IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: use canonical principal in certauth plugin

Browse Source 
Currently the certauth plugin use the unmodified principal from the
request to lookup the user. This might fail if e.g. enterprise
principals are use. With this patch the canonical principal form the kdc
entry is used.

Resolves https://pagure.io/freeipa/issue/6993

Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
Sumit Bose
2017-06-01 18:17:53 +02:00
committed by Martin Basti
parent 2485c3377a
commit 117d6e9be0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
daemons/ipa-kdb/ipa_kdb_certauth.c
View File

@@ -284,7 +284,7 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
} }
} }
ret = krb5_unparse_name(context, princ, &principal); ret = krb5_unparse_name(context, db_entry->princ, &principal);
if (ret != 0) { if (ret != 0) {
ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH; ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
goto done; goto done;