s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob

We need the target service without realm, but the proxy services with realm.

I have a domain with an w2008r2 server and a samba and now both generate
the same S4U_DELEGATION_INFO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 079030ee5e81fde3c985ea598dbaf40f56fddfb5..ca9ef19e0a5f6eb97c301e5a508b9ba16ce62a2d 100644 (file)
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -813,14 +813,14 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
        }
        smb_krb5_free_data_contents(context, &old_data);
 
-       ret = krb5_unparse_name(context, server_principal, &server);
+       ret = krb5_unparse_name_flags(context, server_principal,
+                                     KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
        if (ret) {
                talloc_free(tmp_ctx);
                return NT_STATUS_INTERNAL_ERROR;
        }
 
-       ret = krb5_unparse_name_flags(context, proxy_principal,
-                                     KRB5_PRINCIPAL_UNPARSE_NO_REALM, &proxy);
+       ret = krb5_unparse_name(context, proxy_principal, &proxy);
        if (ret) {
                SAFE_FREE(server);
                talloc_free(tmp_ctx);