From 20d9dc9796e866775dd8242a47481b7bb0c8cbad Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 25 Jan 2006 22:47:10 +0000
Subject: r13144: This seems to be required for Samba4 to talk to Samba4, and
 to get the same session key.  I need to understand this more, but it works
 samba/samba, and I don't have access to windows doing AES (longhorn) yet.

Andrew Bartlett
(This used to be commit 38809b43a5d6bd668e9cb714573dc1e72ceff092)
---
 source4/heimdal/lib/gssapi/init_sec_context.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'source4/heimdal')

diff --git a/source4/heimdal/lib/gssapi/init_sec_context.c b/source4/heimdal/lib/gssapi/init_sec_context.c
index 61c020b800..be34d8b560 100644
--- a/source4/heimdal/lib/gssapi/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/init_sec_context.c
@@ -358,6 +358,7 @@ gsskrb5_initiator_start
     Checksum cksum;
     krb5_enctype enctype;
     krb5_data fwd_data;
+    int is_cfx;
 
     krb5_data_zero(&outbuf);
     krb5_data_zero(&fwd_data);
@@ -486,6 +487,16 @@ gsskrb5_initiator_start
 
 	enctype = (*context_handle)->auth_context->keyblock->keytype;
 
+	gsskrb5_is_cfx(*context_handle, &is_cfx);
+	
+	if (is_cfx != 0) {
+		kret = krb5_auth_con_addflags(gssapi_krb5_context,
+					      (*context_handle)->auth_context,
+					      KRB5_AUTH_CONTEXT_USE_SUBKEY,
+					      NULL);
+		(*context_handle)->more_flags |= ACCEPTOR_SUBKEY;
+	}
+	    
 	/* We need to create an Authenticator */
 	{
 		kret = krb5_build_authenticator (gssapi_krb5_context,
-- 
cgit