From: Theodore Tso <tytso@mit.edu>
Date: Tue, 8 Nov 1994 03:14:31 +0000 (+0000)
Subject: Fix lineage check so that we don't fail if we're cross-authenticating
X-Git-Tag: krb5-1.0-beta5~1014
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=106c03f63cab9c91f7103452021a9b0a38cf855f;p=krb5.git

Fix lineage check so that we don't fail if we're cross-authenticating
with a realm with the same length as our own.  ('||' should have been '&&')

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4634 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 4915b5e52..1d0fea7b8 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,9 @@
+Mon Nov  7 22:11:01 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* kdc_util.c (kdc_process_tgs_req): Fix lineage check so that we
+		don't fail if we're cross-authenticating with a realm with
+		the same length as our own.  ('||' should have been '&&')
+
 Fri Nov  4 17:47:46 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* do_as_req.c (process_as_req): Use published interface to call
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index cd1fbb91e..6eef4cace 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -291,7 +291,7 @@ krb5_tkt_authent **ret_authdat;
     if (foreign_server) {
 	krb5_data *tkt_realm = krb5_princ_realm(ticket_enc->client);
 	krb5_data *tgs_realm = krb5_princ_realm(tgs_server);
-	if (tkt_realm->length == tgs_realm->length ||
+	if (tkt_realm->length == tgs_realm->length &&
 	    !memcmp(tkt_realm->data, tgs_realm->data, tgs_realm->length)) {
 	    /* someone in a foreign realm claiming to be local */
 	    syslog(LOG_INFO, "PROCESS_TGS: failed lineage check");