heimdal: Honour KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME in parse_name_canon_rules()

This is called from gsskrb5_set_dns_canonicalize() and krb5_set_dns_canonicalize_hostname()
and is used by Samba to ensure that the AD DC sees the name as specified by the client.

We allow the krb5.conf to override, if specifically configured.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c
index 144966f24004f77936ef47ceb8c630255d2e3e81..c733442cf58bff0a29217529ce70fb7fa6803df6 100644 (file)
--- a/lib/krb5/principal.c
+++ b/lib/krb5/principal.c
@@ -1678,8 +1678,12 @@ parse_name_canon_rules(krb5_context context, char **rulestrs,
     }
 
     if (r[0].type == KRB5_NCRT_BOGUS) {
-        /* No rules, or no valid rules */
-        r[0].type = KRB5_NCRT_NSS;
+       /* No rules, or no valid rules */
+       if (context->flags & KRB5_CTX_F_DNS_CANONICALIZE_HOSTNAME) {
+           r[0].type = KRB5_NCRT_NSS;
+       } else {
+           r[0].type = KRB5_NCRT_AS_IS;
+       }
     }
 
     *rules = r;