kdc: call HDB audit function in both AS and TGS

Call the HDB audit method, if present, in both AS and TGS, immediately prior to generating an error response to send to the clinet.
2022-01-01 17:15:37 +11:00
parent 1e1c5dbbfc
commit 93c8d57091
4 changed files with 22 additions and 19 deletions
--- a/lib/hdb/hdb.h
+++ b/lib/hdb/hdb.h
@@ -305,7 +305,9 @@ typedef struct HDB {
    krb5_error_code (*hdb_password)(krb5_context, struct HDB*, hdb_entry_ex*, const char *, int);

    /**
-     * Authentication auditing
+     * Authentication auditing. Note that this function is called by
+     * both the AS and TGS, but currently only the AS sets the auth
+     * event type and details. This may change in a future version.
     *
     * Event details are available by querying the request using
     * heim_audit_getkv(HDB_REQUEST_KV_...).