heimdal:lib/krb5: add krb5_mk_error_ext() helper function

This gives the caller the ability to skip the client_name
and only provide client_realm. This is required for
KDC_ERR_WRONG_REALM messages.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/heimdal/lib/krb5/mk_error.c b/source4/heimdal/lib/krb5/mk_error.c
index 5fee1d6bed6374496bd8e816be7d1f4178a4d085..7f0be713e04fd2aa033574d2dcf8463dcb4cd8c9 100644 (file)
--- a/source4/heimdal/lib/krb5/mk_error.c
+++ b/source4/heimdal/lib/krb5/mk_error.c
@@ -34,15 +34,16 @@
 #include "krb5_locl.h"
 
 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_mk_error(krb5_context context,
-             krb5_error_code error_code,
-             const char *e_text,
-             const krb5_data *e_data,
-             const krb5_principal client,
-             const krb5_principal server,
-             time_t *client_time,
-             int *client_usec,
-             krb5_data *reply)
+krb5_mk_error_ext(krb5_context context,
+                 krb5_error_code error_code,
+                 const char *e_text,
+                 const krb5_data *e_data,
+                 const krb5_principal server,
+                 const PrincipalName *client_name,
+                 const Realm *client_realm,
+                 time_t *client_time,
+                 int *client_usec,
+                 krb5_data *reply)
 {
     const char *e_text2 = NULL;
     KRB_ERROR msg;
@@ -78,10 +79,8 @@ krb5_mk_error(krb5_context context,
        static char unspec[] = "<unspecified realm>";
        msg.realm = unspec;
     }
-    if(client){
-       msg.crealm = &client->realm;
-       msg.cname = &client->name;
-    }
+    msg.crealm = rk_UNCONST(client_realm);
+    msg.cname = rk_UNCONST(client_name);
 
     ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
     if (e_text2)
@@ -92,3 +91,27 @@ krb5_mk_error(krb5_context context,
        krb5_abortx(context, "internal error in ASN.1 encoder");
     return 0;
 }
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_mk_error(krb5_context context,
+             krb5_error_code error_code,
+             const char *e_text,
+             const krb5_data *e_data,
+             const krb5_principal client,
+             const krb5_principal server,
+             time_t *client_time,
+             int *client_usec,
+             krb5_data *reply)
+{
+    const PrincipalName *client_name = NULL;
+    const Realm *client_realm = NULL;
+
+    if (client) {
+       client_realm = &client->realm;
+       client_name = &client->name;
+    }
+
+    return krb5_mk_error_ext(context, error_code, e_text, e_data,
+                            server, client_name, client_realm,
+                            client_time, client_usec, reply);
+}

diff --git a/source4/heimdal/lib/krb5/version-script.map b/source4/heimdal/lib/krb5/version-script.map
index 818e6e071cbd405d9127d2dbaa8b51e005faae85..4044147d4aa52c5152687231409ef50215ed4e44 100644 (file)
--- a/source4/heimdal/lib/krb5/version-script.map
+++ b/source4/heimdal/lib/krb5/version-script.map
@@ -435,6 +435,7 @@ HEIMDAL_KRB5_2.0 {
                krb5_make_principal;
                krb5_max_sockaddr_size;
                krb5_mk_error;
+               krb5_mk_error_ext;
                krb5_mk_priv;
                krb5_mk_rep;
                krb5_mk_req;