pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0185-ipa-kdb-use-canonical-principal-in-certauth-plugin.patch

ac7d03
From 25033eb499af95f458bd975eddd954c4b6a086ff Mon Sep 17 00:00:00 2001
ac7d03
From: Sumit Bose <sbose@redhat.com>
ac7d03
Date: Thu, 1 Jun 2017 18:17:53 +0200
ac7d03
Subject: [PATCH] ipa-kdb: use canonical principal in certauth plugin
ac7d03
ac7d03
Currently the certauth plugin use the unmodified principal from the
ac7d03
request to lookup the user. This might fail if e.g. enterprise
ac7d03
principals are use. With this patch the canonical principal form the kdc
ac7d03
entry is used.
ac7d03
ac7d03
Resolves https://pagure.io/freeipa/issue/6993
ac7d03
ac7d03
Reviewed-By: David Kupka <dkupka@redhat.com>
ac7d03
---
ac7d03
 daemons/ipa-kdb/ipa_kdb_certauth.c | 2 +-
ac7d03
 1 file changed, 1 insertion(+), 1 deletion(-)
ac7d03
ac7d03
diff --git a/daemons/ipa-kdb/ipa_kdb_certauth.c b/daemons/ipa-kdb/ipa_kdb_certauth.c
ac7d03
index da9a9cb87feca68ee591da70a3239dc86749bae5..66c2d08cbb9d23a8891b9cb6ca238925530eb40c 100644
ac7d03
--- a/daemons/ipa-kdb/ipa_kdb_certauth.c
ac7d03
+++ b/daemons/ipa-kdb/ipa_kdb_certauth.c
ac7d03
@@ -284,7 +284,7 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
ac7d03
         }
ac7d03
     }
ac7d03
 
ac7d03
-    ret = krb5_unparse_name(context, princ, &principal);
ac7d03
+    ret = krb5_unparse_name(context, db_entry->princ, &principal);
ac7d03
     if (ret != 0) {
ac7d03
         ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
ac7d03
         goto done;
ac7d03
-- 
ac7d03
2.9.4
ac7d03