enc_key_list;ek;ek=ek->next){
 		/* shortcircuit and bail out if enctypes are not matching */
-		if(ek->key.keyblock.keytype!=keytype){
+		if(ek->keytype!=keytype){
 			continue;
 		}
 
@@ -722,9 +722,9 @@ decrypt_heimdal_gssapi_krb_arcfour_wrap(proto_tree *tree, packet_info *pinfo, tv
 		ret=decrypt_arcfour(pinfo,
 				cryptocopy,
 				output_message_buffer,
-				ek->key.keyblock.keyvalue.data,
-				ek->key.keyblock.keyvalue.length,
-				ek->key.keyblock.keytype
+				ek->keyvalue,
+				ek->keylength,
+				ek->keytype
 					    );
 		if (ret >= 0) {
 			proto_tree_add_text(tree, NULL, 0, 0, "[Decrypted using: %s]", ek->key_origin);
@@ -849,7 +849,7 @@ dissect_spnego_krb5_wrap_base(tvbuff_t *tvb, int offset, packet_info *pinfo
 					GSS_ARCFOUR_WRAP_TOKEN_SIZE);
 			}
 #ifdef HAVE_HEIMDAL_KERBEROS
-			decrypt_heimdal_gssapi_krb_arcfour_wrap(tree,
+			decrypt_gssapi_krb_arcfour_wrap(tree,
 				pinfo,
 				tvb,
 				23 /* rc4-hmac */);