r8181: Allow host/foo.realm/realm@REALM requests, assuming that the realm

forms both differ only in case.  We may need a better solution than
this later.

Andrew Bartlett
(This used to be commit a0ad13f5bceb17c1b856548825e5509921b409f0)

diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 0875803be00ad64b3b5390823e81f2f9a33a68ec..96f415ac016327d1d31b84d7ff24de4917863a86 100644 (file)
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -460,7 +460,15 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
 
        struct ldb_message **msg;
 
-       ret = krb5_unparse_name(context, principal, &princ_str);
+       struct Principal princ = *principal;
+
+       /* Allow host/dns.name/realm@REALM, just convert into host/dns.name@REALM */
+       if (princ.name.name_string.len == 3
+           && StrCaseCmp(princ.name.name_string.val[2], princ.realm) == 0) { 
+               princ.name.name_string.len = 2;
+       }
+
+       ret = krb5_unparse_name(context, &princ, &princ_str);
 
        if (ret != 0) {
                krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal");