kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac()

We shall soon want to use this function for AS-REQs as well as TGS-REQs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

diff --git a/kdc/fast.c b/kdc/fast.c
index e6c523ced954d215feb53e5354baafe77eaf487c..1e5bdd45dfd15839db33392261119d5928b7fecc 100644 (file)
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -834,10 +834,9 @@ _kdc_free_fast_state(KDCFastState *state)
 }
 
 krb5_error_code
-_kdc_fast_check_armor_pac(astgs_request_t r)
+_kdc_fast_check_armor_pac(astgs_request_t r, int flags)
 {
     krb5_error_code ret;
-    int flags;
     krb5_boolean ad_kdc_issued = FALSE;
     krb5_pac mspac = NULL;
     krb5_principal armor_client_principal = NULL;
@@ -845,7 +844,6 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
     hdb_entry *armor_client = NULL;
     char *armor_client_principal_name = NULL;
 
-    flags = HDB_F_FOR_TGS_REQ;
     if (_kdc_synthetic_princ_used_p(r->context, r->armor_ticket))
        flags |= HDB_F_SYNTHETIC_OK;
     if (r->req.req_body.kdc_options.canonicalize)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 0bad42aa3b72d570d43b68ebc194c86c427c8219..1ded41616dc67826dae869742188fd3626c3a877 100644 (file)
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1908,7 +1908,7 @@ server_lookup:
 
     /* Validate armor TGT before potentially including device claims */
     if (priv->armor_ticket) {
-       ret = _kdc_fast_check_armor_pac(priv);
+       ret = _kdc_fast_check_armor_pac(priv, HDB_F_FOR_TGS_REQ);
        if (ret)
            goto out;
     }