mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
d00106b34d
kadmin.local getprincs command results in passing '*' as a principal to KDB driver function that looks up the principals. The whole filter looks like this (&(| (objectclass=krbprincipalaux) (objectclass=krbprincipal) (objectclass=ipakrbprincipal)) (|(ipakrbprincipalalias=*) (krbprincipalname:caseIgnoreIA5Match:=*))) There are two parts of the LDAP filter we use to look up principals, the part with 'krbprincipalname' uses extensible filter syntax of RFC 4515 section 3: extensible = ( attr [dnattrs] [matchingrule] COLON EQUALS assertionvalue ) / ( [dnattrs] matchingrule COLON EQUALS assertionvalue ) In case we've got a principal name as '*' we have to follow RFC 4515 section 3 and reencode it using <valueencoding> rule from RFC 4511 section 4.1.6 but only to the part of the filter that does use assertion value. Fixes: https://pagure.io/freeipa/issue/8490 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
dnssec | ||
ipa-kdb | ||
ipa-otpd | ||
ipa-sam | ||
ipa-slapi-plugins | ||
ipa-version.h.in | ||
Makefile.am |