From: Theodore Tso <tytso@mit.edu>
Date: Fri, 14 Oct 1994 04:31:01 +0000 (+0000)
Subject: Don't assume that the request server's realm name is null terminated.
X-Git-Tag: krb5-1.0-beta5~1123
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=96a56da8e58ade68f3b3bb256db2ed1825b01418;p=krb5.git

Don't assume that the request server's realm name is null terminated.
Compare the request server against changepw/kerberos using
krb5_principal_compare.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4504 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 10e8e1ac4..165b404a9 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,10 @@
+Tue Oct 11 22:11:09 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* do_as_req.c (process_as_req): Don't assume that the request
+		server's realm name is null terminated.  Compare the
+		request server against changepw/kerberos using
+		krb5_principal_compare.
+
 Tue Oct  4 16:42:16 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* kdc_util.c (kdc_rdreq_keyproc): Add widen.h and narrow.h around
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
index 82a968f8d..138bdcebf 100644
--- a/src/kdc/do_as_req.c
+++ b/src/kdc/do_as_req.c
@@ -132,6 +132,7 @@ krb5_data **response;			/* filled in with a response packet */
     krb5_enctype useetype;
     krb5_pa_data *padat_tmp[2], padat_local;
     krb5_data salt_data;
+    static krb5_principal cpw = 0;
     char *status;
 
     register int i;
@@ -173,9 +174,16 @@ krb5_data **response;			/* filled in with a response packet */
      * site-specific policiy file....
      */
     pwreq = 0;
-    sprintf(cpw_service, "%s@%s", "changepw/kerberos", 
-	    krb5_princ_realm(request->server)->data);
-    if (strcmp(sname, cpw_service) == 0) pwreq++;
+    if (!cpw) {
+	    retval = krb5_parse_name("changepw/kerberos", &cpw);
+	    if (retval)
+		    goto errout;
+	    free(krb5_princ_realm(cpw)->data);
+	    krb5_princ_realm(cpw)->data = 0;
+    }
+    krb5_princ_realm(cpw)->data = krb5_princ_realm(request->server)->data;
+    if (krb5_principal_compare(request->server, cpw))
+	    pwreq++;
 
     c_nprincs = 1;
     if (retval = krb5_db_get_principal(request->client, &client, &c_nprincs,