From db83dc990bd338aa803e042b0816af640062fb08 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 12 Jan 2010 02:50:04 +0000
Subject: [PATCH] 
 ------------------------------------------------------------------------ 
 r22710 | ghudson | 2009-09-03 16:41:56 -0400 (Thu, 03 Sep 2009) | 10 lines

 ticket: 6557
 subject: Supply canonical name if present in LDAP iteration
 target_version: 1.7.1
 tags: pullup

 In the presence of aliases, LDAP iteration was supplying the first
 principal it found within the expected realm, which is not necessarily
 the same as the canonical name.  If the entry has a canonical name
 field, use that in preference to any of the principal names.

ticket: 6557
version_fixed: 1.7.1
status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@23634 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
index 8b3c7a14a..1cf67629b 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c
@@ -188,7 +188,10 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 
 	LDAP_SEARCH(subtree[tree], ldap_context->lrparams->search_scope, filter, principal_attributes);
 	for (ent=ldap_first_entry(ld, result); ent != NULL; ent=ldap_next_entry(ld, ent)) {
-	    if ((values=ldap_get_values(ld, ent, "krbprincipalname")) != NULL) {
+	    values=ldap_get_values(ld, ent, "krbcanonicalname");
+	    if (values == NULL)
+		values=ldap_get_values(ld, ent, "krbprincipalname");
+	    if (values != NULL) {
 		for (i=0; values[i] != NULL; ++i) {
 		    if (krb5_ldap_parse_principal_name(values[i], &princ_name) != 0)
 			continue;
@@ -201,13 +204,11 @@ krb5_ldap_iterate(context, match_expr, func, func_arg)
 			(*func)(func_arg, &entry);
 			krb5_dbe_free_contents(context, &entry);
 			(void) krb5_free_principal(context, principal);
-			if (princ_name)
-			    free(princ_name);
+			free(princ_name);
 			break;
 		    }
 		    (void) krb5_free_principal(context, principal);
-		    if (princ_name)
-			free(princ_name);
+		    free(princ_name);
 		}
 		ldap_value_free(values);
 	    }
-- 
2.26.2