s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob

We need the target service without realm, but the proxy services with realm.

I have a domain with an w2008r2 server and a samba and now both generate
the same S4U_DELEGATION_INFO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

2 files changed, 3 insertions, 5 deletions

diff --git a/selftest/knownfail.d/delegation_info b/selftest/knownfail.d/delegation_info
deleted file mode 100644
index 418c2ff29fe..00000000000
--- a/selftest/knownfail.d/delegation_info
+++ /dev/null
@@ -1,2 +0,0 @@
-^samba4.rpc.pac.*ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour
-^samba4.rpc.pac.*ncacn_np.netr-mem-aes.s4u2proxy-aes
diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 126001cb718..04fbc5cf487 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -833,14 +833,14 @@ NTSTATUS samba_kdc_update_delegation_info_blob(TALLOC_CTX *mem_ctx,
 	}
 	smb_krb5_free_data_contents(context, &old_data);
 
-	ret = krb5_unparse_name(context, server_principal, &server);
+	ret = krb5_unparse_name_flags(context, server_principal,
+				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &server);
 	if (ret) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
-	ret = krb5_unparse_name_flags(context, proxy_principal,
-				      KRB5_PRINCIPAL_UNPARSE_NO_REALM, &proxy);
+	ret = krb5_unparse_name(context, proxy_principal, &proxy);
 	if (ret) {
 		SAFE_FREE(server);
 		talloc_free(tmp_ctx);