1 files changed, 42 insertions, 1 deletions

diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c
index 112086b57..80afa23f0 100644
--- a/daemons/ipa-kdb/ipa_kdb_common.c
+++ b/daemons/ipa-kdb/ipa_kdb_common.c
@@ -25,9 +25,41 @@
 
 static struct timeval std_timeout = {300, 0};
 
-char *ipadb_filter_escape(const char *input, bool star)
+#define PRINC_BUF_SIZE 512
+
+static char *canon_princ(const char *princ)
+{
+    int ret;
+    char *p;
+    uint8_t *uc_realm;
+    char *canon_princ;
+    uint8_t buf[PRINC_BUF_SIZE] = { 0 };
+    size_t size = PRINC_BUF_SIZE;
+
+    p = strrchr(princ, '@');
+    if (p == NULL) {
+        return NULL;
+    }
+
+    /* Assume the worst-case. */
+    uc_realm = u8_toupper((const uint8_t *)( p + 1), size, NULL, NULL, buf,
+                          &size);
+    if (uc_realm == NULL) {
+        return NULL;
+    }
+
+    ret = asprintf(&canon_princ, "%.*s@%s", (p - princ), princ, uc_realm);
+    if (ret == -1) {
+        return NULL;
+    }
+
+    return canon_princ;
+}
+
+char *ipadb_filter_escape(const char *input, bool star, bool canon)
 {
     char *output;
+    char *canonicalized;
     size_t i = 0;
     size_t j = 0;
 
@@ -75,6 +107,15 @@ char *ipadb_filter_escape(const char *input, bool star)
     }
     output[j] = '\0';
 
+    if (canon) {
+        canonicalized = canon_princ(output);
+        /* return output in case of an error */
+        if (canonicalized != NULL) {
+            free(output);
+            output = canonicalized;
+        }
+    }
+
     return output;
 }