lib/krb5_wrap: add smb_krb5_principal_set_realm().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

4 files changed, 50 insertions, 1 deletions

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index d5c0b37d282..8d91e1c074f 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2313,6 +2313,50 @@ char *smb_krb5_principal_get_realm(krb5_context context,
 #endif
 }
 
+/*
+ * smb_krb5_principal_set_realm
+ *
+ * @brief Get realm of a principal
+ *
+ * @param[in] context		The krb5_context
+ * @param[in] principal		The principal
+ * @param[in] realm		The realm
+ * @return			0 on success, a krb5_error_code on error.
+ *
+ */
+
+krb5_error_code smb_krb5_principal_set_realm(krb5_context context,
+					     krb5_principal principal,
+					     const char *realm)
+{
+#ifdef HAVE_KRB5_PRINCIPAL_SET_REALM /* Heimdal */
+	return krb5_principal_set_realm(context, principal, realm);
+#elif defined(krb5_princ_realm) && defined(krb5_princ_set_realm) /* MIT */
+	krb5_error_code ret;
+	krb5_data data;
+	krb5_data *old_data;
+
+	old_data = krb5_princ_realm(context, principal);
+
+	data.magic = 0;
+	data.length = strlen(realm);
+	data.data = malloc(data.length);
+	if (data.data == NULL) {
+		return ENOMEM;
+	}
+
+	/* free realm before setting */
+	free(old_data->data);
+
+	krb5_princ_set_realm(context, principal, &data);
+
+	return ret;
+#else
+#error UNKNOWN_PRINC_SET_REALM_FUNCTION
+#endif
+}
+
+
 /************************************************************************
  Routine to get the default realm from the kerberos credentials cache.
  Caller must free if the return value is not NULL.
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 36b60feebe9..03246fd0288 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -254,6 +254,10 @@ krb5_error_code smb_krb5_make_pac_checksum(TALLOC_CTX *mem_ctx,
 char *smb_krb5_principal_get_realm(krb5_context context,
 				   krb5_const_principal principal);
 
+krb5_error_code smb_krb5_principal_set_realm(krb5_context context,
+					     krb5_principal principal,
+					     const char *realm);
+
 char *kerberos_get_principal_from_service_hostname(TALLOC_CTX *mem_ctx,
 						   const char *service,
 						   const char *remote_name,
diff --git a/source4/heimdal_build/wscript_configure b/source4/heimdal_build/wscript_configure
index 5caef5c8c12..297422f6116 100755
--- a/source4/heimdal_build/wscript_configure
+++ b/source4/heimdal_build/wscript_configure
@@ -164,6 +164,7 @@ conf.define('HAVE_GSSAPI_GSSAPI_SPNEGO_H', 1)
 conf.define('HAVE_FLAGS_IN_KRB5_CREDS', 1)
 conf.define('HAVE_KRB5_CONFIG_GET_BOOL_DEFAULT', 1)
 conf.define('HAVE_KRB5_DATA_COPY', 1)
+conf.define('HAVE_KRB5_PRINCIPAL_SET_REALM', 1)
 
 heimdal_includedirs = []
 heimdal_libdirs = []
diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
index 3cef223a560..3293b3c7b4c 100644
--- a/wscript_configure_system_mitkrb5
+++ b/wscript_configure_system_mitkrb5
@@ -108,7 +108,7 @@ conf.CHECK_FUNCS('''
        krb5_free_checksum_contents krb5_c_make_checksum krb5_create_checksum
        krb5_config_get_bool_default krb5_get_profile
        krb5_data_copy
-       krb5_keyblock_init
+       krb5_keyblock_init krb5_principal_set_realm
        ''',
      lib='krb5 k5crypto')
 conf.CHECK_DECLS('''krb5_get_credentials_for_user