pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0185-ipa-kdb-use-canonical-principal-in-certauth-plugin.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   483b06d68cbb3facb2f1fcff4d857d3e3233a2e0
  2.   SOURCES
  3.   0185-ipa-kdb-use-canonical-principal-in-certauth-plugin.patch
Blob History Raw
483b06 
From 25033eb499af95f458bd975eddd954c4b6a086ff Mon Sep 17 00:00:00 2001
483b06 
From: Sumit Bose <sbose@redhat.com>
483b06 
Date: Thu, 1 Jun 2017 18:17:53 +0200
483b06 
Subject: [PATCH] ipa-kdb: use canonical principal in certauth plugin
483b06
483b06 
Currently the certauth plugin use the unmodified principal from the
483b06 
request to lookup the user. This might fail if e.g. enterprise
483b06 
principals are use. With this patch the canonical principal form the kdc
483b06 
entry is used.
483b06
483b06 
Resolves https://pagure.io/freeipa/issue/6993
483b06
483b06 
Reviewed-By: David Kupka <dkupka@redhat.com>
483b06 
---
483b06 
 daemons/ipa-kdb/ipa_kdb_certauth.c | 2 +-
483b06 
 1 file changed, 1 insertion(+), 1 deletion(-)
483b06
483b06 
diff --git a/daemons/ipa-kdb/ipa_kdb_certauth.c b/daemons/ipa-kdb/ipa_kdb_certauth.c
483b06 
index da9a9cb87feca68ee591da70a3239dc86749bae5..66c2d08cbb9d23a8891b9cb6ca238925530eb40c 100644
483b06 
--- a/daemons/ipa-kdb/ipa_kdb_certauth.c
483b06 
+++ b/daemons/ipa-kdb/ipa_kdb_certauth.c
483b06 
@@ -284,7 +284,7 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context,
483b06 
         }
483b06 
     }
483b06
483b06 
-    ret = krb5_unparse_name(context, princ, &principal);
483b06 
+    ret = krb5_unparse_name(context, db_entry->princ, &principal);
483b06 
     if (ret != 0) {
483b06 
         ret = KRB5KDC_ERR_CERTIFICATE_MISMATCH;
483b06 
         goto done;
483b06 
--
483b06 
2.9.4
483b06

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation