From 46c6ff69ac2a4fa39e99f954bd9cfbd78bfd70c9 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Thu, 17 May 2012 10:33:43 -0400
Subject: Fix migration code password setting.

When we set a password we also need to make sure krbExtraData is set.
If not kadmin will later complain that the object is corrupted at password
change time.

Ticket: https://fedorahosted.org/freeipa/ticket/2764
---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'daemons')

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
index 410c536a5..181bd0ee7 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c
@@ -995,6 +995,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
     Slapi_Value *objectclass;
     int method; /* authentication method */
     int ret = 0;
+    char *principal = NULL;
 
     LOG_TRACE("=>\n");
 
@@ -1135,9 +1136,19 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
         goto done;
     }
 
+    /* we need to make sure the ExtraData is set, otherwise kadmin
+     * will not like the object */
+    principal = slapi_entry_attr_get_charptr(entry, "krbPrincipalName");
+    if (!principal) {
+        LOG_OOM();
+        goto done;
+    }
+    ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
+
     LOG("kerberos key generated for user entry: %s\n", dn);
 
 done:
+    slapi_ch_free_string(&principal);
     slapi_ch_free_string(&expire);
     if (entry)
         slapi_entry_free(entry);
-- 
cgit