Revert "TODO check_PAC"

This reverts commit 398e4ddda9af4e5af89fbe31c44ed19c2e2be807.

diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index 33a8be257c906150658ac48258d9c0415e4aee40..ee3ac3d8f539ce602d53b819152c6a65aa432472 100644 (file)
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -285,7 +285,6 @@ check_PAC(krb5_context context,
          hdb_entry_ex *krbtgt,
          const EncryptionKey *server_check_key,
          const EncryptionKey *server_sign_key,
-         const EncryptionKey *krbtgt_check_key,
          const EncryptionKey *krbtgt_sign_key,
          EncTicketPart *tkt,
          krb5_data *rspac,
@@ -330,8 +329,7 @@ check_PAC(krb5_context context,
 
                ret = krb5_pac_verify(context, pac, tkt->authtime,
                                      client_principal,
-                                     server_check_key,
-                                     krbtgt_check_key);
+                                     server_check_key, NULL);
                if (ret) {
                    krb5_pac_free(context, pac);
                    return ret;
@@ -1872,9 +1870,7 @@ server_lookup:
     ret = check_PAC(context, config, cp, NULL,
                    client, server, krbtgt,
                    &tkey_check->key,
-                   ekey,
-                   &tkey_check->key,
-                   &tkey_sign->key,
+                   ekey, &tkey_sign->key,
                    tgt, &rspac, &signedpath);
     if (ret) {
        const char *msg = krb5_get_error_message(context, ret);
@@ -2165,9 +2161,7 @@ server_lookup:
        ret = check_PAC(context, config, tp, dp,
                        client, server, krbtgt,
                        &clientkey->key,
-                       ekey,
-                       &tkey_check->key,
-                       &tkey_sign->key,
+                       ekey, &tkey_sign->key,
                        &adtkt, &rspac, &ad_signedpath);
        if (ret) {
            const char *msg = krb5_get_error_message(context, ret);