From fb2a8b34c17a68da6f0712d83b55084efaa76e52 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Tue, 29 Apr 2014 18:22:55 +0200
Subject: auth/credentials-krb5: use get_kerberos_allowed_etypes().
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 auth/credentials/credentials_krb5.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'auth')

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 489a959daf8..05d29b0c984 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -595,7 +595,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 		return ret;
 	}
 
-#ifdef SAMBA4_USES_HEIMDAL /* MIT lacks krb5_get_default_in_tkt_etypes */
+
 	/*
 	 * transfer the enctypes from the smb_krb5_context to the gssapi layer
 	 *
@@ -607,9 +607,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 	 * and used for the AS-REQ, so it wasn't possible to disable the usage
 	 * of AES keys.
 	 */
-	min_stat = krb5_get_default_in_tkt_etypes(ccache->smb_krb5_context->krb5_context,
-						  KRB5_PDU_NONE,
-						  &etypes);
+	min_stat = get_kerberos_allowed_etypes(ccache->smb_krb5_context->krb5_context,
+					       &etypes);
 	if (min_stat == 0) {
 		OM_uint32 num_ktypes;
 
@@ -618,7 +617,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 		maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gcc->creds,
 							   num_ktypes,
 							   (int32_t *) etypes);
-		krb5_xfree (etypes);
+		SAFE_FREE(etypes);
 		if (maj_stat) {
 			talloc_free(gcc);
 			if (min_stat) {
@@ -630,7 +629,7 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
 			return ret;
 		}
 	}
-#endif
+
 #ifdef SAMBA4_USES_HEIMDAL /* MIT lacks GSS_KRB5_CRED_NO_CI_FLAGS_X */
 
 	/* don't force GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG */
-- 
cgit v1.2.1