lib/krb5: add krb5_mk_error_ext() helper function

This gives the caller the ability to skip the client_name
and only provide client_realm. This is required for
KDC_ERR_WRONG_REALM messages.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib/krb5/libkrb5-exports.def.in

@@ -440,6 +440,7 @@ EXPORTS
 	krb5_make_principal
 	krb5_max_sockaddr_size
 	krb5_mk_error
+	krb5_mk_error_ext
 	krb5_mk_priv
 	krb5_mk_rep
 	krb5_mk_req

lib/krb5/mk_error.c

@@ -34,15 +34,16 @@
 #include "krb5_locl.h"
 
 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
-krb5_mk_error(krb5_context context,
-	      krb5_error_code error_code,
-	      const char *e_text,
-	      const krb5_data *e_data,
-	      const krb5_principal client,
-	      const krb5_principal server,
-	      time_t *client_time,
-	      int *client_usec,
-	      krb5_data *reply)
+krb5_mk_error_ext(krb5_context context,
+		  krb5_error_code error_code,
+		  const char *e_text,
+		  const krb5_data *e_data,
+		  const krb5_principal server,
+		  const PrincipalName *client_name,
+		  const Realm *client_realm,
+		  time_t *client_time,
+		  int *client_usec,
+		  krb5_data *reply)
 {
     const char *e_text2 = NULL;
     KRB_ERROR msg;
@@ -78,10 +79,8 @@ krb5_mk_error(krb5_context context,
 	static char unspec[] = "<unspecified realm>";
 	msg.realm = unspec;
     }
-    if(client){
-	msg.crealm = &client->realm;
-	msg.cname = &client->name;
-    }
+    msg.crealm = rk_UNCONST(client_realm);
+    msg.cname = rk_UNCONST(client_name);
 
     ASN1_MALLOC_ENCODE(KRB_ERROR, reply->data, reply->length, &msg, &len, ret);
     if (e_text2)
@@ -92,3 +91,27 @@ krb5_mk_error(krb5_context context,
 	krb5_abortx(context, "internal error in ASN.1 encoder");
     return 0;
 }
+
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
+krb5_mk_error(krb5_context context,
+	      krb5_error_code error_code,
+	      const char *e_text,
+	      const krb5_data *e_data,
+	      const krb5_principal client,
+	      const krb5_principal server,
+	      time_t *client_time,
+	      int *client_usec,
+	      krb5_data *reply)
+{
+    const PrincipalName *client_name = NULL;
+    const Realm *client_realm = NULL;
+
+    if (client) {
+	client_realm = &client->realm;
+	client_name = &client->name;
+    }
+
+    return krb5_mk_error_ext(context, error_code, e_text, e_data,
+			     server, client_name, client_realm,
+			     client_time, client_usec, reply);
+}

lib/krb5/version-script.map

@@ -433,6 +433,7 @@ HEIMDAL_KRB5_2.0 {
 		krb5_make_principal;
 		krb5_max_sockaddr_size;
 		krb5_mk_error;
+		krb5_mk_error_ext;
 		krb5_mk_priv;
 		krb5_mk_rep;
 		krb5_mk_req;