From d9178fdf47c28bed7f16141d6c32a702850cedd6 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Thu, 7 Oct 2010 17:22:55 +0000
Subject: [PATCH] pull up r24438 from trunk

 ------------------------------------------------------------------------
 r24438 | tlyu | 2010-10-06 19:57:37 -0400 (Wed, 06 Oct 2010) | 11 lines

 ticket: 6798
 subject: set NT-SRV-INST on TGS principal names
 tags: pullup
 target_version: 1.8.4

 Set NT-SRV-INST on TGS principal names in
 get_in_tkt.c:build_in_tkt_name because Windows Server 2008 R2 RODC
 insists on it.

 Thanks to Bill Fellows for reporting this problem.

ticket: 6798
version_fixed: 1.8.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@24439 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/get_in_tkt.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 41059af71..9c9799887 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1023,8 +1023,19 @@ build_in_tkt_name(krb5_context context,
                                        client->realm.length,
                                        client->realm.data,
                                        0);
+        if (ret)
+            return ret;
     }
-    return ret;
+    /*
+     * Windows Server 2008 R2 RODC insists on TGS principal names having the
+     * right name type.
+     */
+    if (krb5_princ_size(context, *server) == 2 &&
+        data_eq_string(*krb5_princ_component(context, *server, 0),
+                       KRB5_TGS_NAME)) {
+        krb5_princ_type(context, *server) = KRB5_NT_SRV_INST;
+    }
+    return 0;
 }
 
 void KRB5_CALLCONV
-- 
2.26.2