+Tue Oct 11 22:11:09 1994 Theodore Y. Ts'o (tytso@dcl)
+
+ * do_as_req.c (process_as_req): Don't assume that the request
+ server's realm name is null terminated. Compare the
+ request server against changepw/kerberos using
+ krb5_principal_compare.
+
Tue Oct 4 16:42:16 1994 Theodore Y. Ts'o (tytso@dcl)
* kdc_util.c (kdc_rdreq_keyproc): Add widen.h and narrow.h around
krb5_enctype useetype;
krb5_pa_data *padat_tmp[2], padat_local;
krb5_data salt_data;
+ static krb5_principal cpw = 0;
char *status;
register int i;
* site-specific policiy file....
*/
pwreq = 0;
- sprintf(cpw_service, "%s@%s", "changepw/kerberos",
- krb5_princ_realm(request->server)->data);
- if (strcmp(sname, cpw_service) == 0) pwreq++;
+ if (!cpw) {
+ retval = krb5_parse_name("changepw/kerberos", &cpw);
+ if (retval)
+ goto errout;
+ free(krb5_princ_realm(cpw)->data);
+ krb5_princ_realm(cpw)->data = 0;
+ }
+ krb5_princ_realm(cpw)->data = krb5_princ_realm(request->server)->data;
+ if (krb5_principal_compare(request->server, cpw))
+ pwreq++;
c_nprincs = 1;
if (retval = krb5_db_get_principal(request->client, &client, &c_nprincs,
projects / krb5.git / commitdiff