no longer done globally.
This keeps MIT client libraries happy, because otherwise the windows
KDC will return a different case to what was requested.
Andrew Bartlett
}
if (lp_realm() && *lp_realm()) {
- ret = krb5_set_default_realm(gensec_krb5_state->context, lp_realm());
+ char *upper_realm = strupper_talloc(gensec_krb5_state, lp_realm());
+ if (!upper_realm) {
+ DEBUG(1,("gensec_krb5_start: could not uppercase realm: %s\n", lp_realm()));
+ return NT_STATUS_NO_MEMORY;
+ }
+ ret = krb5_set_default_realm(gensec_krb5_state->context, upper_realm);
if (ret) {
DEBUG(1,("gensec_krb5_start: krb5_set_default_realm failed (%s)\n", error_message(ret)));
return NT_STATUS_INTERNAL_ERROR;
cli_credentials_get_realm(cred));
}
+/**
+ * Set the realm for this credentials context, and force it to
+ * uppercase for the sainity of our local kerberos libraries
+ */
BOOL cli_credentials_set_realm(struct cli_credentials *cred, const char *val, enum credentials_obtained obtained)
{
if (obtained >= cred->realm_obtained) {
- cred->realm = talloc_strdup(cred, val);
+ cred->realm = strupper_talloc(cred, val);
cred->realm_obtained = obtained;
return True;
}
git.samba.org / samba.git / commitdiff