From d684f11da759490a8d98d7b790796106285f4084 Mon Sep 17 00:00:00 2001
From: Hiroki Sato <hrs@FreeBSD.org>
Date: Wed, 4 Apr 2018 04:21:19 +0000
Subject: Import Heimdal 7.5.0.

---
 lib/kafs/afskrb5.c | 26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

(limited to 'lib/kafs/afskrb5.c')

diff --git a/lib/kafs/afskrb5.c b/lib/kafs/afskrb5.c
index c04f43abbc25..6033f2958b45 100644
--- a/lib/kafs/afskrb5.c
+++ b/lib/kafs/afskrb5.c
@@ -51,10 +51,6 @@ v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
 
     kt->ticket = NULL;
 
-    /* check if des key */
-    if (cred->session.keyvalue.length != 8)
-	return EINVAL;
-
     if (local524) {
 	Ticket t;
 	unsigned char *buf;
@@ -98,8 +94,16 @@ v5_to_kt(krb5_creds *cred, uid_t uid, struct kafs_token *kt, int local524)
      * Build a struct ClearToken
      */
 
+    ret = _kafs_derive_des_key(cred->session.keytype,
+			       cred->session.keyvalue.data,
+			       cred->session.keyvalue.length,
+			       kt->ct.HandShakeKey);
+    if (ret) {
+	free(kt->ticket);
+	kt->ticket = NULL;
+	return ret;
+    }
     kt->ct.AuthHandle = kvno;
-    memcpy(kt->ct.HandShakeKey, cred->session.keyvalue.data, 8);
     kt->ct.ViceId = uid;
     kt->ct.BeginTimestamp = cred->times.starttime;
     kt->ct.EndTimestamp = cred->times.endtime;
@@ -163,21 +167,15 @@ get_cred(struct kafs_data *data, const char *name, const char *inst,
 	return ret;
     }
 
-    in_creds.session.keytype = ETYPE_DES_CBC_CRC;
-
     /* check if des is disable, and in that case enable it for afs */
-    invalid = krb5_enctype_valid(d->context, in_creds.session.keytype);
+    invalid = krb5_enctype_valid(d->context, ETYPE_DES_CBC_CRC);
     if (invalid)
-	krb5_enctype_enable(d->context, in_creds.session.keytype);
+	krb5_enctype_enable(d->context, ETYPE_DES_CBC_CRC);
 
     ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
-    if (ret) {
-	in_creds.session.keytype = ETYPE_DES_CBC_MD5;
-	ret = krb5_get_credentials(d->context, 0, d->id, &in_creds, &out_creds);
-    }
 
     if (invalid)
-	krb5_enctype_disable(d->context, in_creds.session.keytype);
+	krb5_enctype_disable(d->context, ETYPE_DES_CBC_CRC);
 
     krb5_free_principal(d->context, in_creds.server);
     krb5_free_principal(d->context, in_creds.client);
-- 
cgit v1.2.3