summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-kdb/ipa_kdb_principals.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-kdb/ipa_kdb_principals.c')
-rw-r--r--daemons/ipa-kdb/ipa_kdb_principals.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3566e1ece..66d434a53 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -21,6 +21,7 @@
*/
#include "ipa_kdb.h"
+#include <unicase.h>
/*
* During TGS request search by ipaKrbPrincipalName (case-insensitive)
@@ -614,7 +615,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
bool found = false;
LDAPMessage *le = NULL;
struct berval **vals;
- int i;
+ int i, result;
ipactx = ipadb_get_context(kcontext);
if (!ipactx) {
@@ -643,7 +644,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
/* KDC will accept aliases when doing TGT lookup (ref_tgt_again in do_tgs_req.c */
/* Use case-insensitive comparison in such cases */
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
- found = (strcasecmp(vals[i]->bv_val, (*principal)) == 0);
+ if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len,
+ (*principal), strlen(*principal),
+ NULL, NULL, &result) != 0)
+ return KRB5_KDB_INTERNAL_ERROR;
+ found = (result == 0);
} else {
found = (strcmp(vals[i]->bv_val, (*principal)) == 0);
}
@@ -663,7 +668,11 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
/* Again, if aliases are accepted by KDC, use case-insensitive comparison */
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
- found = (strcasecmp(vals[0]->bv_val, (*principal)) == 0);
+ if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
+ (*principal), strlen(*principal),
+ NULL, NULL, &result) != 0)
+ return KRB5_KDB_INTERNAL_ERROR;
+ found = (result == 0);
} else {
found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
}
generated by cgit (git 2.34.1) at 2024-05-20 04:43:17 +0000