6 files changed, 35 insertions, 27 deletions

diff --git a/source4/heimdal/kdc/headers.h b/source4/heimdal/kdc/headers.h
index 2240336e31..b9a828852a 100644
--- a/source4/heimdal/kdc/headers.h
+++ b/source4/heimdal/kdc/headers.h
@@ -104,6 +104,7 @@
 #ifndef NO_NTLM
 #include <heimntlm.h>
 #endif
+#include <kdc.h>
 #include <windc_plugin.h>
 
 #undef ALLOC
diff --git a/source4/heimdal/kdc/kdc_locl.h b/source4/heimdal/kdc/kdc_locl.h
index 9b291ac896..daf155839c 100644
--- a/source4/heimdal/kdc/kdc_locl.h
+++ b/source4/heimdal/kdc/kdc_locl.h
@@ -39,7 +39,6 @@
 #define __KDC_LOCL_H__
 
 #include "headers.h"
-#include "kdc.h"
 
 typedef struct pk_client_params pk_client_params;
 struct DigestREQ;
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 941a2e0572..ac495b1ac7 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -668,11 +668,11 @@ log_as_req(krb5_context context,
  */
 
 krb5_error_code
-_kdc_check_flags(krb5_context context,
-		 krb5_kdc_configuration *config,
-		 hdb_entry_ex *client_ex, const char *client_name,
-		 hdb_entry_ex *server_ex, const char *server_name,
-		 krb5_boolean is_as_req)
+kdc_check_flags(krb5_context context,
+		krb5_kdc_configuration *config,
+		hdb_entry_ex *client_ex, const char *client_name,
+		hdb_entry_ex *server_ex, const char *server_name,
+		krb5_boolean is_as_req)
 {
     if(client_ex != NULL) {
 	hdb_entry *client = &client_ex->entry;
@@ -921,7 +921,6 @@ _kdc_as_rep(krb5_context context,
 		"AS-REQ malformed server name from %s", from);
 	goto out;
     }
-
     if(b->cname == NULL){
 	ret = KRB5KRB_ERR_GENERIC;
 	e_text = "No client in request";
@@ -1345,14 +1344,9 @@ _kdc_as_rep(krb5_context context,
      * with in a preauth mech.
      */
 
-    ret = _kdc_check_flags(context, config,
-			   client, client_name,
-			   server, server_name,
-			   TRUE);
-    if(ret)
-	goto out;
-
-    ret = _kdc_windc_client_access(context, client, req, &e_data);
+    ret = _kdc_check_access(context, config, client, client_name,
+			    server, server_name,
+			    req, &e_data);
     if(ret)
 	goto out;
 
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 3abdb18ae4..59104da3d6 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -1860,10 +1860,10 @@ server_lookup:
      * Check flags
      */
 
-    ret = _kdc_check_flags(context, config,
-			   client, cpn,
-			   server, spn,
-			   FALSE);
+    ret = kdc_check_flags(context, config,
+			  client, cpn,
+			  server, spn,
+			  FALSE);
     if(ret)
 	goto out;
 
diff --git a/source4/heimdal/kdc/windc.c b/source4/heimdal/kdc/windc.c
index fe3cd997e7..9d7fa52cea 100644
--- a/source4/heimdal/kdc/windc.c
+++ b/source4/heimdal/kdc/windc.c
@@ -99,12 +99,22 @@ _kdc_pac_verify(krb5_context context,
 }
 
 krb5_error_code
-_kdc_windc_client_access(krb5_context context,
-			 struct hdb_entry_ex *client,
-			 KDC_REQ *req,
-			 krb5_data *e_data)
+_kdc_check_access(krb5_context context,
+		  krb5_kdc_configuration *config,
+		  hdb_entry_ex *client_ex, const char *client_name,
+		  hdb_entry_ex *server_ex, const char *server_name,
+		  KDC_REQ *req,
+		  krb5_data *e_data)
 {
     if (windcft == NULL)
-	return 0;
-    return (windcft->client_access)(windcctx, context, client, req, e_data);
+	    return kdc_check_flags(context, config,
+				   client_ex, client_name,
+				   server_ex, server_name,
+				   req->msg_type == krb_as_req);
+
+    return (windcft->client_access)(windcctx, 
+				    context, config, 
+				    client_ex, client_name, 
+				    server_ex, server_name, 
+				    req, e_data);
 }
diff --git a/source4/heimdal/kdc/windc_plugin.h b/source4/heimdal/kdc/windc_plugin.h
index 34016694b2..c7efb7b852 100644
--- a/source4/heimdal/kdc/windc_plugin.h
+++ b/source4/heimdal/kdc/windc_plugin.h
@@ -64,10 +64,14 @@ typedef krb5_error_code
 
 typedef krb5_error_code
 (*krb5plugin_windc_client_access)(
-    void *, krb5_context, struct hdb_entry_ex *, KDC_REQ *, krb5_data *);
+	void *, krb5_context, 
+	krb5_kdc_configuration *config,
+	hdb_entry_ex *, const char *, 
+	hdb_entry_ex *, const char *, 
+	KDC_REQ *, krb5_data *);
 
 
-#define KRB5_WINDC_PLUGING_MINOR		3
+#define KRB5_WINDC_PLUGING_MINOR		4
 
 typedef struct krb5plugin_windc_ftable {
     int			minor_version;