From 8ac00b066c893f9da5ac44f9391e41ad018d08bc Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 8 Nov 2017 11:57:08 +0100
Subject: HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on
 the server key

Currently the value is the same anyway as the session key is always of the
same type as server key up to now, but that will change shortly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/heimdal/kdc/kerberos5.c | 5 ++---
 source4/heimdal/kdc/krb5tgs.c   | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

(limited to 'source4')

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 3282d5e0800..db2c6262116 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -322,7 +322,6 @@ krb5_error_code
 _kdc_encode_reply(krb5_context context,
 		  krb5_kdc_configuration *config,
 		  KDC_REP *rep, const EncTicketPart *et, EncKDCRepPart *ek,
-		  krb5_enctype etype,
 		  int skvno, const EncryptionKey *skey,
 		  int ckvno, const EncryptionKey *reply_key,
 		  int rk_is_subkey,
@@ -349,7 +348,7 @@ _kdc_encode_reply(krb5_context context,
 	return KRB5KRB_ERR_GENERIC;
     }
 
-    ret = krb5_crypto_init(context, skey, etype, &crypto);
+    ret = krb5_crypto_init(context, skey, 0, &crypto);
     if (ret) {
         const char *msg;
 	free(buf);
@@ -1720,7 +1719,7 @@ _kdc_as_rep(krb5_context context,
     log_as_req(context, config, reply_key->keytype, setype, b);
 
     ret = _kdc_encode_reply(context, config,
-			    &rep, &et, &ek, setype, server->entry.kvno,
+			    &rep, &et, &ek, server->entry.kvno,
 			    &skey->key, client->entry.kvno,
 			    reply_key, 0, &e_text, reply);
     free_EncTicketPart(&et);
diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c
index d59eb9731be..a71cfbff66c 100644
--- a/source4/heimdal/kdc/krb5tgs.c
+++ b/source4/heimdal/kdc/krb5tgs.c
@@ -987,7 +987,7 @@ tgs_make_reply(krb5_context context,
        etype list, even if we don't want a session key with
        DES3? */
     ret = _kdc_encode_reply(context, config,
-			    &rep, &et, &ek, et.key.keytype,
+			    &rep, &et, &ek,
 			    kvno,
 			    serverkey, 0, replykey, rk_is_subkey,
 			    e_text, reply);
-- 
cgit v1.2.1