URL: https://github.com/freeipa/freeipa/pull/1115 Author: sumit-bose Title: #1115: ipa-kdb: reinit trusted domain data for enterprise principals Action: opened
PR body: """ While processing enterprise principals the information about trusted domains might not be up-to-date. With this patch ipadb_reinit_mspac() is called if an unknown domain is part of the enterprise principal. Resolves https://pagure.io/freeipa/issue/7172 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1115/head:pr1115 git checkout pr1115
From 26120d3fe97841890f08b59a37a2c58183d2d9ad Mon Sep 17 00:00:00 2001 From: Sumit Bose <sbose@f26-ipa.ipaf26.devel> Date: Wed, 27 Sep 2017 14:17:49 +0200 Subject: [PATCH] ipa-kdb: reinit trusted domain data for enterprise principals While processing enterprise principals the information about trusted domains might not be up-to-date. With this patch ipadb_reinit_mspac() is called if an unknown domain is part of the enterprise principal. Resolves https://pagure.io/freeipa/issue/7172 --- daemons/ipa-kdb/ipa_kdb_principals.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index 82c857430b..7935ad58d5 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -1259,6 +1259,16 @@ krb5_error_code ipadb_get_principal(krb5_context kcontext, realm, upn->length - (realm - upn->data), &trusted_realm); + if (kerr == KRB5_KDB_NOENTRY) { + /* try to refresh trusted domain data and try again */ + kerr = ipadb_reinit_mspac(ipactx, false); + if (kerr != 0) { + goto done; + } + kerr = ipadb_is_princ_from_trusted_realm(kcontext, realm, + upn->length - (realm - upn->data), + &trusted_realm); + } if (kerr == 0) { kentry = calloc(1, sizeof(krb5_db_entry)); if (!kentry) {
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org