From a550317253966c6feded683a859f8c50f298be74 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew@sprocks.gotdns.com>
Date: Wed, 12 Mar 2008 23:11:48 -0500
Subject: [PATCH] heimdal: Add parameter to windc_plugin to allow extended
 return codes.

These changes add a krb5_data parameter named e_data to the windc_plugin to
allow the samba KDC to return extended error information in addition to the
standard KRB5KDC_ERR_* codes.  Windows uses the extended information to provide
detailed information in user dialogs (e.g. account disabled, logon hours
restriction, must change password, etc.).

This particular commit modifies only heimdal code.  Hopefully this can be
submitted and accepted into the upstream heimdal codebase.
(This used to be commit f542362be25e7182a0836de7a0163f6b9fce9408)
---
 source4/heimdal/kdc/kdc-private.h  | 3 ++-
 source4/heimdal/kdc/kerberos5.c    | 2 +-
 source4/heimdal/kdc/windc.c        | 5 +++--
 source4/heimdal/kdc/windc_plugin.h | 2 +-
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/source4/heimdal/kdc/kdc-private.h b/source4/heimdal/kdc/kdc-private.h
index 030be9ae58b..4052e9b5090 100644
--- a/source4/heimdal/kdc/kdc-private.h
+++ b/source4/heimdal/kdc/kdc-private.h
@@ -281,6 +281,7 @@ krb5_error_code
 _kdc_windc_client_access (
 	krb5_context /*context*/,
 	struct hdb_entry_ex */*client*/,
-	KDC_REQ */*req*/);
+	KDC_REQ */*req*/,
+	krb5_data */*e_data*/);
 
 #endif /* __kdc_private_h__ */
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 40a9c9c972f..23ca5a035ec 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1043,7 +1043,7 @@ _kdc_as_rep(krb5_context context,
 	goto out;
     }
 
-    ret = _kdc_windc_client_access(context, client, req);
+    ret = _kdc_windc_client_access(context, client, req, &e_data);
     if(ret)
 	goto out;
 
diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c
index 395ab734328..85e4d7f725c 100644
--- a/source4/heimdal/kdc/windc.c
+++ b/source4/heimdal/kdc/windc.c
@@ -101,9 +101,10 @@ _kdc_pac_verify(krb5_context context,
 krb5_error_code
 _kdc_windc_client_access(krb5_context context,
 			 struct hdb_entry_ex *client,
-			 KDC_REQ *req)
+			 KDC_REQ *req,
+			 krb5_data *e_data)
 {
     if (windcft == NULL)
 	return 0;
-    return (windcft->client_access)(windcctx, context, client, req);
+    return (windcft->client_access)(windcctx, context, client, req, e_data);
 }
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h
index ec480cf950c..3ae0c94681e 100644
--- a/source4/heimdal/kdc/windc_plugin.h
+++ b/source4/heimdal/kdc/windc_plugin.h
@@ -64,7 +64,7 @@ typedef krb5_error_code
 
 typedef krb5_error_code 
 (*krb5plugin_windc_client_access)(
-    void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *);
+    void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *);
 
 
 #define KRB5_WINDC_PLUGING_MINOR		2
-- 
2.34.1