If the identity ACL file contains entries for a subject, add
an entry for the subject so they can assert their own identity.
---
lib/webkdc-login.c | 4 +++-
weblogin/templates/confirm.tmpl | 1 +
2 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/lib/webkdc-login.c b/lib/webkdc-login.c
index 4e0448c..3d36017 100644
--- a/lib/webkdc-login.c
+++ b/lib/webkdc-login.c
@@ -846,8 +846,10 @@ build_identity_list(struct webauth_context *ctx, const
char *subject,
" line %lu", ctx->webkdc->id_acl_path, line);
goto done;
}
- if (*identities == NULL)
+ if (*identities == NULL) {
*identities = apr_array_make(ctx->pool, 1, sizeof(char *));
+ APR_ARRAY_PUSH(*identities, char *) = apr_pstrdup(ctx->pool,
subject);
+ }
APR_ARRAY_PUSH(*identities, char *) = apr_pstrdup(ctx->pool, authz);
}
if (code != APR_SUCCESS && code != APR_EOF) {
diff --git a/weblogin/templates/confirm.tmpl b/weblogin/templates/confirm.tmpl
index bf7183a..fdb5ffd 100644
--- a/weblogin/templates/confirm.tmpl
+++ b/weblogin/templates/confirm.tmpl
@@ -162,6 +162,7 @@ works of this work.
<select name="authz_subject">
<option selected>[% username FILTER html %]</option>
[% FOREACH authz IN permitted_authz %]
+ [% NEXT IF authz == username %]
<option>[% authz FILTER html %]</option>
[% END %]
</select>
--
1.7.1
