mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
b5876f30d4
Restructure logic of ipadb_get_principal() to separate retrieval of a principal by a name and by an alias. Separate enterprise principal name type processing into a helper function to be able to reuse it for own aliases. Unify code in client referrals part to do the same and use krb5 API to deal with principals rather than parsing strings. The end result is the same but we follow common rules in MIT Kerberos to process principals. An enterprise principal is typically "name@SOMEREALM@REALM", but any principal might be parsed as enterprise principal, so we could get "name@REALM" marked as such. When unparsing the enterprise principal, re-parse it again with default realm values, to get our realm normalization. This behavior would fix situations when GSSAPI calls are operating on a non-qualified principal name that was imported as a GSS_KRB5_NT_ENTERPRISE_NAME when calling gss_import_name(). Related: https://pagure.io/freeipa/issue/8319 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-By: Isaac Boukris <iboukris@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> |
||
---|---|---|
.. | ||
dnssec | ||
ipa-kdb | ||
ipa-otpd | ||
ipa-sam | ||
ipa-slapi-plugins | ||
ipa-version.h.in | ||
Makefile.am |