kdc: Have caller pass HDB_F_FOR_TGS_REQ into _kdc_fast_check_armor_pac()

We shall soon want to use this function for AS-REQs as well as TGS-REQs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

kdc/fast.c

@@ -835,10 +835,9 @@ _kdc_free_fast_state(KDCFastState *state)
 }
 
 krb5_error_code
-_kdc_fast_check_armor_pac(astgs_request_t r)
+_kdc_fast_check_armor_pac(astgs_request_t r, int flags)
 {
     krb5_error_code ret;
-    int flags;
     krb5_boolean ad_kdc_issued = FALSE;
     krb5_pac mspac = NULL;
     krb5_principal armor_client_principal = NULL;
@@ -846,7 +845,6 @@ _kdc_fast_check_armor_pac(astgs_request_t r)
     hdb_entry *armor_client = NULL;
     char *armor_client_principal_name = NULL;
 
-    flags = HDB_F_FOR_TGS_REQ;
     if (_kdc_synthetic_princ_used_p(r->context, r->armor_ticket))
 	flags |= HDB_F_SYNTHETIC_OK;
     if (r->req.req_body.kdc_options.canonicalize)

kdc/krb5tgs.c

@@ -2017,7 +2017,7 @@ server_lookup:
 
 	/* Validate armor TGT before potentially including device claims */
 	if (priv->armor_ticket) {
-	    ret = _kdc_fast_check_armor_pac(priv);
+	    ret = _kdc_fast_check_armor_pac(priv, HDB_F_FOR_TGS_REQ);
 	    if (ret)
 		goto out;
 	}