From c8bb9b555b490e594a458b3d71fb6dbb783b34db Mon Sep 17 00:00:00 2001
From: Theodore Tso <tytso@mit.edu>
Date: Wed, 1 Sep 1993 19:03:28 +0000
Subject: [PATCH] Modifications supplied by Ari Medvinsky to include the
 authorization data field in the authenticator.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2639 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/krb5/func-proto.h   |  6 ++++++
 src/include/krb5/krb5.h         |  1 +
 src/lib/krb5/asn.1/auth2kauth.c |  9 +++++++++
 src/lib/krb5/asn.1/kauth2auth.c |  7 +++++++
 src/lib/krb5/free/f_authent.c   |  2 ++
 src/lib/krb5/krb/copy_athctr.c  | 13 +++++++++++++
 src/lib/krb5/krb/mk_req_ext.c   | 15 ++++++---------
 7 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/src/include/krb5/func-proto.h b/src/include/krb5/func-proto.h
index 468e83e20..a1f3bc211 100644
--- a/src/include/krb5/func-proto.h
+++ b/src/include/krb5/func-proto.h
@@ -442,6 +442,12 @@ krb5_error_code krb5_recvauth PROTOTYPE((krb5_pointer,
 					 krb5_authenticator **));
 
 
+krb5_error_code  
+krb5_generate_authenticator PROTOTYPE(( krb5_authenticator *,
+				       const krb5_creds *,
+				       const krb5_checksum *, krb5_keyblock *,
+				       krb5_int32, krb5_authdata ** ));
+
 #ifdef NARROW_PROTOTYPES
 krb5_error_code krb5_walk_realm_tree
     PROTOTYPE((const krb5_data *,
diff --git a/src/include/krb5/krb5.h b/src/include/krb5/krb5.h
index 86eda61a2..c7c082cc9 100644
--- a/src/include/krb5/krb5.h
+++ b/src/include/krb5/krb5.h
@@ -95,6 +95,7 @@ typedef struct _krb5_authenticator {
     krb5_timestamp ctime;		/* client sec portion */
     krb5_keyblock *subkey;		/* true session key, optional */
     krb5_int32 seq_number;		/* sequence #, optional */
+    krb5_authdata **authorization_data; /* New add by Ari, auth data */
 } krb5_authenticator;
 
 typedef struct _krb5_tkt_authent {
diff --git a/src/lib/krb5/asn.1/auth2kauth.c b/src/lib/krb5/asn.1/auth2kauth.c
index 50cf1662a..5b44441a6 100644
--- a/src/lib/krb5/asn.1/auth2kauth.c
+++ b/src/lib/krb5/asn.1/auth2kauth.c
@@ -86,5 +86,14 @@ register int *error;
     if (val->optionals & opt_KRB5_Authenticator_seq__number) {
 	retval->seq_number = val->seq__number;
     }
+    if (val->authorization__data) {
+	retval->authorization_data =
+	    KRB5_AuthorizationData2krb5_authdata(val->authorization__data,
+						 error);
+	if (!retval->authorization_data) {
+	    krb5_free_authenticator(retval);
+	    return(0);
+	}
+    }
     return(retval);
 }
diff --git a/src/lib/krb5/asn.1/kauth2auth.c b/src/lib/krb5/asn.1/kauth2auth.c
index a6f0d0da7..c3e94dc2f 100644
--- a/src/lib/krb5/asn.1/kauth2auth.c
+++ b/src/lib/krb5/asn.1/kauth2auth.c
@@ -87,5 +87,12 @@ register int *error;
 	retval->seq__number = val->seq_number;
 	retval->optionals |= opt_KRB5_Authenticator_seq__number;
     }
+    if (val->authorization_data && *val->authorization_data) {
+	retval->authorization__data =
+	    krb5_authdata2KRB5_AuthorizationData(val->authorization_data, error);
+	if (!retval->authorization__data) {
+	    goto errout;
+	}
+    }
     return(retval);
 }
diff --git a/src/lib/krb5/free/f_authent.c b/src/lib/krb5/free/f_authent.c
index 90f3dad58..4e399b567 100644
--- a/src/lib/krb5/free/f_authent.c
+++ b/src/lib/krb5/free/f_authent.c
@@ -44,6 +44,8 @@ krb5_authenticator *val;
 	krb5_free_principal(val->client);
     if (val->subkey)
 	krb5_free_keyblock(val->subkey);
+    if (val->authorization_data)        
+       krb5_free_authdata(val->authorization_data);
     xfree(val);
     return;
 }
diff --git a/src/lib/krb5/krb/copy_athctr.c b/src/lib/krb5/krb/copy_athctr.c
index f2fa627d0..28a513873 100644
--- a/src/lib/krb5/krb/copy_athctr.c
+++ b/src/lib/krb5/krb/copy_athctr.c
@@ -70,6 +70,19 @@ krb5_authenticator **authto;
 	    }
     }
     
+    if (authfrom->authorization_data) {
+		retval = krb5_copy_authdata(authfrom->authorization_data,
+				    &tempto->authorization_data);
+		if (retval) {
+		    xfree(tempto->subkey);
+		    krb5_free_checksum(tempto->checksum);
+		    krb5_free_principal(tempto->client);    
+		    krb5_free_authdata(tempto->authorization_data);
+		    xfree(tempto);
+		    return retval;
+		}
+    }
+
     *authto = tempto;
     return 0;
 }
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index a9fe8a2d4..eed4df7d7 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -70,11 +70,6 @@ static char rcsid_mk_req_ext_c[] =
 
  returns system errors
 */
-static krb5_error_code generate_authenticator PROTOTYPE((krb5_authenticator *,
-							 const krb5_creds *,
-							 const krb5_checksum *,
-							 krb5_keyblock *,
-							 krb5_int32 ));
 
 krb5_error_code
 krb5_mk_req_extended(ap_req_options, checksum, kdc_options,
@@ -130,9 +125,9 @@ krb5_data *outbuf;
 	}
     }
 #define cleanup_key() {if (newkey) krb5_free_keyblock(*newkey);}
-    if (retval = generate_authenticator(&authent, creds, checksum,
-					newkey ? *newkey : 0,
-					sequence)) {
+    if (retval = krb5_generate_authenticator(&authent, creds, checksum,
+					     newkey ? *newkey : 0,
+					     sequence, creds->authdata)) {
 	cleanup_key();
 	cleanup_ticket();
 	return retval;
@@ -231,17 +226,19 @@ request.authenticator.ciphertext.data = 0;}
 }
 
 static krb5_error_code
-generate_authenticator(authent, creds, cksum, key, seq_number)
+krb5_generate_authenticator(authent, creds, cksum, key, seq_number, authorization)
 krb5_authenticator *authent;
 const krb5_creds *creds;
 const krb5_checksum *cksum;
 krb5_keyblock *key;
 krb5_int32 seq_number;
+krb5_authdata **authorization;
 {
     authent->client = creds->client;
     authent->checksum = (krb5_checksum *)cksum;
     authent->subkey = key;
     authent->seq_number = seq_number;
+    authent->authorization_data = authorization;
 
     return(krb5_us_timeofday(&authent->ctime, &authent->cusec));
 }
-- 
2.26.2