kdc: Fix leak and loss of kdc_check_flags() reason

We were losing and leaking the reason for which kdc_check_flags() was
rejecting any S4U requests, yielding incomplete error messages.

The issue is that kdc_check_flags() wants to check the client and server
principals in the input state structure, but doesn't know about
impersonated principal name, and so we want to pass it a state structure
that has the impersonated instead of the impersonator client name.  This
is a bad design, but I'm ignoring that for now and just fixing this one
leak.

kdc/windc.c

@@ -199,20 +199,15 @@ krb5_error_code
 _kdc_check_access(astgs_request_t r, KDC_REQ *req, METHOD_DATA *method_data)
 {
     krb5_context context = r->context;
-    krb5_kdc_configuration *config = r->config;
-    hdb_entry_ex *client_ex = r->client;
-    const char *client_name = r->cname;
-    hdb_entry_ex *server_ex = r->server;
-    const char *server_name = r->sname;
     krb5_error_code ret = KRB5_PLUGIN_NO_HANDLE;
     struct check_uc uc;
 
     if (have_plugin) {
-        uc.config = config;
-        uc.client_ex = client_ex;
-        uc.client_name = client_name;
-        uc.server_ex = server_ex;
-        uc.server_name = server_name;
+        uc.config = r->config;
+        uc.client_ex = r->client;
+        uc.client_name = r->cname;
+        uc.server_ex = r->server;
+        uc.server_name = r->sname;
         uc.req = req;
         uc.method_data = method_data;
 
@@ -221,7 +216,8 @@ _kdc_check_access(astgs_request_t r, KDC_REQ *req, METHOD_DATA *method_data)
     }
 
     if (ret == KRB5_PLUGIN_NO_HANDLE)
-	return kdc_check_flags(r, req->msg_type == krb_as_req);
+        return kdc_check_flags(r, req->msg_type == krb_as_req,
+                               r->client, r->server);
     return ret;
 }