heimdal: Change KDC to respect HDB server name type if f.canonicalize is set

[amitay/samba.git] / source4 / heimdal / kdc / kerberos5.c

diff --git a/source4/heimdal/kdc/kerberos5.c b/source4/heimdal/kdc/kerberos5.c
index a3ba5fef0ee44ea52730cd49d48bd90fca4b1a02..27d38ad84b7be019600f06d82bda8c8b31ad64d0 100644 (file)
--- a/source4/heimdal/kdc/kerberos5.c
+++ b/source4/heimdal/kdc/kerberos5.c
@@ -1486,10 +1486,13 @@ _kdc_as_rep(krb5_context context,
     _krb5_principal2principalname(&rep.ticket.sname,
                                  server->entry.principal);
     /* java 1.6 expects the name to be the same type, lets allow that
-     * uncomplicated name-types. */
+     * uncomplicated name-types, when f.canonicalize is not set (to
+     * match Windows Server 1709). */
 #define CNT(sp,t) (((sp)->sname->name_type) == KRB5_NT_##t)
-    if (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))
+    if (!f.canonicalize
+       && (CNT(b, UNKNOWN) || CNT(b, PRINCIPAL) || CNT(b, SRV_INST) || CNT(b, SRV_HST) || CNT(b, SRV_XHST))) {
        rep.ticket.sname.name_type = b->sname->name_type;
+    }
 #undef CNT
 
     et.flags.initial = 1;