auth:creds: Make sure when parsing username that realm is uppercase

author Andreas Schneider <asn@samba.org>

Fri, 25 Apr 2025 09:30:14 +0000 (11:30 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Tue, 5 Aug 2025 10:49:34 +0000 (10:49 +0000)
author Andreas Schneider <asn@samba.org>
Fri, 25 Apr 2025 09:30:14 +0000 (11:30 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Tue, 5 Aug 2025 10:49:34 +0000 (10:49 +0000)
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c

index a88a458f82bde29e2d390544841ab0c865c69818..c31470a81d20ab389e8b86c9e06e126e04cf705a 100644 (file)
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1030,6 +1030,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
         }
  
         if ((p = strchr_m(uname,'@'))) {
+               char *x = NULL;
+
                 /*
                  * We also need to set username and domain
                  * in order to undo the effect of
@@ -1038,6 +1040,11 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
                 cli_credentials_set_username(credentials, uname, obtained);
                 cli_credentials_set_domain(credentials, "", obtained);
  
+               /* Make sure the realm is uppercase */
+               for (x = p + 1; x[0] != '\0'; x++) {
+                       *x = toupper_m(*x);
+               }
+
                 cli_credentials_set_principal(credentials, uname, obtained);
                 *p = 0;
                 cli_credentials_set_realm(credentials, p+1, obtained);
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c

index fa8755e0a409c4885cfec735d86b11231292287a..4abb7e4b90c1ff2250b26ebc5cb1a96b6fd93eaa 100644 (file)
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -219,7 +219,7 @@ static void torture_creds_parse_string(void **state)
         usr_obtained = cli_credentials_get_username_obtained(creds);
         assert_int_equal(usr_obtained, CRED_SPECIFIED);
  
-       assert_string_equal(creds->principal, "wurst@brot.realm");
+       assert_string_equal(creds->principal, "wurst@BROT.REALM");
         princ_obtained = cli_credentials_get_principal_obtained(creds);
         assert_int_equal(princ_obtained, CRED_SPECIFIED);
  
diff --git a/python/samba/tests/credentials.py b/python/samba/tests/credentials.py

index f9781f8ba036196d30b30ef87901feae648b8ca9..bc132681c488fda82e95219db36f3851317fe369 100644 (file)
--- a/python/samba/tests/credentials.py
+++ b/python/samba/tests/credentials.py
@@ -403,7 +403,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir):
          self.assertEqual(creds.get_username(), "user@samba.org")
          self.assertEqual(creds.get_domain(), "")
          self.assertEqual(creds.get_realm(), "SAMBA.ORG")
-        self.assertEqual(creds.get_principal(), "user@samba.org")
+        self.assertEqual(creds.get_principal(), "user@SAMBA.ORG")
          self.assertEqual(creds.is_anonymous(), False)
          self.assertEqual(creds.authentication_requested(), True)
  
@@ -445,7 +445,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir):
          self.assertEqual(creds.get_domain(), "")
          self.assertEqual(creds.get_password(), "pass")
          self.assertEqual(creds.get_realm(), "SAMBA.ORG")
-        self.assertEqual(creds.get_principal(), "user@samba.org")
+        self.assertEqual(creds.get_principal(), "user@SAMBA.ORG")
          self.assertEqual(creds.is_anonymous(), False)
          self.assertEqual(creds.authentication_requested(), True)
author	Andreas Schneider <asn@samba.org>
	Fri, 25 Apr 2025 09:30:14 +0000 (11:30 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Tue, 5 Aug 2025 10:49:34 +0000 (10:49 +0000)
auth/credentials/credentials.c		patch \| blob \| blame \| history
auth/credentials/tests/test_creds.c		patch \| blob \| blame \| history
python/samba/tests/credentials.py		patch \| blob \| blame \| history