From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 18 Oct 2012 17:11:28 +0000 (-0400)
Subject: Fix sam2 client preauth after salt changes
X-Git-Tag: krb5-1.11-alpha1~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9aa891fcdb4c08d39902ab89afb268042b60c86;p=thirdparty%2Fkrb5.git

Fix sam2 client preauth after salt changes

Commit bc096a77ffdab283d77c2e0fc1fdd15b9f77eb41 altered the internal
contracts relating to salts, but neglected to adjust the sam2 preauth
code to match.  Do that now.

(cherry picked from commit 787cc1e24117e57a9173aaaa16935f6488eb3fec)

ticket: 7415
version_fixed: 1.11
status: resolved
---

diff --git a/src/lib/krb5/krb/preauth_sam2.c b/src/lib/krb5/krb/preauth_sam2.c
index a5f6395978..22802074a2 100644
--- a/src/lib/krb5/krb/preauth_sam2.c
+++ b/src/lib/krb5/krb/preauth_sam2.c
@@ -153,6 +153,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
         /* Go ahead and get it now, preserving the ordering of  */
         /* prompts for the user.                                */
 
+        salt = (*rock->default_salt) ? NULL : rock->salt;
         retval = (*rock->gak_fct)(context, request->client, sc2b->sam_etype,
                                   prompter, prompter_data, rock->salt,
                                   rock->s2kparams, rock->as_key,
@@ -199,8 +200,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
     krb5int_set_prompt_types(context, (krb5_prompt_type *)NULL);
 
     /* Generate salt used by string_to_key() */
-    salt = rock->salt;
-    if (((int) salt->length == -1) && (salt->data == NULL)) {
+    if (*rock->default_salt) {
         if ((retval =
              krb5_principal2salt(context, request->client, &defsalt))) {
             krb5_free_sam_challenge_2(context, sc2);
@@ -209,6 +209,7 @@ sam2_process(krb5_context context, krb5_clpreauth_moddata moddata,
         }
         salt = &defsalt;
     } else {
+        salt = rock->salt;
         defsalt.length = 0;
     }