s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c

These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

5 files changed, 101 insertions, 100 deletions

diff --git a/source3/include/secrets.h b/source3/include/secrets.h
index f397129b128..c40a9514164 100644
--- a/source3/include/secrets.h
+++ b/source3/include/secrets.h
@@ -133,6 +133,10 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
 				   uint32_t secure_channel,
 				   bool delete_join);
 
+char* kerberos_standard_des_salt( void );
+bool kerberos_secrets_store_des_salt( const char* salt );
+char *kerberos_secrets_fetch_salt_princ(void);
+
 /* The following definitions come from passdb/secrets_lsa.c  */
 NTSTATUS lsa_secret_get(TALLOC_CTX *mem_ctx,
 			const char *secret_name,
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 6cfbca69a07..cfb09a704cb 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -272,103 +272,6 @@ int ads_kdestroy(const char *cc_name)
 	return code;
 }
 
-/************************************************************************
- Return the standard DES salt key
-************************************************************************/
-
-char* kerberos_standard_des_salt( void )
-{
-	fstring salt;
-
-	fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() );
-	(void)strlower_m( salt );
-	fstrcat( salt, lp_realm() );
-
-	return SMB_STRDUP( salt );
-}
-
-/************************************************************************
-************************************************************************/
-
-static char* des_salt_key( void )
-{
-	char *key;
-
-	if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
-		     lp_realm()) == -1) {
-		return NULL;
-	}
-
-	return key;
-}
-
-/************************************************************************
-************************************************************************/
-
-bool kerberos_secrets_store_des_salt( const char* salt )
-{
-	char* key;
-	bool ret;
-
-	if ( (key = des_salt_key()) == NULL ) {
-		DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
-		return False;
-	}
-
-	if ( !salt ) {
-		DEBUG(8,("kerberos_secrets_store_des_salt: deleting salt\n"));
-		secrets_delete( key );
-		return True;
-	}
-
-	DEBUG(3,("kerberos_secrets_store_des_salt: Storing salt \"%s\"\n", salt));
-
-	ret = secrets_store( key, salt, strlen(salt)+1 );
-
-	SAFE_FREE( key );
-
-	return ret;
-}
-
-/************************************************************************
-************************************************************************/
-
-static
-char* kerberos_secrets_fetch_des_salt( void )
-{
-	char *salt, *key;
-
-	if ( (key = des_salt_key()) == NULL ) {
-		DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
-		return NULL;
-	}
-
-	salt = (char*)secrets_fetch( key, NULL );
-
-	SAFE_FREE( key );
-
-	return salt;
-}
-
-/************************************************************************
- Routine to get the salting principal for this service.
- Caller must free if return is not null.
- ************************************************************************/
-
-char *kerberos_secrets_fetch_salt_princ(void)
-{
-	char *salt_princ_s;
-	/* lookup new key first */
-
-	salt_princ_s = kerberos_secrets_fetch_des_salt();
-	if (salt_princ_s == NULL) {
-		/* fall back to host/machine.realm@REALM */
-		salt_princ_s = kerberos_standard_des_salt();
-	}
-
-	return salt_princ_s;
-}
-
 int create_kerberos_key_from_string(krb5_context context,
 					krb5_principal host_princ,
 					krb5_principal salt_princ,
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index e481d1d78a6..f92cabd757e 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -56,9 +56,6 @@ int kerberos_kinit_password_ext(const char *principal,
 				time_t renewable_time,
 				NTSTATUS *ntstatus);
 int ads_kdestroy(const char *cc_name);
-char* kerberos_standard_des_salt( void );
-bool kerberos_secrets_store_des_salt( const char* salt );
-char *kerberos_secrets_fetch_salt_princ(void);
 
 int kerberos_kinit_password(const char *principal,
 			    const char *password,
diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c
index 1b5ac672710..c76e7b298cf 100644
--- a/source3/libnet/libnet_keytab.c
+++ b/source3/libnet/libnet_keytab.c
@@ -22,6 +22,7 @@
 #include "includes.h"
 #include "smb_krb5.h"
 #include "ads.h"
+#include "secrets.h"
 #include "libnet/libnet_keytab.h"
 
 #ifdef HAVE_KRB5
diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 3f097ab4055..3f6d6b69f1c 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -553,6 +553,102 @@ bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const
 	return ret;
 }
 
+/************************************************************************
+ Return the standard DES salt key
+************************************************************************/
+
+char* kerberos_standard_des_salt( void )
+{
+	fstring salt;
+
+	fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() );
+	(void)strlower_m( salt );
+	fstrcat( salt, lp_realm() );
+
+	return SMB_STRDUP( salt );
+}
+
+/************************************************************************
+************************************************************************/
+
+static char* des_salt_key( void )
+{
+	char *key;
+
+	if (asprintf(&key, "%s/DES/%s", SECRETS_SALTING_PRINCIPAL,
+		     lp_realm()) == -1) {
+		return NULL;
+	}
+
+	return key;
+}
+
+/************************************************************************
+************************************************************************/
+
+bool kerberos_secrets_store_des_salt( const char* salt )
+{
+	char* key;
+	bool ret;
+
+	if ( (key = des_salt_key()) == NULL ) {
+		DEBUG(0,("kerberos_secrets_store_des_salt: failed to generate key!\n"));
+		return False;
+	}
+
+	if ( !salt ) {
+		DEBUG(8,("kerberos_secrets_store_des_salt: deleting salt\n"));
+		secrets_delete( key );
+		return True;
+	}
+
+	DEBUG(3,("kerberos_secrets_store_des_salt: Storing salt \"%s\"\n", salt));
+
+	ret = secrets_store( key, salt, strlen(salt)+1 );
+
+	SAFE_FREE( key );
+
+	return ret;
+}
+
+/************************************************************************
+************************************************************************/
+
+static
+char* kerberos_secrets_fetch_des_salt( void )
+{
+	char *salt, *key;
+
+	if ( (key = des_salt_key()) == NULL ) {
+		DEBUG(0,("kerberos_secrets_fetch_des_salt: failed to generate key!\n"));
+		return NULL;
+	}
+
+	salt = (char*)secrets_fetch( key, NULL );
+
+	SAFE_FREE( key );
+
+	return salt;
+}
+
+/************************************************************************
+ Routine to get the salting principal for this service.
+ Caller must free if return is not null.
+ ************************************************************************/
+
+char *kerberos_secrets_fetch_salt_princ(void)
+{
+	char *salt_princ_s;
+	/* lookup new key first */
+
+	salt_princ_s = kerberos_secrets_fetch_des_salt();
+	if (salt_princ_s == NULL) {
+		/* fall back to host/machine.realm@REALM */
+		salt_princ_s = kerberos_standard_des_salt();
+	}
+
+	return salt_princ_s;
+}
 
 /************************************************************************
  Routine to fetch the previous plaintext machine account password for a realm