From: Isaac Boukris Date: Fri, 22 Nov 2019 21:39:09 +0000 (+0100) Subject: krb5: move disabling dns-canon to lower level init calls X-Git-Tag: ldb-2.1.0~501 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2b88890adada76b1146591d62eb3898096f9105c;p=thirdparty%2Fsamba.git krb5: move disabling dns-canon to lower level init calls Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Isaac Boukris Signed-off-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Nov 27 12:24:16 UTC 2019 on sn-devel-184 --- diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 5aceae44eec..a51c3bd10c7 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -3611,6 +3611,12 @@ krb5_error_code smb_krb5_init_context_common(krb5_context *_krb5_context) error_message(ret)); } #endif + +#ifdef SAMBA4_USES_HEIMDAL + /* Set options in kerberos */ + krb5_set_dns_canonicalize_hostname(krb5_ctx, false); +#endif + *_krb5_context = krb5_ctx; return 0; } diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 09e833632a3..639718cb6a6 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -511,6 +511,12 @@ smb_krb5_init_context_basic(TALLOC_CTX *tmp_ctx, return ret; } + /* + * This is already called in smb_krb5_init_context_common(), + * but krb5_set_config_files() may resets it. + */ + krb5_set_dns_canonicalize_hostname(krb5_ctx, false); + realm = lpcfg_realm(lp_ctx); if (realm != NULL) { ret = krb5_set_default_realm(krb5_ctx, realm); @@ -578,10 +584,6 @@ krb5_error_code smb_krb5_init_context(void *parent_ctx, return ret; } krb5_set_warn_dest(kctx, logf); - - /* Set options in kerberos */ - - krb5_set_dns_canonicalize_hostname(kctx, false); #endif talloc_steal(parent_ctx, *smb_krb5_context); talloc_free(tmp_ctx);