Fix sam2 client preauth after salt changes

Commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 altered the internal
contracts relating to salts, but neglected to adjust the sam2 preauth
code to match.  Do that now.

ticket: 7415 (new)
target_version: 1.11
tags: pullup

diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index a5f63959780d3241292cc46f53d4d472b66f4a00..22802074a22e40b34fb9ea13f66c955b50f120c6 100644 (file)
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -153,6 +153,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
         /* Go ahead and get it now, preserving the ordering of  */
         /* prompts for the user.                                */
 
+        salt = (*rock->default_salt) ? NULL : rock->salt;
         retval = (*rock->gak_fct)(context, request->client, sc2b->sam_etype,
                                   prompter, prompter_data, rock->salt,
                                   rock->s2kparams, rock->as_key,
@@ -199,8 +200,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
     krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
 
     /* Generate salt used by string_to_key() */
-    salt = rock->salt;
-    if (((int) salt->length == -1) && (salt->data == NULL)) {
+    if (*rock->default_salt) {
         if ((retval =
              krb5_principal2salt(context, request->client, &defsalt))) {
             krb5_free_sam_challenge_2(context, sc2);
@@ -209,6 +209,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
         }
         salt = &defsalt;
     } else {
+        salt = rock->salt;
         defsalt.length = 0;
     }