diff options
author | Greg Hudson <ghudson@mit.edu> | 2009-09-03 20:41:56 +0000 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2009-09-03 20:41:56 +0000 |
commit | 2a7f20f7b92263cb3c67580c4bf40f7bf3deeb5b (patch) | |
tree | be12804a2ada76cb47142b8dba662d9366d9f253 /src/plugins | |
parent | 65cc35ec82d56b8cd89751ddc5f68751271b985c (diff) | |
download | krb5-2a7f20f7b92263cb3c67580c4bf40f7bf3deeb5b.tar.gz krb5-2a7f20f7b92263cb3c67580c4bf40f7bf3deeb5b.tar.xz krb5-2a7f20f7b92263cb3c67580c4bf40f7bf3deeb5b.zip |
Supply canonical name if present in LDAP iteration
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
target_version: 1.7.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22710 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index 8b3c7a14a..1cf67629b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -188,7 +188,10 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes); for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) { - if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) { + values=ldap_get_values(ld, ent, "krbcanonicalname"); + if (values == NULL) + values=ldap_get_values(ld, ent, "krbprincipalname"); + if (values != NULL) { for (i=0; values[i] != NULL; ++i) { if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0) continue; @@ -201,13 +204,11 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) (*func)(func_arg, &entry); krb5_dbe_free_contents(context, &entry); (void) krb5_free_principal(context, principal); - if (princ_name) - free(princ_name); + free(princ_name); break; } (void) krb5_free_principal(context, principal); - if (princ_name) - free(princ_name); + free(princ_name); } ldap_value_free(values); } |