diff options
4 files changed, 20 insertions, 9 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c index 5ca155dcf..9c62f0560 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c @@ -104,6 +104,7 @@ void ipapwd_keyset_free(struct ipapwd_keyset **pkset) Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, struct ipapwd_data *data, + char *preferred_principal, int num_encsalts, krb5_key_salt_tuple *encsalts, char **errMesg) @@ -128,12 +129,20 @@ Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, kvno = ipapwd_get_cur_kvno(data->target); - krbPrincipalName = slapi_entry_attr_get_charptr(data->target, - "krbPrincipalName"); - if (!krbPrincipalName) { - *errMesg = "no krbPrincipalName present in this entry\n"; - LOG_FATAL("%s", *errMesg); - goto enc_error; + if (preferred_principal) { + krbPrincipalName = slapi_ch_strdup(preferred_principal); + } else { + krbPrincipalName = slapi_entry_attr_get_charptr(data->target, + "krbCanonicalName"); + if (!krbPrincipalName) { + krbPrincipalName = slapi_entry_attr_get_charptr(data->target, + "krbPrincipalName"); + } + if (!krbPrincipalName) { + *errMesg = "no krbPrincipalName present in this entry\n"; + LOG_FATAL("%s", *errMesg); + goto enc_error; + } } krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ); @@ -215,7 +224,7 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, if (is_krb) { - *svals = ipapwd_encrypt_encode_key(krbcfg, data, + *svals = ipapwd_encrypt_encode_key(krbcfg, data, NULL, krbcfg->num_pref_encsalts, krbcfg->pref_encsalts, errMesg); diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index a910625ce..527238b1b 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -661,6 +661,7 @@ static Slapi_Entry *get_entry_by_principal(const char *principal) Slapi_PBlock *pb = NULL; char *attrlist[] = { "krbPrincipalKey", "krbLastPwdChange", "userPassword", "krbPrincipalName", + "krbCanonicalName", "enrolledBy", "objectClass", NULL }; Slapi_Entry **es = NULL; int res, ret, i; @@ -1664,7 +1665,7 @@ static int ipapwd_getkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) data.target = target_entry; data.password = password; - svals = ipapwd_encrypt_encode_key(krbcfg, &data, + svals = ipapwd_encrypt_encode_key(krbcfg, &data, service_name, kenctypes ? num_kenctypes : krbcfg->num_pref_encsalts, kenctypes ? kenctypes : diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h index 363669496..33c36fd39 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h @@ -145,6 +145,7 @@ void ipapwd_keyset_free(struct ipapwd_keyset **pkset); Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, struct ipapwd_data *data, + char *preferred_principal, int num_encsalts, krb5_key_salt_tuple *encsalts, char **errMesg); diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c index f830e3bfe..c1fc7fe33 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c @@ -1386,7 +1386,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb) static const char *attrs_list[] = { SLAPI_USERPWD_ATTR, "ipaUserAuthType", "krbprincipalkey", "uid", "krbprincipalname", "objectclass", "passwordexpirationtime", - "passwordhistory", "krbprincipalexpiration", + "passwordhistory", "krbprincipalexpiration", "krbcanonicalname", NULL }; struct berval *credentials = NULL; |