diff options
author | Greg Hudson <ghudson@mit.edu> | 2010-07-13 00:53:46 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2010-07-13 00:53:46 +0000 |
commit | 80a3846c5c7b04625b112b2ee555292f8347dd52 (patch) | |
tree | 300bfea2a49cc92cc6cd774f7541ccfc81a3e5cc /src/kdc/kdc_util.c | |
parent | 0d34b37b7abcdd2eba13d45df5feadf135e4602a (diff) | |
download | krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.gz krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.tar.xz krb5-80a3846c5c7b04625b112b2ee555292f8347dd52.zip |
Add check_policy_as and check_policy_tgs to the DAL table with
corresponding libkdb5 APIs, replacing the CHECK_POLICY_AS and
CHECK_POLICY_TGS methods of db_invoke.
ticket: 6749
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24184 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/kdc_util.c')
-rw-r--r-- | src/kdc/kdc_util.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index db5434d52b..b892a27485 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1051,9 +1051,13 @@ validate_as_request(register krb5_kdc_req *request, krb5_db_entry client, return(KDC_ERR_MUST_USE_USER2USER); } - /* - * Check against local policy - */ + /* Perform KDB module policy checks. */ + errcode = krb5_db_check_policy_as(kdc_context, request, &client, &server, + kdc_time, status, e_data); + if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP) + return errcode; + + /* Check against local policy. */ errcode = against_local_policy_as(request, client, server, kdc_time, status, e_data); if (errcode) @@ -1468,9 +1472,13 @@ validate_tgs_request(register krb5_kdc_req *request, krb5_db_entry server, return KRB_ERR_GENERIC; } - /* - * Check local policy - */ + /* Perform KDB module policy checks. */ + errcode = krb5_db_check_policy_tgs(kdc_context, request, &server, + ticket, status, e_data); + if (errcode && errcode != KRB5_PLUGIN_OP_NOTSUPP) + return errcode; + + /* Check local policy. */ errcode = against_local_policy_tgs(request, server, ticket, status, e_data); if (errcode) |