s3:winbind: Use the canonical principal name to renew the credentials

The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8246ccc23d064147412bb3475e6431a9fffc0d27)

diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index 88847b1ab97ce2595a5c56cbdf2d8caa04937c19..6c65db6a73f2e10ffa194d6854ba7d9b83754753 100644 (file)
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -209,7 +209,7 @@ rekinit:
        set_effective_uid(entry->uid);
 
        ret = smb_krb5_renew_ticket(entry->ccname,
-                                   entry->principal_name,
+                                   entry->canon_principal,
                                    entry->service,
                                    &new_start);
 #if defined(DEBUG_KRB5_TKT_RENEWAL)