Alexander Bokovoy d00106b34d ipa-kdb: support getprincs request in kadmin.local ... kadmin.local getprincs command results in passing '*' as a principal to KDB driver function that looks up the principals. The whole filter looks like this (&(| (objectclass=krbprincipalaux) (objectclass=krbprincipal) (objectclass=ipakrbprincipal)) (|(ipakrbprincipalalias=*) (krbprincipalname:caseIgnoreIA5Match:=*))) There are two parts of the LDAP filter we use to look up principals, the part with 'krbprincipalname' uses extensible filter syntax of RFC 4515 section 3: extensible = ( attr [dnattrs] [matchingrule] COLON EQUALS assertionvalue ) / ( [dnattrs] matchingrule COLON EQUALS assertionvalue ) In case we've got a principal name as '*' we have to follow RFC 4515 section 3 and reencode it using <valueencoding> rule from RFC 4511 section 4.1.6 but only to the part of the filter that does use assertion value. Fixes: https://pagure.io/freeipa/issue/8490 Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>		2020-09-10 11:57:14 -04:00
..
dnssec	ipa-dnskeysyncd: Raise loglevel to DEBUG	2020-08-31 09:42:31 +03:00
ipa-kdb	ipa-kdb: support getprincs request in kadmin.local	2020-09-10 11:57:14 -04:00
ipa-otpd	libotp: Replace NSS with OpenSSL HMAC	2020-06-08 20:04:18 +03:00
ipa-sam	Terminology improvements: use block list	2020-06-23 10:16:29 +02:00
ipa-slapi-plugins	extdom-extop: refactor tests to use unshare+chroot to override nss_files configuration	2020-08-04 18:43:22 +03:00
ipa-version.h.in	Build: move version handling from Makefile to configure	2016-11-09 13:08:32 +01:00
Makefile.am	Build: properly integrate ipa-version.h.in into build system	2016-11-29 15:28:24 +01:00