diff options
Diffstat (limited to 'source4/heimdal/kdc')
-rw-r--r-- | source4/heimdal/kdc/kerberos5.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c index bf727ee739..0cac0765ca 100644 --- a/source4/heimdal/kdc/kerberos5.c +++ b/source4/heimdal/kdc/kerberos5.c @@ -1292,19 +1292,35 @@ _kdc_as_rep(krb5_context context, { const krb5_enctype *p; - int i, j; + int i, j, y; p = krb5_kerberos_enctypes(context); sessionetype = ETYPE_NULL; for (i = 0; p[i] != ETYPE_NULL && sessionetype == ETYPE_NULL; i++) { + /* check it's valid */ if (krb5_enctype_valid(context, p[i]) != 0) continue; - for (j = 0; j < b->etype.len; j++) { + + /* check if the client supports it */ + for (j = 0; j < b->etype.len && sessionetype == ETYPE_NULL; j++) { if (p[i] == b->etype.val[j]) { - sessionetype = p[i]; - break; + /* + * if the server (krbtgt) has explicit etypes, + * check if it also supports it + */ + if (server->entry.etypes) { + for (y = 0; y < server->entry.etypes->len; y++) { + if (p[i] == server->entry.etypes->val[y]) { + sessionetype = p[i]; + break; + } + } + } else { + sessionetype = p[i]; + break; + } } } } |