krb5-wrap: Use the principal returned by the KDC to create the ccache

We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 22975c1c8a3cb05b980bba52d136ab283154ac70..490d72392233dc5168a31abe16fc3ec27d30582b 100644 (file)
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1717,6 +1717,14 @@ krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc,
                return code;
        }
 
+#ifndef SAMBA4_USES_HEIMDAL /* MIT */
+       /*
+        * We need to store the principal as returned from the KDC to the
+        * credentials cache. If we don't do that the KRB5 library is not
+        * able to find the tickets it is looking for
+        */
+       principal = my_creds.client;
+#endif
        code = krb5_cc_initialize(ctx, cc, principal);
        if (code) {
                goto done;