From b2d781036956bb984c3403267e797afd3594762c Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 13 May 2013 14:25:15 +0200 Subject: Always update cached upn if enterprise principals are used Instead of continuing to use the initial upn if enterprise principals are used if should always be replaced. The enterprise principal is stored in the credential cache and without knowing it the ccache_for_princ() calls to determine the location of the credential cache will fail. Fixes https://fedorahosted.org/sssd/ticket/1921 --- src/providers/krb5/krb5_auth.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 6d7494c3..f65e5993 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq) KRB5_USE_ENTERPRISE_PRINCIPAL); /* Check if the cases of our upn are correct and update it if needed. - * Fail if the upn differs by more than just the case. */ + * Fail if the upn differs by more than just the case for non-enterprise + * principals. */ if (res->correct_upn != NULL && - use_enterprise_principal == false && strcmp(kr->upn, res->correct_upn) != 0) { - if (strcasecmp(kr->upn, res->correct_upn) == 0) { + if (strcasecmp(kr->upn, res->correct_upn) == 0 || + use_enterprise_principal == true) { talloc_free(kr->upn); kr->upn = talloc_strdup(kr, res->correct_upn); if (kr->upn == NULL) { -- cgit