From 8de5f477d1846116e6ac660bb1bd558de093a88c Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 21 Dec 2007 15:18:43 -0500 Subject: [PATCH] Support getting in a principal with out the REALM part --- .../ipa-pwd-extop/ipa_pwd_extop.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 782eee76f..113f0dd5c 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -2072,16 +2072,29 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb) goto free_and_return; } + /* make sure it is a valid name */ krberr = krb5_parse_name(krbctx, serviceName, &krbname); if (krberr) { + slapi_ch_free_string(&serviceName); slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "krb5_parse_name failed\n"); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; + } else { + /* invert so that we get the canonical form (add REALM if not present for example) */ + char *canonname; + krberr = krb5_unparse_name(krbctx, krbname, &canonname); + if (krberr) { + slapi_ch_free_string(&serviceName); + slapi_log_error(SLAPI_LOG_FATAL, "ipa_pwd_extop", "krb5_unparse_name failed\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } + slapi_ch_free_string(&serviceName); + serviceName = canonname; } /* check entry before doing any other decoding */ - /* Find ancestor base DN */ sdn = slapi_sdn_new_dn_byval(ipa_realm_dn); be = slapi_be_select(sdn); @@ -2450,7 +2463,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb) /* Free anything that we allocated above */ free_and_return: - slapi_ch_free_string(&serviceName); + if (serviceName) free(serviceName); if (kset) ipapwd_keyset_free(&kset); if (bval) ber_bvfree(bval);