svn rev #22710: trunk/src/plugins/kdb/ldap/libkdb_ldap/
ghudson@MIT.EDU
ghudson at MIT.EDU
Thu Sep 3 16:41:57 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22710
Commit By: ghudson
Log Message:
ticket: 6557
subject: Supply canonical name if present in LDAP iteration
target_version: 1.7.1
tags: pullup
In the presence of aliases, LDAP iteration was supplying the first
principal it found within the expected realm, which is not necessarily
the same as the canonical name. If the entry has a canonical name
field, use that in preference to any of the principal names.
Changed Files:
U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
Modified: trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
===================================================================
--- trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2009-09-03 18:33:13 UTC (rev 22709)
+++ trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c 2009-09-03 20:41:56 UTC (rev 22710)
@@ -188,7 +188,10 @@
LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
- if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+ values=ldap_get_values(ld, ent, "krbcanonicalname");
+ if (values == NULL)
+ values=ldap_get_values(ld, ent, "krbprincipalname");
+ if (values != NULL) {
for (i=0; values[i] != NULL; ++i) {
if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
continue;
@@ -201,13 +204,11 @@
(*func)(func_arg, &entry);
krb5_dbe_free_contents(context, &entry);
(void) krb5_free_principal(context, principal);
- if (princ_name)
- free(princ_name);
+ free(princ_name);
break;
}
(void) krb5_free_principal(context, principal);
- if (princ_name)
- free(princ_name);
+ free(princ_name);
}
ldap_value_free(values);
}
More information about the cvs-krb5
mailing list