From 6f81e4c93ba8d7936e8e60ef02d777d69c798c22 Mon Sep 17 00:00:00 2001 From: Isaac Boukris Date: Wed, 31 Oct 2018 21:46:45 +0200 Subject: [PATCH] tgs-rep: always return canonical realm when force_canonicalize set This allows Samba to have a behaviour where even if canonicalize flag is not set, the canonical realm is returned, allowing a HDB module to require behaviour that is the same as Windows. Regression (for a HDB module wanting AD behaviour) was introduced by commit: 378f34b4be9865ed3949918fba8d2dd877b395c0 Signed-off-by: Isaac Boukris [abartlet@samba.org Similar to Samba commit a9e6119ca0c2a78ef314c3162122539ee834aa04 but made conditional on server->entry.flags.force_canonicalize to allow upstream submission] --- kdc/krb5tgs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index a3121c000..bb3c8eeb7 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -611,7 +611,11 @@ tgs_make_reply(astgs_request_t r, if(ret) goto out; - ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); + if (server->entry.flags.force_canonicalize) + ret = copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); + else + ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); + if (ret) goto out; _krb5_principal2principalname(&rep.ticket.sname, server_principal);