From b1ca153d94bfed416e74dbb6759583e740e2e7fa Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 15 Nov 2009 17:56:07 -0800
Subject: [PATCH] Simplify subkey usage for tgs-req, don't rewrite
 tgs-rep-sub-key keyuage for arcfour, its correct

---
 lib/krb5/crypto.c   |  1 -
 lib/krb5/get_cred.c | 19 +++++++------------
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 68233c290..8cc7b0602 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -2386,7 +2386,6 @@ usage2arcfour (krb5_context context, unsigned *usage)
 {
     switch (*usage) {
     case KRB5_KU_AS_REP_ENC_PART : /* 3 */
-    case KRB5_KU_TGS_REP_ENC_PART_SUB_KEY : /* 9 */
 	*usage = 8;
 	return 0;
     case KRB5_KU_USAGE_SEAL :  /* 22 */
diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index 63152bbfa..707213733 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -244,16 +244,12 @@ init_tgs_req (krb5_context context,
     if(ret)
 	goto fail;
     
-    ret = krb5_generate_subkey_extended(context, &krbtgt->session, 
-					ETYPE_NULL, &key);
+    ret = krb5_auth_con_generatelocalsubkey(context, ac, &krbtgt->session);
     if (ret)
 	goto fail;
     
-    ret = krb5_auth_con_setlocalsubkey(context, ac, key);
-    if (ret)
-	goto fail;
-    
-    ret = set_auth_data (context, &t->req_body, &in_creds->authdata, key);
+    ret = set_auth_data (context, &t->req_body, &in_creds->authdata,
+			 ac->local_subkey);
     if (ret)
 	goto fail;
     
@@ -265,12 +261,11 @@ init_tgs_req (krb5_context context,
     if(ret)
 	goto fail;
 
-    *subkey = key;
-    key = NULL;
-    
+    ret = krb5_auth_con_getlocalsubkey(context, ac, subkey);
+    if (ret)
+	goto fail;
+
 fail:
-    if (key)
-	krb5_free_keyblock (context, key);
     if (ac)
 	krb5_auth_con_free(context, ac);
     if (ret) {
-- 
2.11.4.GIT