From ac73e9e2f5529346da66ee0a00c3014e00fc4d55 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@mit.edu>
Date: Tue, 6 Jan 2009 22:32:30 +0000
Subject: Patch from Luke Howard to make an explicit call to check the ACL for
 s4u delegations rather than relying on tl-data.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21712 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/include/kdb_ext.h | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/include')

diff --git a/src/include/kdb_ext.h b/src/include/kdb_ext.h
index 0b4c4a97f..87959538e 100644
--- a/src/include/kdb_ext.h
+++ b/src/include/kdb_ext.h
@@ -90,7 +90,7 @@ krb5_error_code krb5_db_invoke ( krb5_context kcontext,
 #define KRB5_KDB_METHOD_AUDIT_AS			0x00000050
 #define KRB5_KDB_METHOD_AUDIT_TGS			0x00000060
 #define KRB5_KDB_METHOD_REFRESH_POLICY			0x00000070
-#define KRB5_KDB_METHOD_GET_PAC_PRINC			0x00000080
+#define KRB5_KDB_METHOD_CHECK_ALLOWED_TO_DELEGATE	0x00000080
 
 typedef struct _kdb_sign_auth_data_req {
     krb5_magic magic;
@@ -162,4 +162,10 @@ typedef struct _kdb_audit_tgs_req {
     krb5_error_code error_code;
 } kdb_audit_tgs_req;
 
+typedef struct _kdb_check_allowed_to_delegate_req {
+    krb5_magic magic;
+    const krb5_db_entry *server;
+    krb5_const_principal proxy;
+} kdb_check_allowed_to_delegate_req;
+
 #endif /* KRB5_KDB5_EXT__ */
-- 
cgit