From 52901849549289218faac3acfa059df07349ee9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 13 Feb 2006 11:48:21 +0000
Subject: [PATCH] update to new paChecksum definition, use hdb_entry_ex

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16733 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 2896fc28b..ce93e316c 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -175,13 +175,17 @@ pk_check_pkauthenticator(krb5_context context,
 	return ret;
     }
 	
-    if (a->paChecksum.length != checksum.checksum.length ||
-	memcmp(a->paChecksum.data, checksum.checksum.data, 
-	       checksum.checksum.length) != 0)
-    {
+    if (a->paChecksum == NULL) {
+	krb5_clear_error_string(context);
+	ret = KRB5_KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED;
+	goto out;
+    }
+
+    if (heim_octet_string_cmp(a->paChecksum, &checksum.checksum) != 0) {
 	krb5_clear_error_string(context);
 	ret = KRB5KRB_ERR_GENERIC;
     }
+out:
     free_Checksum(&checksum);
 
     return ret;
@@ -1122,7 +1126,7 @@ krb5_error_code
 _kdc_pk_mk_pa_reply(krb5_context context,
 		    krb5_kdc_configuration *config,
 		    pk_client_params *client_params,
-		    const hdb_entry *client,
+		    const hdb_entry_ex *client,
 		    const KDC_REQ *req,
 		    const krb5_data *req_buffer,
 		    krb5_keyblock **reply_key,
@@ -1379,7 +1383,7 @@ krb5_error_code
 _kdc_pk_check_client(krb5_context context,
 		     krb5_kdc_configuration *config,
 		     krb5_principal client_princ,
-		     const hdb_entry *client,
+		     const hdb_entry_ex *client,
 		     pk_client_params *client_params,
 		     char **subject_name)
 {