From 422419ddde9f4f89b93d04df8cc30b2e05f41d8d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 27 Jan 2022 17:42:28 +0100
Subject: [PATCH] kdc: add missing enctype = p[i] assignments to
 _kdc_find_etype()

This is needed when a service provides support for newer entry.etypes
without having a key for that encryption type yet.

It is triggered with svc_use_strongest_session_key=TRUE.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 kdc/kerberos5.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index c35ba5bce..71f379e09 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -275,6 +275,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
                      * enctype in its KDC-REQ-BODY's etype list, which is what
                      * `etypes' is here.
                      */
+                    enctype = p[i];
                     ret = 0;
                     break;
                 }
@@ -290,6 +291,7 @@ _kdc_find_etype(astgs_request_t r, uint32_t flags,
                      */
                     for (m = 0; m < princ->etypes->len; m++) {
                         if (p[i] == princ->etypes->val[m]) {
+                            enctype = p[i];
                             ret = 0;
                             break;
                         }