From da4ac71eaba84fa6227b7d9f3adb204003ceaa70 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Wed, 17 Dec 2014 16:57:40 +1300
Subject: [PATCH] heimdal: Really bug in KDC handling of enterprise princs

The value of this commit to Samba is to continue to match Heimdal's
upstream code in this area.  Because we set HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL
there is no runtime difference.

(commit message by Andrew Bartlett)

Cherry-pick of Heimdal commit 9aa7883ff2efb3e0a60016c9090c577acfd0779f

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/heimdal/kdc/misc.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/source4/heimdal/kdc/misc.c b/source4/heimdal/kdc/misc.c
index 749c67cd07a..869c6766d04 100644
--- a/source4/heimdal/kdc/misc.c
+++ b/source4/heimdal/kdc/misc.c
@@ -86,9 +86,8 @@ _kdc_db_fetch(krb5_context context,
 	    continue;
 	}
 
-        if (config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL)
-            princ = principal;
-        else if (enterprise_principal)
+        princ = principal;
+        if (!(config->db[i]->hdb_capability_flags & HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL) && enterprise_principal)
             princ = enterprise_principal;
 
 	ret = config->db[i]->hdb_fetch_kvno(context,
-- 
2.11.4.GIT