Stop using SALT_TYPE_AFS_LENGTH

In krb5_init_creds_ctx and krb5_clpreauth_rock_st, use a boolean to
track whether we're still using the default salt instead of
overloading salt.length.  In preauth2.c, process afs3 salt values like
we would in krb5int_des_string_to_key, and set an s2kparams indicator
instead of overloading salt.length.  Also use an s2kparams indicator
in kdb_cpw.c's add_key_pwd.  Remove the s2k code to handle overloaded
salt lengths, except for a sanity check.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25837 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 2 insertions, 6 deletions

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 752b40efc..23869c79c 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -754,6 +754,7 @@ struct krb5_clpreauth_rock_st {
     krb5_keyblock *as_key;
     krb5_gic_get_as_key_fct *gak_fct;
     void **gak_data;
+    krb5_boolean *default_salt;
     krb5_data *salt;
     krb5_data *s2kparams;
     krb5_principal client;
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
index bdd42063e..94a78a004 100644
--- a/src/include/krb5/krb5.hin
+++ b/src/include/krb5/krb5.hin
@@ -218,12 +218,7 @@ typedef struct _krb5_octet_data {
     krb5_octet *data;
 } krb5_octet_data;
 
-/*
- * Hack length for crypto library to use the afs_string_to_key It is
- * equivalent to -1 without possible sign extension
- * We also overload for an unset salt type length - which is also -1, but
- * hey, why not....
- */
+/* Originally used to recognize AFS and default salts.  No longer used. */
 #define SALT_TYPE_AFS_LENGTH UINT_MAX
 #define SALT_TYPE_NO_LENGTH  UINT_MAX