s3:winbind: Use the canonical principal name to renew the credentials

The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 16:17:29 UTC 2022 on sn-devel-184

diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index 88847b1ab97ce2595a5c56cbdf2d8caa04937c19..6c65db6a73f2e10ffa194d6854ba7d9b83754753 100644 (file)
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -209,7 +209,7 @@ rekinit:
        set_effective_uid(entry->uid);
 
        ret = smb_krb5_renew_ticket(entry->ccname,
-                                   entry->principal_name,
+                                   entry->canon_principal,
                                    entry->service,
                                    &new_start);
 #if defined(DEBUG_KRB5_TKT_RENEWAL)