From 764aa04ee92dbbd0d1eca6703294135eb97fda6d Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Fri, 20 Sep 2013 12:12:03 +0200 Subject: krb5: save canonical upn to sysdb If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060 --- src/providers/krb5/krb5_auth.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/providers/krb5/krb5_auth.c') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index fe3e6aba..b373cb4c 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -513,7 +513,7 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, goto done; } - attrs = talloc_array(state, const char *, 6); + attrs = talloc_array(state, const char *, 7); if (attrs == NULL) { ret = ENOMEM; goto done; @@ -524,7 +524,8 @@ struct tevent_req *krb5_auth_send(TALLOC_CTX *mem_ctx, attrs[2] = SYSDB_CCACHE_FILE; attrs[3] = SYSDB_UIDNUM; attrs[4] = SYSDB_GIDNUM; - attrs[5] = NULL; + attrs[5] = SYSDB_CANONICAL_UPN; + attrs[6] = NULL; ret = krb5_setup(state, pd, krb5_ctx, &state->kr); if (ret != EOK) { -- cgit