Separate enterprise and canonicalize flags

The meaning of the two is different and we should
not implicitly set both if one was requested (this
aligns the logic with MIT kinit -C/-E options).

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

kuser/kinit.c

@@ -1058,7 +1058,7 @@ get_princ(krb5_context context, krb5_principal *principal, const char *name)
     user_realm = get_user_realm(context);
 
     if (name) {
-	if (canonicalize_flag || enterprise_flag)
+	if (enterprise_flag)
 	    parseflags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
 
 	parse_name_realm(context, name, parseflags, user_realm, &tmp);

lib/krb5/init_creds_pw.c

@@ -426,9 +426,7 @@ get_init_creds_common(krb5_context context,
     if (ctx->keyproc == NULL)
 	ctx->keyproc = default_s2k_func;
 
-    /* Enterprise name implicitly turns on canonicalize */
-    if ((ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE) ||
-	krb5_principal_get_type(context, client) == KRB5_NT_ENTERPRISE_PRINCIPAL)
+    if (ctx->ic_flags & KRB5_INIT_CREDS_CANONICALIZE)
 	ctx->flags.canonicalize = 1;
 
     ctx->pre_auth_types = NULL;

tests/kdc/check-pkinit.in

@@ -202,7 +202,7 @@ ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }
 ${kdestroy}
 
 echo "Trying pk-init (ms upn, enterprise)"; > messages.log
-${kinit}  --canonicalize \
+${kinit}  --canonicalize --enterprise \
 	-C FILE:${base}/pkinit4.crt,${keyfile2} baz2@test.h5l.se@${R} || \
 	{ ec=1 ; eval "${testfailed}"; }
 ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; }

tests/kdc/check-referral.in

@@ -137,7 +137,7 @@ ${klist} | grep "Principal: foo@${R}" > /dev/null || \
 ${kdestroy}
 
 echo "Getting client client tickets (default realm, enterprisename)"; > messages.log
-${kinit} --canonicalize \
+${kinit} --canonicalize --enterprise \
 	--password-file=${objdir}/foopassword foo@${R} || \
 	{ ec=1 ; eval "${testfailed}"; }
 echo "checking that we got back right principal"
@@ -146,7 +146,7 @@ ${klist} | grep "Principal: foo@${R}" > /dev/null || \
 ${kdestroy}
 
 echo "Getting client alias1 tickets"; > messages.log
-${kinit} --canonicalize \
+${kinit} --canonicalize --enterprise \
 	--password-file=${objdir}/foopassword foo@${R} || \
 	{ ec=1 ; eval "${testfailed}"; }
 echo "checking that we got back right principal"
@@ -156,7 +156,7 @@ ${kdestroy}
 
 
 echo "Getting client alias2 tickets"; > messages.log
-${kinit} --canonicalize \
+${kinit} --canonicalize --enterprise \
 	--password-file=${objdir}/foopassword alias2@${R}@${R} || \
 	{ ec=1 ; eval "${testfailed}"; }
 echo "checking that we got back right principal"
@@ -171,7 +171,7 @@ ${kinit} --password-file=${objdir}/foopassword \
 
 echo "Getting client alias2 tickets (removed)"; > messages.log
 ${kadmin} modify --alias=alias1 foo@${R} || { ec=1 ; eval "${testfailed}"; }
-${kinit} --canonicalize \
+${kinit} --canonicalize --enterprise \
 	--password-file=${objdir}/foopassword \
 	alias2@${R}@${R} > /dev/null 2>/dev/null && \
 	{ ec=1 ; eval "${testfailed}"; }