From fc76c83ab1ea5a8271fdbb7b6fc78ecdac969896 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 18 Dec 2021 11:29:26 +1100 Subject: [PATCH] Revert "tgs-rep: always return canonical realm when force_canonicalize set" This reverts commit 6f81e4c93ba8d7936e8e60ef02d777d69c798c22. This patch may have originated in Samba from before force_canonicalize was supported. Because the server_principal argument to tgs_make_reply() is canonicalized prior to calling (if the server entry has force_canonicalize set), honoring it again in tgs_make_reply() is superfluous. --- kdc/krb5tgs.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index bb3c8eeb7..a3121c000 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -611,11 +611,7 @@ tgs_make_reply(astgs_request_t r, if(ret) goto out; - if (server->entry.flags.force_canonicalize) - ret = copy_Realm(&server->entry.principal->realm, &rep.ticket.realm); - else - ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); - + ret = copy_Realm(&server_principal->realm, &rep.ticket.realm); if (ret) goto out; _krb5_principal2principalname(&rep.ticket.sname, server_principal);