Revert "kdc: Quiet warning in FAST unwrap"

This reverts commit a9c0b8f2645d3fc0395a1451a9251253489a88bc.

From Joseph Sutton:

> I found that this commit would result in `KRB5KRB_AP_ERR_BAD_INTEGRITY`
> errors in Samba whenever explicit FAST armor was present. Reverting the
> commit made FAST work again.

> It should be safe to use `tgs_ac` here, since it will always be non-NULL if
> `r->explicit_armor_present` is true. Maybe a local variable
> `explicit_armor_present` (which would be assigned to
> `r->explicit_armor_present` before the function returns successfully) would
> help a static analyser to deduce that its value doesn't change within the
> function, and that `tgs_ac != NULL` still holds.

https://github.com/heimdal/heimdal/commit/a9c0b8f2645d3fc0395a1451a9251253489a88bc#commitcomment-95581208

diff --git a/kdc/fast.c b/kdc/fast.c
index efc61aba11322ba58ef5e36afc64f1d4edb8e18a..fd6c166ab8b842c2370487c569303ff3e130e071 100644 (file)
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -634,7 +634,7 @@ fast_unwrap_request(astgs_request_t r,
     if (r->explicit_armor_present) {
        ret = _krb5_fast_explicit_armor_key(r->context,
                                            &armorkey,
-                                           ac->remote_subkey,
+                                           tgs_ac->remote_subkey,
                                            &explicit_armorkey,
                                            &r->armor_crypto);
        if (ret)