From 6a8b22c01ddf33a30db03aeb11730ed52ddf0954 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Tue, 16 Jan 2007 20:51:58 +0000
Subject: [PATCH] Revert previous, the PAC should always be verified using
 o->keyblock, just check on Windows.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19935 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/rd_req.c | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c
index 0ea0f0699..a895e5a29 100644
--- a/lib/krb5/rd_req.c
+++ b/lib/krb5/rd_req.c
@@ -846,16 +846,6 @@ krb5_rd_req_ctx(krb5_context context,
 						      KRB5_AUTHDATA_WIN2K_PAC,
 						      &data);
 	if (ret == 0) {
-	    krb5_keyblock *keyblock = o->keyblock;
-
-	    /*
-	     * Ticket protecting the PAC is the same that was used to
-	     * encrypt the ticket. So in case of enc_tkt_in_skey, the
-	     * sessionkey from the server's tkt should be used.
-	     */
-	    if (o->ap_req_options & KDC_OPT_ENC_TKT_IN_SKEY)
-		keyblock = &o->ticket->ticket.key;
-
 	    ret = krb5_pac_parse(context, data.data, data.length, &pac);
 	    krb5_data_free(&data);
 	    if (ret)
@@ -865,7 +855,7 @@ krb5_rd_req_ctx(krb5_context context,
 				  pac, 
 				  o->ticket->ticket.authtime,
 				  o->ticket->client, 
-				  keyblock,
+				  o->keyblock, 
 				  NULL);
 	    krb5_pac_free(context, pac);
 	    if (ret)