From 9140e5802452a80876afed11ebf455052ff177ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 3 Jan 2007 19:34:27 +0000
Subject: [PATCH] Get right key for PAC krbtgt verification.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19643 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/krb5tgs.c | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index edf2a622a..d5ad76440 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1663,12 +1663,26 @@ server_lookup:
     }
 
     /* check PAC if there is one */
-    ret = check_PAC(context, config, client, ekey, tgt, &require_signedpath);
-    if (ret) {
-	kdc_log(context, config, 0,
-		"check_PAC check failed for %s (%s) from %s with %s",
-		spn, cpn, from, krb5_get_err_text(context, ret));
-	goto out;
+    
+    {
+	Key *tkey;
+
+	ret = hdb_enctype2key(context, &krbtgt->entry, 
+			      krbtgt_etype, &tkey);
+	if(ret) {
+	    kdc_log(context, config, 0,
+		    "Failed to find key for krbtgt PAC check");
+	    goto out;
+	}
+
+	ret = check_PAC(context, config, client, &tkey->key, 
+			tgt, &require_signedpath);
+	if (ret) {
+	    kdc_log(context, config, 0,
+		    "check_PAC check failed for %s (%s) from %s with %s",
+		    spn, cpn, from, krb5_get_err_text(context, ret));
+	    goto out;
+	}
     }
 
     /* also check the krbtgt for signature */