kdc: Fix S4U2Self handling with KRB5_NT_ENTERPRISE_PRINCIPAL containing a UPN

This is now handled properly by samba_kdc_lookup_server() and this wrapper actually
breaks things.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

1 files changed, 0 insertions, 21 deletions

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index aa7364182a..0bc907ef60 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1839,7 +1839,6 @@ samba_kdc_check_s4u2self(krb5_context context,
 			 krb5_const_principal target_principal)
 {
 	krb5_error_code ret;
-	krb5_principal enterprise_prinicpal = NULL;
 	struct ldb_dn *realm_dn;
 	struct ldb_message *msg;
 	struct dom_sid *orig_sid;
@@ -1857,30 +1856,10 @@ samba_kdc_check_s4u2self(krb5_context context,
 		return ret;
 	}
 
-	if (target_principal->name.name_type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
-		/* Need to reparse the enterprise principal to find the real target */
-		if (target_principal->name.name_string.len != 1) {
-			ret = KRB5_PARSE_MALFORMED;
-			krb5_set_error_message(context, ret, "samba_kdc_check_s4u2self: request for delegation to enterprise principal with wrong (%d) number of components",
-					       target_principal->name.name_string.len);
-			talloc_free(mem_ctx);
-			return ret;
-		}
-		ret = krb5_parse_name(context, target_principal->name.name_string.val[0],
-				      &enterprise_prinicpal);
-		if (ret) {
-			talloc_free(mem_ctx);
-			return ret;
-		}
-		target_principal = enterprise_prinicpal;
-	}
-
 	ret = samba_kdc_lookup_server(context, kdc_db_ctx, mem_ctx, target_principal,
 				      HDB_F_GET_CLIENT|HDB_F_GET_SERVER,
 				      delegation_check_attrs, &realm_dn, &msg);
 
-	krb5_free_principal(context, enterprise_prinicpal);
-
 	if (ret != 0) {
 		talloc_free(mem_ctx);
 		return ret;