summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/kdc/db-glue.c40
1 files changed, 20 insertions, 20 deletions
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 28837f6df0..b062282c28 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1113,7 +1113,6 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
* krbtgt */
int lret;
- char *realm_fixed;
if (krbtgt_number == kdc_db_ctx->my_krbtgt_number) {
lret = dsdb_search_one(kdc_db_ctx->samdb, mem_ctx,
@@ -1147,31 +1146,32 @@ static krb5_error_code samba_kdc_fetch_krbtgt(krb5_context context,
return HDB_ERR_NOENTRY;
}
- realm_fixed = strupper_talloc(mem_ctx, lpcfg_realm(lp_ctx));
- if (!realm_fixed) {
- ret = ENOMEM;
- krb5_set_error_message(context, ret, "strupper_talloc: out of memory");
- return ret;
- }
-
- ret = krb5_copy_principal(context, principal, &alloc_principal);
- if (ret) {
- return ret;
- }
+ if (flags & HDB_F_CANON) {
+ ret = krb5_copy_principal(context, principal, &alloc_principal);
+ if (ret) {
+ return ret;
+ }
- free(alloc_principal->name.name_string.val[1]);
- alloc_principal->name.name_string.val[1] = strdup(realm_fixed);
- talloc_free(realm_fixed);
- if (!alloc_principal->name.name_string.val[1]) {
- ret = ENOMEM;
- krb5_set_error_message(context, ret, "samba_kdc_fetch: strdup() failed!");
- return ret;
+ /* When requested to do so, ensure that the
+ * both realm values in the principal are set
+ * to the upper case, canonical realm */
+ free(alloc_principal->name.name_string.val[1]);
+ alloc_principal->name.name_string.val[1] = strdup(lpcfg_realm(lp_ctx));
+ if (!alloc_principal->name.name_string.val[1]) {
+ ret = ENOMEM;
+ krb5_set_error_message(context, ret, "samba_kdc_fetch: strdup() failed!");
+ return ret;
+ }
+ principal = alloc_principal;
}
- principal = alloc_principal;
ret = samba_kdc_message2entry(context, kdc_db_ctx, mem_ctx,
principal, SAMBA_KDC_ENT_TYPE_KRBTGT,
flags, realm_dn, msg, entry_ex);
+ if (flags & HDB_F_CANON) {
+ /* This is again copied in the message2entry call */
+ krb5_free_principal(context, alloc_principal);
+ }
if (ret != 0) {
krb5_warnx(context, "samba_kdc_fetch: self krbtgt message2entry failed");
}