diff options
author | Sumit Bose <sbose@redhat.com> | 2013-09-20 12:12:03 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-23 17:01:55 +0200 |
commit | 6a9ef2c0105d316a1286c92073511ff95301c39f (patch) | |
tree | 53d790ae26d1b3059fa1e88ba5eaf33c38d786d7 /src/providers/krb5/krb5_renew_tgt.c | |
parent | 9b4fccf333b29ac61b1e8c6ae993d5cbe31e77c2 (diff) | |
download | sssd-6a9ef2c0105d316a1286c92073511ff95301c39f.tar.gz sssd-6a9ef2c0105d316a1286c92073511ff95301c39f.tar.xz sssd-6a9ef2c0105d316a1286c92073511ff95301c39f.zip |
krb5: save canonical upn to sysdb
If the returned TGT contains a different user principal name (upn) than
used in the request, i.e. the upn was canonicalized, we currently save
it to sysdb into the same attribute where the upn coming from an LDAP
server is stored as well. This means the canonical upn might be
overwritten when the user data is re-read from the LDAP server.
To avoid this this patch add a new attribute to sysdb where the
canonical upn is stored and makes sure it is used when available.
Fixes https://fedorahosted.org/sssd/ticket/2060
Diffstat (limited to 'src/providers/krb5/krb5_renew_tgt.c')
-rw-r--r-- | src/providers/krb5/krb5_renew_tgt.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_renew_tgt.c b/src/providers/krb5/krb5_renew_tgt.c index 9102f8ca3..5d5a25b87 100644 --- a/src/providers/krb5/krb5_renew_tgt.c +++ b/src/providers/krb5/krb5_renew_tgt.c @@ -375,7 +375,7 @@ static errno_t check_ccache_files(struct renew_tgt_ctx *renew_tgt_ctx) const char *ccache_filter = "(&("SYSDB_CCACHE_FILE"=*)" \ "("SYSDB_OBJECTCLASS"="SYSDB_USER_CLASS"))"; const char *ccache_attrs[] = { SYSDB_CCACHE_FILE, SYSDB_UPN, SYSDB_NAME, - NULL }; + SYSDB_CANONICAL_UPN, NULL }; size_t msgs_count = 0; struct ldb_message **msgs = NULL; size_t c; |