kdc: call HDB audit function in both AS and TGS

Call the HDB audit method, if present, in both AS and TGS, immediately prior to
generating an error response to send to the clinet.

kdc/kerberos5.c

@@ -77,23 +77,6 @@ audited_auth_event_p(astgs_request_t r)
     return !!_kdc_audit_getkv((kdc_request_t)r, HDB_REQUEST_KV_AUTH_EVENT_TYPE);
 }
 
-/*
- * Notify the HDB backend of the audited event.
- */
-
-static krb5_error_code
-notify_hdb_audit(astgs_request_t r)
-{
-    struct HDB *hdb;
-
-    hdb = r->clientdb ? r->clientdb : r->config->db[0];
-
-    if (hdb && hdb->hdb_audit && audited_auth_event_p(r))
-	return hdb->hdb_audit(r->context, hdb, r->client, (hdb_request_t)r);
-
-    return 0;
-}
-
 void
 _kdc_fix_time(time_t **t)
 {
@@ -2770,7 +2753,7 @@ _kdc_as_rep(astgs_request_t r)
 
 out:
     r->ret = ret;
-    notify_hdb_audit(r);
+    _kdc_hdb_audit(r);
 
     /*
      * In case of a non proxy error, build an error message.

kdc/krb5tgs.c

@@ -2575,6 +2575,7 @@ _kdc_tgs_rep(astgs_request_t r)
 
 out:
     r->ret = ret;
+    _kdc_hdb_audit(r);
 
     if(ret && ret != HDB_ERR_NOT_FOUND_HERE && data->data == NULL){
 	METHOD_DATA error_method = { 0, NULL };

kdc/misc.c

@@ -341,3 +341,20 @@ _kdc_include_pac_p(astgs_request_t r)
 
     return !!(r->pac_attributes & (KRB5_PAC_WAS_REQUESTED | KRB5_PAC_WAS_GIVEN_IMPLICITLY));
 }
+
+/*
+ * Notify the HDB backend of the audited event.
+ */
+
+krb5_error_code
+_kdc_hdb_audit(astgs_request_t r)
+{
+    struct HDB *hdb;
+
+    hdb = r->clientdb ? r->clientdb : r->config->db[0];
+
+    if (hdb && hdb->hdb_audit)
+	return hdb->hdb_audit(r->context, hdb, r->client, (hdb_request_t)r);
+
+    return 0;
+}