From cb5262014aec070fe7121c079f3d26daec3abc9e Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 9 Jan 2023 22:29:58 -0600
Subject: [PATCH] Revert "kdc: Quiet warning in FAST unwrap"

This reverts commit a9c0b8f2645d3fc0395a1451a9251253489a88bc.

From Joseph Sutton:

> I found that this commit would result in `KRB5KRB_AP_ERR_BAD_INTEGRITY`
> errors in Samba whenever explicit FAST armor was present. Reverting the
> commit made FAST work again.

> It should be safe to use `tgs_ac` here, since it will always be non-NULL if
> `r->explicit_armor_present` is true. Maybe a local variable
> `explicit_armor_present` (which would be assigned to
> `r->explicit_armor_present` before the function returns successfully) would
> help a static analyser to deduce that its value doesn't change within the
> function, and that `tgs_ac != NULL` still holds.

https://github.com/heimdal/heimdal/commit/a9c0b8f2645d3fc0395a1451a9251253489a88bc#commitcomment-95581208
---
 kdc/fast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kdc/fast.c b/kdc/fast.c
index efc61aba1..fd6c166ab 100644
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -634,7 +634,7 @@ fast_unwrap_request(astgs_request_t r,
     if (r->explicit_armor_present) {
 	ret = _krb5_fast_explicit_armor_key(r->context,
 					    &armorkey,
-					    ac->remote_subkey,
+					    tgs_ac->remote_subkey,
 					    &explicit_armorkey,
 					    &r->armor_crypto);
 	if (ret)