summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-05-13 14:25:15 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-05-14 16:54:39 +0200
commitb2d781036956bb984c3403267e797afd3594762c (patch)
tree91361d18bb107954de0b4cd21cc4c7a0cbaed75e
parent39472b5dfcc82815ae819a5b5831859249962a4c (diff)
downloadsssd-b2d781036956bb984c3403267e797afd3594762c.tar.gz
sssd-b2d781036956bb984c3403267e797afd3594762c.tar.bz2
sssd-b2d781036956bb984c3403267e797afd3594762c.zip
Always update cached upn if enterprise principals are used
Instead of continuing to use the initial upn if enterprise principals are used if should always be replaced. The enterprise principal is stored in the credential cache and without knowing it the ccache_for_princ() calls to determine the location of the credential cache will fail. Fixes https://fedorahosted.org/sssd/ticket/1921
-rw-r--r--src/providers/krb5/krb5_auth.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 6d7494c3..f65e5993 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
KRB5_USE_ENTERPRISE_PRINCIPAL);
/* Check if the cases of our upn are correct and update it if needed.
- * Fail if the upn differs by more than just the case. */
+ * Fail if the upn differs by more than just the case for non-enterprise
+ * principals. */
if (res->correct_upn != NULL &&
- use_enterprise_principal == false &&
strcmp(kr->upn, res->correct_upn) != 0) {
- if (strcasecmp(kr->upn, res->correct_upn) == 0) {
+ if (strcasecmp(kr->upn, res->correct_upn) == 0 ||
+ use_enterprise_principal == true) {
talloc_free(kr->upn);
kr->upn = talloc_strdup(kr, res->correct_upn);
if (kr->upn == NULL) {