From: Uri Simchoni <uri@samba.org>
Date: Fri, 23 Sep 2016 16:28:10 +0000 (+0300)
Subject: heimdal: revert 1f90983324b9f5804dc57f87c5f7695b0e53db8d
X-Git-Url: http://git.samba.org/?p=metze%2Fsamba%2Fwip.git;a=commitdiff_plain;h=3f1f6e03cd38e241060ff10f1f153cc266dca888

heimdal: revert 1f90983324b9f5804dc57f87c5f7695b0e53db8d

A different version has gone upstream, fixing the problem
elsewhere.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct  3 11:12:29 CEST 2016 on sn-devel-144
---

diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index efc421521ce9..0a89ae1f36cf 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -427,12 +427,15 @@ init_auth
     /*
      * This is hideous glue for (NFS) clients that wants to limit the
      * available enctypes to what it can support (encryption in
-     * kernel).
+     * kernel). If there is no enctypes selected for this credential,
+     * reset it to the default set of enctypes.
      */
     {
-	if (cred && cred->enctypes) {
-	    krb5_set_default_in_tkt_etypes(context, cred->enctypes);
-	}
+	krb5_enctype *enctypes = NULL;
+
+	if (cred && cred->enctypes)
+	    enctypes = cred->enctypes;
+	krb5_set_default_in_tkt_etypes(context, enctypes);
     }
 
     /* canon name if needed for client + target realm */