krb5_const_principal principal)
{
krb5_error_code ret;
- krb5_principal p2;
uint32_t time1, time2;
krb5_storage *sp;
uint16_t len;
- char *s;
+ char *s = NULL;
+ char *principal_string = NULL;
+ char *logon_string = NULL;
sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
logon_name->buffersize);
return ret;
}
u8len += 1; /* Add space for NUL */
- s = malloc(u8len);
- if (s == NULL) {
+ logon_string = malloc(u8len);
+ if (logon_string == NULL) {
free(ucs2);
return krb5_enomem(context);
}
- ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
+ ret = wind_ucs2utf8(ucs2, ucs2len, logon_string, &u8len);
free(ucs2);
if (ret) {
- free(s);
+ free(logon_string);
krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
return ret;
}
}
- ret = krb5_parse_name_flags(context, s,
- KRB5_PRINCIPAL_PARSE_NO_REALM |
- KRB5_PRINCIPAL_PARSE_ENTERPRISE, &p2);
- free(s);
- if (ret)
+ ret = krb5_unparse_name_flags(context, principal,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM |
+ KRB5_PRINCIPAL_UNPARSE_DISPLAY,
+ &principal_string);
+ if (ret) {
+ free(logon_string);
return ret;
+ }
- if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
+ ret = strcmp(logon_string, principal_string);
+ if (ret != 0) {
ret = EINVAL;
- krb5_set_error_message(context, ret, "PAC logon name mismatch");
+ krb5_set_error_message(context, ret, "PAC logon name [%s] mismatch principal name [%s]",
+ logon_string, principal_string);
}
- krb5_free_principal(context, p2);
+ free(logon_string);
+ free(principal_string);
return ret;
out:
return ret;