From: Love Hörnquist-Åstrand <lha@e.kth.se>
Date: Fri, 15 Nov 2002 05:02:33 +0000 (+0000)
Subject: rxkad5-dont-allow-dot-in-aname-20021114
X-Git-Tag: openafs-devel-1_3_50~505
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=21e056922d695c3fb49b48afc6e68391c764b16b;p=packages%2Fo%2Fopenafs.git

rxkad5-dont-allow-dot-in-aname-20021114


otherwise we need to deal with the fact that we're using . as a separator
---

diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c
index f9b52291e..93de592d8 100644
--- a/src/rxkad/ticket5.c
+++ b/src/rxkad/ticket5.c
@@ -182,6 +182,14 @@ int tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
 	goto bad_ticket;
     }
     
+    /* 
+     * If the first part of the name_string contains a dot, punt since
+     * then we can't see the diffrence between the kerberos 5
+     * principals foo.root and foo/root later in the fileserver.
+     */
+     if (strchr(decr_part.cname.name_string.val[0], '.') != NULL) 
+	 goto bad_ticket;
+
     /* Verify that decr_part.key is of right type */
     switch (decr_part.key.keytype) {
     case ETYPE_DES_CBC_CRC: