diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-08-10 20:26:59 +0000 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-08-10 17:03:29 -0400 |
commit | 9f49886f941772731c8ecca8825b2d87ffa0ccc9 (patch) | |
tree | 1c3114ffffc054eb4a5f31682301c341d838c208 | |
parent | fb592697d0be22111994f02c0586ac26012b122e (diff) | |
download | freeipa-kdc-fixes.tar.gz freeipa-kdc-fixes.tar.xz freeipa-kdc-fixes.zip |
TODO: make sure a single krbPrincipalName value gets used for canonicalization tookdc-fixes
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_principals.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 5fb280d62..c69a8817d 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -827,7 +827,8 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext, struct ipadb_context *ipactx; bool found = false; LDAPMessage *le = NULL; - struct berval **vals; + struct berval **canonvals = NULL; + struct berval **vals = NULL; int i, result; ipactx = ipadb_get_context(kcontext); @@ -870,16 +871,25 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext, } } - ldap_value_free_len(vals); - if (!found) { + ldap_value_free_len(vals); continue; } /* we need to check if this is the canonical name */ - vals = ldap_get_values_len(ipactx->lcontext, le, "krbcanonicalname"); - if (vals == NULL) { - continue; + canonvals = ldap_get_values_len(ipactx->lcontext, le, "krbcanonicalname"); + if (canonvals == NULL) { + /* Short cut processing if there is only a single value in + * krbPrincipalName, in that case we can proceed without + * krbCanonicalName and considering the krbPrincipalName as the + * canonical value. */ + if (vals[1] != NULL) { + ldap_value_free_len(vals); + continue; + } + } else { + ldap_value_free_len(vals); + vals = canonvals; } /* Again, if aliases are accepted by KDC, use case-insensitive comparison */ |