From eb2670591cd09ce73d3c7a5b20bd4efa8011c9f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 6 Dec 2006 21:15:20 +0000
Subject: [PATCH] (_kdc_tkt_add_if_relevant_ad): new function.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19259 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/kerberos5.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 9a2da2e2d..2f0aff430 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -1538,3 +1538,64 @@ out2:
 	_kdc_free_ent(context, server);
     return ret;
 }
+
+/*
+ * Add the AuthorizationData `data´ of `type´ to the last element in
+ * the sequence of authorization_data in `tkt´ wrapped in an IF_RELEVANT
+ */
+
+krb5_error_code
+_kdc_tkt_add_if_relevant_ad(krb5_context context,
+			    EncTicketPart *tkt,
+			    int type,
+			    krb5_data *data)
+{
+    krb5_error_code ret;
+    size_t size;
+
+    if (tkt->authorization_data == NULL) {
+	tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
+	if (tkt->authorization_data == NULL) {
+	    krb5_set_error_string(context, "out of memory");
+	    return ENOMEM;
+	}
+    }
+	
+    /* add the entry to the last element */
+    {
+	AuthorizationData ad = { 0, NULL };
+	AuthorizationDataElement ade;
+
+	ade.ad_type = type;
+	ade.ad_data = *data;
+
+	ret = add_AuthorizationData(&ad, &ade);
+	if (ret) {
+	    krb5_set_error_string(context, "add AuthorizationData failed");
+	    return ret;
+	}
+
+	ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+
+	ASN1_MALLOC_ENCODE(AuthorizationData, 
+			   ade.ad_data.data, ade.ad_data.length, 
+			   &ad, &size, ret);
+	free_AuthorizationData(&ad);
+	if (ret) {
+	    krb5_set_error_string(context, "ASN.1 encode of "
+				  "AuthorizationData failed");
+	    return ret;
+	}
+	if (ade.ad_data.length != size)
+	    krb5_abortx(context, "internal asn.1 encoder error");
+	
+	ret = add_AuthorizationData(tkt->authorization_data, &ade);
+	der_free_octet_string(&ade.ad_data);
+	if (ret) {
+	    krb5_set_error_string(context, "add AuthorizationData failed");
+	    return ret;
+	}
+    }
+
+    return 0;
+}