Fix lineage check so that we don't fail if we're cross-authenticating

author Theodore Tso <tytso@mit.edu>

Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)

committer Theodore Tso <tytso@mit.edu>

Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)
author Theodore Tso <tytso@mit.edu>
Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)
committer Theodore Tso <tytso@mit.edu>
Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)
diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog

index 4915b5e529783bf44de7bb7255199d8b7de7a0fe..1d0fea7b82bf65d17ebc2fda6c529ea77739cc65 100644 (file)
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,9 @@
+Mon Nov  7 22:11:01 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+       * kdc_util.c (kdc_process_tgs_req): Fix lineage check so that we
+               don't fail if we're cross-authenticating with a realm with
+               the same length as our own.  ('||' should have been '&&')
+
  Fri Nov  4 17:47:46 1994  Theodore Y. Ts'o  (tytso@dcl)
  
         * do_as_req.c (process_as_req): Use published interface to call
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c

index cd1fbb91e5a2e5cbce8d0087ba3da3b503d709c3..6eef4caceb535e350a49f29bc851746a31ed18af 100644 (file)
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -291,7 +291,7 @@ krb5_tkt_authent **ret_authdat;
      if (foreign_server) {
         krb5_data *tkt_realm = krb5_princ_realm(ticket_enc->client);
         krb5_data *tgs_realm = krb5_princ_realm(tgs_server);
-       if (tkt_realm->length == tgs_realm->length ||
+       if (tkt_realm->length == tgs_realm->length &&
             !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) {
             /* someone in a foreign realm claiming to be local */
             syslog(LOG_INFO, "PROCESS_TGS: failed lineage check");
author	Theodore Tso <tytso@mit.edu>
	Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Tue, 8 Nov 1994 03:14:31 +0000 (03:14 +0000)
src/kdc/ChangeLog		patch \| blob \| history
src/kdc/kdc_util.c		patch \| blob \| history