diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-08-10 20:26:59 +0000 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2015-08-10 20:26:59 +0000 |
commit | 0360aa3362a050a7717dea1d314a6e964481d5c7 (patch) | |
tree | 2462c73a7e8367d2639facff45e2f1ff5911c70c | |
parent | fb592697d0be22111994f02c0586ac26012b122e (diff) | |
download | freeipa-0360aa3362a050a7717dea1d314a6e964481d5c7.tar.gz freeipa-0360aa3362a050a7717dea1d314a6e964481d5c7.tar.xz freeipa-0360aa3362a050a7717dea1d314a6e964481d5c7.zip |
TODO: make sure a single krbPrincipalName value gets used for canonicalization tookdc-fixes
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 5fb280d62..b9f73e59c 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -768,6 +768,7 @@ done: return kerr; } +#include <syslog.h> static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx, unsigned int flags, char *principal, @@ -859,9 +860,23 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext, if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) { if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len, (*principal), strlen(*principal), - NULL, NULL, &result) != 0) + NULL, NULL, &result) != 0) { return KRB5_KDB_INTERNAL_ERROR; + } found = (result == 0); + if (found) { + /* Short cut processing if there is only a single value in krbPrincipalName, + * otherwise expect krbCanonicalName to be set. This is default FreeIPA setup */ + if (!((i == 0) && (vals[1] == NULL))) { + break; + } + free(*principal); + *principal = strdup(vals[0]->bv_val); + if (!(*principal)) { + ldap_value_free_len(vals); + return KRB5_KDB_INTERNAL_ERROR; + } + } } else { found = (strcmp(vals[i]->bv_val, (*principal)) == 0); } |