From 16092c39073e6512e897dc671fd22b2b583ea5b5 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Mon, 7 Oct 2013 15:26:21 -0400
Subject: Restore krbCanonicalName handling

When an entry has a krbCanonicalName, if KRB5_KDB_FLAG_ALIAS_OK is set,
rewrite the principal name to the canonical value, else error out,
instead of always returning an error if the requested name doesn't look
like the canonical one.

https://fedorahosted.org/freeipa/ticket/3966

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
---
 daemons/ipa-kdb/ipa_kdb_principals.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'daemons/ipa-kdb')

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 5ae6818b6..96f473e48 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -795,11 +795,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
 
         /* Again, if aliases are accepted by KDC, use case-insensitive comparison */
         if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
-            if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
-                            (*principal), strlen(*principal),
-                            NULL, NULL, &result) != 0)
-                return KRB5_KDB_INTERNAL_ERROR;
-            found = (result == 0);
+            found = true;
         } else {
             found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
         }
-- 
cgit