s4-dns Use match-by-key in GSSAPI server if principal is not specified

This allows dlz_bind9 to match on exactly the same key as bind9 itself

Andrew Bartlett

Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Wed Dec  7 02:20:10 CET 2011 on sn-devel-104

1 files changed, 9 insertions, 3 deletions

diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index 1b7be3f63c..1e5600c2b1 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -794,9 +794,15 @@ _PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
 		return ENOMEM;
 	}
 
-	/* This creates a GSSAPI cred_id_t with the principal and keytab set */
-	maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab, 
-					&gcc->creds);
+	if (obtained < CRED_SPECIFIED) {
+		/* This creates a GSSAPI cred_id_t with the principal and keytab set */
+		maj_stat = gss_krb5_import_cred(&min_stat, NULL, NULL, ktc->keytab,
+						&gcc->creds);
+	} else {
+		/* This creates a GSSAPI cred_id_t with the principal and keytab set */
+		maj_stat = gss_krb5_import_cred(&min_stat, NULL, princ, ktc->keytab,
+						&gcc->creds);
+	}
 	if (maj_stat) {
 		if (min_stat) {
 			ret = min_stat;