diff options
author | Sumit Bose <sbose@redhat.com> | 2013-05-13 14:25:15 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-05-14 16:54:39 +0200 |
commit | b2d781036956bb984c3403267e797afd3594762c (patch) | |
tree | 91361d18bb107954de0b4cd21cc4c7a0cbaed75e /src/providers | |
parent | 39472b5dfcc82815ae819a5b5831859249962a4c (diff) | |
download | sssd-b2d781036956bb984c3403267e797afd3594762c.tar.gz sssd-b2d781036956bb984c3403267e797afd3594762c.tar.bz2 sssd-b2d781036956bb984c3403267e797afd3594762c.zip |
Always update cached upn if enterprise principals are used
Instead of continuing to use the initial upn if enterprise principals
are used if should always be replaced. The enterprise principal
is stored in the credential cache and without knowing it the
ccache_for_princ() calls to determine the location of the credential
cache will fail.
Fixes https://fedorahosted.org/sssd/ticket/1921
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_auth.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 6d7494c3..f65e5993 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq) KRB5_USE_ENTERPRISE_PRINCIPAL); /* Check if the cases of our upn are correct and update it if needed. - * Fail if the upn differs by more than just the case. */ + * Fail if the upn differs by more than just the case for non-enterprise + * principals. */ if (res->correct_upn != NULL && - use_enterprise_principal == false && strcmp(kr->upn, res->correct_upn) != 0) { - if (strcasecmp(kr->upn, res->correct_upn) == 0) { + if (strcasecmp(kr->upn, res->correct_upn) == 0 || + use_enterprise_principal == true) { talloc_free(kr->upn); kr->upn = talloc_strdup(kr, res->correct_upn); if (kr->upn == NULL) { |