From c40b4081cfe5b10cf80f893fab1f77435e2c3ac9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Wed, 20 Dec 2006 07:32:40 +0000
Subject: [PATCH] Announce that we support key exchange and add bits to detect
 when it wasn't used.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19470 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 kdc/digest.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/kdc/digest.c b/kdc/digest.c
index 554da6031..87abc9187 100644
--- a/kdc/digest.c
+++ b/kdc/digest.c
@@ -667,7 +667,8 @@ _kdc_do_digest(krb5_context context,
 	NTLM_NEG_SIGN| \
 	NTLM_NEG_SEAL| \
 	NTLM_NEG_ALWAYS_SIGN| \
-	NTLM_NEG_NTLM2_SESSION
+	NTLM_NEG_NTLM2_SESSION| \
+	NTLM_NEG_KEYEX
 
 	r.u.ntlmInitReply.flags |= (ireq.u.ntlmInit.flags & (ALL));
 
@@ -855,6 +856,13 @@ _kdc_do_digest(krb5_context context,
 		MD4_CTX ctx;
 		RC4_KEY rc4;
 
+		if ((flags & NTLM_NEG_KEYEX) == 0) {
+		    krb5_set_error_string(context,
+					  "NTLM client failed to neg key "
+					  "exchange but still sent key");
+		    goto out;
+		}
+
 		if (ireq.u.ntlmRequest.sessionkey->length != sizeof(masterkey)){
 		    krb5_set_error_string(context,
 					  "NTLM master key wrong length: %lu",