diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-10-07 15:26:21 -0400 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-05-30 09:48:05 +0200 |
| commit | 16092c39073e6512e897dc671fd22b2b583ea5b5 (patch) | |
| tree | 6a99bb1802470a874ed9f822b909f62eb051f65b /daemons | |
| parent | fabd5cd62f0693c5071ac60131dff2dfe825bff7 (diff) | |
| download | freeipa-16092c39073e6512e897dc671fd22b2b583ea5b5.tar.gz freeipa-16092c39073e6512e897dc671fd22b2b583ea5b5.tar.xz freeipa-16092c39073e6512e897dc671fd22b2b583ea5b5.zip | |
Restore krbCanonicalName handling
When an entry has a krbCanonicalName, if KRB5_KDB_FLAG_ALIAS_OK is set,
rewrite the principal name to the canonical value, else error out,
instead of always returning an error if the requested name doesn't look
like the canonical one.
https://fedorahosted.org/freeipa/ticket/3966
Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 5ae6818b6..96f473e48 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -795,11 +795,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext, /* Again, if aliases are accepted by KDC, use case-insensitive comparison */ if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) { - if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len, - (*principal), strlen(*principal), - NULL, NULL, &result) != 0) - return KRB5_KDB_INTERNAL_ERROR; - found = (result == 0); + found = true; } else { found = (strcmp(vals[0]->bv_val, (*principal)) == 0); } |