From 517ba52c518eb747ccb2a76d75a7ec88fc870cf4 Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Mon, 13 May 2013 14:25:15 +0200 Subject: [PATCH] Always update cached upn if enterprise principals are used Instead of continuing to use the initial upn if enterprise principals are used if should always be replaced. The enterprise principal is stored in the credential cache and without knowing it the ccache_for_princ() calls to determine the location of the credential cache will fail. Fixes https://fedorahosted.org/sssd/ticket/1921 --- src/providers/krb5/krb5_auth.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c index 6d7494c..f65e599 100644 --- a/src/providers/krb5/krb5_auth.c +++ b/src/providers/krb5/krb5_auth.c @@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq) KRB5_USE_ENTERPRISE_PRINCIPAL); /* Check if the cases of our upn are correct and update it if needed. - * Fail if the upn differs by more than just the case. */ + * Fail if the upn differs by more than just the case for non-enterprise + * principals. */ if (res->correct_upn != NULL && - use_enterprise_principal == false && strcmp(kr->upn, res->correct_upn) != 0) { - if (strcasecmp(kr->upn, res->correct_upn) == 0) { + if (strcasecmp(kr->upn, res->correct_upn) == 0 || + use_enterprise_principal == true) { talloc_free(kr->upn); kr->upn = talloc_strdup(kr, res->correct_upn); if (kr->upn == NULL) { -- 1.7.7.6