diff options
| author | Theodore Tso <tytso@mit.edu> | 1994-10-14 04:31:01 +0000 |
|---|---|---|
| committer | Theodore Tso <tytso@mit.edu> | 1994-10-14 04:31:01 +0000 |
| commit | 96a56da8e58ade68f3b3bb256db2ed1825b01418 (patch) | |
| tree | 7f02e29fbafcae605f7fd635bd8b834ec65dc233 /src/kdc | |
| parent | d44a0b6e5d6e52f927e2502ef37e8248727d594b (diff) | |
| download | krb5-96a56da8e58ade68f3b3bb256db2ed1825b01418.tar.gz krb5-96a56da8e58ade68f3b3bb256db2ed1825b01418.tar.xz krb5-96a56da8e58ade68f3b3bb256db2ed1825b01418.zip | |
Don't assume that the request server's realm name is null terminated.
Compare the request server against changepw/kerberos using
krb5_principal_compare.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4504 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc')
| -rw-r--r-- | src/kdc/ChangeLog | 7 | ||||
| -rw-r--r-- | src/kdc/do_as_req.c | 14 |
2 files changed, 18 insertions, 3 deletions
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 10e8e1ac4..165b404a9 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,10 @@ +Tue Oct 11 22:11:09 1994 Theodore Y. Ts'o (tytso@dcl) + + * do_as_req.c (process_as_req): Don't assume that the request + server's realm name is null terminated. Compare the + request server against changepw/kerberos using + krb5_principal_compare. + Tue Oct 4 16:42:16 1994 Theodore Y. Ts'o (tytso@dcl) * kdc_util.c (kdc_rdreq_keyproc): Add widen.h and narrow.h around diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 82a968f8d..138bdcebf 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -132,6 +132,7 @@ krb5_data **response; /* filled in with a response packet */ krb5_enctype useetype; krb5_pa_data *padat_tmp[2], padat_local; krb5_data salt_data; + static krb5_principal cpw = 0; char *status; register int i; @@ -173,9 +174,16 @@ krb5_data **response; /* filled in with a response packet */ * site-specific policiy file.... */ pwreq = 0; - sprintf(cpw_service, "%s@%s", "changepw/kerberos", - krb5_princ_realm(request->server)->data); - if (strcmp(sname, cpw_service) == 0) pwreq++; + if (!cpw) { + retval = krb5_parse_name("changepw/kerberos", &cpw); + if (retval) + goto errout; + free(krb5_princ_realm(cpw)->data); + krb5_princ_realm(cpw)->data = 0; + } + krb5_princ_realm(cpw)->data = krb5_princ_realm(request->server)->data; + if (krb5_principal_compare(request->server, cpw)) + pwreq++; c_nprincs = 1; if (retval = krb5_db_get_principal(request->client, &client, &c_nprincs, |