diff options
Diffstat (limited to 'daemons/ipa-kdb')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 5fb280d62..b9f73e59c 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -768,6 +768,7 @@ done: return kerr; } +#include <syslog.h> static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx, unsigned int flags, char *principal, @@ -859,9 +860,23 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext, if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) { if (ulc_casecmp(vals[i]->bv_val, vals[i]->bv_len, (*principal), strlen(*principal), - NULL, NULL, &result) != 0) + NULL, NULL, &result) != 0) { return KRB5_KDB_INTERNAL_ERROR; + } found = (result == 0); + if (found) { + /* Short cut processing if there is only a single value in krbPrincipalName, + * otherwise expect krbCanonicalName to be set. This is default FreeIPA setup */ + if (!((i == 0) && (vals[1] == NULL))) { + break; + } + free(*principal); + *principal = strdup(vals[0]->bv_val); + if (!(*principal)) { + ldap_value_free_len(vals); + return KRB5_KDB_INTERNAL_ERROR; + } + } } else { found = (strcmp(vals[i]->bv_val, (*principal)) == 0); } |