From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 22 Feb 2022 13:28:44 +0000 (+0100)
Subject: s3:winbind: Use the canonical principal name to renew the credentials
X-Git-Tag: tevent-0.12.0~640
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8246ccc23d064147412bb3475e6431a9fffc0d27;p=thirdparty%2Fsamba.git

s3:winbind: Use the canonical principal name to renew the credentials

The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 23 16:17:29 UTC 2022 on sn-devel-184
---

diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index 88847b1ab97..6c65db6a73f 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -209,7 +209,7 @@ rekinit:
 	set_effective_uid(entry->uid);
 
 	ret = smb_krb5_renew_ticket(entry->ccname,
-				    entry->principal_name,
+				    entry->canon_principal,
 				    entry->service,
 				    &new_start);
 #if defined(DEBUG_KRB5_TKT_RENEWAL)