HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the server key

Currently the value is the same anyway as the session key is always of the
same type as server key up to now, but that will change shortly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135

Signed-off-by: Stefan Metzmacher <metze@samba.org>

2 files changed, 3 insertions, 4 deletions

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 3282d5e0800..db2c6262116 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -322,7 +322,6 @@ krb5_error_code
 _kdc_encode_reply(krb5_context context,
 		  krb5_kdc_configuration *config,
 		  KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
-		  krb5_enctype etype,
 		  int skvno, const EncryptionKey *skey,
 		  int ckvno, const EncryptionKey *reply_key,
 		  int rk_is_subkey,
@@ -349,7 +348,7 @@ _kdc_encode_reply(krb5_context context,
 	return KRB5KRB_ERR_GENERIC;
     }
 
-    ret = krb5_crypto_init(context, skey, etype, &crypto);
+    ret = krb5_crypto_init(context, skey, 0, &crypto);
     if (ret) {
         const char *msg;
 	free(buf);
@@ -1720,7 +1719,7 @@ _kdc_as_rep(krb5_context context,
     log_as_req(context, config, reply_key->keytype, setype, b);
 
     ret = _kdc_encode_reply(context, config,
-			    &rep, &et, &ek, setype, server->entry.kvno,
+			    &rep, &et, &ek, server->entry.kvno,
 			    &skey->key, client->entry.kvno,
 			    reply_key, 0, &e_text, reply);
     free_EncTicketPart(&et);
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index d59eb9731be..a71cfbff66c 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -987,7 +987,7 @@ tgs_make_reply(krb5_context context,
        etype list, even if we don't want a session key with
        DES3? */
     ret = _kdc_encode_reply(context, config,
-			    &rep, &et, &ek, et.key.keytype,
+			    &rep, &et, &ek,
 			    kvno,
 			    serverkey, 0, replykey, rk_is_subkey,
 			    e_text, reply);