Add check_policy_as and check_policy_tgs to the DAL table with

corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and
CHECK_POLICY_TGS methods of db_invoke.

ticket: 6749
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 14 insertions, 6 deletions

diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index db5434d52b..b892a27485 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -1051,9 +1051,13 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client,
         return(KDC_ERR_MUST_USE_USER2USER);
     }
 
-    /*
-     * Check against local policy
-     */
+    /* Perform KDB module policy checks. */
+    errcode = krb5_db_check_policy_as(kdc_context, request, &client, &server,
+                                      kdc_time, status, e_data);
+    if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP)
+        return errcode;
+
+    /* Check against local policy. */
     errcode = against_local_policy_as(request, client, server,
                                       kdc_time, status, e_data);
     if (errcode)
@@ -1468,9 +1472,13 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server,
         return KRB_ERR_GENERIC;
     }
 
-    /*
-     * Check local policy
-     */
+    /* Perform KDB module policy checks. */
+    errcode = krb5_db_check_policy_tgs(kdc_context, request, &server,
+                                       ticket, status, e_data);
+    if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP)
+        return errcode;
+
+    /* Check local policy. */
     errcode = against_local_policy_tgs(request, server, ticket,
                                        status, e_data);
     if (errcode)