mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
ipa-kdb: use canonical principal in certauth plugin
Currently the certauth plugin use the unmodified principal from the request to lookup the user. This might fail if e.g. enterprise principals are use. With this patch the canonical principal form the kdc entry is used. Resolves https://pagure.io/freeipa/issue/6993 Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
parent
2485c3377a
commit
117d6e9be0
@ -284,7 +284,7 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
|
||||
}
|
||||
}
|
||||
|
||||
ret = krb5_unparse_name(context, princ, &principal);
|
||||
ret = krb5_unparse_name(context, db_entry->princ, &principal);
|
||||
if (ret != 0) {
|
||||
ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
|
||||
goto done;
|
||||
|
Loading…
Reference in New Issue
Block a user