2 files changed, 18 insertions, 3 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 10e8e1ac4..165b404a9 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,10 @@
+Tue Oct 11 22:11:09 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* do_as_req.c (process_as_req): Don't assume that the request
+		server's realm name is null terminated.  Compare the
+		request server against changepw/kerberos using
+		krb5_principal_compare.
+
 Tue Oct  4 16:42:16 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* kdc_util.c (kdc_rdreq_keyproc): Add widen.h and narrow.h around
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 82a968f8d..138bdcebf 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -132,6 +132,7 @@ krb5_data **response;			/* filled in with a response packet */
     krb5_enctype useetype;
     krb5_pa_data *padat_tmp[2], padat_local;
     krb5_data salt_data;
+    static krb5_principal cpw = 0;
     char *status;
 
     register int i;
@@ -173,9 +174,16 @@ krb5_data **response;			/* filled in with a response packet */
      * site-specific policiy file....
      */
     pwreq = 0;
-    sprintf(cpw_service, "%s@%s", "changepw/kerberos", 
-	    krb5_princ_realm(request->server)->data);
-    if (strcmp(sname, cpw_service) == 0) pwreq++;
+    if (!cpw) {
+	    retval = krb5_parse_name("changepw/kerberos", &cpw);
+	    if (retval)
+		    goto errout;
+	    free(krb5_princ_realm(cpw)->data);
+	    krb5_princ_realm(cpw)->data = 0;
+    }
+    krb5_princ_realm(cpw)->data = krb5_princ_realm(request->server)->data;
+    if (krb5_principal_compare(request->server, cpw))
+	    pwreq++;
 
     c_nprincs = 1;
     if (retval = krb5_db_get_principal(request->client, &client, &c_nprincs,