From 6f787893cd38aeadaf778d804abd06b85249e677 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 6 Jun 2007 22:14:36 +0000
Subject: [PATCH] (_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the
 signeddata oid

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20943 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 0216081b4..25782ebd8 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -375,7 +375,6 @@ _kdc_pk_rd_padata(krb5_context context,
     krb5_data eContent = { 0, NULL };
     krb5_data signed_content = { 0, NULL };
     const char *type = "unknown type";
-    const heim_oid *pa_contentType;
     int have_data = 0;
 
     *ret_params = NULL;
@@ -396,7 +395,6 @@ _kdc_pk_rd_padata(krb5_context context,
 	PA_PK_AS_REQ_Win2k r;
 
 	type = "PK-INIT-Win2k";
-	pa_contentType = oid_id_pkcs7_data();
 
 	ret = decode_PA_PK_AS_REQ_Win2k(pa->padata_value.data,
 					pa->padata_value.length,
@@ -422,7 +420,6 @@ _kdc_pk_rd_padata(krb5_context context,
 	PA_PK_AS_REQ r;
 
 	type = "PK-INIT-IETF";
-	pa_contentType = oid_id_pkauthdata();
 
 	ret = decode_PA_PK_AS_REQ(pa->padata_value.data,
 				  pa->padata_value.length,
@@ -548,7 +545,9 @@ _kdc_pk_rd_padata(krb5_context context,
     }
 
     /* Signature is correct, now verify the signed message */
-    if (der_heim_oid_cmp(&eContentType, pa_contentType)) {
+    if (der_heim_oid_cmp(&eContentType, oid_id_pkcs7_data()) != 0 &&
+	der_heim_oid_cmp(&eContentType, oid_id_pkauthdata()) != 0)
+    {
 	krb5_set_error_string(context, "got wrong oid for pkauthdata");
 	ret = KRB5_BADMSGTYPE;
 	goto out;