heimdal: fix for w2000 from lha

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec  1 00:59:59 CET 2010 on sn-devel-104

diff --git a/source4/heimdal/lib/krb5/get_cred.c b/source4/heimdal/lib/krb5/get_cred.c
index 9e06770e64f0646da00f99dd2a34519be65898a7..901182192d03f7068bcbbd7d9ea0fbf22482cf9f 100644 (file)
--- a/source4/heimdal/lib/krb5/get_cred.c
+++ b/source4/heimdal/lib/krb5/get_cred.c
@@ -323,10 +323,11 @@ static krb5_error_code KRB5_CALLCONV
 decrypt_tkt_with_subkey (krb5_context context,
                         krb5_keyblock *key,
                         krb5_key_usage usage,
-                        krb5_const_pointer subkey,
+                        krb5_const_pointer skey,
                         krb5_kdc_rep *dec_rep)
 {
-    krb5_error_code ret;
+    const krb5_keyblock *subkey = skey;
+    krb5_error_code ret = 0;
     krb5_data data;
     size_t size;
     krb5_crypto crypto;
@@ -345,6 +346,17 @@ decrypt_tkt_with_subkey (krb5_context context,
                                          KRB5_KU_TGS_REP_ENC_PART_SUB_KEY,
                                          &dec_rep->kdc_rep.enc_part,
                                          &data);
+       /*
+        * If the is Windows 2000 DC, we need to retry with key usage
+        * 8 when doing ARCFOUR.
+        */
+       if (ret && subkey->keytype == ETYPE_ARCFOUR_HMAC_MD5) {
+           ret = krb5_decrypt_EncryptedData(context,
+                                            crypto,
+                                            8,
+                                            &dec_rep->kdc_rep.enc_part,
+                                            &data);
+       }
        krb5_crypto_destroy(context, crypto);
     }
     if (subkey == NULL || ret) {