From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 26 Apr 2010 18:55:10 +0000 (+0000)
Subject: On the iakerb branch, use krb5_auth_con_set_checksum_func for DES/DES3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f92682c5a2a4a5265f5ae67b3fbfec981ac9b4b;p=thirdparty%2Fkrb5.git

On the iakerb branch, use krb5_auth_con_set_checksum_func for DES/DES3
enctypes as well as the modern ones.  It works fine and it makes the
subkey available for the IAKERB checksum.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/iakerb@23943 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 89e3c61b59..484eedfd7b 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -414,7 +414,6 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
     struct gss_checksum_data cksum_struct;
     krb5_checksum md5;
     krb5_data ap_req;
-    krb5_data *checksum_data = NULL;
     unsigned char *ptr;
     unsigned char *t;
     unsigned int tlen;
@@ -434,22 +433,8 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
     cksum_struct.cred = cred;
     cksum_struct.checksum_data.data = NULL;
     cksum_struct.exts = exts;
-    switch (k_cred->keyblock.enctype) {
-    case ENCTYPE_DES_CBC_CRC:
-    case ENCTYPE_DES_CBC_MD4:
-    case ENCTYPE_DES_CBC_MD5:
-    case ENCTYPE_DES3_CBC_SHA1:
-        code = make_gss_checksum(context, ctx->auth_context, &cksum_struct,
-                                 &checksum_data);
-        if (code)
-            goto cleanup;
-        break;
-    default:
-        krb5_auth_con_set_checksum_func(context, ctx->auth_context,
-                                        make_gss_checksum, &cksum_struct);
-        break;
-    }
-
+    krb5_auth_con_set_checksum_func(context, ctx->auth_context,
+                                    make_gss_checksum, &cksum_struct);
 
     /* call mk_req.  subkey and ap_req need to be used or destroyed */
 
@@ -460,7 +445,7 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
 
     krb5_auth_con_set_authdata_context(context, ctx->auth_context, ad_context);
     code = krb5_mk_req_extended(context, &ctx->auth_context, mk_req_flags,
-                                checksum_data, k_cred, &ap_req);
+                                NULL, k_cred, &ap_req);
     krb5_auth_con_set_authdata_context(context, ctx->auth_context, NULL);
     krb5_free_data_contents(context, &cksum_struct.checksum_data);
     if (code)
@@ -506,8 +491,6 @@ make_ap_req_v1(context, ctx, cred, k_cred, ad_context,
     code = 0;
 
 cleanup:
-    if (checksum_data && checksum_data->data)
-        krb5_free_data_contents(context, checksum_data);
     if (ap_req.data)
         krb5_free_data_contents(context, &ap_req);