(_kdc_tkt_add_if_relevant_ad): new function.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19259 ec53bebd-3082-4978-b11e-865c3cabbd6b

kdc/kerberos5.c

@@ -1538,3 +1538,64 @@ out2:
 	_kdc_free_ent(context, server);
     return ret;
 }
+
+/*
+ * Add the AuthorizationData `data<74> of `type<70> to the last element in
+ * the sequence of authorization_data in `tkt<6B> wrapped in an IF_RELEVANT
+ */
+
+krb5_error_code
+_kdc_tkt_add_if_relevant_ad(krb5_context context,
+			    EncTicketPart *tkt,
+			    int type,
+			    krb5_data *data)
+{
+    krb5_error_code ret;
+    size_t size;
+
+    if (tkt->authorization_data == NULL) {
+	tkt->authorization_data = calloc(1, sizeof(*tkt->authorization_data));
+	if (tkt->authorization_data == NULL) {
+	    krb5_set_error_string(context, "out of memory");
+	    return ENOMEM;
+	}
+    }
+	
+    /* add the entry to the last element */
+    {
+	AuthorizationData ad = { 0, NULL };
+	AuthorizationDataElement ade;
+
+	ade.ad_type = type;
+	ade.ad_data = *data;
+
+	ret = add_AuthorizationData(&ad, &ade);
+	if (ret) {
+	    krb5_set_error_string(context, "add AuthorizationData failed");
+	    return ret;
+	}
+
+	ade.ad_type = KRB5_AUTHDATA_IF_RELEVANT;
+
+	ASN1_MALLOC_ENCODE(AuthorizationData, 
+			   ade.ad_data.data, ade.ad_data.length, 
+			   &ad, &size, ret);
+	free_AuthorizationData(&ad);
+	if (ret) {
+	    krb5_set_error_string(context, "ASN.1 encode of "
+				  "AuthorizationData failed");
+	    return ret;
+	}
+	if (ade.ad_data.length != size)
+	    krb5_abortx(context, "internal asn.1 encoder error");
+	
+	ret = add_AuthorizationData(tkt->authorization_data, &ade);
+	der_free_octet_string(&ade.ad_data);
+	if (ret) {
+	    krb5_set_error_string(context, "add AuthorizationData failed");
+	    return ret;
+	}
+    }
+
+    return 0;
+}