summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 5fb280d62..b9f73e59c 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -768,6 +768,7 @@ done:
return kerr;
}
+#include <syslog.h>
static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
unsigned int flags,
char *principal,
@@ -859,9 +860,23 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
(*principal), strlen(*principal),
- NULL, NULL, &result) != 0)
+ NULL, NULL, &result) != 0) {
return KRB5_KDB_INTERNAL_ERROR;
+ }
found = (result == 0);
+ if (found) {
+ /* Short cut processing if there is only a single value in krbPrincipalName,
+ * otherwise expect krbCanonicalName to be set. This is default FreeIPA setup */
+ if (!((i == 0) && (vals[1] == NULL))) {
+ break;
+ }
+ free(*principal);
+ *principal = strdup(vals[0]->bv_val);
+ if (!(*principal)) {
+ ldap_value_free_len(vals);
+ return KRB5_KDB_INTERNAL_ERROR;
+ }
+ }
} else {
found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
}