krb5-wrap: Use the principal returned by the KDC to create the ccache

We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 9d2f6982524fffb760e89b55ac047f0ea9392ed4..9ee71f52c65f01e7071e4f632808e2e1a9075394 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2004,6 +2004,14 @@ krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc,
                return code;
        }
 
+#ifndef SAMBA4_USES_HEIMDAL /* MIT */
+       /*
+        * We need to store the principal as returned from the KDC to the
+        * credentials cache. If we don't do that the KRB5 library is not
+        * able to find the tickets it is looking for
+        */
+       principal = my_creds.client;
+#endif
        code = krb5_cc_initialize(ctx, cc, principal);
        if (code) {
                goto done;