krb5: move disabling dns-canon to lower level init calls

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Nov 27 12:24:16 UTC 2019 on sn-devel-184

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 5aceae44eecbc866a857fae393b5e98757ada1f8..a51c3bd10c7969aa7bd0be308b1f6d9c96c0ada3 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -3611,6 +3611,12 @@ krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context)
                        error_message(ret));
        }
 #endif
+
+#ifdef SAMBA4_USES_HEIMDAL
+       /* Set options in kerberos */
+       krb5_set_dns_canonicalize_hostname(krb5_ctx, false);
+#endif
+
        *_krb5_context = krb5_ctx;
        return 0;
 }

diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 09e833632a34840173605c9cd2ec9550375245bf..639718cb6a659aca418f162935e6aeb1f2578c55 100644 (file)
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -511,6 +511,12 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx,
                return ret;
        }
 
+       /*
+        * This is already called in smb_krb5_init_context_common(),
+        * but krb5_set_config_files() may resets it.
+        */
+       krb5_set_dns_canonicalize_hostname(krb5_ctx, false);
+
        realm = lpcfg_realm(lp_ctx);
        if (realm != NULL) {
                ret = krb5_set_default_realm(krb5_ctx, realm);
@@ -578,10 +584,6 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx,
                return ret;
        }
        krb5_set_warn_dest(kctx, logf);
-
-       /* Set options in kerberos */
-
-       krb5_set_dns_canonicalize_hostname(kctx, false);
 #endif
        talloc_steal(parent_ctx, *smb_krb5_context);
        talloc_free(tmp_ctx);