summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2015-08-10 20:26:59 +0000
committerAlexander Bokovoy <abokovoy@redhat.com>2015-08-10 20:26:59 +0000
commit0360aa3362a050a7717dea1d314a6e964481d5c7 (patch)
tree2462c73a7e8367d2639facff45e2f1ff5911c70c
parentfb592697d0be22111994f02c0586ac26012b122e (diff)
downloadfreeipa-kdc-fixes.zip
freeipa-kdc-fixes.tar.gz
freeipa-kdc-fixes.tar.xz
TODO: make sure a single krbPrincipalName value gets used for canonicalization tookdc-fixes
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 5fb280d..b9f73e5 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -768,6 +768,7 @@ done:
return kerr;
}
+#include <syslog.h>
static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
unsigned int flags,
char *principal,
@@ -859,9 +860,23 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
(*principal), strlen(*principal),
- NULL, NULL, &result) != 0)
+ NULL, NULL, &result) != 0) {
return KRB5_KDB_INTERNAL_ERROR;
+ }
found = (result == 0);
+ if (found) {
+ /* Short cut processing if there is only a single value in krbPrincipalName,
+ * otherwise expect krbCanonicalName to be set. This is default FreeIPA setup */
+ if (!((i == 0) && (vals[1] == NULL))) {
+ break;
+ }
+ free(*principal);
+ *principal = strdup(vals[0]->bv_val);
+ if (!(*principal)) {
+ ldap_value_free_len(vals);
+ return KRB5_KDB_INTERNAL_ERROR;
+ }
+ }
} else {
found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
}