On Wed, 2015-09-09 at 10:52 +0200, Martin Babinsky wrote:
>              if (found) {
> +                /* replace the incoming principal with the value got
> from LDAP
> +                 * search. This is needed so that correctly case
> principal is
> +                 * returned in the case when canonicalization is
> switched on
> +                 * and no krbcanonicalname attribute is present in
> the entry.
> +                 */
> +                free(*principal);
> +                *principal = strdup(vals[i]->bv_val);
> +                if (!(*principal)) {
> +                    return KRB5_KDB_INTERNAL_ERROR;
> +                }
>                  break;


This unconditionally replaces the principal even when canonicalization
is not requested. Shouldn't this replace be conditional on
KRB5_KDB_FLAGS_ALIAS_OK being set ?

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to