summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/gensec/gensec_krb5.c7
-rw-r--r--source4/lib/credentials.c6
2 files changed, 11 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 93d82a33a1..c850d93fce 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -284,7 +284,12 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security)
}
if (lp_realm() && *lp_realm()) {
- ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm());
+ char *upper_realm = strupper_talloc(gensec_krb5_state, lp_realm());
+ if (!upper_realm) {
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
+ return NT_STATUS_NO_MEMORY;
+ }
+ ret = krb5_set_default_realm(gensec_krb5_state->context, upper_realm);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret)));
return NT_STATUS_INTERNAL_ERROR;
diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c
index 7e25fc780b..ed9a9788ab 100644
--- a/source4/lib/credentials.c
+++ b/source4/lib/credentials.c
@@ -175,10 +175,14 @@ char *cli_credentials_get_principal(struct cli_credentials *cred,
cli_credentials_get_realm(cred));
}
+/**
+ * Set the realm for this credentials context, and force it to
+ * uppercase for the sainity of our local kerberos libraries
+ */
BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained)
{
if (obtained >= cred->realm_obtained) {
- cred->realm = talloc_strdup(cred, val);
+ cred->realm = strupper_talloc(cred, val);
cred->realm_obtained = obtained;
return True;
}