From 2f95e996eb16770f8c55a5590f8ebd979e60bbe4 Mon Sep 17 00:00:00 2001
From: Chris Provenzano <proven@mit.edu>
Date: Mon, 1 May 1995 20:48:26 +0000
Subject: [PATCH] 	* init_sec_context.c (krb5_gss_init_sec_context()) : 
 	The krb5_mk_rep() routine must always encode the data in 	
 the keyblock of the ticket, not the subkey.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5676 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/gssapi/krb5/ChangeLog          |  6 ++++
 src/lib/gssapi/krb5/init_sec_context.c | 45 ++++++++++++++++++++------
 2 files changed, 41 insertions(+), 10 deletions(-)

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 870f13f75..47f042e5d 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+Mon May 01 15:56:32 1995  Chris Provenzano (proven@mit.edu)
+
+	* init_sec_context.c (krb5_gss_init_sec_context()) :
+		The krb5_mk_rep() routine must always encode the data in
+		the keyblock of the ticket, not the subkey.
+
 Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
 
 	* *.[ch]: removed unneeded INTERFACE from non-api functions.
diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c
index 0e8bd86c4..5986b6e9e 100644
--- a/src/lib/gssapi/krb5/init_sec_context.c
+++ b/src/lib/gssapi/krb5/init_sec_context.c
@@ -174,8 +174,6 @@ krb5_gss_init_sec_context(context, minor_status, claimant_cred_handle,
     krb5_timestamp now;
     gss_buffer_desc token;
     int i;
-/* Remove this when server is fixed and this function goes away */
-krb5_error_code krb5_auth_con_setkey (); 
 
    /* set up return values so they can be "freed" successfully */
 
@@ -414,14 +412,41 @@ krb5_error_code krb5_auth_con_setkey ();
       sptr = (char *) ptr;                      /* PC compiler bug */
       TREAD_STR(sptr, ap_rep.data, ap_rep.length);
 
-/* A hack. Don't forget to remove the prototype for it above */
-krb5_auth_con_setkey(context, ctx->auth_context, ctx->subkey);
-      /* decode the ap_rep */
-      if (code = krb5_rd_rep(context,ctx->auth_context,&ap_rep,&ap_rep_data)) {
-	 (void)krb5_gss_delete_sec_context(context, minor_status, 
-					   context_handle, NULL);
-	 *minor_status = code;
-	 return(GSS_S_FAILURE);
+      	/* decode the ap_rep */
+      	if (code = krb5_rd_rep(context,ctx->auth_context,&ap_rep,&ap_rep_data)){
+	    /*
+	     * XXX A hack for backwards compatiblity.
+	     * To be removed in 1999 -- proven 
+	     */
+	    krb5_auth_con_setuseruserkey(context,ctx->auth_context,ctx->subkey);
+	    if (code = krb5_rd_rep(context, ctx->auth_context, &ap_rep,
+				   &ap_rep_data)) {
+	 	(void)krb5_gss_delete_sec_context(context, minor_status, 
+					          context_handle, NULL);
+		*minor_status = code;
+	 	return(GSS_S_FAILURE);
+	    }
+      	}
+
+      /* store away the sequence number */
+      ctx->seq_recv = ap_rep_data->seq_number;
+
+      /* free the ap_rep_data */
+      krb5_free_ap_rep_enc_part(context, ap_rep_data);
+
+      /* set established */
+      ctx->established = 1;
+
+      /* set returns */
+
+      if (time_rec) {
+	 if (code = krb5_timeofday(context, &now)) {
+	    (void)krb5_gss_delete_sec_context(context, minor_status, 
+					      (gss_ctx_id_t) ctx, NULL);
+	    *minor_status = code;
+	    return(GSS_S_FAILURE);
+
+	 }
       }
 
       /* store away the sequence number */
-- 
2.26.2