From fd676a5005823baf79533409e88b5cd89697c573 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 22 Sep 2008 06:32:28 +0000
Subject: [PATCH] Patch from Shi Hosoda to add back windows XP SP2 compat that
 we have manged to break. This patch make it possible to use Samba4 with
 Windows XP SP2, way cool!

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23861 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/pkinit.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/kdc/pkinit.c b/kdc/pkinit.c
index 9a828cedf..b2c6def7a 100644
--- a/kdc/pkinit.c
+++ b/kdc/pkinit.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003 - 2006 Kungliga Tekniska Högskolan
+ * Copyright (c) 2003 - 2008 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
  * All rights reserved.
  *
@@ -676,7 +676,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 		      krb5_keyblock *reply_key,
 		      ContentInfo *content_info)
 {
-    const heim_oid *envelopedAlg = NULL, *sdAlg = NULL;
+    const heim_oid *envelopedAlg = NULL, *sdAlg = NULL, *evAlg = NULL;
     krb5_error_code ret;
     krb5_data buf, signed_data;
     size_t size;
@@ -699,9 +699,14 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	{
 	    do_win2k = 1;
 	}
+	sdAlg = oid_id_pkcs7_data();
+	evAlg = oid_id_pkcs7_data();
+	envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
 	break;
     }
     case PKINIT_27:
+	sdAlg = oid_id_pkrkeydata();
+	evAlg = oid_id_pkcs7_signedData();
 	break;
     default:
 	krb5_abortx(context, "internal pkinit error");
@@ -711,9 +716,6 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	ReplyKeyPack_Win2k kp;
 	memset(&kp, 0, sizeof(kp));
 
-	envelopedAlg = oid_id_rsadsi_des_ede3_cbc();
-	sdAlg = oid_id_pkcs7_data();
-
 	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
 	if (ret) {
 	    krb5_clear_error_string(context);
@@ -730,8 +732,6 @@ pk_mk_pa_reply_enckey(krb5_context context,
 	ReplyKeyPack kp;
 	memset(&kp, 0, sizeof(kp));
 
-	sdAlg = oid_id_pkrkeydata();
-
 	ret = copy_EncryptionKey(reply_key, &kp.replyKey);
 	if (ret) {
 	    krb5_clear_error_string(context);
@@ -820,7 +820,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
 			       client_params->cert,
 			       signed_data.data, signed_data.length,
 			       envelopedAlg,
-			       oid_id_pkcs7_signedData(), &buf);
+			       evAlg, &buf);
     if (ret)
 	goto out;