s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()

We should not supprise the callers by returning more keys than we asked to
filter by and avoids duplicating the protected_users logic within
samba_kdc_set_fixed_keys().

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

source4/kdc/db-glue.c

@@ -409,18 +409,12 @@ out:
 
 
 static int samba_kdc_set_random_keys(krb5_context context,
-				     struct samba_kdc_db_context *kdc_db_ctx,
-				     struct sdb_keys *keys,
-				     bool is_protected)
+				     uint32_t supported_enctypes,
+				     struct sdb_keys *keys)
 {
-	uint32_t supported_enctypes = ENC_ALL_TYPES;
 	struct ldb_val secret_val;
 	uint8_t secretbuffer[32];
 
-	if (is_protected) {
-		supported_enctypes &= ~ENC_RC4_HMAC_MD5;
-	}
-
 	/*
 	 * Fake keys until we have a better way to reject
 	 * non-pkinit requests.
@@ -674,9 +668,8 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
 	if ((ent_type == SAMBA_KDC_ENT_TYPE_CLIENT)
 	    && (userAccountControl & UF_SMARTCARD_REQUIRED)) {
 		ret = samba_kdc_set_random_keys(context,
-						kdc_db_ctx,
-						&entry->keys,
-						is_protected);
+						supported_enctypes,
+						&entry->keys);
 
 		*supported_enctypes_out = supported_enctypes;