IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Restore krbCanonicalName handling

Browse Source 
When an entry has a krbCanonicalName, if KRB5_KDB_FLAG_ALIAS_OK is set,
rewrite the principal name to the canonical value, else error out,
instead of always returning an error if the requested name doesn't look
like the canonical one.

https://fedorahosted.org/freeipa/ticket/3966

Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
This commit is contained in:
Nalin Dahyabhai 2013-10-07 15:26:21 -04:00 committed by Petr Viktorin
parent fabd5cd62f
commit 16092c3907
1 changed files with 1 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemons/ipa-kdb/ipa_kdb_principals.c
View File

@ -795,11 +795,7 @@ static krb5_error_code ipadb_find_principal(krb5_context kcontext,
/* Again, if aliases are accepted by KDC, use case-insensitive comparison */
if ((flags & KRB5_KDB_FLAG_ALIAS_OK) != 0) {
if (ulc_casecmp(vals[0]->bv_val, vals[0]->bv_len,
(*principal), strlen(*principal),
NULL, NULL, &result) != 0)
return KRB5_KDB_INTERNAL_ERROR;
found = (result == 0);
found = true;
} else {
found = (strcmp(vals[0]->bv_val, (*principal)) == 0);
}