From 0a9fea6ed4b8c3b43246c60c012b9ecc38100f44 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Thu, 28 Sep 2017 14:51:43 +0200
Subject: [PATCH] s4:kdc: fix the principal names in
 samba_kdc_update_delegation_info_blob

We need the target service without realm, but the proxy services with realm.

I have a domain with an w2008r2 server and a samba and now both generate
the same S4U_DELEGATION_INFO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/kdc/pac-glue.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 1a862e2..2b6d674 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -820,14 +820,14 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
 	}
 	smb_krb5_free_data_contents(context, &old_data);
 
-	ret = krb5_unparse_name(context, server_principal, &server);
+	ret = krb5_unparse_name_flags(context, server_principal,
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
 	if (ret) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
-	ret = krb5_unparse_name_flags(context, proxy_principal,
-				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &proxy);
+	ret = krb5_unparse_name(context, proxy_principal, &proxy);
 	if (ret) {
 		SAFE_FREE(server);
 		talloc_free(tmp_ctx);
-- 
1.9.1