r6700: Upper case realms in kerberos-specific parts of the code, as this is

no longer done globally.

This keeps MIT client libraries happy, because otherwise the windows
KDC will return a different case to what was requested.

Andrew Bartlett
(This used to be commit 9098b9321f938473c367f906cfe2f001ca1d8e6a)

2 files changed, 11 insertions, 2 deletions

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 93d82a33a1..c850d93fce 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -284,7 +284,12 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
 	}
 
 	if (lp_realm() && *lp_realm()) {
-		ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm());
+		char *upper_realm = strupper_talloc(gensec_krb5_state, lp_realm());
+		if (!upper_realm) {
+			DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
+			return NT_STATUS_NO_MEMORY;
+		}
+		ret = krb5_set_default_realm(gensec_krb5_state->context, upper_realm);
 		if (ret) {
 			DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret)));
 			return NT_STATUS_INTERNAL_ERROR;
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index 7e25fc780b..ed9a9788ab 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -175,10 +175,14 @@ char *cli_credentials_get_principal(struct cli_credentials *cred,
 			       cli_credentials_get_realm(cred));
 }
 
+/**
+ * Set the realm for this credentials context, and force it to
+ * uppercase for the sainity of our local kerberos libraries 
+ */
 BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained)
 {
 	if (obtained >= cred->realm_obtained) {
-		cred->realm = talloc_strdup(cred, val);
+		cred->realm = strupper_talloc(cred, val);
 		cred->realm_obtained = obtained;
 		return True;
 	}