diff options
-rw-r--r-- | source4/auth/gensec/gensec_krb5.c | 7 | ||||
-rw-r--r-- | source4/lib/credentials.c | 6 |
2 files changed, 11 insertions, 2 deletions
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index 93d82a33a1..c850d93fce 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -284,7 +284,12 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security) } if (lp_realm() && *lp_realm()) { - ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm()); + char *upper_realm = strupper_talloc(gensec_krb5_state, lp_realm()); + if (!upper_realm) { + DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm())); + return NT_STATUS_NO_MEMORY; + } + ret = krb5_set_default_realm(gensec_krb5_state->context, upper_realm); if (ret) { DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret))); return NT_STATUS_INTERNAL_ERROR; diff --git a/source4/lib/credentials.c b/source4/lib/credentials.c index 7e25fc780b..ed9a9788ab 100644 --- a/source4/lib/credentials.c +++ b/source4/lib/credentials.c @@ -175,10 +175,14 @@ char *cli_credentials_get_principal(struct cli_credentials *cred, cli_credentials_get_realm(cred)); } +/** + * Set the realm for this credentials context, and force it to + * uppercase for the sainity of our local kerberos libraries + */ BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained) { if (obtained >= cred->realm_obtained) { - cred->realm = talloc_strdup(cred, val); + cred->realm = strupper_talloc(cred, val); cred->realm_obtained = obtained; return True; } |