svn rev #23634: branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/

tlyu@MIT.EDU tlyu at MIT.EDU
Mon Jan 11 21:50:04 EST 2010 

http://src.mit.edu/fisheye/changelog/krb5/?cs=23634
Commit By: tlyu
Log Message:
ticket: 6557
version_fixed: 1.7.1
status: resolved

 ------------------------------------------------------------------------
 r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines

 ticket: 6557
 subject: Supply canonical name if present in LDAP iteration
 target_version: 1.7.1
 tags: pullup

 In the presence of aliases, LDAP iteration was supplying the first
 principal it found within the expected realm, which is not necessarily
 the same as the canonical name.  If the entry has a canonical name
 field, use that in preference to any of the principal names.


Changed Files:
U   branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
Modified: branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
===================================================================
--- branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c	2010-01-12 02:49:59 UTC (rev 23633)
+++ branches/krb5-1-7/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c	2010-01-12 02:50:04 UTC (rev 23634)
@@ -188,7 +188,10 @@
 
 	LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
 	for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-	    if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+	    values=ldap_get_values(ld, ent, "krbcanonicalname");
+	    if (values == NULL)
+		values=ldap_get_values(ld, ent, "krbprincipalname");
+	    if (values != NULL) {
 		for (i=0; values[i] != NULL; ++i) {
 		    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
 			continue;
@@ -201,13 +204,11 @@
 			(*func)(func_arg, &entry);
 			krb5_dbe_free_contents(context, &entry);
 			(void) krb5_free_principal(context, principal);
-			if (princ_name)
-			    free(princ_name);
+			free(princ_name);
 			break;
 		    }
 		    (void) krb5_free_principal(context, principal);
-		    if (princ_name)
-			free(princ_name);
+		    free(princ_name);
 		}
 		ldap_value_free(values);
 	    }

More information about the cvs-krb5 mailing list