From 517ba52c518eb747ccb2a76d75a7ec88fc870cf4 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Mon, 13 May 2013 14:25:15 +0200
Subject: [PATCH] Always update cached upn if enterprise principals are used

Instead of continuing to use the initial upn if enterprise principals
are used if should always be replaced. The enterprise principal
is stored in the credential cache and without knowing it the
ccache_for_princ() calls to determine the location of the credential
cache will fail.

Fixes https://fedorahosted.org/sssd/ticket/1921
---
 src/providers/krb5/krb5_auth.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c
index 6d7494c..f65e599 100644
--- a/src/providers/krb5/krb5_auth.c
+++ b/src/providers/krb5/krb5_auth.c
@@ -913,11 +913,12 @@ static void krb5_auth_done(struct tevent_req *subreq)
                                                KRB5_USE_ENTERPRISE_PRINCIPAL);
 
     /* Check if the cases of our upn are correct and update it if needed.
-     * Fail if the upn differs by more than just the case. */
+     * Fail if the upn differs by more than just the case for non-enterprise
+     * principals. */
     if (res->correct_upn != NULL &&
-        use_enterprise_principal == false &&
         strcmp(kr->upn, res->correct_upn) != 0) {
-        if (strcasecmp(kr->upn, res->correct_upn) == 0) {
+        if (strcasecmp(kr->upn, res->correct_upn) == 0 ||
+            use_enterprise_principal == true) {
             talloc_free(kr->upn);
             kr->upn = talloc_strdup(kr, res->correct_upn);
             if (kr->upn == NULL) {
-- 
1.7.7.6