From: Andreas Schneider <asn@samba.org>
Date: Fri, 25 Apr 2025 09:30:14 +0000 (+0200)
Subject: auth:creds: Make sure when parsing username that realm is uppercase
X-Git-Tag: tdb-1.4.14~45
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28745e997070e8a7ca3c19cd0fabef789e17cc2d;p=thirdparty%2Fsamba.git

auth:creds: Make sure when parsing username that realm is uppercase

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index a88a458f82b..c31470a81d2 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1030,6 +1030,8 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
 	}
 
 	if ((p = strchr_m(uname,'@'))) {
+		char *x = NULL;
+
 		/*
 		 * We also need to set username and domain
 		 * in order to undo the effect of
@@ -1038,6 +1040,11 @@ _PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials,
 		cli_credentials_set_username(credentials, uname, obtained);
 		cli_credentials_set_domain(credentials, "", obtained);
 
+		/* Make sure the realm is uppercase */
+		for (x = p + 1; x[0] != '\0'; x++) {
+			*x = toupper_m(*x);
+		}
+
 		cli_credentials_set_principal(credentials, uname, obtained);
 		*p = 0;
 		cli_credentials_set_realm(credentials, p+1, obtained);
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index fa8755e0a40..4abb7e4b90c 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -219,7 +219,7 @@ static void torture_creds_parse_string(void **state)
 	usr_obtained = cli_credentials_get_username_obtained(creds);
 	assert_int_equal(usr_obtained, CRED_SPECIFIED);
 
-	assert_string_equal(creds->principal, "wurst@brot.realm");
+	assert_string_equal(creds->principal, "wurst@BROT.REALM");
 	princ_obtained = cli_credentials_get_principal_obtained(creds);
 	assert_int_equal(princ_obtained, CRED_SPECIFIED);
 
diff --git a/python/samba/tests/credentials.py b/python/samba/tests/credentials.py
index f9781f8ba03..bc132681c48 100644
--- a/python/samba/tests/credentials.py
+++ b/python/samba/tests/credentials.py
@@ -403,7 +403,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir):
         self.assertEqual(creds.get_username(), "user@samba.org")
         self.assertEqual(creds.get_domain(), "")
         self.assertEqual(creds.get_realm(), "SAMBA.ORG")
-        self.assertEqual(creds.get_principal(), "user@samba.org")
+        self.assertEqual(creds.get_principal(), "user@SAMBA.ORG")
         self.assertEqual(creds.is_anonymous(), False)
         self.assertEqual(creds.authentication_requested(), True)
 
@@ -445,7 +445,7 @@ class CredentialsTests(samba.tests.TestCaseInTempDir):
         self.assertEqual(creds.get_domain(), "")
         self.assertEqual(creds.get_password(), "pass")
         self.assertEqual(creds.get_realm(), "SAMBA.ORG")
-        self.assertEqual(creds.get_principal(), "user@samba.org")
+        self.assertEqual(creds.get_principal(), "user@SAMBA.ORG")
         self.assertEqual(creds.is_anonymous(), False)
         self.assertEqual(creds.authentication_requested(), True)