From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 17 Feb 2011 00:52:46 +0000 (+1100)
Subject: heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well
X-Git-Tag: tevent-0.9.11~557
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5c12cb0556aeeaa8882c7b12a281728bf8d556f6;p=thirdparty%2Fsamba.git

heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well

This fixes Win2003 domain logons against Samba4, which need a
canonicalised reply, and helpfully do set that flag.

Specifically, they need that realm in krbtgt/realm@realm that these
both match exactly in the reply.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Feb 17 06:40:53 CET 2011 on sn-devel-104
---

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index 394f4dec67b..a437b9dbd91 100644
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1000,9 +1000,8 @@ _kdc_as_rep(krb5_context context,
 	ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
 	goto out;
     }
-
     ret = _kdc_db_fetch(context, config, server_princ,
-			HDB_F_GET_SERVER|HDB_F_GET_KRBTGT,
+			HDB_F_GET_SERVER|HDB_F_GET_KRBTGT | flags,
 			NULL, NULL, &server);
     if(ret == HDB_ERR_NOT_FOUND_HERE) {
 	kdc_log(context, config, 5, "target %s does not have secrets at this KDC, need to proxy", server_name);