diff options
| author | Tom Yu <tlyu@mit.edu> | 2010-01-12 02:50:04 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2010-01-12 02:50:04 +0000 |
| commit | db83dc990bd338aa803e042b0816af640062fb08 (patch) | |
| tree | 4996e3612460cbdc8393209c9617b5b0ee9d35df | |
| parent | fa6c6ecf0d932289368ae75235e4736270975cad (diff) | |
| download | krb5-db83dc990bd338aa803e042b0816af640062fb08.zip krb5-db83dc990bd338aa803e042b0816af640062fb08.tar.gz krb5-db83dc990bd338aa803e042b0816af640062fb08.tar.bz2 | |
------------------------------------------------------------------------
r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines
ticket: 6557
subject: Supply canonical name if present in LDAP iteration
target_version: 1.7.1
tags: pullup
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
ticket: 6557
version_fixed: 1.7.1
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23634 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index 8b3c7a1..1cf6762 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -188,7 +188,10 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes); for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) { - if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) { + values=ldap_get_values(ld, ent, "krbcanonicalname"); + if (values == NULL) + values=ldap_get_values(ld, ent, "krbprincipalname"); + if (values != NULL) { for (i=0; values[i] != NULL; ++i) { if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0) continue; @@ -201,13 +204,11 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) (*func)(func_arg, &entry); krb5_dbe_free_contents(context, &entry); (void) krb5_free_principal(context, principal); - if (princ_name) - free(princ_name); + free(princ_name); break; } (void) krb5_free_principal(context, principal); - if (princ_name) - free(princ_name); + free(princ_name); } ldap_value_free(values); } |