s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob

We need the target service without realm, but the proxy services with realm.

I have a domain with an w2008r2 server and a samba and now both generate
the same S4U_DELEGATION_INFO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail.d/delegation_info b/selftest/knownfail.d/delegation_info
deleted file mode 100644 (file)
index 418c2ff..0000000
--- a/selftest/knownfail.d/delegation_info
+++ /dev/null
@@ -1,2 +0,0 @@
-^samba4.rpc.pac.*ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour
-^samba4.rpc.pac.*ncacn_np.netr-mem-aes.s4u2proxy-aes

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 126001cb7186e806414002ae10c57807a53fc168..04fbc5cf4875003f6c5bc60b280ec4bded71c96b 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -833,14 +833,14 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
        }
        smb_krb5_free_data_contents(context, &old_data);
 
-       ret = krb5_unparse_name(context, server_principal, &server);
+       ret = krb5_unparse_name_flags(context, server_principal,
+                                     KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
        if (ret) {
                talloc_free(tmp_ctx);
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       ret = krb5_unparse_name_flags(context, proxy_principal,
-                                     KRB5_PRINCIPAL_UNPARSE_NO_REALM, &proxy);
+       ret = krb5_unparse_name(context, proxy_principal, &proxy);
        if (ret) {
                SAFE_FREE(server);
                talloc_free(tmp_ctx);